
Cops hate encryption but the NSA loves it when you use PGP - Jerry2
http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/
======
sprucely
Sounds a bit to me like part of a FUD campaign or at least bluster to scare
off people from seeking out tools that help protect privacy. But it does
highlight a need for these tools to become more ubiquitous.

~~~
chias
I had the exact same reaction. Either way, though, it's a good indication that
perhaps combining PGP with steganography is a good way to go, at least for
now.

~~~
derefr
Something similar has also been my thought re: Internet providers forcing TLS
root certs on you to MITM you. Even if, at some dystopian point in the future,
ISPs stop allowing traffic they can't MITM through their networks, you _can_
always accept their root cert into your OS's TLS stack... and then just turn
around and:

1\. configure your browser to use a separate CA store from the OS one;

2\. set up a VPN tunnel to a jumping-off-point not within your ISP's reach;

3\. hide that tunnel's traffic steganographically within a regular "encrypted
but actually MITMed" connection to your VPN server.

These three steps could even be put together into a little middlebox to put
between your home router and the Internet, so each device could keep its OS-
level CA store sane, while still appearing to the ISP that everything is
regular MITM-able traffic.

------
x1798DE
Why would the NSA "love it" when the average person uses PGP? It's like saying
that the guy looking for a needle loves it when you throw hay on the floor
because it's really easy to spot the hay.

~~~
n0w
The point is that the average person doesn't use PGP.

My take: If someone has something to hide, they're likely to encrypt their
communications. Encrypting their communications alerts the NSA that this
person has something to hide.

~~~
cyphar
> My take: If someone has something to hide, they're likely to encrypt their
> communications. Encrypting their communications alerts the NSA that this
> person has something to hide.

Which is why you should practice good opsec and always encrypt everything,
even when you're not doing something that "needs to be hidden".

~~~
cwyers
Right, but even if you do that, you're still doing it because you have
something to hide, even if not everything you're hiding needs to be hidden.
Practicing good opsec makes you stand out as someone who NEEDS good opsec when
everyone around you doesn't even rise to the level of shitty opsec, they're
just not engaging in opsec as a practice.

------
cyphar
It's also legal for them to keep encrypted communications indefinitely, while
there is a time limit for the data (not for the metadata they get from it or
any of the analysis they do).

