Hacker News new | comments | show | ask | jobs | submit login

They could have just used GnuPG over pretty much any e-mail service?

That doesn't really help as GnuPG encrypts the message contents, but doesn't hide sender and recipients. In this case they could still have figured out who sent the messages even if they didn't figure out the contents. Then you apply traffic analysis to proceed to the next step http://en.wikipedia.org/wiki/Traffic_analysis

The only way they could have avoided detection using GnuPG is if they did something like always sending the same length message at the same time every day.

They left messages in the draft folder - no traffic analysis possible, at least from the messages themselves.

The message I responded to was proposing an alternative to what was used (draft folder) and instead using GnuPG.

However even if they only used encrypted text in the drafts and never sent them, you could still use traffic analysis techniques to help categorize the content (size, frequency etc) assuming the drafts could be read.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact