In which I wave the red flag

Have something to say about forums.debian.net itself?

In which I wave the red flag

Postby Ahtiga Saraz » 2011-11-15 17:00

Over the past year, several DUF users who may prefer to remain anonymous, who have invited me by PM to converse with them by PM, report that they do not receive my replies, but rather a notice stating
This message has been removed by its author before it was delivered.

At my end, what happens is that I do try to deliver the PM but it refuses to leave my outbox. So I delete it--- at which point the recipient presumably receives the quoted notice.

Does anyone know what might be causing this and how to fix it?

I am guessing the recipients have simply disabled receiving PMs from other user accounts, in which case I have to wait for them to figure out that they need to change their user account settings.

But is it possible that I am simply removing the PM before the system has a chance to deliver it? I typically remove PMs immediately after sending them, to (slightly) enhance security. At other forums this hasn't been a problem. And test email to my own account is delivered almost immediately to my own inbox.

Strong encryption is ideally suited for PMs in forums like this, since otherwise PMs have almost no privacy (this forum, like most, offers little security even for login sessions, for example). I have found at other forums that it is quite possible to exchange gpg public keys (specially created for a specific conversation) and encrypted PMs.

EDIT: some may find it amusing that this devilish statement occurs in my post #666
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: In which I wave the red flag

Postby 4D696B65 » 2011-11-15 18:38

Ahtiga Saraz wrote:At my end, what happens is that I do try to deliver the PM but it refuses to leave my outbox. So I delete it--- at which point the recipient presumably receives the quoted notice.
Don't delete it.

Ahtiga Saraz wrote:Does anyone know what might be causing this and how to fix it?
The PM will stay in your outbox until the recipient opens it.


Ahtiga Saraz wrote:But is it possible that I am simply removing the PM before the system has a chance to deliver it?
Yes
User avatar
4D696B65
 
Posts: 2205
Joined: 2009-06-28 06:09

Re: In which I wave the red flag

Postby beardedragon » 2011-11-15 20:08

In my experience as a Moderator this is not your fault. Most users do not pay attention when they get a PM, Some don't know how to use the system and some ignore it completely. Just leave it in your outbox.
Robert Collard, Madison, WI
HP s5710f 3G RAM  ATI [Radion HD 3000]
Debian 7.4 XFCE-4.8 3.2.0-4-amd64
Manjaro 0.8.8 XFCE-4.10 3.10.28-1 x86_64
User avatar
beardedragon
 
Posts: 157
Joined: 2011-06-08 21:18

Leave PMs lying in outbox? Not acceptable!

Postby Ahtiga Saraz » 2011-11-16 19:46

Thanks to you both, this is very helpful, and in particular it explains why I could receive test PMs I sent myself but other recipients did not receive PMs.

Unfortunately, leaving PMs lying in my outbox indefinitely is a very bad idea, particularly if they are unencrypted. Some considerations of which I think DUF moderators should bear in mind:
  • I have declared that I am a human rights advocate, and I have strongly criticized here numerous spycos, national secret police agencies, and assorted spooks. Human rights advocates have long experienced harrassment (on and offline) from secret policemen (not neccessarily working for the nations within which they reside), and sometimes worse. Recently, some governments have begun to acknowledge that this is a real phenomenon with potentially deadly consequences. For example:
    • Leesburg man arrested for spying on Syrian government protestors
      12 October 2011
      Code: Select all
       http://www.loudountimes.com/index.php/news/article/leesburg_man_arrested_for_spying_on_syrian_government_protestors345/

      A 47-year-old Leesburg man has been arrested by the FBI for his alleged role in a conspiracy to collect video and audio recordings and other information about individuals in the United States and Syria who were protesting the government of Syria and to provide these materials to Syrian intelligence agencies in order to silence, intimidate and potentially harm the protestors.
    • Obama man: 'Global internet surveillance skyrocketing'
      Think it's bad now? Just wait
      Rik Myslewski, The Register, 26 October 2011
      Code: Select all
      www.theregister.co.uk/2011/10/26/michael_posner_at_svhrc/

      A top US government official believes that the internet is under fierce attack by authoritarian governments worldwide, and that the situation is rapidly deteriorating...US Assistant Secretary of State
      Michael Posner, speaking at the Silicon Valley Human Rights Conference in San Francisco on Tuesday...And as information communications technology moves ever deeper into less-developed countries, Posner sees the problems increasing. "These are the places where repressive regimes are getting hold of the latest, greatest Western technologies and using them to spy on their own citizens for purposes of silencing dissent," he said. "Journalists, bloggers and activists are of course the primary targets."

      I would elaborate by saying that activists posting at computer/engineeering discussion boards are of particular interest to sophisticated cyberspooks. Several of the largest secret police agencies have admitted that they constantly surveil such sites, targeting users who express views not in accordance with the perceived self interest of the ruling elites they serve (for example, the Chinese Communist Party elite, "the Establishment" in the UK, etc.)
    • Why did unknown culprits (but Google+dog say they were Chinese cyberwarriors) risk breaking into Google, in the so-called Aurora attacks, in order (Google says) to access the accounts of suspected human rights advocates living outside China? I am sure we can all think of many things industrial epsionage operatives would want to "exfiltrate" from inside Google, and the Aurora attackers targeted many other huge corporations, but Google itself concluded that monitoring dissidents appeared to be a primary goal of the intrusions into Google.) One possible technical reason: strongly encrypted gmail is sufficiently secure if both recipients use encryption properly that the only way the Chinese spooks could read the email of the correspondents was to do an end run around the encryption. It's easy to see how to do that when either correspondent used gmail: assumuing that gmail user is using "encryption in the cloud" (i.e. performing some crucial crypto processing using Google servers, rather than on their own PC/laptop), Google assigns itself the power to read the emails prior to encryption and to index the contents just like it does with unencrypted gmails. I think the emails are then stored encrypted, and should be transmitted encrypted, but this may not matter should an intruder gain sufficiently elevated powers inside the Google network can read unencrypted abstracts of encrypted emails stored at Google. Hence the motivation to expose your best malware code to possible capture by Google's counter-espionage operations, which is in fact what happened.
    Human rights advocates have frequent need to contact persons to ties with some of the most repressive governments on Earth (see sites like hrw.org if you don't immediately understand why this is the case).
  • Many jurisdictions regard email as "abandoned" if left in outboxes, or left unread in inboxes, for a certain length of time. Conceivably this could mean it would not even be illegal for a curious or malicious snooper to browse through outboxes and inboxes at DUF! (I don't want to spell out the reasons why I am confident that accessing my inbox/outbox would be child's play for curious snoopers, who would face little risk of apprehension, but my point here is that once intruders are in the database, it should be the basis for an additional charge in the unlikely event they were apprehended, should they read PMs, but probably would not be.) So what laws apply to the DUF server?
  • I have repeatedly requested moderators to use GPG (and publicize their GPG keys) and to encourage strongly encrypted PMs to discuss sensitive issues. I have repeatedly requested some other basic security measures which should be easy to implement and too obvious to bear repeating. To which I add: change the forum software settings so that PMs are delivered immediately (unless of course the recipient has disabled PMs).
You (the moderators) and I (and other DUF users) may not like the fact that being on-line is becoming increasingly dangerous at the very time that it is becoming increasingly neccessary for any participation in society (and thus, for sustaining life itself, for who among us is literally 100% self-sufficient?), but we all need to accept that this is the case, to think through the implications, and to act on our conclusions.

Thanks in advance for your consideration.
Last edited by Ahtiga Saraz on 2011-11-17 14:16, edited 1 time in total.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: In which I wave the red flag

Postby zalew » 2011-11-16 22:45

it's a fault of ux design by the phpbb team, I don't know why they haven't abandoned this model yet, it has generated confusion among users on every phpbb forum I know for years.
zalew
 
Posts: 77
Joined: 2011-10-31 12:02

Re: In which I wave the red flag

Postby sgosnell » 2011-11-17 01:48

If you're that worried about privacy, then you shouldn't be sending private messages to people you don't know. If you do send them, encrypt them. Do not rely on the forum software to do that, encrypt the messages yourself using PGP or equivalent. Changing the forum software isn't that easy.
sgosnell
 
Posts: 715
Joined: 2011-03-14 01:49

Re: In which I wave the red flag

Postby traveler » 2011-11-17 02:27

Here's an easier fix:
Image
I wish for a conjugal visit and world peace. (Don't want to seem selfish.)
User avatar
traveler
 
Posts: 942
Joined: 2010-06-09 22:07

GPG

Postby Ahtiga Saraz » 2011-11-17 14:17

@ zalew:

Interesting, thanks, good to know I am not the only one who thinks this is poor design.

@ sgosnell:

If you do send them, encrypt them. Do not rely on the forum software to do that, encrypt the messages yourself using PGP or equivalent.


Oh, I agree! I do use GPG (open source near-equivalent of PGP) and as I mentioned, it can be used to send strongly encrypted PMs at forums like this. And a crucial point you hinted at: never allow a company like Google to do your crypto processing for you; always encrypt your emails on a PC or laptop you own, using a well protected keyring.

you shouldn't be sending private messages to people you don't know.


A calculated risk, to be sure. I get "stung" all the time, so far unsuccessfully, I presume. Another crucial point about GPG/PGP is that the "web of trust" can help authenticate correspondents, so that one in some sense one "knows" who one is corresponding with.

@ traveler:

Can you say it in words? I can't see the image (image loading disabled for security reasons), so I don't know what you wanted to tell me.
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: In which I wave the red flag

Postby saulgoode » 2011-11-17 14:56

If you do not trust forum administrators when they say they do not read your unencrypted PMs then on what basis would you trust them saying they are encrypting your PMs so they can not possibly read them?
Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian Kernighan
User avatar
saulgoode
 
Posts: 1545
Joined: 2007-10-22 11:34

Clarification

Postby Ahtiga Saraz » 2011-11-17 15:19

@ saul:
Not sure whom you are addressing, but assuming you are talking to me:
If you do not trust forum administrators when they say they do not read your unencrypted PMs

I don't recall forum admins saying this, but thanks for the information. Unfortunately, it is not the forum admins I am mostly worried about (at DUF)!
then on what basis would you trust them saying they are encrypting your PMs so they can not possibly read them?

Huh?
Ahtiga Saraz

Le peuple debout contre les tyrans! De l'audace, encore de l'audace, toujours l'audace!
Ahtiga Saraz
 
Posts: 1015
Joined: 2009-06-15 01:19

Re: GPG

Postby traveler » 2011-11-17 15:45

Ahtiga Saraz wrote:<snip>
@ traveler:
Can you say it in words? I can't see the image (image loading disabled for security reasons), so I don't know what you wanted to tell me.


It's a picture of a guy wearing a tin foil hat.
Disclaimer: Tin foil hats only protect against brainwave scanners. They offer no protection against alien anal probing. :mrgreen:
Maybe I'm a little confused, but what could anyone possibly be doing on FDN that would remotely interest the Men in Black or other nefarious organizations?
I wish for a conjugal visit and world peace. (Don't want to seem selfish.)
User avatar
traveler
 
Posts: 942
Joined: 2010-06-09 22:07

Re: GPG

Postby Randicus » 2011-11-17 21:36

traveler wrote:Maybe I'm a little confused, but what could anyone possibly be doing on FDN that would remotely interest the Men in Black or other nefarious organizations?

Ahtiga is a little paranoid, but he is an "activist." So the Men in Black could easily consider him a trouble-maker or "terrorist." Depending on where he lives, he might be in danger of prison or death. I agree that private messages on this board are unlikely candidates for visits from the authorities, but we should not forget the American who was visited by the secret service investigating a plot to kill the president the day after after he sent an e-mail to a friend containing a joke about killing the president.
Paranoia about security is the price one pays for being an "activist" and ruffling feathers.
I am supporting Ahtiga Saraz. The irony! :lol:
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: In which I wave the red flag

Postby dzz » 2011-11-17 23:19

Oxford dictionary:
paranoia
Pronunciation:/ˌparəˈnɔɪə/
noun
[mass noun]

a mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality.
unjustified suspicion and mistrust of other people:mild paranoia afflicts all prime ministers


The points raised here are not paranoid, they are real issues! It is delusional to pretend otherwise.

Debian users, just by campaigning for and supporting software freedom against corporate domination, are also dissenters and activists (therefore potential targets)
dzz
 
Posts: 257
Joined: 2007-02-05 20:39
Location: Devon, England

Re: In which I wave the red flag

Postby traveler » 2011-11-18 05:34

You guys are joking right? Hate to break it to you, but the Illuminati have much bigger fish to fry than some Linux nerds. But if it will make you feel better, PM me your postal box info and I will ship you the latest in tin foil hat technology gratis.
I wish for a conjugal visit and world peace. (Don't want to seem selfish.)
User avatar
traveler
 
Posts: 942
Joined: 2010-06-09 22:07

Re: In which I wave the red flag

Postby 4D696B65 » 2011-11-18 05:43

traveler wrote:PM me your postal box info and I will ship you the latest in tin foil hat technology gratis.

I will take you up on that offer, all I can find here is aluminum foil and that just doesn't have the right magnetic properties. :lol:
User avatar
4D696B65
 
Posts: 2205
Joined: 2009-06-28 06:09

Next

Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable