Page 1 of 2

In which I wave the red flag

Posted: 2011-11-15 17:00
by Ahtiga Saraz
Over the past year, several DUF users who may prefer to remain anonymous, who have invited me by PM to converse with them by PM, report that they do not receive my replies, but rather a notice stating
This message has been removed by its author before it was delivered.
At my end, what happens is that I do try to deliver the PM but it refuses to leave my outbox. So I delete it--- at which point the recipient presumably receives the quoted notice.

Does anyone know what might be causing this and how to fix it?

I am guessing the recipients have simply disabled receiving PMs from other user accounts, in which case I have to wait for them to figure out that they need to change their user account settings.

But is it possible that I am simply removing the PM before the system has a chance to deliver it? I typically remove PMs immediately after sending them, to (slightly) enhance security. At other forums this hasn't been a problem. And test email to my own account is delivered almost immediately to my own inbox.

Strong encryption is ideally suited for PMs in forums like this, since otherwise PMs have almost no privacy (this forum, like most, offers little security even for login sessions, for example). I have found at other forums that it is quite possible to exchange gpg public keys (specially created for a specific conversation) and encrypted PMs.

EDIT: some may find it amusing that this devilish statement occurs in my post #666

Re: In which I wave the red flag

Posted: 2011-11-15 18:38
by 4D696B65
Ahtiga Saraz wrote: At my end, what happens is that I do try to deliver the PM but it refuses to leave my outbox. So I delete it--- at which point the recipient presumably receives the quoted notice.
Don't delete it.
Ahtiga Saraz wrote:Does anyone know what might be causing this and how to fix it?
The PM will stay in your outbox until the recipient opens it.

Ahtiga Saraz wrote:But is it possible that I am simply removing the PM before the system has a chance to deliver it?
Yes

Re: In which I wave the red flag

Posted: 2011-11-15 20:08
by beardedragon
In my experience as a Moderator this is not your fault. Most users do not pay attention when they get a PM, Some don't know how to use the system and some ignore it completely. Just leave it in your outbox.

Leave PMs lying in outbox? Not acceptable!

Posted: 2011-11-16 19:46
by Ahtiga Saraz
Thanks to you both, this is very helpful, and in particular it explains why I could receive test PMs I sent myself but other recipients did not receive PMs.

Unfortunately, leaving PMs lying in my outbox indefinitely is a very bad idea, particularly if they are unencrypted. Some considerations of which I think DUF moderators should bear in mind:
  • I have declared that I am a human rights advocate, and I have strongly criticized here numerous spycos, national secret police agencies, and assorted spooks. Human rights advocates have long experienced harrassment (on and offline) from secret policemen (not neccessarily working for the nations within which they reside), and sometimes worse. Recently, some governments have begun to acknowledge that this is a real phenomenon with potentially deadly consequences. For example:
    • Leesburg man arrested for spying on Syrian government protestors
      12 October 2011

      Code: Select all

       http://www.loudountimes.com/index.php/news/article/leesburg_man_arrested_for_spying_on_syrian_government_protestors345/
      A 47-year-old Leesburg man has been arrested by the FBI for his alleged role in a conspiracy to collect video and audio recordings and other information about individuals in the United States and Syria who were protesting the government of Syria and to provide these materials to Syrian intelligence agencies in order to silence, intimidate and potentially harm the protestors.
    • Obama man: 'Global internet surveillance skyrocketing'
      Think it's bad now? Just wait
      Rik Myslewski, The Register, 26 October 2011

      Code: Select all

      www.theregister.co.uk/2011/10/26/michael_posner_at_svhrc/
      A top US government official believes that the internet is under fierce attack by authoritarian governments worldwide, and that the situation is rapidly deteriorating...US Assistant Secretary of State
      Michael Posner, speaking at the Silicon Valley Human Rights Conference in San Francisco on Tuesday...And as information communications technology moves ever deeper into less-developed countries, Posner sees the problems increasing. "These are the places where repressive regimes are getting hold of the latest, greatest Western technologies and using them to spy on their own citizens for purposes of silencing dissent," he said. "Journalists, bloggers and activists are of course the primary targets."
      I would elaborate by saying that activists posting at computer/engineeering discussion boards are of particular interest to sophisticated cyberspooks. Several of the largest secret police agencies have admitted that they constantly surveil such sites, targeting users who express views not in accordance with the perceived self interest of the ruling elites they serve (for example, the Chinese Communist Party elite, "the Establishment" in the UK, etc.)
    • Why did unknown culprits (but Google+dog say they were Chinese cyberwarriors) risk breaking into Google, in the so-called Aurora attacks, in order (Google says) to access the accounts of suspected human rights advocates living outside China? I am sure we can all think of many things industrial epsionage operatives would want to "exfiltrate" from inside Google, and the Aurora attackers targeted many other huge corporations, but Google itself concluded that monitoring dissidents appeared to be a primary goal of the intrusions into Google.) One possible technical reason: strongly encrypted gmail is sufficiently secure if both recipients use encryption properly that the only way the Chinese spooks could read the email of the correspondents was to do an end run around the encryption. It's easy to see how to do that when either correspondent used gmail: assumuing that gmail user is using "encryption in the cloud" (i.e. performing some crucial crypto processing using Google servers, rather than on their own PC/laptop), Google assigns itself the power to read the emails prior to encryption and to index the contents just like it does with unencrypted gmails. I think the emails are then stored encrypted, and should be transmitted encrypted, but this may not matter should an intruder gain sufficiently elevated powers inside the Google network can read unencrypted abstracts of encrypted emails stored at Google. Hence the motivation to expose your best malware code to possible capture by Google's counter-espionage operations, which is in fact what happened.
    Human rights advocates have frequent need to contact persons to ties with some of the most repressive governments on Earth (see sites like hrw.org if you don't immediately understand why this is the case).
  • Many jurisdictions regard email as "abandoned" if left in outboxes, or left unread in inboxes, for a certain length of time. Conceivably this could mean it would not even be illegal for a curious or malicious snooper to browse through outboxes and inboxes at DUF! (I don't want to spell out the reasons why I am confident that accessing my inbox/outbox would be child's play for curious snoopers, who would face little risk of apprehension, but my point here is that once intruders are in the database, it should be the basis for an additional charge in the unlikely event they were apprehended, should they read PMs, but probably would not be.) So what laws apply to the DUF server?
  • I have repeatedly requested moderators to use GPG (and publicize their GPG keys) and to encourage strongly encrypted PMs to discuss sensitive issues. I have repeatedly requested some other basic security measures which should be easy to implement and too obvious to bear repeating. To which I add: change the forum software settings so that PMs are delivered immediately (unless of course the recipient has disabled PMs).
You (the moderators) and I (and other DUF users) may not like the fact that being on-line is becoming increasingly dangerous at the very time that it is becoming increasingly neccessary for any participation in society (and thus, for sustaining life itself, for who among us is literally 100% self-sufficient?), but we all need to accept that this is the case, to think through the implications, and to act on our conclusions.

Thanks in advance for your consideration.

Re: In which I wave the red flag

Posted: 2011-11-16 22:45
by zalew
it's a fault of ux design by the phpbb team, I don't know why they haven't abandoned this model yet, it has generated confusion among users on every phpbb forum I know for years.

Re: In which I wave the red flag

Posted: 2011-11-17 01:48
by sgosnell
If you're that worried about privacy, then you shouldn't be sending private messages to people you don't know. If you do send them, encrypt them. Do not rely on the forum software to do that, encrypt the messages yourself using PGP or equivalent. Changing the forum software isn't that easy.

Re: In which I wave the red flag

Posted: 2011-11-17 02:27
by traveler
Here's an easier fix:
Image

GPG

Posted: 2011-11-17 14:17
by Ahtiga Saraz
@ zalew:

Interesting, thanks, good to know I am not the only one who thinks this is poor design.

@ sgosnell:
If you do send them, encrypt them. Do not rely on the forum software to do that, encrypt the messages yourself using PGP or equivalent.
Oh, I agree! I do use GPG (open source near-equivalent of PGP) and as I mentioned, it can be used to send strongly encrypted PMs at forums like this. And a crucial point you hinted at: never allow a company like Google to do your crypto processing for you; always encrypt your emails on a PC or laptop you own, using a well protected keyring.
you shouldn't be sending private messages to people you don't know.
A calculated risk, to be sure. I get "stung" all the time, so far unsuccessfully, I presume. Another crucial point about GPG/PGP is that the "web of trust" can help authenticate correspondents, so that one in some sense one "knows" who one is corresponding with.

@ traveler:

Can you say it in words? I can't see the image (image loading disabled for security reasons), so I don't know what you wanted to tell me.

Re: In which I wave the red flag

Posted: 2011-11-17 14:56
by saulgoode
If you do not trust forum administrators when they say they do not read your unencrypted PMs then on what basis would you trust them saying they are encrypting your PMs so they can not possibly read them?

Clarification

Posted: 2011-11-17 15:19
by Ahtiga Saraz
@ saul:
Not sure whom you are addressing, but assuming you are talking to me:
If you do not trust forum administrators when they say they do not read your unencrypted PMs
I don't recall forum admins saying this, but thanks for the information. Unfortunately, it is not the forum admins I am mostly worried about (at DUF)!
then on what basis would you trust them saying they are encrypting your PMs so they can not possibly read them?
Huh?

Re: GPG

Posted: 2011-11-17 15:45
by traveler
Ahtiga Saraz wrote:<snip>
@ traveler:
Can you say it in words? I can't see the image (image loading disabled for security reasons), so I don't know what you wanted to tell me.
It's a picture of a guy wearing a tin foil hat.
Disclaimer: Tin foil hats only protect against brainwave scanners. They offer no protection against alien anal probing. :mrgreen:
Maybe I'm a little confused, but what could anyone possibly be doing on FDN that would remotely interest the Men in Black or other nefarious organizations?

Re: GPG

Posted: 2011-11-17 21:36
by Randicus
traveler wrote:Maybe I'm a little confused, but what could anyone possibly be doing on FDN that would remotely interest the Men in Black or other nefarious organizations?
Ahtiga is a little paranoid, but he is an "activist." So the Men in Black could easily consider him a trouble-maker or "terrorist." Depending on where he lives, he might be in danger of prison or death. I agree that private messages on this board are unlikely candidates for visits from the authorities, but we should not forget the American who was visited by the secret service investigating a plot to kill the president the day after after he sent an e-mail to a friend containing a joke about killing the president.
Paranoia about security is the price one pays for being an "activist" and ruffling feathers.
I am supporting Ahtiga Saraz. The irony! :lol:

Re: In which I wave the red flag

Posted: 2011-11-17 23:19
by dzz
Oxford dictionary:
paranoia
Pronunciation:/ˌparəˈnɔɪə/
noun
[mass noun]

a mental condition characterized by delusions of persecution, unwarranted jealousy, or exaggerated self-importance, typically worked into an organized system. It may be an aspect of chronic personality disorder, of drug abuse, or of a serious condition such as schizophrenia in which the person loses touch with reality.
unjustified suspicion and mistrust of other people:mild paranoia afflicts all prime ministers
The points raised here are not paranoid, they are real issues! It is delusional to pretend otherwise.

Debian users, just by campaigning for and supporting software freedom against corporate domination, are also dissenters and activists (therefore potential targets)

Re: In which I wave the red flag

Posted: 2011-11-18 05:34
by traveler
You guys are joking right? Hate to break it to you, but the Illuminati have much bigger fish to fry than some Linux nerds. But if it will make you feel better, PM me your postal box info and I will ship you the latest in tin foil hat technology gratis.

Re: In which I wave the red flag

Posted: 2011-11-18 05:43
by 4D696B65
traveler wrote:PM me your postal box info and I will ship you the latest in tin foil hat technology gratis.
I will take you up on that offer, all I can find here is aluminum foil and that just doesn't have the right magnetic properties. :lol:

Re: In which I wave the red flag

Posted: 2011-11-18 09:29
by nadir
I think it does not hurt to think about such questions (more or less security, privacy, and such), even if one lives in a country where right now it seems to be safe. It sure is not paranoia.
As one example out of many in one of those "free" countries encryption was not allowed. In that very country [0] right now the internet is planned to be censored to a degree not seen yet. One of the projects who did a big part in that fight, making encryption possible at all, was the Debian project. A project with a long tradition in encryption, but freedom and such too (see sentence one: it is _not paranoia, it happened, and it happened not that long ago).

Athiga, i strongly recommend the freedombox mailing list. You might find a lot of subjects you are interested in (and a lot of links too, say to retroshare). [1]
If it was me i would use the pm-system to get in touch, and then search for a better way to communicate (as i don't know much i would probably use jabber with gajim).
This way or that way: bash on! Your posts offer a lot of good info and thoughts to me and ( i know of) a few others.

[0] http://americancensorship.org/
[1] http://lists.alioth.debian.org/mailman/ ... ox-discuss
anyone! but me
anywhere! but here
anytime! but now
I got to think about my own life
Fugazi

Re: In which I wave the red flag

Posted: 2011-11-18 11:42
by carabela
nadir wrote:This way or that way: bash on! Your posts offer a lot of good info and thoughts to me and ( i know of) a few others.
+1

Food for thought, I hope...

Posted: 2011-11-18 14:20
by Ahtiga Saraz
Many thanks to Randicus, dzz, nadir, carabela for moral support. This is much appreciated!

Nadir, can you put your links inside code tags? A security feature prevents my browser from attempting to follow "live" links. I need to do something else to visit a cited url.

As a general concern about mailing lists: because email addresses are generally exposed to public view (and even if hidden from most recipients, are probably held on less than secure servers), these can be easily used by intelligence agencies to collect email addresses of persons to monitor. Not just by "local" security services, but by foreign governments too. (I think many persons greatly underestimate the frequency with which "private eyes" or "rogue reporters"--- or nastier people posing as such--- obtain contact information by simply bribing a telecom or ISP employee. Or in some countries where criminal gangs are running out of control, by threatening them and their families with physical harm. In Mexico and the Caribbean, where the police forces are often ineffective and corrupt, such threats can be hard to resist.)

The fact that this occurs is illustrated by a recent case in the US which I mentioned in another thread. A man living in Leesburg, VA was arrested by US authorities of charges of spying on US persons suspected by Syrian intelligence of opposing the Assad regime. He had allegedly obtained (probably by bribery) contact information corresponding to email addresses, had taken videotape footage of "targets", was feeding this information back to Syrian intelligence. And then he purchased some guns.

When U.S. Assistant Secretary of State Michael Posner spoke recently at a human rights conference in San Francisco organized by the EFF, he echoed several points I have tried to make, including these:
  • the nastiest regimes in the world (e.g. Syria, Zimbabwe) have been using the same "Western"-designed systems for universal population surveillance which are used by Western governments, except that unlike such countries as the UK, countries like Iran and Syria have for some time been using these systems to arrest political activists with sometimes deadly consequences,
  • the appearance of grassroots protests by bloggers should be a warning sign to regimes that they are in very serious trouble, but reacting by oppressing bloggers is likely to bring on the very consequence they most fear, a popular uprising such as has happened recently in several MENA nations,
  • IT workers have a responsibility to consider human rights issues.
My claim that even "Western" governments (not to mention the governments of Zimbabwe, Syria, Burma, etc.) maintain lists of "radicals" whom they intend to round up in case of "civil disturbances" is supported by numerous documents leaked from inside the US/UK Surveillance State, which show that, for example, the U.S. DHS is greatly concerned by the Occupy movement, which has recently taken fire, as well as the libertarian movement and other domestic political movements generally opposed to authoritarian rule. Hundreds of white papers and speculative warning memos issued by the US DHS, DOJ, and other US federal, state, and local agencies are readily available at sites like publicintelligence.net and cryptome.org.

My claim that the vision driving the growth of the US/UK Surveillance state is the notion that 24/7 universal population surveillance can entirely eliminate both crime and domestic political opposition to unpopular governmental policies is clearly spelled out in such documents as a white paper coauthored by William Bratton, a highly influential figure in "Western" policing, the man who was asked by UK Prime Minister David Cameron to advise the UK government on how to suppress any possible recurrence of the recent London riots, as the economic situation continues to worsen there and as young Britons become increasingly vocal about their poor prospects for a decent life. And the US authorities are very much aware that the European crisis is likely to soon deepen the economic depression in the US, which will no doubt further inflame unrest among young Americans and returning veterans who find their own prospects are poor and rapidly worsening. Both the US and UK governments have been fairly blunt that they intend to stop at nothing to prevent further rebellions such as the London riots, which they feel will require intimidation and other oppressive measures (both governments are helpless to actually fix the underlying economic problems, not because they are not fixable--- of course they are--- but because the 1% won't let them try).

@ traveler:

Thanks for the information about the image. I wonder whether it had occured to you that

Code: Select all

Location: Shooting Range
Well I'm never bored
When I'm a-killin' for the Lord
could be seen as intimidating to those of us who have had guns waved in our faces by persons threatening to harm us in consequence of our opinions/beliefs/ethnicity/whatever. I hope you will not be offended if I admit that when I see such violent word-imagery in "personal tags", I tend to assume the poster must be an American. Possibly a cultural misunderstanding, since for all I know you are quoting a line from an (American?) movie you happen to like, and did not intend to intimidate anyone, but clarification would be appreciated.

Re: Food for thought, I hope...

Posted: 2011-11-18 15:13
by traveler
Ahtiga Saraz wrote: @ traveler:

Thanks for the information about the image. I wonder whether it had occured to you that

Code: Select all

Location: Shooting Range
Well I'm never bored
When I'm a-killin' for the Lord
could be seen as intimidating to those of us who have had guns waved in our faces by persons threatening to harm us in consequence of our opinions/beliefs/ethnicity/whatever. I hope you will not be offended if I admit that when I see such violent word-imagery in "personal tags", I tend to assume the poster must be an American. Possibly a cultural misunderstanding, since for all I know you are quoting a line from an (American?) movie you happen to like, and did not intend to intimidate anyone, but clarification would be appreciated.
I doubt your enhanced security system will let you view it, but what the heck...
http://www.youtube.com/watch?v=L85MNzeAQn8
Circle Jerks, "Killing for Jesus"
And no, it's not meant to intimidate but also clearly not intended to be politically correct, either. Now you got me wondering if I might be among the first rounded up when the 1% decide the masses need to be culled! :shock:

Edit: Fixed the avatar and sig. Better to encourage children to smoke than to directly question the moral majority. :wink:

Re: In which I wave the red flag

Posted: 2011-11-18 15:16
by golinux
I can appreciate your concerns but thankfully, I'm just getting too old to be paranoid even though I am an activist of sorts probably with a big, fat file buried in some vault. Let the world spin as the world spins . . .