from @MidnightMan
If you have been wondering what you can do make a meaningful difference, then I may have an answer for you. Urgent action is required to prepare the people of the United States for a fascist government to come into power, and by extension the increasingly likely prospect of a genocide, but I can’t do it alone.
If you are a knowledge addict, data miner, proficient writer, or an otherwise gifted individual, then this may be your calling. We’re going to be doing and learning a lot of cool stuff, but the work is tedious, and it will aid you immensely to be driven either out of passion for learning and personal growth, love of labor, or sheer love for your fellow compatriots. Several self-maintained application servers are being run to assist with operations and collaboration.
If you’re curious or want to learn more, you can contact me at midnightman1234@yahoo.com with a new email for increased compartmentaliation, after which you will receive a reply from my primary email. Our activities are strictly legal, but anonymity on your part is strongly encouraged as a precaution to retaliatory action. Interested parties should not respond to this message over Lemmy.
#####################################################################################
The above message is likely an attempt to collect email addresses of people who might be well meaning. I would strongly advise against communicating with this person for the below reasons.
You cannot encrypt email End to End. It has to be stored in plaintext somewhere.
Yahoo does not offer encrypted email.
You have no idea of who will be emailing you back so there will be no way in which to validate your comms.
If you’re looking to organize you can follow the advice below
For those interested in building networks and organizing folks to get together that’s even better. However it carries some risk so if you’re organizing use E2E comms and if you’re researching use Tor Browser. Better yet use a Tails USB on a coffee shop wifi.
https://www.tomsguide.com/how-to/how-to-use-signal
https://www.torproject.org/download/
https://tails.net/doc/first_steps/index.en.html
And don’t communicate over email, even encrypted email. Email needs to be stored and archived for it to work, often in plaintext so it’s never going to be a secure way to communicate.
For a place to start looking for aid and assistance. If there’s a fridge or book or tool share that’s not there, notify them please so they can update the site.
If you’re looking for a place to help, look up Food Not Bombs plus whatever city is closest to you.
http://foodnotbombs.net/new_site/volunteer.php
I understand it’s an http site. Don’t sign up for anything that doesn’t pass your vibe check.
If you’d like to help undo all these info purges there’s
https://wiki.archiveteam.org/index.php/ArchiveTeam_Warrior
Most of all, talk to loved ones, build community. We keep us safe. If you’re interested you could start a patrol and disrupt ICE stakeouts.
https://www.immigrantdefenseproject.org/raids/
It’s a marathon not a sprint. Sometimes it’s as easy as doing the dishes. Mutual aid helps your neighbors and helps you.
https://afsc.org/news/how-create-mutual-aid-network
Self care and avoiding burnout is most important. They want us harried and worried and feeling like there’s nothing we can do. Fuck that
You are so incorrect it is bordering on misinformation.
Ever heard of SMPTS, POP3S, or IMAPS? All 3 are email encrypted in transit.
You can encrypt at rest with LUKS or Bitlocker. Also you can combine those with a TPM.
You cannot encrypt email End to End.
Incorrect.
https://support.mozilla.org/en-US/kb/introduction-to-e2e-encryption
It has to be stored in plaintext somewhere.
- It doesn’t.
- Even if it did, that wouldn’t mean it wasn’t E2EE.
Yahoo does not offer encrypted email.
It doesn’t need to. https://support.mozilla.org/en-US/kb/thunderbird-and-yahoo
holy shit we finally did it. The incorrect horse battery staple
Y’all did it yesterday lol. I’ll keep taking my lumps though.
-
If this were an attempt to “collect email addresses”, then I would not be asking people to make a new one for the sole purpose of contacting me.
-
The primary email mentioned in the message is with Tutanota, not Yahoo. This aids in my own compartmentalization by not publicizing my primary email, and many websites are averse to allowing signups with privacy-oriented email services such as Tuta or Proton.
-
Encryption is not necessary for public key exchange. I use Kleopatra for PGP key management. One step at a time.
-
It is I, MidnightMan. I will likely be the one emailing you back.
yahoo has throwaway addresses in the settings btw
And who the fuck are you? I don’t fucking know you.
Ditto, but it is nice to meet you.
what’s with the 1 day old account for this though
The project’s launch is quite recent.
What project?
The one to prepare the people of the United States for a fascist government to come into power, and by extension the increasingly likely prospect of a genocide.
Why use email for that? A notorious vector for spear phishing, grooming and scamming? Why not use Signal or spin up an ephemeral Matrix container?
As if those things couldn’t be done on any other platform.
I’ll say it one more time; email is more than adequate. As long as the messages are encrypted going both ways, it doesn’t really make a difference.
Email is insecure comms, it is required to be stored in plain text. Any keys or cryptographic elements you share over email are already compromised as soon as it’s emailed.
There are a multitude of encrypted ways to communicate. If you are attempting to reach people on lemmy I would suggest setting up a matrix server and element instance much like what was done on db0.
You can also get a prepaid sim, sign up for Signal and then set your username so as to obfuscate yourself as well.
Again Email is the absolute worst way to set this up.
I don’t have skin in this game but Email itself can be clear text all you want. By using pgp with email is very much secure as the text encryption is not transparent you see the encrypted message you encrypted with their public key and need their private key to decrypt the message.
The link has nothing to do with PGP
Correct it has everything to do with emails
But not sending emails it’s about sending you emails and a token highjacking has nothing to do with the email protocol.
Agreed you’re right. However it’s still a less secure protocol than other standards of communication that are available, Matrix, Mattermost, Signal etc.
A Matrix server is one of the applications that I’m running, but I don’t let any random Joe into my place of work. Manually PGP’ed messages over email is perfectly viable for first contact.
The PGP public key still has to be shared plaintext… that makes it useless as anyone can sign it after that. Again email is the worst way to do this.
If you cannot host a secured and sandboxed Matrix server, I personally do not trust your security hygiene.
If you cannot host a Matrix server that you can sandbox and secure you can absolutely still build networks over Signal. There are multiple articles on how to anonymize yourself on that platform.
DO NOT USE EMAIL FOR THIS.
You need the private key to sign anything. The public key is only for encrypting outgoing emails which only the person with the private key can decrypt.
People have been using PGP over email for literally decades. You do not know what you’re talking about.
Did you even read that article? It has nothing to do with what I said. I pointed out that you don’t understand how public key encryption works, and you replied with an article about an exploit that does not refute what I said. An exploit that does An exploit that can be avoided by simply not clicking “load images”. An exploit that has probably been fixed in a client like Thunderbird anytime over the past six years. An exploit that has nothing to do with revealing your private key.
I don’t know why I’m wasting my time with you. You can’t even argue in good faith.
So you agree that an unsolicited message from someone you don’t know, asking you to email them could be suspect.
Nice attack. But does this have any real-world consequences? I mean the attacker is decrypting their own email here, as far as I understand. This shouldn’t be possible. But it doesn’t really do harm, does it? I mean they kind of already know the plaintext, since they wrote it themselves…
It’s a problem with the local email client and PGP not being securely handled locally. I’m learning a lot about email in this thread.
This is so wrong you don’t share anything with PGP you never share a private key with anyone and you can shared your public key with anyone it’s useless without the private key.
MidnightMan can verify that I have their public key. Great, I still have no way to verify them. They’re a 22 hour old account spamming DMs asking to move to a less secure platform. It’s not the way this is done.
If “they” sign their message with their private key, you can use the public key to verify that “they” signed the message. Signing is, of course, a separate thing from encryption. And it only means that "whoever signed the message used the private key from a specific keypair – it doesn’t say anything about the intentions of the person or people who possess the private key.
Yes you can as bitch about the spam all day long but if you are going to, be correct about the technology you are talking
Also you can so verify them via their public key. Pgp has the ability to sign plain text documents but not encrypt for just that reason.
you can as bitch about the spam all day long
Recruitment hasn’t been what I’d hoped. I already have nearly two years of solo work built up, which means that at this rate it could be up to another decade before it’s finished. I don’t like stepping on toes, but I do need help.
Fuck. I thought I was paranoid.
If you cannot host a secured and sandboxed Matrix server, I personally do not trust your security hygiene.
At every step of the way, you’ve managed to speculate and assume that I’m using the worst security practices possible. Stop.
-
