Sending Private Messages to me on ESMB

Alanzo

Bardo Tulpa
First, please understand that this is not any kind of a complaint or criticism of ESMB security rules. I believe that ESMB security is as good as most boards of its kind.

However, I do need to ask anyone who wants to send me a private message on ESMB to treat the message as if it is public. DO NOT send me anything that you believe should be kept private in the board private message system.

Again, this has nothing to do with board security measures that are particular to this board.

Since the Edward Snowden revelations, I have been really boning up on privacy and security issues in general and for the internet. And there are very clear facts that a person begins to learn as soon as he starts to read up in this area.


  1. Regular old email that is sent across the open Internet is NEVER secure unless it is encrypted on your machine and sent to another person who has your particular encryption key on their machine. So setting your esmb private messages to alert you in your email inbox on your machine takes the whole conversation you have been having with the person in private messaging, puts it in an email in open text, and sends it out over the public Internet.
  2. Your browser connection to the ex scientology message board is also not encrypted. So therefore all traffic that passes between your machine and what you read on ESMB, including all private messages, are sent over the public internet in plain open text. This also includes your passwords and login information when you log in.

This is like the difference between sending a sealed envelope that is legally protected, and can't be opened by anybody but the addressee, versus sending a post card that can be openly read at any relay point it crosses.

Basically, right now, the traffic that you are sending and receiving on esmb, including your private messages, are like post cards that can be read by anybody on the open internet who chooses to target that traffic.

I realize that to some people, this may appear that I am being paranoid. And you may believe that you would never be a target of such surveillance. That is fine. You may never be. But thinking this way, I believe is misunderstanding your own property rights and is actually a symptom of our times. We have come to ignore our property rights on the Internet and become comfortable with sending post cards for most all of our communications - even ones that would never be in postcard form if you understood the risks to your property and privacy rights.

I believe that one consequence of the Snowden revelations are that property rights will be more important to people as they come to understand what is going on. Encryption technologists and security companies are very busy plugging up the holes in these areas and I think we will be seeing a huge change in our
sophistication and understanding of these issues over the next few years.

If you want to know more about this, a great tutorial which is very easy to understand is here: https://ssd.eff.org

In the mean time, please:

Nobody send me a private message that may have sensitive information about yourself, or about me, or about any other member here on ESMB
.

Presently, it is not secure.

Alanzo
 

afaceinthecrowd

Gold Meritorious Patron
It's okay, Al...Just because you're paranoid doesn't mean there isn't really someone out there trying to get you. :coolwink:

Seriously though, many thanks for the Heads Up. :yes:
 

Smurf

Gold Meritorious SP
Are you saying that posting on this site or any other (or receiving private messages here) isn't secure?

Sounds like a personal decision not to respect confidentiality & giving a long-winded shore story rationalizing why.

Remind me to never PM Alanzo.
 

Alanzo

Bardo Tulpa
Are you saying that posting on this site or any other (or receiving private messages here) isn't secure?

Hi XB -

Read that link I put in my post. It will give you a very good grounding in what I am talking about.

Encryption is the only way to ensure that your private communications can not be read by anyone but who you intend. Presently there is no encryption of any kind on ESMB, even when you log in with your username and password.

Alanzo
 

Alanzo

Bardo Tulpa
Sounds like a personal decision not to respect confidentiality & giving a long-winded shore story rationalizing why.

Remind me to never PM Alanzo.

To the contrary. I very much respect privacy and it would be incredibly irresponsible of me to not post what I know for the members of this board.

Alanzo
 

Smurf

Gold Meritorious SP
To the contrary. I very much respect privacy and it would be incredibly irresponsible of me to not post what I know for the members of this board.

It's not what you know. It's what YOU perceive to be the case. :duh:
 

MrNobody

Who needs merits?
First, please understand that this is not any kind of a complaint or criticism of ESMB security rules. I believe that ESMB security is as good as most boards of its kind.

However, I do need to ask anyone who wants to send me a private message on ESMB to treat the message as if it is public. DO NOT send me anything that you believe should be kept private in the board private message system.

Again, this has nothing to do with board security measures that are particular to this board.

Since the Edward Snowden revelations, I have been really boning up on privacy and security issues in general and for the internet. And there are very clear facts that a person begins to learn as soon as he starts to read up in this area.


  1. Regular old email that is sent across the open Internet is NEVER secure unless it is encrypted on your machine and sent to another person who has your particular encryption key on their machine. So setting your esmb private messages to alert you in your email inbox on your machine takes the whole conversation you have been having with the person in private messaging, puts it in an email in open text, and sends it out over the public Internet.
  2. Your browser connection to the ex scientology message board is also not encrypted. So therefore all traffic that passes between your machine and what you read on ESMB, including all private messages, are sent over the public internet in plain open text. This also includes your passwords and login information when you log in.

This is like the difference between sending a sealed envelope that is legally protected, and can't be opened by anybody but the addressee, versus sending a post card that can be openly read at any relay point it crosses.

Basically, right now, the traffic that you are sending and receiving on esmb, including your private messages, are like post cards that can be read by anybody on the open internet who chooses to target that traffic.

I realize that to some people, this may appear that I am being paranoid. And you may believe that you would never be a target of such surveillance. That is fine. You may never be. But thinking this way, I believe is misunderstanding your own property rights and is actually a symptom of our times. We have come to ignore our property rights on the Internet and become comfortable with sending post cards for most all of our communications - even ones that would never be in postcard form if you understood the risks to your property and privacy rights.

I believe that one consequence of the Snowden revelations are that property rights will be more important to people as they come to understand what is going on. Encryption technologists and security companies are very busy plugging up the holes in these areas and I think we will be seeing a huge change in our
sophistication and understanding of these issues over the next few years.

If you want to know more about this, a great tutorial which is very easy to understand is here: https://ssd.eff.org

In the mean time, please:

Nobody send me a private message that may have sensitive information about yourself, or about me, or about any other member here on ESMB
.

Presently, it is not secure.

Alanzo

Well, one of me life lessons I had to learn was when one of my bestest friends "accidentally" shared some very personal details about me with my worst enemy. Certainly not one of my nicest experiences, but it taught me: If you want to keep something secret, don't ever share it. Not with your loved ones, not with your best friend, and certainly not over the internet. Never ever.

But if I share some cooking recipies or some circuit diagrams over the internet: Meh, who the fuck cares?

Plus, since most secret services already have their secret entrances into almost every encryption software on the market, what's the point? OK, it can keep the odd script kiddie off your butt, but that's about it.
 

Alanzo

Bardo Tulpa
It's not what you know. It's what YOU perceive to be the case. :duh:

Do you have any specific problems with the exact security issues I wrote about, or are you just venting your spleen at me personally?

If so, let's see the specific problems that you have with what I wrote about the lack of encryption on esmb, and the consequences for logins and secure messaging.

Start.

Alanzo
 

Alanzo

Bardo Tulpa
Well, one of me life lessons I had to learn was when one of my bestest friends "accidentally" shared some very personal details about me with my worst enemy. Certainly not one of my nicest experiences, but it taught me: If you want to keep something secret, don't ever share it. Not with your loved ones, not with your best friend, and certainly not over the internet. Never ever.

But if I share some cooking recipies or some circuit diagrams over the internet: Meh, who the fuck cares?

Plus, since most secret services already have their secret entrances into almost every encryption software on the market, what's the point? OK, it can keep the odd script kiddie off your butt, but that's about it.

I agree with you. Obviously, everything we write in posts is public and accessible by everyone. So we know that when we post it.

But private messaging is different. And people talk about different things in PMs than they would on the board.

So this should be known by everyone.

Secret services can be given lots of problems and you can make it harder and harder for them to seize your property and protect your ownership rights. It's always better to take those actions and lower the likelihood.

I mean you have a lock on your front door, right?

It's not going to keep a bulldozer from going through your door, but it's better than leaving it unlocked all the time.

Alanzo
 

Ogsonofgroo

Crusader
To the contrary. I very much respect privacy and it would be incredibly irresponsible of me to not post what I know for the members of this board.

Alanzo

And thanks, I have mentioned on many boards that have brought this up over the years, there is no real security if someone really wants to get in. Some of the best practices, things like firewalls, encrypting, common sense, should be an awareness we all heed.

Don't let this make y'all paranoid or anything, just use yer heads, things like outing yourself to people you 'sort-of' trust, blah-blah-blah, via PMs etc.etc., giving up your real names when you want to remain anon, erm, be careful eh!

My wee 0.02 fer the beautiful, sad, mad, interesting afternoon.

:cheers:
 

Alanzo

Bardo Tulpa
And thanks, I have mentioned on many boards that have brought this up over the years, there is no real security if someone really wants to get in. Some of the best practices, things like firewalls, encrypting, common sense, should be an awareness we all heed.

Don't let this make y'all paranoid or anything, just use yer heads, things like outing yourself to people you 'sort-of' trust, blah-blah-blah, via PMs etc.etc., giving up your real names when you want to remain anon, erm, be careful eh!

My wee 0.02 fer the beautiful, sad, mad, interesting afternoon.

:cheers:

Exactly. No need to become paranoid.

But don;t get lulled into a false sense of security, either, just because it says "private messaging".

Just consider that private messaging is public, and don't send any sensitive information about yourself or others over that system.

Find another one that is more secure.

No problem.

Alanzo
 

Type4_PTS

Diamond Invictus SP
Also, since we're on the subject of internet security, be careful of the photos and videos you post online as well, as you may be inadvertently revealing information about the exact location of your home and workplace (or wherever you happen to be at the moment you took the photo), particularly with Smartphones which often automatically embed geotags into the photo in default mode.
http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html?_r=0

So if this is something you care about make sure you disable geotagging on your photos and video. :yes:
 

MrNobody

Who needs merits?
I agree with you. Obviously, everything we write in posts is public and accessible by everyone. So we know that when we post it.

But private messaging is different. And people talk about different things in PMs than they would on the board.


So this should be known by everyone.

Secret services can be given lots of problems and you can make it harder and harder for them to seize your property and protect your ownership rights. It's always better to take those actions and lower the likelihood.

I mean you have a lock on your front door, right?

It's not going to keep a bulldozer from going through your door, but it's better than leaving it unlocked all the time.

Alanzo

Yes, Private Messaging is different. I mean who on this board would care about my German cooking recipes or about my German comments on "how to get the best out of your frying pan"? Let alone the discussion about certain sexual practices?

But: Even encrypted PMs are only as secure as their readers and I've had some experiences with that which I don't want to talk about, but basically: User reads PM, neighbor drops by, user leaves PM window open while shootin' the breeze with neighbor, suddenly something needs immediate attention, user takes care of it while neighbor has all the time he needs to read the PM. Bang, the secret is out and you're fucked.

And don't tell me this cannot happen, because it does. And I won't even mention all the users who are lazy enough to use weak passwords.

The security you wish for, is just an illusion - an expensive one, when shit ever goes wrong.
 

Ogsonofgroo

Crusader
Also, since we're on the subject of internet security, be careful of the photos and videos you post online as well, as you may be inadvertently revealing information about the exact location of your home and workplace (or wherever you happen to be at the moment you took the photo), particularly with Smartphones which often automatically embed geotags into the photo in default mode.
http://www.nytimes.com/2010/08/12/technology/personaltech/12basics.html?_r=0

So if this is something you care about make sure you disable geotagging on your photos and video. :yes:

Its called 'meta-data', and is fairly easy to get around by loading to a off-PC place where there are options of stripping it. Yes, in other words. DO NOT load photos directly from your PC if you want to remain anon!

Thanks PT4 for bringing that to light, it is an important thingy thing :)

:cheers:
 

Alanzo

Bardo Tulpa
Same Alanzo as the one that was temp banned. :duh:

Same Smurf too!

With all the investigative work you do, I am surprised that this is your attitude about this thread.

You started off this thread with a personal insult to me and you have continued to insult me throughout the thread.

It would be great if you had something to contribute here.

Alanzo
 
Top