from @MidnightMan
If you have been wondering what you can do make a meaningful difference, then I may have an answer for you. Urgent action is required to prepare the people of the United States for a fascist government to come into power, and by extension the increasingly likely prospect of a genocide, but I can’t do it alone.
If you are a knowledge addict, data miner, proficient writer, or an otherwise gifted individual, then this may be your calling. We’re going to be doing and learning a lot of cool stuff, but the work is tedious, and it will aid you immensely to be driven either out of passion for learning and personal growth, love of labor, or sheer love for your fellow compatriots. Several self-maintained application servers are being run to assist with operations and collaboration.
If you’re curious or want to learn more, you can contact me at [email protected] with a new email for increased compartmentaliation, after which you will receive a reply from my primary email. Our activities are strictly legal, but anonymity on your part is strongly encouraged as a precaution to retaliatory action. Interested parties should not respond to this message over Lemmy.
#####################################################################################
The above message is likely an attempt to collect email addresses of people who might be well meaning. I would strongly advise against communicating with this person for the below reasons.
You cannot encrypt email End to End. It has to be stored in plaintext somewhere.
Yahoo does not offer encrypted email.
You have no idea of who will be emailing you back so there will be no way in which to validate your comms.
If you’re looking to organize you can follow the advice below
For those interested in building networks and organizing folks to get together that’s even better. However it carries some risk so if you’re organizing use E2E comms and if you’re researching use Tor Browser. Better yet use a Tails USB on a coffee shop wifi.
https://www.tomsguide.com/how-to/how-to-use-signal
https://www.torproject.org/download/
https://tails.net/doc/first_steps/index.en.html
And don’t communicate over email, even encrypted email. Email needs to be stored and archived for it to work, often in plaintext so it’s never going to be a secure way to communicate.
For a place to start looking for aid and assistance. If there’s a fridge or book or tool share that’s not there, notify them please so they can update the site.
If you’re looking for a place to help, look up Food Not Bombs plus whatever city is closest to you.
http://foodnotbombs.net/new_site/volunteer.php
I understand it’s an http site. Don’t sign up for anything that doesn’t pass your vibe check.
If you’d like to help undo all these info purges there’s
https://wiki.archiveteam.org/index.php/ArchiveTeam_Warrior
Most of all, talk to loved ones, build community. We keep us safe. If you’re interested you could start a patrol and disrupt ICE stakeouts.
https://www.immigrantdefenseproject.org/raids/
It’s a marathon not a sprint. Sometimes it’s as easy as doing the dishes. Mutual aid helps your neighbors and helps you.
https://afsc.org/news/how-create-mutual-aid-network
Self care and avoiding burnout is most important. They want us harried and worried and feeling like there’s nothing we can do. Fuck that
A Matrix server is one of the applications that I’m running, but I don’t let any random Joe into my place of work. Manually PGP’ed messages over email is perfectly viable for first contact.
The PGP public key still has to be shared plaintext… that makes it useless as anyone can sign it after that. Again email is the worst way to do this.
If you cannot host a secured and sandboxed Matrix server, I personally do not trust your security hygiene.
If you cannot host a Matrix server that you can sandbox and secure you can absolutely still build networks over Signal. There are multiple articles on how to anonymize yourself on that platform.
DO NOT USE EMAIL FOR THIS.
You need the private key to sign anything. The public key is only for encrypting outgoing emails which only the person with the private key can decrypt.
People have been using PGP over email for literally decades. You do not know what you’re talking about.
https://blog.mobilehelix.com/2018/05/15/secure-email-is-cracked-efail-link/
Did you even read that article? It has nothing to do with what I said. I pointed out that you don’t understand how public key encryption works, and you replied with an article about an exploit that does not refute what I said. An exploit that does An exploit that can be avoided by simply not clicking “load images”. An exploit that has probably been fixed in a client like Thunderbird anytime over the past six years. An exploit that has nothing to do with revealing your private key.
I don’t know why I’m wasting my time with you. You can’t even argue in good faith.
So you agree that an unsolicited message from someone you don’t know, asking you to email them could be suspect.
How about you address my actual reply instead of changing the topic constantly?
That sentence is incorrect. Just admit it.
How is that any different from a matrix chat or unsolicited signal chat or literally any other communications platform? You were saying that specifically PGP was somehow fundamentally bad when it’s actually better than most other communication platforms, because the private key is private, and messages are signed with that private key, and cannot be spoofed by a third party. You can’t know who you’re actually talking to (just like every other chat platform!) but you at least know every future message is from that same person.
I’ve admitted that was wrong about PGP in other posts in this thread.
The unsolicited nature of the initial communication is what I’m concerned with.
I’m learning a lot about PGP in this thread but my initial point still stands. Unsolicited invitation to an unencrypted email is a problem for me and my security hygiene.
Nice attack. But does this have any real-world consequences? I mean the attacker is decrypting their own email here, as far as I understand. This shouldn’t be possible. But it doesn’t really do harm, does it? I mean they kind of already know the plaintext, since they wrote it themselves…
It’s a problem with the local email client and PGP not being securely handled locally. I’m learning a lot about email in this thread.
Yeah, this thread is a bit weird. Completely different up/downvote ratio than the other one. And seems it’s now entirely about email and PGP 🤔
Well you see, I was wrong on the internet about PGP and Email.
The good thing though is I’m learning A LOT lol
This is so wrong you don’t share anything with PGP you never share a private key with anyone and you can shared your public key with anyone it’s useless without the private key.
MidnightMan can verify that I have their public key. Great, I still have no way to verify them. They’re a 22 hour old account spamming DMs asking to move to a less secure platform. It’s not the way this is done.
If “they” sign their message with their private key, you can use the public key to verify that “they” signed the message. Signing is, of course, a separate thing from encryption. And it only means that "whoever signed the message used the private key from a specific keypair – it doesn’t say anything about the intentions of the person or people who possess the private key.
Yes you can as bitch about the spam all day long but if you are going to, be correct about the technology you are talking
Also you can so verify them via their public key. Pgp has the ability to sign plain text documents but not encrypt for just that reason.
Recruitment hasn’t been what I’d hoped. I already have nearly two years of solo work built up, which means that at this rate it could be up to another decade before it’s finished. I don’t like stepping on toes, but I do need help.
Note I don’t know one way or another if you are spamming or not and everyone has a their own tolerance for the amount. But my problem was if they are going to complain about it. They need to be correct with their statements.
Fuck. I thought I was paranoid.
At every step of the way, you’ve managed to speculate and assume that I’m using the worst security practices possible. Stop.