[cryptography] Encryption Experts and Snake Oilers Quacking Like Governments

John Young jya at pipeline.com
Sun Nov 30 16:07:00 EST 2014


Capitalizing on the comsec frenzy, several sites, probably many,
are offering to encrypt for those who do not want install programs
or find them too difficult to use. All appear to promise that no
records, private and public keys, email addresses or content
will be kept. Trust them.

For example, here's one used to send encrypted messages:

https://www.igolder.com/pgp/encryption/

This approach suggests that the renewed crypto wars have again
bred a new round of opportunities to beguile those who yearn for
comsec but do not know how to get it, nor how to evaluate the
offerings, in particular those provided by US producers which they
doubt are free of government manipulation. But they also doubt that
any cryptosystem is free of that, thanks to the NSA revelations of
global cooperation among nations to do what NSA does, and the
failure of crypto experts and firms to fully disclose their aid to
governments, before and after Snowden's revelations.

So the downside of Snowden's revelations is that there is considerable
suspicion that all crypto is compromised, and, worse, that snake oil
is not really different from the good stuff for the ordinary user who lacks
the technical skills to distinguish them. And that comsec experts are
in league with authorities to dupe the public by excessive warning
of snake oil to peddle their own offerings, that is, experts and
snake oilers are doing what governments do.

Trust Snowden, trust experts, trust governments, but distrust
snake oil. Wait, users say, how can we tell the difference when
they all quack like ducks.




More information about the cryptography mailing list