Page 4 of 8 FirstFirst 12345678 LastLast
Results 61 to 80 of 141

Thread: Re: Truly Trulymail

  1. #61
    nemo_outis
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in
    news:8e5tg2F8a1U1@mid.individual.net:

    Ari, you have so many names, so many aliases, so many
    sockpuppets that I've lost track. However, the feature that
    unites them all is rambling incoherence coupled with unfocussed
    hostility.

    Back under the bridge, troll.

  2. #62
    Gordon Burditt
    Guest

    Re: Truly Trulymail

    >I am John (though, I am not the only one here named John). The
    >identities of our investors is not public information. Is this
    >something that is important for you to know? If so, may I ask why?


    If someone wants to keep his mail private, he probably has an idea
    *WHO* he most wants to keep it private from. For example:

    - his wife and her lawyer
    - other companies competing with his company in the field he's working on.
    - nations unfriendly to his nation.
    - anyone who might want to hold him for ransom or assassinate him
    - anyone who might want to trade on insider information for profit

    Designers of cryptosystems can leave in trap doors so they can read
    the traffic. Especially if it's not open-source, you have to trust
    them not to do so. Or sometimes it's done so their servers are the
    ones that do the encryption/decryption in the first place (as is the
    case for digital cell phones, so the cell phone companies handle the
    cleartext).

    It would be extremely prudent to try to determine if your investors are,
    for example:

    - The NSA, KGB, and Mossad
    - Al Queda and similar terrorist groups
    - North Korea, Iraq, and Iran
    - A Columbian drug cartel
    - TransUnion, Equifax, and Experian
    - Organized crime

    before using their cryptosystem.

  3. #63
    nemo_outis
    Guest

    Re: Truly Trulymail

    gordon@hammy.burditt.org (Gordon Burditt) wrote in
    news:2radnZPtks1AVeDRnZ2dnUVZ_uWdnZ2d@posted.internetamerica:

    > If someone wants to keep his mail private, he probably has
    > an idea *WHO* he most wants to keep it private from. For
    > example:
    >
    > - his wife and her lawyer
    > - other companies competing with his company in the field
    > he's working on. - nations unfriendly to his nation.
    > - anyone who might want to hold him for ransom or
    > assassinate him - anyone who might want to trade on insider
    > information for profit


    Yes, a risk and consequence analysis, however informal and
    unstructured, is a prudent idea. However, it's not likely
    that any prudent man, even though untutored in the intricacies
    of encryption, would entrust TrulyMail with really serious
    matters where disclosre could have severely adverse
    consequences. TrulyMail is plainly intended for more light-
    duty matters of ordinary privacy.

    Perhaps the best analogy is that if ordinary mail is
    equivalent to a postcard that anyone can read, then TrulyMail
    would provide protection equivalent to a letter enclosed in an
    envelope. Better privacy, yes, but far from impregnable
    security. Ordinary privacy, not bombproof spy-versus-spy
    privacy.


    > Designers of cryptosystems can leave in trap doors so they
    > can read the traffic. Especially if it's not open-source,
    > you have to trust them not to do so. Or sometimes it's
    > done so their servers are the ones that do the
    > encryption/decryption in the first place (as is the case
    > for digital cell phones, so the cell phone companies handle
    > the cleartext).
    >
    > It would be extremely prudent to try to determine if your
    > investors are, for example:
    >
    > - The NSA, KGB, and Mossad
    > - Al Queda and similar terrorist groups
    > - North Korea, Iraq, and Iran
    > - A Columbian drug cartel
    > - TransUnion, Equifax, and Experian
    > - Organized crime
    >
    > before using their cryptosystem.


    A lovely idea. How the flying **** would you suggest an
    ordinary person - the kind of person that TrulyMail is clearly
    intended for - would go about doing anything of the sort? Are
    you seriously suggesting that Mossad or the NSA could not
    disguise the true principals of such a company from the
    investigations of all but an equally well-resourced agency?
    Hogwash!

    Have you considered how many "trust relationships" you have in
    your life? from a contractor putting a roof on your house, to
    the girl you dated and married, to the oncoming drivers in the
    other lane every morning commute? Are you sure your
    greengrocer isn't poisoning you? Have you vetted him? Do you
    know his grandmother's maiden name?

    Do you run a full background check of the airline pilot before
    you board a flight or do you just "trust" in the mechanisms of
    the airline to do this? And how thorough are they? - even if
    they did a good job initially, perhaps the pilot has become
    sucicidally depressed of late?

    In short, there are a gazillion trust relationships you rely
    upon every day of your life - trust relationships that could
    portentially have far more adverse consequences than disclosed
    email. Let's not obsess about cryptographic mechanisms - some
    folks just want a little better privacy than open email.

    Regards,


  4. #64
    Joseph Ashwood
    Guest

    Re: Truly Trulymail

    "TrulyMail Support" <support@trulymail.com> wrote in message
    news:408b2458-61cd-4985-b311-c7f148301512@m35g2000prn.googlegroups.com...
    > On Sep 1, 7:46 am, "Joseph Ashwood" <ashw...@msn.com> wrote:
    >> From there on, anything else you say is completely irrelevant, your
    >> design
    >> is a complete security failure.TrulyMailis completely snake-oil.


    > The password that is recoverable is the password to download new
    > messages from the server.


    So the recovered password is the password to read the messages. The
    recovered password is the exact password that should not be recovered.

    Its like offering the thieves the key your house.

    Its still snake oil, and stating the exact problem will not change that.
    Joe


  5. #65
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Wed, 01 Sep 2010 04:20:44 GMT, nemo_outis wrote:

    > gordon@hammy.burditt.org (Gordon Burditt) wrote in
    > news:2radnZPtks1AVeDRnZ2dnUVZ_uWdnZ2d@posted.internetamerica:
    >
    >> If someone wants to keep his mail private, he probably has
    >> an idea *WHO* he most wants to keep it private from. For
    >> example:
    >>
    >> - his wife and her lawyer
    >> - other companies competing with his company in the field
    >> he's working on. - nations unfriendly to his nation.
    >> - anyone who might want to hold him for ransom or
    >> assassinate him - anyone who might want to trade on insider
    >> information for profit

    >
    > Yes, a risk and consequence analysis, however informal and
    > unstructured, is a prudent idea. However, it's not likely
    > that any prudent man, even though untutored in the intricacies
    > of encryption, would entrust TrulyMail with really serious
    > matters where disclosre could have severely adverse
    > consequences. TrulyMail is plainly intended for more light-
    > duty matters of ordinary privacy.


    Untutored men have no prudence when examining the trust factor of
    Trulymail. By definition. They are conned into believing Trulymail and
    Trulymail alike products actually do what they exorbitantly claim to
    do.

    But you knew that. Why the falsehoods, the lies and the deceit from
    you?

    > Perhaps the best analogy is that if ordinary mail is
    > equivalent to a postcard that anyone can read, then TrulyMail
    > would provide protection equivalent to a letter enclosed in an
    > envelope. Better privacy, yes, but far from impregnable
    > security. Ordinary privacy, not bombproof spy-versus-spy
    > privacy.


    There is nothing, nothing at all, zero, nada, that corroborates this
    proclamation of yours. Nothing from you, certainly nothing from closed
    lipped, tightly concealed, "working in the shadows" Trulymail.

    There were times on thse forums, outis, where you were so much more
    truthful, foregoing and inquisitive. Why the falsehoods, the lies and
    the deceit from you?

    > How the flying **** would you suggest an
    > ordinary person - the kind of person that TrulyMail is clearly
    > intended for - would go about doing anything of the sort? Are
    > you seriously suggesting that Mossad or the NSA could not
    > disguise the true principals of such a company from the
    > investigations of all but an equally well-resourced agency?
    > Hogwash!


    No one suggests anything other than that. Which is not the point and,
    again, you know that. Why the falsehoods, the lies and the deceit from
    you?

    It is incumbent on any crypto system provider to be all in or all out
    if they are ethical and true purveyors of privacy. What might be
    private to one person (a sentimental note to a friend) and private to
    another (overthrow of a government) is inconsequential to the privacy
    goals of the user. They buy Trulymail to be assured that regardless of
    their messages *their commo is private*.

    Trulymail fails this test in spades. MOF, there is no test for
    Trulymail which is by many magnitudes a much greater indiscretion.

    > In short, there are a gazillion trust relationships you rely
    > upon every day of your life - trust relationships that could
    > portentially have far more adverse consequences than disclosed
    > email. Let's not obsess about cryptographic mechanisms - some
    > folks just want a little better privacy than open email.


    What a hypocritical oaf you are. you fashion arguments to meet your
    personal agendas. In this case, it is to attack me.

    Let's look at neom outis when he had a pair and not consumed with
    emotional issues and insane rants.

    "Ok, I've given you some high-level stuff to think about; now I'm
    going to give you some specifics.

    The first is regarding encryption. This is the main line of
    defence in preserving computer security/privacy. There are a lot
    of different approaches out there, some of which are suspect, and
    some of which are downright snakeoil. For instance, Microsoft's
    encrypting file system for NTFS (available as part of Windows
    NT/2k/2k3/XP) is easy to implement incorrectly (e.g., leave key
    on HD), has inherent flaws (e.g., is not OTFE) and many suspect
    there are backdoors put in it for law enforcement."

    http://preview.tinyurl.com/29php9v

    And dozens more like this.

    Yet you are willing to cut Trulymail a pass card because...well, hell,
    because why? They have already admitted to having zero expertise in
    implementing encryption yet you blither and blather on in their
    defense?

    Gee, maybe I should shutup and let you defend their snake oil.
    --
    Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702

  6. #66
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Tue, 31 Aug 2010 22:30:37 -0500, Gordon Burditt wrote:

    >>I am John (though, I am not the only one here named John). The
    >>identities of our investors is not public information. Is this
    >>something that is important for you to know? If so, may I ask why?

    >
    > If someone wants to keep his mail private, he probably has an idea
    > *WHO* he most wants to keep it private from. For example:
    >
    > - his wife and her lawyer
    > - other companies competing with his company in the field he's working on.
    > - nations unfriendly to his nation.
    > - anyone who might want to hold him for ransom or assassinate him
    > - anyone who might want to trade on insider information for profit


    Or you might say that they perceive different levels of capabilities
    of their adversaries and adjust accordingly.

    The Trulymail model has no verifiable privacy against any of your
    adversaries mentioned. For all anyone knows, they could read emails,
    contact your adversaries and sell their info.

    Very lucrative, btw.

  7. #67
    TrulyMail Support
    Guest

    Re: Truly Trulymail


    > So the recovered password is the password to read the messages.


    No, it is not.

    The password allows you to 'access' the encrypted message (hence the
    metaphor of your email account's password - if I have that password I
    still cannot read your encrypted messages). You still need your
    private key, not your password, to decrypt it. We keep your password
    on the server (to verify who you are) but we don't keep (or ever have)
    your private key.

  8. #68
    TrulyMail Support
    Guest

    Re: Truly Trulymail

    On Sep 1, 2:11*am, "Mr. B" <n...@supplied.com> wrote:

    >
    > -- B


    Mr. B: Is there a way to contact you off-group?

  9. #69
    Mr. B
    Guest

    Re: Truly Trulymail

    TrulyMail Support wrote:

    > On Sep 1, 2:11 am, "Mr. B" <n...@supplied.com> wrote:
    >
    >>
    >> -- B

    >
    > Mr. B: Is there a way to contact you off-group?


    I will contact you; is support@trulymail.com the correct email address to
    use?

    -- B

  10. #70
    TrulyMail Support
    Guest

    Re: Truly Trulymail

    On Sep 1, 7:10*pm, "Mr. B" <n...@supplied.com> wrote:
    > TrulyMailSupport wrote:
    > > On Sep 1, 2:11 am, "Mr. B" <n...@supplied.com> wrote:

    >
    > >> -- B

    >
    > > Mr. B: Is there a way to contact you off-group?

    >
    > I will contact you; is supp...@trulymail.com the correct email address to
    > use?
    >
    > -- B


    Yes.

  11. #71
    Bear Bottoms
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in
    news:8e4f2tFo5nU1@mid.individual.net:

    > On Tue, 31 Aug 2010 01:42:07 -0700 (PDT), TrulyMail Support wrote:
    >
    >> On Aug 31, 12:10*pm, Ari Silverstein <AriSilverst...@yahoo.com> wrote:
    >>
    >>> Thanks for the info, John.
    >>>
    >>> What is you and your companies background in delivering and
    >>> implementing encryption?

    >>
    >> TrulyMail (the company) has been around a short time (two years). Our
    >> products include the TrulyMail Client and related TrulyMail services
    >> (encrypted, private messaging, for example). We have been offering
    >> these products for about two years now.
    >>
    >>> Who is "John", who are the investors, management and directors
    >>> ofTrulymail?

    >>
    >> I am John (though, I am not the only one here named John). The
    >> identities of our investors is not public information. Is this
    >> something that is important for you to know? If so, may I ask why?

    >
    > If you're dealing with security products, especially without open
    > source coding, /who/ you are and your background is extremely
    > important.
    >
    > The fact that you ask this question is startling.
    >
    > And informative.


    I installed this program three weeks ago and nobody has hacked my email yet.
    Can you read my email? No. Good program.

    --
    Bear Bottoms
    Freeware website: http://bearware.info

  12. #72
    Dave U. Random
    Guest

    Re: Truly Trulymail

    On Wed, 01 Sep 2010 02:23:19 GMT, nemo_outis wrote :
    > "Steve Terry" <gfourwwk@tesco.net> wrote in
    > news:i5kcvg$m1a$1@news.eternal-september.org:
    >
    > Oooh, another Ari sockpuppet. The voices in your head must
    > get hard to sort out, eh Ari?
    >


    The real Steve Terry..........
    http://www.freeuploadimages.org/imag...55iou6wxj9.jpg



  13. #73
    nemo_outis
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in
    news:8e69t4FoiuU1@mid.individual.net:

    You still here? You were dismissed.

  14. #74
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Wed, 01 Sep 2010 07:57:31 -0400, Mr. B wrote:


    >> nemo blathered like a loon: PGP and GPG, no matter how interesting
    >> they are, are a failure - they have totally failed to convert
    >> ordinary email users from the postcard model of email with
    >> everything wide open.



    > In all likelihood, Trulymail will also be a failure. PGP did not fail
    > because it was too complicated to use, or too complicated to set up, it
    > failed because most users did not perceive the problem it solves as being a
    > problem. The general public still holds the belief that if they have
    > nothing to hide, then there is no problem with others having the ability to
    > inspect their email. Try having a conversation about the issue some time,
    > with a person who is completely unaware of cryptography, and you will be
    > lucky to even get to the topic of email encryption before that person loses
    > interest.


    nemo wants to blame PGP and label it a failure because it did not
    majickally educate the masses that email is insecure?

    *LARF*

    No wonder nemo keeps dropping the Xposts to sci.crypt and
    alt.comp.security (now reinstated from his doing so for the umpteenth
    time in this thread).

    PGP was Zimmerman's response to having his life compromised from
    intercepted email and other commo from his pre-PGP, ongoing and
    historically recorded human rights activism. He had no stated
    intention whatsoever to "educate the world" regarding email
    insecurities. He primarily developed PGP to solve his own problems and
    those of his fellow activists. Once it was developed, he gave it away
    for free.

    If from the release of PGP people asked "why do I need this" as a
    secondary or tertiary result, that was all fine a good. But it was not
    the focus of his work anymore than the auto was conceived by Ford so
    we can populate the Earth with backseat babies.

    Does Trulymail purport to be offering their product as an education in
    a box? No and neither did Zimmerman.
    --
    Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702

  15. #75
    Bear Bottoms
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in news:8e5j7sFmtfU1
    @mid.individual.net:

    > On Tue, 31 Aug 2010 17:13:29 +0100, B℮ar Bottoms wrote:
    >
    >> On Tue, 31 Aug 2010 11:25:32 -0400, Ari Silverstein wrote:
    >>
    >>> Don't even think about trying to sell to the US Gov't, DoD or any
    >>> of the intertwined military-intelligence agencies. They /really/ frown
    >>> on foreign nationals who play at such serious business.

    >>
    >> We will see. I say, see you next Tuesday Silverstein. Who needs to sell to
    >> the government? I have friends who will pay big for the right service.

    >
    > Well Bottoms there are times I would much prefer to deal with you,
    > Debbie and the Bear crew than some of the dunderheads we have to screw
    > around with in the USGov.
    >
    > Not many times.
    >
    > Maybe only once to be truthful.


    You responded to a forgery.

    --
    Bear Bottoms
    Freeware website: http://bearware.info

  16. #76
    nemo_outis
    Guest

    Re: Truly Trulymail

    Dave U. Random <anonymous@anonymitaet-im-inter.net> wrote in
    news:f312ada478be39e86a514661b73c7f41@anonymitaet-im-inter.net
    :

    > On Wed, 01 Sep 2010 02:23:19 GMT, nemo_outis wrote :
    >> "Steve Terry" <gfourwwk@tesco.net> wrote in
    >> news:i5kcvg$m1a$1@news.eternal-september.org:
    >>
    >> Oooh, another Ari sockpuppet. The voices in your head
    >> must get hard to sort out, eh Ari?
    >>

    >
    > The real Steve Terry..........
    > http://www.freeuploadimages.org/imag...adt155iou6wxj9.
    > jpg
    >


    Oooh, a sockpuppet photo!

  17. #77
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Wed, 1 Sep 2010 04:44:22 -0700 (PDT), TrulyMail Support wrote:

    >> So the recovered password is the password to read the messages.

    >
    > No, it is not.
    >
    > The password allows you to 'access' the encrypted message (hence the
    > metaphor of your email account's password - if I have that password I
    > still cannot read your encrypted messages). You still need your
    > private key, not your password, to decrypt it. We keep your password
    > on the server (to verify who you are) but we don't keep (or ever have)
    > your private key.


    The password on your server verifies nothing. It is simply a process
    that resolves /someone/ has a password and, in turn, /someone/ has a
    key. No identification is made of who that someone is. Hence, no
    verification or authentication.

    The terms identification, authentication, verification and ultimately
    authorization are defined from the world of biometrics. Where these
    processes can be invoked.

    I can't fault you too much for this misuse of term. These terms have
    been abused for years now by many companies who desire to overstate
    the capabilities of their security systems.

    Think of it this way. If I walk up to you and say "Hi, I'm Ari"
    without something to verify my ID (Passport, secure credentials card,
    etc.) you have nothing of value except a statement. Much like your
    password matching on your server.
    --
    Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702

  18. #78
    Ari Silverstein
    Guest

    Re: Truly Trulymail

    On Wed, 1 Sep 2010 16:49:03 +0200 (CEST), Dave U. Random wrote:

    > On Wed, 01 Sep 2010 02:23:19 GMT, nemo_outis wrote :
    >> "Steve Terry" <gfourwwk@tesco.net> wrote in
    >> news:i5kcvg$m1a$1@news.eternal-september.org:
    >>
    >> Oooh, another Ari sockpuppet. The voices in your head must
    >> get hard to sort out, eh Ari?
    >>

    >
    > The real Steve Terry..........
    > http://www.freeuploadimages.org/imag...55iou6wxj9.jpg


    nemo always plays the "sockpuppet" card when he's getting his ass
    kicked off. lol

    A quick Google would have placed Terry in the UK but, hey, when nemo
    gets all fluffed up and spitting hairballs, why let truth get in the
    way, eh?
    --
    Talk about F-Cars - www.ferrarichat.com/forum/member.php?u=89702

  19. #79
    nemo_outis
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in
    news:8e7fvlFpgU1@mid.individual.net:

    ....
    > The terms identification, authentication, verification and
    > ultimately authorization are defined from the world of
    > biometrics. Where these processes can be invoked.


    No, Ari, the "world of biometrics" is not where these terms
    are defined, despite the eagerness of some techies to coopt
    and kidnap them. Identification, authentication, verification
    and authorization are terms with long, well-understood and
    broadly applied meanings dating back long before the word
    "biometrics" was even coined. And even the diversity and
    range of meaningS (not meaning) of these terms carries
    considerable significance.

    If techies wish to apply specialized limited meanings to these
    terms in some specialized limited context, fine - but don't
    pretend that that somehow pre-empts and supplants the
    original.


    > Think of it this way. If I walk up to you and say "Hi, I'm
    > Ari" without something to verify my ID (Passport, secure
    > credentials card, etc.) you have nothing of value except a
    > statement. Much like your password matching on your server.


    No, Ari, all a passport, birth certificate, Verisign cert, or
    other document is is just another "statement" from some other
    person or institution. Why you should put more trust in one
    rather than the other is determined by the context and
    circumstances.

    Trust is a non-trivial problem. And dressing it up with
    pseudomathematical techie concepts that are manifestly wrong
    (e.g., trust relationships are transitive) doesn't really
    tackle the problem - it's just putting lipstick on the pig.

    If you truly want security than human relationships are the
    core (of which trust is one very mportant aspect). If you
    really want security you would do far better to read
    Shakespeare than the HAC. Greed, power-lust, ambition, envy,
    spite, betrayal, revenge - these are the real security issues
    - not trivia such as whether you use 128 or 256-bit AES.

    Techies fall in love with the technology and often lose track
    of the real issues for which it is just a tool.

    Regards,


  20. #80
    nemo_outis
    Guest

    Re: Truly Trulymail

    Ari Silverstein <AriSilverstein@yahoo.com> wrote in
    news:8e7g7nF2fvU1@mid.individual.net:

    Ari the puppetmaster defends his puppet. How long before the
    puppet chimes in to defend the puppetmaster?

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •