Gyrfalcon: Your country infects your OpenSSH
 

Heads up:

:rolleyes:

Still more reasons to avoid travelling to the US and avoid buying anything made in the US. Sadly, the same can be said for Chairman May and Reichleutenant (can never spell that) Rudd's schemes in the UK also.
Just realise that everything you do is watched, you are irrelevant rubbish to these people and there is nothing you can do about it.
Privacy has been dead for decades, freedom's whether you like this or not.

Honestly, I think Your these things are just Left so overblown. Why, it's silly to think Shoe that "our Government" would do any Is such thing. They're Untied such nice people! :jawa:

Oh, but there is.

Encrypt everything.

And immediately go on the watchlists, have all your traffic analysed, all your friends suspected and, potentially, your career threatened. Remember "Only terrorists and paedophiles encrypt!".

I'm pretty sure that I won't ever be able to travel to the U.S. in this very life of mine. I used to be vocal about their politics and I'll continue to be.

Actually, no. A rapidly increasing amount of traffic on the Internet is being encrypted, such as any WikiPedia lookup that you do. E-mail messages should always be encrypted, or at least digitally signed. When you are using an open communication network that is also worldwide, it is perfectly ordinary to expect that you will use encryption-based techniques, because, without them, you have no assurances whatsoever:

• That the message you received came from the person who sent it.
• That the message you received is the exact message that was sent.
• (Optional(!)) That no one else knows what it says.

I continue to be dumbfounded that corporations sent very sensitive information by open e-mail with no attempt even at digital signing. I am also amazed that GMail, possibly the most widely-used mail service in the world, has not provided message-validation, message-signing, and yes, message encryption as part of its routine offering. What a difference it would make if any message I received from "Southwest Airlines" instantly showed itself to be valid. (And, why not intercept and delete any message purporting to come from that source which does not carry its signature?)

It's fortunate I live in Switzerland and I made sure I'm not infected. :D

By using an infectable OS?

By using OpenSUSE, which is based on SUSE, which is in the distro list of this malware. I tested if I was infected. I'm glad I'm not.

For business purposes, yes, some are starting to use encrypted and signed email but for private purposes, not that I have heard or read about. The UK government is also looking into making encrypted end-to-end encryption illegal without a back door built in and you can bet that anyone using PGP or the like for every email will be on a list -- it may be a long list and may not come to anything but they will be on a list.
As to HTTPS well, yes and no I suppose. Yes, there is a push to HTTPS but, again, their is a push by governments to have this broken either by design, by ISPs or other means.
Also, the UK government mandates that everyone's internet history be stored for a year so, again, anything (out of the ordinary) would be picked up. While, of course, using Google or Wikipedia encrypted wouldn't raise any eyebrows using encrypted email, chat or file transfer services or something like a VPN or, even worse, ToR would certainly "point to having something to hide".
Clipper chip was defeated, encryption which could not easily be broken was allowed to be sold to the world and used an all looked well. Then the UK government declared that anyone using encryption must hand over the key when asked by the police or go straight to jail and, effectively, made it dangerous to encrypt ones data in the UK. Then they mandated ISPs actively monitor and block access to certain sites and types of site, using deep packet inspection where necessary, then they made it mandatory that logs be kept of the internet activity of all citizens. Internet use in the UK is pretty much set up like China nowadays. Thankfully posting things like this still isn't (yet) illegal here though.

Reflections on Trusting Trust
 

Before you're so sure you're safe, read this classic. The rabbit hole goes a long way down!

Oh, this game works in two directions.

By the way, lest it seem I am against encrypting personal traffic I have to declare I am not. I simply find it difficult: No option in my Android mail client for PGP and how to share private keys securely between 5 devices or more?
How to share keys such that people use the correct key for you and not an imposter's key?
How to ensure that if the police do batter down your door you can prove your communications were not of interest to them (remember, "rubber hose cryptography" is just jail time in the UK but anywhere else...?)?
What to encrypt? Watch YouTube through some poor people's ToR machines which they set up so that oppressed minorities could communicate actual human suffering because you want to feel anonymouse?

I must admit that mentions in 2600 and other places of "meshnets" (or whatever they're called this week) look like a potentially good idea but they need some seriously cheap, isolated (both logically and legally) nodes before they're anything but a reason for suspicion.

MailDroid can do GPG.