Re: [tlug] search for encrypted information exchange

[Curt Sampson <cjs@example.com>]

On 2009-08-28 22:55 +0900 (Fri), Bruno Raoult wrote:

> If I say I don't, I don't understand why everybody here pretends to know
> more about my laptop than I do...

I'm not sure that we're pretending. Consider that if you don't know what
you're talking about, you would be quite likely to think that you do.

You are certainly working very hard to lead us into thinking that we
know more than you. You are taking the classic approch of someone who
doesn't know what he's talking about: making bold and unusual claims for
which experts would normally want substantiation and refusing to explain
them.

> I just said: "no data I care about". And yes, I know about browser caches,
> etc...

Right. So if you never use your browser, why don't you just come out and
say so, rather than being all coy? You have to admit, that's pretty darn
unusual behaviour for the user of a personal computer.

On 2009-08-29 09:23 +0900 (Sat), Bruno Raoult wrote:

> I already wrote it in my first post: I have nothing to hide on my laptop.
> I use it for video editing only, when I go on holidays.

This is the first I'd heard of it. Why didn't you just say that you
never have (and never will) access your mail from that laptop, nor use
the web, and that in fact you've never had it plugged into a network?

> If yes, can we say that if my safe is empty, I don't need to close it?

Certainly not. If you make it a practice to close your safe only when
there's something valuable in it, you've now given your attackers the
ability to determine when it is or is not worth attacking.

> But I don't have the feeling to be a fool on this particular subject
> (i.e. trying to adapt the security depending on the contents, not on
> the container itself).

Unfortunately, you are, at least in the sense that you chose a
particularly bad and misleading way to explain this. 

You certainly set it up to compare your extremely unusual situation to
that of an average user (because you didn't describe how different it
really is), and that could mislead said average user into thinking he
doesn't need encryption either. That's a big disservice to the security
community and those they serve.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com