Here's to hoping for a MeeGo port...

And good job, Twitter. Somehow you're becoming far more sympathetic than that 'other' big social network player...

> I once needed access to a credit card i'd left at home with my folks.
> I relised i had no way of communicating it securely. In the end we
> had to split the transaction of that info over email and a voip call.

This is where you could use an (emergency) one-time pad. Stuff a few small sheets in your wallet on your travels, preferably waterproof, and leave the corresponding pads at home. You can now communicate short messages in ultimate security regardless of medium.

> If you suddenly start using encryption, it'll throw up a big flag.

> If you've always been using strong encryption, then there's no
> change in behavior to be noticed.

Yes, and if you suddenly stop sending plain-text messages for three months (because you are on vacation), your behavior will be interpreted as you having gone underground plotting to overthrow the free world.

Seriously, where do you come up with stuff like that? That's what I call a paranoid mindset, not the person's, who wants to simply use crypto to keep his/her privacy!

> It strikes me that they have no trouble with the common practice to
> list name and e-mail address on one of the PGP key servers

> I would also really like to use PGP but I don't want my details listed
> on one of these servers.

I had this gripe myself, for the same reasons I decline being listed in the phone book. I send my public key to interested people directly, usually after a couple plain-text exchanges. This doesn't, however, protect me from having someone else upload the key to a key server. What is needed, IMHO, is a "NO KEY SERVER" option in the public key, that, when present, will cause key servers to just discard any such uploaded key and not list it publicly.

In the meantime, you can always use a pseudonym as name on your key. The people you know you can easily explain that to and the people you don't know don't care anyway since they have no way of verifying in normal interactions.

> my email is pretty darn non-interesting to anyone

How do YOU know? The value is determined by the other person(s), not you!

> But who you are talking to cannot be encrypted, and that is almost
> as valuable as the contents.

Actually it can. Research remailers and NYM accounts.

And you are correct about the implications of traffic analysis in even the most benign message (content)!

> A major issue is key exchange of course

It shouldn't be. First there's keyservers, second, this could also be done by the mail client. Incoming e-mail signed with unknown key? MUA should automatically prepare a "Send public key!" reply. This could even be in the background without user intervention. Also the sending of the key in response could, and perhaps should, be automated. Message with key arrived? MUA - Import! Solved!

Security issues do not apply here really. You can only ever verify keys with people you actually know or at least meet in person. Everything else you just have to take on faith anyway...or two or so intermediate introducers.

Hey! Don't post my luggage combination, man!

Finally monkey meat again! :-P

Apple quietly got a grant from the U.S. Air Force Space Command to develop a virus for 'space-craft defensive measures'...

This ain't "Troll"ing, dear Mods. But you'd know that if you had read the article! :-P

> I asked our beloved SAZAS about this matter. The question
> specifically was: what was your opinion on playing open-source /
> cc music in a waiting room? The reply was that since all authors
> must report to SAZAS and report their incomes and creative
> commons authors do not, such music was illegal in Slovenia.

I'd love to see that go to trial! And then to Strasbourg...

IHRE PAPIERE!

> Or they can tap your phones, or hire a hooker to seduce you.

YES!!

Allow me to mention, that I've got a *lot* of secrets to divulge... ^__^

Out of interest: are there, presumably theoretical, estimates, just how long it would take a quantum computer to crack RSA and the like? Would this be an instantaneous thing, would it take minutes, days, weeks?

Inquiring mind wants to know...