After days my friend found the way to setup Thunderbird to send and receive mail from Riseup, one of the Radical Technology Collectives that work to keep activist communication channels secure. They provide IMAP for downloading your mails, and downloading your mails is the preferred method indeed, even more so if you want to use PGP for encrypting emails as well. Tutorials on their pages were for an old Thunderbird version that didn't look like what we had in the latest Ubuntu. The winning combination:

• Edit > Preferences > Privacy > Security > Verification > Do not use OCSP
• Account Settings > your@riseup.net > Server Settings > Incoming options: IMAP, mail.riseup.net, port 143, TLS, do not use secure authentication
• Account Settings > Outgoing Server > SMTP, mail.riseup.net, port 465, SSL

And the PGP worked (of course with the Enigmail plugin installed) with setting "Use pgp-agent" off:

• OpenPGP > Preferences > Advanced > Do not use gpg-agent.

Ps: At some point i will detail how we configured a PUSCII (another Radical Technology Collective) email address for Emacs and Mew on another friends' computer.

Why was I nervous all day if I use privacy tools all the time? Because of specialisation. Professionals use professional tools, so they can be very stupid when it comes to empowering people who have only 3 hours to spend on a thing. We already discussed this in Dijon: system administrators simply don't log into the webmail interface their collective provides as a service because it's a lame and clumsy thing to do: they have their own 1337 mailreaders. Yesterday I was talking a Riseup person about their web interface: if it provides PGP support or not. He was not sure about it since he never uses this, but most users use it every day. That's why Riseup introduced a ticket system through which users can help each other: as the example above shows, sometimes the novices can learn more effectively from the advanced users than from the administrators. We had a similar dynamic in today's workshop about online privacy: the participants who achieved one task helped out those who struggled with it, and we went forward like this, step-by-step together like a swarm.

PGP or Pretty Good Privacy is a way to encrypt (and sign) your emails. It does not provide anonymity, just encryption and authentication, so your social network and communication habits are still public. You need to use anonymous remailers if you want anonymity as well, but they constitute a lore more obscure. So with PGP the Subject of the mail, the time and the addresses involved are up for grabs, but at least the body is encrypted.

The most fascinating thing about PGP is that is uses an irreversible mathematical algorhytm. Everybody has two keys: the public key for propagation and the private key which is a personal secret not to be shared with anyone even if they ask. A signed and encrypted message will be jumbled using a combination of the recipient's public key and the sender's private key, and restored using a combination of the recipient's private key and the sender's public key. Because of this you need to exchange keys with your partners, which is a fascinating social ritual, like in a Stevenson novel. At one point the United States government banned it from export because they categorised it as ammo.

So we spent one hour talking and doing a walk-through and then two hours in two small groups. We went from creating an account to exchanging encrypted messages. Of course there were problems, typically about people forgetting their passphrases just after they created their keys, and in one case we couldn't figure out what was going on until the end. The rest is nonexact statistics: at least 6 new email addresses with radical technology collectives, 8 PGP keypairs generated, 2 new Tor users on the block, and around 10 people all-in-all at the workshop. I repeated our mantra "There is no perfect security." enough times that some people asked for further explanations, so we will have a smaller workshop next week and another big one at the end of February. Another bad day for the authorities, another day when people share knowledge and arm themselves with it.

• 2008-01-29 18:00
• Sirály, Király utca 50.
• Titkosított levelezés
• Anoním Internetezés
• Hozd el a számítógéped!

Vigyázz a seggedre a kibertérben és alázd meg a társadalmi kontroll mindenttudó isteneit! A műhely során elsajátíthatod az Internetes lopakodás alapjait, mint a PGP használata titkosított levelezéshez és az anoním szörfölés Tor-al. Az említett technológiák hatékonyabb alkalmazása érdekében azt is megtanuljuk, hogy hogyan szerezzünk kalóz email címet és hogyan futtassunk böngészőt pendrive-ról.

• 2009-01-29 18:00
• Sirály, Király utca 50.
• Encrypted emailing
• Anonymous browsing
• Bring your computer!

Watch your back in cyberspace and defy the omniscient gods of control society! The workshop covers the very basics of online stealth like email encryption with Pretty Good Privacy and anonymous browsing with Tor. In order to take more advantage of these technologies we will learn how to get a pirate email address and how to run an Internet browser from a pendrive. No special prior knowledge required.