Feeds

back to article Going lo-tech to avoid NSA snooping? Unlucky - they read snailmail too

Privacy-conscious US citizens looking to go retro in the wake of the ongoing controversy about PRISM-related snooping and the NSA harvesting metadata on an industrial scale will find little refuge in snail mail. The New York Times reports that the United States Postal Service photographs the exterior of every piece of mail going …

COMMENTS

This topic is closed for new posts.

Page:

Black Helicopters

Time to start sending hand-written extracts of the Voynich Manuscript on postcards to any activists you know. It'll be decoded in no time! Likewise, Linear A and Rongorongo.

9
0

I like the idea, but you might find yourself detained and beaten with a rubber hose until you provide the plaintext. I'd hate to have to make a breakthrough on Linear-A while being interrogated. They'd probably steal the credit too.

11
0

Big Bubba (US movie remake of a classic UK novel)

He's already here people. Big Bubba is soon gonna figure out how to read your mind so that he can protect you from your own thoughts. Prepare to become a Puppet of the State.

2
1
Silver badge

Americans playing catchup...

In "Spycatcher" Peter Wright details all the tricks they used for mail tracing in the 50s and 60s - and the various techniques used for extracting letters from sealed envelopes, using thing tweezers to roll the contents up, for example, and solutions they could use that would render the envelopes transparent/lucent.

Apparently one Trade Union leader (a card carrying commie) used to preface all official letters with a salutation along the lines of "Hello MI5 you prying bastards"

10
0
Bronze badge
Big Brother

Photograph THAT !!!

I'm going to start drawing little pictures of Obama sucking off George W Bush on my

envelopes in future.

7
0
Silver badge

Re: Photograph THAT !!!

Ever wondered what's encoded in that barcode on your delivered envelopes?

2
0
Silver badge
Boffin

Re: Photograph THAT !!!

You mean RM4SCC? Hardly a state secret and easily decoded. First thing Royal Mail do when processing mail is to OCR the postcode (and throw out anomalies to a human) and stamp it on as a more easily readable delivery address – all subsequent routing uses that instead of OCR. Stamping it on in red ink makes for an interesting time around valentines day though.

The bores of a day trip to a royal mail sorting office during school years :-|

1
0
Gold badge
Happy

Re: Photograph THAT !!!

"I'm going to start drawing little pictures of Obama sucking off George W Bush on my

envelopes in future."

I think you'll find the other way around should cause much more offense.

1
0
Anonymous Coward

Re: Photograph THAT !!!

At least put them in 69 for some non-partisan equality.

0
0
Bronze badge
Joke

Re: Photograph THAT !!!

Send a whole load of envelopes and draw a single frame of an animation on each. That should get them entertained :-P

2
0
Anonymous Coward

hmm ...

... so does the Royal Mail do this too?

3
0
Anonymous Coward

Re: hmm ...

Hope so, maybe then I can find all my stolen, sorry, missing mail.

1
0
Silver badge

Re: hmm ...

I believe OCR is used for sorting the mail - so the answer is "probably, yes."

0
0
Anonymous Coward

Re: I believe OCR is used for sorting the mail

ok, but stamping the envelope with a coded version of number&postcode and throwing the image away is not the same thing as keeping a database of all/interesting images for later processing by the spyderati

2
0
Silver badge

Re: I believe OCR is used for sorting the mail

But how do you know they throw the image away and don't keep it in a database?

1
0
Silver badge

Re: hmm ...

Lost and undeliverable parcels with no return address are auctioned off by the pallet load in Atlanta a few times a year. Check it out.

0
0
Silver badge

Re: hmm ...

OCR is used where it is possible, but the system sucks and a huge percentage of stuff is hand sorted.

0
0
Silver badge
Black Helicopters

Re: hmm ...

Hand sorted... because the optical character recognition sucks.

The optical character recognition (or non-recognition, as the case may be) presumably happens after the address is scanned, otherwise it would suck 100%*. That scan, right there, that's the image for the database - regardless of whether the OCR worked.

* It would be incredibly impressive if it could read the characters before it's been given the scanned image.

Shit my effing brains sideways, I'm starting to sound like a conspiracy theorist.

1
0

Re: I believe OCR is used for sorting the mail

Actually, of more interest to marketers. I used to work for a postal company, and the OCR machines we had were Siemens (yes) integrated mail processors (IMP). They could pretty much do everything. OCR readability was pretty good, I think the target was about 96-97% of all addresses.

The most interesting thing was that the machines took a photograph of the letter, not just the address and could store it. The main purpose of this was that if there was an address that could not be read, the image was then flashed to a VDU where a human could then input the address and send it back to the IMP, which would then route the letter to the correct sorting bin.

One of the crazier ideas was to create a database of every delivery point in the country, called NAD.. yes... National Address Database and assign an individual identifier for it and store the images for the letters going to each address. As company logos, etc, are often printed (and could be read by the OCR), it would eventually have built up a database on every household that a marketer would give their right testicle/ovary for. We would have known who you banked with, had insurance with, what loyalty programs you were a part of, who supplied your telecoms, power etc...

Fortunately it didn't go ahead back then as storing and sorting that data on a daily basis was going to be very expensive....now, I don't know, the concept would be even easier and cheaper to implement.

It's the not the spymasters, it is the marketers I fear.

2
0
Pint

Re: I believe OCR is used for sorting the mail

I remember hearing one time before I retired from USPS that just the financial transactions at all post offices nationwide totalled in excess of one BILLION lines of data ... EVERY DAY.

I need a glass of Cabernet Sauvignon to be able to wrap my brain around that... but alas, El Reg won't let me have one...

0
0
Silver badge

Re: hmm ...

Doesn't the effectiveness of this require the (extremely odd, in my opinion) addition of the sender's address on the envelope, as in many mainland-European countries? It isn't common in the UK to do it, and so the information to be gleaned is limited.

0
0
Silver badge

Re: hmm ...

The senders address is very frequently on the front of American mail, just a cultural difference :-)

As for the marketers mentioned above, I found stuffing the return paid envelopes they send full of free newspapers or taping them to a shoebox with a rock or two in it benefits the post office and your sanity greatly. Our postie loves it, she says the shoeboxes make usps about 40 bucks each in postage that the junk mailers have to pay. Not sure if this is legal in the UK though.

0
0
Bronze badge

Re: hmm ...

"The senders address is very frequently on the front of American mail, just a cultural difference :-)"

I tend to put the return address on the flap in back so, unless they're routinely photographing both sides...

0
0
Silver badge

Addressing

The USPS has to deliver mail based on the physical address, not the addressee, so you can put anything you want on the envelope. I used to send letters with the return name Donald Rumsfeld addressed to George W. Bush. I'm hoping one day all the images they've archived will be used for historical research and it really confuses historians and grad students.

4
0
Anonymous Coward

Re: Addressing

I would imagine that all postboxes collected from are bagged separately as in the UK. This way, you've got a pretty good idea of one of the endpoints and you know time to within the frequency of the collection period and you know exactly where the other endpoint is.

All you need to do is find your "someone of interest" and look at the metadata revealing where communications have started. You'd have to be immensely skilled to be able to choose postboxes and times which seem random, while at the same time not being around any form of CCTV etc. etc.

0
0

Re: Addressing

Don't know about the UK, but residential mailboxes in the US are on the street. If you have outgoing mail, you raise a little flag on them to alert the mail deliverer. If you want to safely post something anonomously, just wait until you see a mail carrier, get ahead of him a bit, pop your letter in someone else's mailbox, and raise the flag. The homeowner won't have time to notice; chances of being on camera is small; when the letter was put in the box would be questionable back to theprevious delivery.

0
0

Pidgeons

So looks like the carrier pigeon is the way to go..

1
0
Joke

Re: Pidgeons

No good,

I've heard there is an organization called "vulture squadron" whose job it is to intercept any passing pigeons, NSA whistle-blowers or Bolivian Presidents travelling by air.

9
0
Joke

Re: Pidgeons

I've heard that they're incompetent, and couldn't hit a pigeon on his perch if he was nailed there.

3
0
Bronze badge
Trollface

Re: Pidgeons

I've heard that they're incompetent, and couldn't hit a pigeon on his perch if he was nailed there.

As for Bolivian presidents...

0
0
Anonymous Coward

Re: Pidgeons

I don't buy the incompetence accusation, one of the squadron gets decorated with medals on an almost weekly basis.

1
0
Anonymous Coward

Encrypted email

I've been trying to get my email encrypted and this certificate stuff is a joke. For example 'startcom.org' is a trusted certificate authority for all the major browsers. Yet its DNS shows only a PO box number:

P. O. Box 1630, Eilat, Israel ,IL

You can get a free email certificate from them,

https://cert.startcom.org/

But they insist on a proper address and lots of personal details. So presumably no PO box address is acceptable.

I don't see why we would use a certificate authority, a first time public key exchange system used in OTR systems and SSH would get rid of this and encrypt email again.

And the NSA won't object because they only collect 'metadata', and not content. Since they're not lying at all, they would have no reason to object if we all switched to SSH style key exchanged email.

1
0
Silver badge

Re: Encrypted email

out of interest how does SSH work. Presumably you need the public key of whoever you are communicating with, but how do you know it's their public key and someone in the middle hasn't sent you theirs?

0
0

Re: Encrypted email

Because their public key is in the certificate which is digitally signed by a higher certificate authority that you _do_ trust.

It all comes down to trust, and right now, I've precious little of it.

6
0
Anonymous Coward

SSH

Basically, to have a trusted channel, you have to communicate the SSH keys over some other trusted channel - a face-to-face meeting, for example.

2
0
Anonymous Coward

Re: how do you know it's their public key and someone in the middle hasn't sent you theirs

Well, I guess you could get some trusted authority to certify that the key does indeed belong to who it claims to belong to...

Say, isn't this where we came in?

0
0
Anonymous Coward

Re: Encrypted email

SSH is a first time public key exchange system. MOST SSH server has a key which is self signed. A public part of it is given to the client on the first connect, and each subsequent connect the fingerprint of the key is checked to make sure it hasn't changed.

For a man in the middle attack to work, they have to intercept each and every SSH connection, starting from the very first intercept.

If they miss the first intercept then they can't intercept subsequent connects. If they intercept later ones, the key is wrong and the client flags a fake key that doesn't match the original.

It's secure even without a certificate authority, because of time. Time moves forward, by the time you realize you want to intercept a connection, it's already too late the key has been exchanged. You can even make it totally secure by installing the key by a trusted route, making even the first intercept impossible.

However for a certificate authority the new key can be changed at any time, and a certificate authority confirms the new key. So man-in-the-middle attacks on that system are viable if you can create a new certificate. Even after the first key exchange.

So really the only thing stopping an intercept is a company who give only a PO box in Israel as an address.

1
0
Anonymous Coward

Re: Encrypted email

I suppose if Mossad reading your mail makes you feel more secure...

1
0
Silver badge
Devil

Re: Encrypted email

Aren't they in your Ericsson Switch?

0
0

Re: Encrypted email

Re StartCom certificates: I guess it's a case of you pay your money and you make your choice, or you don't and you can't.

I've been on a similar path these last few weeks with encrypted email and certificates etc. Seems to me that if you really want encrypted email you need to go down the PGP/GnuPG route and exchange public keys with trusted individuals and anything else is the icing on the cake.

You can set up Postfix (not sure about the alternatives I'm afraid) to remember details about other SMTP server's certificate fingerprints, which should mitigate against StartCom attempting to MITM your communications (remember the certificate authority doesn't see your private key at any point, they just sign your CSR). And if you are using DHE or ECDH ciphers then you have "forward secrecy" protecting past SMTP traffic at least...

But it appears that most active SMTP servers are not set up to handle SSL or TLS protected traffic, so PGP/GnuPG remains the best bet. FWIW I have set up my own server to handle encrypted SMTP, on principle!

0
0
Bronze badge
Black Helicopters

Re: how do you know it's their public key and someone in the middle hasn't sent you theirs

"trusted authority"

an oxymoron

3
0
Anonymous Coward

Re: Encrypted email

I was going to say use PGP but now it looks like it is owned by Symantec.

Anybody know if it any good?

1
0
Anonymous Coward

Re: Encrypted email

I strongly suspect that "The Man" isn't the issue with encryption being any good, I always work on the principle that if "The Man" wants to know something about me, they'll know and I won't know anything about it. They'll know before it's encrypted, is more along the lines of what I'm getting at. So I work on a balance that I don't do anything particularly wrong, nothing to arouse suspicion and even the things which I do aren't going to elicit the kind of money being spent that would be required as it would be totally disproportionate.

For me, encryption is about preventing scrotes getting my personal emails or my bank details, even then the bank details are the more important. If someone got my emails, they'd know what I've bought over the last few years and find some truly tedious waffle. I don't encrypt my files at home as a rule, because the consequences of losing the keys would be very annoying indeed.

In the same way that the bank I used to work for didn't encrypt data to tapes, because loss of keys would be an impossible situation. What they did instead was not allow tapes to leave a datacentre, ever, except in shredded form.

0
0
Bronze badge
Big Brother

When I find myself agreeing with all these international neanderthals that means my government is beginning to concern me.

In Soviet Russia United States of America...

0
0
Silver badge
Facepalm

Quality improvement etc.

And they STILL manage to lose mail, have mail not delivered, bounced, addressed wrongly, disappear up the arse of the Postal Service and whatnot.

Working on the important things, are we?

1
0

Eh?

I'm not quite sure I follow this. If you post something scurrilous and the police get involved, they have access to the package you posted. Why do they need a picture of it when they can take their own?

Obviously, if they can trace the original picture, they can find where it was posted (but if it was a bomb, the pattern-matching software might not have have much to go on). But a postmark does this and more simply too.

0
0
Gold badge
Meh

physical systems are the *only* thing that can overwhelm the NSA's processing ability

Because there just aren't enough snoops to process every physical item in the way every digital item can be stored.

1
0

Another Possibility is

Revert to RFC 1149

1
0

People are really stupid

Is any of this information about goverments in countries all around the world including Europe and the U.S. monitoring electronic communications and in some instances snail mail when there is legitimate reason to do so, some revelation for the populace? If so you've been living under a rock for the past 30+ years.

0
2
Silver badge
Coat

100% certified safe method

Don't have any friends or acquaintances!

1
0

Page:

This topic is closed for new posts.