Not quite sure now whether you're asking about ricochet or your previous 2
questions. I assume it's the latter.
1.Is there a perfect method to guard our electrical communication against an
attacks of peepers?

No, there is not. The hardware you use is potentially backdoored, designed to
play against you. The software you use is complex and bloated, probably full
of bugs. There is no 'perfect' solution. If what you need to do could lead
you to jail then what you should do is: do it offline.
If a powerful and motivated adversary wants your data they will get it,
sooner or later. There's a good new though: if you are a regular Joe then
using encryption will help you to maintain some privacy as your noise will
remain just noise. Using encryption will probably flag you though, so
probably they (don't ask me who 'they' is) will check you and if they find
you sufficiently interesting then they will also find a way to decrypt what
is encrypted.
(No, I'm not paranoid. Yes, I am a realist.)


2.About suppliers of libreboot pre-installed devices.

What exactly is the question? I will just take advantage now to shill
minifree and Leah Rowe for it would appear to me she is the one that was
crucial and still is (I hope) in the development of the entire thing. If
money wants to be thrown at then it wants to be thrown at minifree ->
https://minifree.org/


I had some trouble understanding your English, I hope my answers are
relevant. cheers

Once upon a time, there was a French footballer whose name is like your name.
But that name sounded lady surely.
But I also thought that a lady who learns Japanese is rare. Because Japanese
men are not popular with ladies of the world. It looks that Japanese ladies
are popular in the world.
The avatar looked kindly. How about letting her wear a bra? If that is
awkword, how about a ribbon or something.
言われてみれば確かに女グニューですけどな。

Hi Akito. Asia is morning. But it was a sleepness night. Making English
sentence takes a quite long time.
And I am insomnia.

Most of the recommendations on prism-break are fine, so if you find it
helpful, go for it. I just don't think it's a helpful reference in general.
It's too unfocused.

@MSuzuqi PRISM-break suggest owning your own server so you are in control of
your data.

If you have an ISP(internet service provider) that allows port forwarding and
you can leave a librebooted device 24/7 online (not energy friendly) or just
a freedom friendly single board computer (eg. beaglebone black) [energy
friendly], they can act as a server and you can now host your own
wallabag,mediagoblin,diaspora/gnusocial,seafile/owncloud/nextcloud,wordpress
etc. You just need a free dynamic dns like nsupdate.info
The only problem would be your ISP's router which is proprietary [unless can
be flashed with librecmc[, your net bandwidth limit per month/day.

still be isolated from the Internet. I think that was what he meant.

Yes. But MB likes to twist words and argue over the twist :)
I ask for an elaboration on why that is the "solution"?

Encryption itself is safe but the endpoints are infected by proprietary
software running at ring -2 and -3 which means the private keys are not
protected. Read this post and watch the video linked inside it and you will
understand:

https://trisquel.info/en/forum/free-email-providers#comment-127945

I simply explained what I do.

They are not backdoors per se but because of their nature they open a huge
door to mischief.

I have not yet formally defined the difference between tactical and
strategical security. I use them interchangeably with "minor" and "major".
The transition is rather analogue, with a somewhat arbitrary line between
them. Your question forced me to think over it again.

I don't want to give a quick definition, as it needs some careful brooding
over, but I am inclined to say e.g. if a commercial or intelligence entity is
attacking your privacy by routine procedures, they can be considered
"tactical" attack (hence tactical security measures needed). If they single
out your correspondences and go out of their normal way by giving special
treatment to crack it, then I would say it is a strategical attack. E.g.
communications between two agents of a neutral country would be of tactical
importance. That of a country you are in war with would be strategical
importance.

For example, I would consider PGP encryption (with due diligence) as an
intelligence grade *tactical* security measure. But for intelligence grade
*strategical* security, I would again encrypt it, but treat it as if it still
is in plain text, and take additional precautions accordingly.

Though a better, more deterministic definition should be made, I think.
Including examples of attack vectors / defenses for each level.

Taizo Mote King Saga = Thanksgiving

My Japanese is not very good, but from translation engines I gather it as a
thank you.

You are welcome. :)

Poitras and Glenn Greenwald that way. For months before meeting them in Hong
Kong. Without raising a flag at the NSA or any of its partners. Yet, your
"commercial grade tactical security" is only level 2/5 on your scale, which
therefore does not look very reasonable.

You may have a point there, but using encryption on GNU/Linux is the bare
minimum needed against commercial intrusion. Less than that, and you are not
even protected agaist commercial intrusion. The fact that he exchanged top
secret encrypted emails with correspondents probably using *PGP on Windows*
(a bad joke) doesn't make the underlying security scheme suitable, even if he
was lucky enough to escape it. He might as well have used plain text email on
Windows and still not detected, but this wouldn't make it suitable for top
secret communications either, would it?

So Edward Snowden was using hardened GNU/Linux? Then Snowden or one of his
close friends should be quite a security guy and/or fluent with FOSS.
Interesting that. I wonder where he got his laptop from. And he insisting on
his correpondents must use PGP (on Windows!) before he can communicate with
them over email is even more interesting. Given that he was conscious enough
to use PGP on hardened GNU/Linux, I would have either (a) given my
prospective correspondents an exhaustive recipe, or (b) not used email at
all. And the fact that he managed to not get caught in spite of *that*
security flop is still more interesting.

It seems that it was not Edward Snowden's security savvy, but simply that NSA
et.al. have botched it big time - on purpose or not.

That being said, there are other aspects of security and privacy. Firstly,

(1) I like standing on the safe ground and keep a good dose of safety margin.
So I would rather err on the side of caution.

(2) We cannot afford to take - good or bad - examples as precedents in
defining our security measures. We have to account for the threat
*potentials* (and add a healthy dose of margin on top of it) to define them.

Second, there are certain curiousities with Edward Snowden case.

(3) Edward Snowden might have exploited the status of having a low profile
(i.e. not being singled out) by then. I don't know the details of his story
yet, but if he was not singled out by NSA prior to his communications with
the media, then his encrypted communications might not be scrutinized. Also,
he might have taken his chances (as it seems so) and been just lucky.

(4) Edward Snowden, Julian Assange... I take such incidents with a small dose
of salt. I don't want to delve into it as it is controversial. While I am not
skeptical, I don't take anything for granted either.

Anyway, regardless of Snowden case, (1) and (2) is enough for me to adopt
more strict measures than it is perceivably necessary. (Not that I apply
myself everything I say.)

A separate topic to discuss vulnerabilities, possible attack vectors and
defenses would have been nice, and I had hoped that of the security thread in
troll lounge, albeit it has diverged into something else.