Posts tagged Mozilla

Monday Lazy Linking

<li><p><a href="">On the Town with Bad Decision Dinosaur. Dorothy, <cite>Cat and Girl</cite> (2010-09-24)</a>.  <em style="font-size: smaller">(Linked Friday 2010-09-24.)</em></p></li>
<li><p><a href="">Food deserts and zoning. Stephen Smith, <cite>Market Urbanism</cite> (2010-09-13)</a>. <q>by Stephen Smith The other day I put up a post detailing the restrictions that small-scale restaurants and food carts face, but I should mention that grocery stores and supermarkets also face similar restrictions.  Like restrictions on restaurants, they end hitting poor, urban, black neighborhoods the hardest, creating the phenomenon...</q> <em style="font-size: smaller">(Linked Friday 2010-09-24.)</em></p></li>
<li><p><a href="">Apparently, starvation blockades are bad for the economy.  Who knew? John Markley, <cite>The Superfluous Man</cite> (2010-09-06)</a>. <q>David Brooks has a column in The New York Times entitled "Nation Building Works," in which he attempts to vindicate the US government's past seven years in Iraq. From the article (via Cheryl Cline at der Blaustrumpf):“Iraq has made substantial progress since 2003,” the International Monetary Fund reports. Inflation is...</q> <em style="font-size: smaller">(Linked Friday 2010-09-24.)</em></p></li>
<li><p><a href="">Haystack vs How The Internet Works. Danny O'Brien, <cite>Danny O&#39;Brien&#39;s Oblomovka</cite> (2010-09-14)</a>. <q>There’s been a lot of alarming but rather brief statements in the past few days about Haystack, the anti-censorship software connected with the Iranian Green Movement.  Austin Heap, the co-creator of Haystack and co-founder of parent non-profit, the Censorship Research Center, stated that the CRC had “halted ongoing testing of...</q> <em style="font-size: smaller">(Linked Saturday 2010-09-25.)</em></p></li>
<li><p><a href=""><em>Libertarian Review</em> Archives Online. Brian Doherty, <cite>Brian Doherty: Reason Magazine articles and blog posts.</cite> (2010-09-09)</a>. <q>One of Reason&#39;s high-quality competitors from the 1970s-80s has a semi-complete archives now available online. It&#39;s a fabulous compendium of Carter-ish era libertarian historical fun. David Boaz explains the mag and what it accomplished, focusing on its amazing editor the late Roy Childs.</q> <em style="font-size: smaller">(Linked Saturday 2010-09-25.)</em></p></li>
<li><p><a href="">Openness is a lot of work. jonoscript, <cite>Not The User&#39;s Fault</cite> (2010-09-24)</a>. <q>You can’t just make something “open” and expect magic to happen. Openness is a lot of work. This is true whether you’re making an open-source software project, a website with user-generated content, a political movement, a charity, or any other kind of organization where you expect volunteers to show up...</q> <em style="font-size: smaller">(Linked Saturday 2010-09-25.)</em></p></li>
<li><p><a href="">George Lucas Stole Chewbacca, But It’s Okay. Michael, <cite>Binary Bonsai</cite> (2010-09-18)</a>. <q>Foreword The creation of Star Wars is comprehensive mythology onto itself, populated by rarely documented anecdotes, the likes of “the Millennium Falcon was inspired by a hamburger, with the outrigger cockpit being an olive off to the side” (1) or “My original inspiration for Chewbacca was my dog Indiana.” (2),...</q> <em style="font-size: smaller">(Linked Sunday 2010-09-26.)</em></p></li>
<li><p><a href="">Of Hayek and Rubber Tomatoes. Timothy B. Lee, <cite>Cato Unbound</cite> (2010-09-24)</a>. <q>Henry Farrell writes that “Hayek argues that markets are superior because they allow the ‘dispersed bits of incomplete and frequently contradictory knowledge which all the separate individuals possess’ to be aggregated in a useful way.” He then faults Hayek for failing to acknowledge a key limitation of the price mechanism:...</q> <em style="font-size: smaller">(Linked Sunday 2010-09-26.)</em></p></li>
<li><p><a href="">“I’ve Never Seen a Poor Person Give Anyone a Job” Kevin Carson, <cite>Center for a Stateless Society</cite> (2010-09-16)</a>. <q>“I’ve never seen a poor person give anyone a job.”  The cliche is commonly repeated on the Right, in polemics against what they call “class warfare” — not that there’s actually much of it being waged by Democrats, except when they’re fighting on the same side as the Republicans.  See...</q> <em style="font-size: smaller">(Linked Sunday 2010-09-26.)</em></p></li>
<li><p><a href="">I Am Detained By The Feds For Not Answering Questions. PKL, <cite>KNIFE TRICKS</cite> (2010-04-23)</a>. <q>Sherman Oaks, CaliforniaI was detained last night by federal authorities at San Francisco International Airport for refusing to answer questions about why I had travelled outside the United States.The end result is that, after waiting for about half an hour and refusing to answer further questions, I was released –...</q> <em style="font-size: smaller">(Linked Sunday 2010-09-26.)</em></p></li>
<li><p><a href="">10 Brief Responses To 700 Comments About Refusing To Answer Questions At Passport Control. PKL, <cite>KNIFE TRICKS</cite> (2010-09-11)</a>. <q>Phuket Island, ThailandMy post about refusing to answer questions from Customs and Border Protection officers when re-entering the U.S. has resulted in a lot of debate. My thanks to everyone who joined the conversation, including the authors of the more than one hundred posts that called me a douchebag. Let...</q> <em style="font-size: smaller">(Linked Sunday 2010-09-26.)</em></p></li>
<li><p><a href="">Deregulating food. Stephen Smith, <cite>Market Urbanism</cite> (2010-09-11)</a>. <q>by Stephen Smith Urban planners like to discuss heavy things – roads, buildings, cars, trains. Food, though an integral part of humans’ lives, generally doesn’t enter into the equation as more than a footnote. This may be because food service is governed by different departments than buildings, streets, and vehicles,...</q> <em style="font-size: smaller">(Linked Sunday 2010-09-26.)</em></p></li>

How To Talk So The Government Can’t Listen. Part 1: how to encrypt your e-mail in Gmail with GPG (for use with Gmail or other web mail interfaces on Firefox in Windows)

Fellow counter-economists,

Let’s suppose that you want to send somebody an message that contains sensitive information which you want only the person getting the message to see — say an important password or an account number or a transaction that you’d rather keep on the down-low, for no particular reason worth mentioning.

The problem is that e-mail sent over the Internet is normally sent in plain text. Like anything else on the Internet, it passes through several different servers and routers on its way to its final destination. If one of these servers or routers is compromised by a snoop (your ISP, a malicious hacker, the Federalis, No Such Agency…) they can easily set up the computer to keep a copy of your e-mail for the snoop to read at his or her leisure. This is a how-to guide for one way to solve that problem: setting up and using encryption for your e-mail (specifically OpenPGP double-key encryption). In particular, I’ll show you how to set up encryption using GPG (the GNU Privacy Guard) for Gmail, in the Firefox web browser, on a computer running Windows XP or Vista.

The good news is that, while encryption used to be something of a nerd pastime and a hacker dark art, new tools have been developed which make encryption relatively easy to set up and painless to use even for casual computer users. Practically speaking, this is a very important development for anyone who occasionally needs a secure channel for sharing sensitive information. (For example, as a web developer I’ve already guided a few of my friends and business contacts through setting up GPG so that we can safely exchange user login credentials.) If you know where to go for thse tools, you no longer need technical expertise, or even a great deal of patience, to get up and running with an easy-to-use setup for double-key encryption of your personal e-mail. You just need a bit of guidance, and that’s what this is for.

I’ve chosen to walk you through the set-up for a very specific software environment because that helps keep things simple and concrete, and because this particular software environment is one that a lot of people — including a lot of my friends — happen to use. But if you don’t use exactly this software set-up, you can still get something from this how-to by changing out one or more of the steps.

A bit of background. PGP (Pretty Good Privacy) is a system for double-key encryption. Double-key encryption works by generating a paired set of encryption keys. A message that’s encrypted using one key can only be decrypted using the other, but someone who has the one key can’t use it to generate the other key. The practical upshot is that you can use one key as a public key, which you give out to everyone, and the other as a private key, which you guard as a secret.

Any message that is encrypted using your private key can be decrypted and read by anyone with access to your public key (meaning, effectively, everybody), but — since only you have access to your private key — it guarantees that only someone with access to your private key (meaning, hopefully, only you) could have written the message. So it acts as a secure form of electronic signature, verifying that it was really you who sent the message.

Any message that is encrypted using your public key could have been generated by anyone with access to your public key (anyone). But it can only be decrypted and read by someone with access to your private key (only you).

And, similarly, if you’re communicating with someone else who uses PGP, and whose public key you have access to, you can (1) encrypt the message using your own private key, and then (2) encrypt it again using their public key — guaranteeing that only your intended recipient can read the message (since only they have access to their own private key), and that only you could have written the message (since only you have access to your private key).

Nowadays, most people who use the technology behind PGP actually use a program called GNU Privacy Guard (GPG) which is an open-source implementation of the same technology. For Windows users, there is a version of GPG called Gpg4Win.

GPG itself is a set of command-line utilities that will generate keys, manage a keyring, and encrypt any text that you pipe in to the program. You could in principle do any encryption you needed to do just by learning how to use these command-line tools, then cutting and pasting to and from text files. But it’ll be far less awkward to manage your keyring through WinPT, a graphical tool that comes with the Windows GPG package. WinPT will allow you to create your own key pair, to upload your public key to a key server so that your friends can find it, and to download your friends’ public keys so that you can encrypt your e-mails to them. Then, if you use Firefox, you can install an add-on that will integrate GPG with the Gmail interface; at the moment, I’d recommend FireGPG.

So here’s a step-by-step guide for getting up and running:

  1. Install GPG and WinPT from

  2. Launch WinPT from the Start Menu. A small icon of a key should appear in your system try. Meanwhile, you should now see a First Start dialog box:

    Choose Generate a GnuPG key pair and mash OK. You’ll be asked for a name and e-mail address; fill in the primary e-mail address that you’ll be using to send and receive encrypted e-mail. (If you have more than one e-mail address that you’ll want to use, don’t worry; we’ll come back to that later.)

You'll be asked to choose a passphrase for securing your private key. Choose one that's secure -- preferably both long and easy to remember without writing it down. You can include any characters that you can type, including spaces, numbers, punctuation, etc.
The passphrase is used as a cipher on your private key, to increase security, so that you can store it on your computer, or even on a shell account, without having to worry that someone who uses your computer for a few minutes, or has a shell account on the same machine, will be able to compromise your identity by copying the keyring file: only someone with *both* the keyring file and your passphrase will be able to use your private key. You'll need to be ready to enter this passphrase whenever you want to send a signed message, or to read an encrypted message sent to you.

After you've entered the passphrase a second time (to make sure there were no typos), WinPT will churn for a while as it generates a key pair for you.
Once WinPT announces that your key pair has been generated, it will suggest that you make a back-up of your keys on a CD-R, USB drive, or some other external storage, to guard against the day when your hard drive fails (as all hard drives eventually will).
You should probably take their advice: if you lose the local copy of your private key and don't have a back-up, there is no way whatsoever for you to recover it. If you're worried about saving a copy of your private key, remember that your private key is protected by your passphrase.
  1. Now that you’ve created your key pair, it should appear on your keyring: double click on the key icon in your system tray to look at the Key Manager with your newly-minted key pair in it.
If you have more than one e-mail address that you'd like to associate with the same public key, you can associate secondary e-mail addresses with your key pair by right-clicking on your key pair and selecting Add --&gt; User ID.... Then follow the instructions in the dialog box.
Next, you'll want to make it easy for your friends to access your public key, so that they can verify your signature and so that they can encrypt messages for your eyes only. (Remember, you can pass out a *public* key to absolutely anyone; that only allows them to *encrypt* messages *to you*; it doesn't allow anyone to *decrypt* the messages you're receiving.) To do this, right-click on your key pair and select <q>Send to Keyserver,</q> then click on each keyserver in the submenu.
  1. Now you’ll want to import public keys for people who you might want to send encrypted e-mails to. To start grabbing public keys, click on the Keyserver menu entry. A dialog box should immediately pop up; enter your friend’s e-mail address and then mash Search. For testing purposes, you can grab my public key, for (minus quotes).
When a key (hopefully) pops up for the e-mail address you entered, highlight the key and pull it in to your keyring by hitting <q>Receive.</q>
If everything goes well, you should see the new public key imported into your keyring.
If you have any trouble getting your friends' public key from a key server, you can always just ask them to send you a copy by e-mail, copy the block of gibberish they send you onto the clipboard, and then Import the public key from within WinPT. Alternatively, if you can call up a copy of their public key in your web browser (through webmail or from your friend's web page), you can use FireGPG, the add-on I discuss below, to directly import the public key from your web browser.
  1. Now, start up Firefox and go to Then install the FireGPG add-on.
Once you've clicked through the dialog boxes, and successfully installed FireGPG, restart Firefox.
  1. After you’ve restarted Firefox, go to Gmail and try composing a new message to me at There should be some new buttons available for when you send the message.
Hit <q>Sign, encrypt and send.</q> You should be asked to select a public key from a list. You should select *two* public keys: one for the e-mail address you are sending the message to, and one for yourself. This will encrypt it so that only you and your intended recipient can read the message. (You want to select your own public key in addition to your recipient's so that you can read the saved copy at a later date if you want to; if you choose *only* your recipient's key, then not even you will be able to read the message.)
To select multiple addresses, hold down the <kbd>Ctrl</kbd> button as you click each one. Once you've selected the right public keys, mash <q>OK.</q>

Next, you'll be asked to select a private key to use in signing the message. This should be your own key. Highlight the key and mash <q>OK</q> again.
Then enter your passphrase if FireGPG asks for it.
If all goes as it should, your message should be encrypted so that only I can read it, and sent on to me; when I receive it, I should be able to decrypt it using my own private key, and thus verify that you've got a working GPG installation.
  1. If I receive your e-mail and I’m able to import your public key from a keyserver, I can then send you an encrypted message so that you can verify things on your end. If you get a GPG-encrypted message, what you’ll generally see is a bunch of alphanumeric gibberish encased in a distinctive block.
FireGPG should recognize an encrypted message and automatically give you the option to <q>Decrypt this message.</q> Click through (and enter your passphrase if requested) to view the original message.
  1. FireGPG offers a number of nice features for direct integration with Gmail, but you can also use it to encrypt, decrypt, sign, or verify text in any other webmail service or any other online form. For example, to sign and encrypt text outside of Gmail, ust select the text, right-click, and choose FireGPG –> Sign and encrypt from the pop-up menu.

FireGPG will ask you for the public key to encrypt with and the private key to sign with, as usual; when you’re done, the selected text should be replaced with an encrypted block that only your selected recipient(s) can read.

Before I go, I’d like to note a few things.

First, as with any computer how-to, your mileage may vary. In particular, as of press time, Gmail has recently introduced a new interface, and FireGPG seems to be doing an imperfect job of coping with it; if you have trouble using FireGPG under the new interface, try flipping over to the old interface (or vice versa), or restarting Firefox. If nothing works, contact me with as much information as possible about what you’re trying to do and what’s going wrong, and I’ll see what I can do to ferret out the problem or point you in the right direction.

Second, let’s be clear about what GPG will do for you and what it will not. GPG provides point-to-point encryption; it ensures that even if a snoop can intercept your e-mail en route, she or he can’t tell what’s in it. It does not conceal the fact that you’re writing to the person you’re writing to. It also does not conceal the fact that you’re writing something you chose to encrypt. If you’re worried about people snooping on what you say, you should keep in mind that they may be able to get a lot of information just by being able to identify who is talking to whom. (If y’all find this how-to helpful, let me know, and we can discuss some techniques for addressing these other issues.)

Finally, remember, no defense against snoops in the middle will do you any good if the intended recipient of the message chooses to turn the information over to a snoop. Technology can secure the line between so that you can say what you want to somebody that you trust, without the danger of a third party overhearing. But no technology substitutes for knowing who you can trust and what you can say to whom.

If you have any questions, contact me or drop me a line in the comments. Let me know how it works for you. Consider this my contribution, to the extent that it works out for you, to revolutionary agorist praxis. Enjoy your privacy!

Update 2008-10-29: Since this is written for Google, I’ve made some minor revisions for the purpose of clarity and informativeness.

See also:

  • Configuring GPG (Mac OS X) explains how to get GPG up and running on Mac OS X, and explains integration with several OS X mail readers. If you use web mail, then you can use these instructions to get GPG running, and then follow my instructions to set up Firefox with FireGPG, which should be more or less the same on Windows or on a Mac.

  • Beginners Guide for GnuPG in Ubuntu explains how to getGPG up and running under Ubuntu Linux (or any other flavor of Linux that supports apt-get). Again, you can use these instructions to set up GPG and then follow my instructions to set up Firefox with FireGPG, which should be more or less the same on Windows or on Linux.

  • If you use a desktop e-mail reader rather than webmail, many popular programs have add-ons, plugins, or other ways to integrate GPG painlessly with the e-mail program. For example, I use Mozilla Thunderbird, and an excellent add-on called Enigmail. Similar tools exist for Microsoft Outlook and Outlook Express.