Encrypt the Internet?!

Over at Wired they’re blistering their lips again:

The Heartbleed bug crushed our faith in the secure web, but a world without the encryption software that Heartbleed exploited would be even worse. In fact, it’s time for the web to take a good hard look at a new idea: encryption everywhere.

Followed by an article (i’m almost reluctant to link to it…) that goes on:

Most major websites use either the SSL or TLS protocol to protect your password or credit card information as it travels between your browser and their servers. Whenever you see that a site is using HTTPS, as opposed to HTTP, you know that SSL/TLS is being used. But only a few sites — like Facebook and Gmail — actually use HTTPS to protect all of their traffic as opposed to just passwords and payment details.

Which is such unmitigated bollocks that it’s hard to know where to start. Do they really not understand this? The likes of Facebook and Google make their money from flogging the relationships between the personal data that they collect on their cannon fodder. For Google this business amount to something like 97% of revenue, all the fluff about making knowledge available to humanity is just that: fluff. The real goal is monetising mass data collection by selling it to advertisers. Consumer cannon fodder, pure and simple. Facebook? Don’t know the numbers, but presumably equivalent or worse. The silicon valley business model is pure poison for privacy.

If they were interested in privacy they’d be serious about encryption of data at rest, they’d set themselves up to be cryptographically unable to access your data. Until they do that they are willing victims to any government that orders them to “bend and brace”. That they are not even making an effort to fight for this level of protection for their “product” tells you everything that you need to know.

This post was bought to you by The Swans track Raping a Slave (irony overdose as i link to a google property that you probably don’t even ad block…)

Advertisements

2 thoughts on “Encrypt the Internet?!

  1. You know, the day we have full functioning encryption on the internet, we will also have world peace, no hunger, equality and all the other happy things.

    But that aside, for mail only, as easy it is for people like us, who know technology, it is impossible for the rest (99%) of humanity. In my opinion this has to be done transparent without the user doing anything. Eg I send an email from my email to a, b and c it should automatically encrypt the mail to a and b and c. This should be an extension from the SMTP standard and IMAP (let pop die please) so this can be implemented in all mail clients, web mail, etc.

    Private key handling is of course a major issue, because you really wouldn’t want that outside of your computer.

    There is a nice Chrome plugin that a bit help with this, but doesn’t help at all with easy encrypting mail to people.

    Such is life.

    Oh and for web/ssl/tsl. First we have to get rid of those CA groups. Besides just costing money they do not really make me trust any of the certs more or less.

    • i agree that it won’t happen easily. the issue, for me, is that so much is done that is actively working against even basic forms of privacy protection, and yet the image projected by those companies is one of benign benevolence.

      mail, at least on the major platforms could be solved problem. imagine if gmail had rolled out with private keys, storing data encrypted at rest, and provided some form of two-factor retrieval for lost keys… with the right interface it could be made close to transparent. have mail.app / icloud / iOS mail doing the same thing, in a compatible way, and suddenly you’ve covered a huge portion of the mail user base. all this bollocks about encrypting the connections between SMTP servers is pointless if all it takes is waiving some piece of paper from a (kangaroo court) judge in front of the providers nose.

      SSL, and cert. auth. infrastructure are a disaster. revocation doesn’t work, and nobody really ever had an expectation that it would!

Wise words...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s