Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Permalink for comment 577397
To read all comments associated with this story, please click here.
RE[2]: Comment by pcunite
by Alfman on Sun 24th Nov 2013 16:16 UTC in reply to "RE: Comment by pcunite"
Alfman
Member since:
2011-01-28

Kroc,

"The browser vendors too should be blamed. Had Firefox allowed 'untrusted' certificates in the beginning then HTTPS would be standard and on by default for all servers, everywhere."

You are right. Mozilla has a long history of handling HTTPs certificates very poorly (starting with FFv3 they made unpopular changes I recall when they shifted policy from warning the user about unrecognized certificates to blocking the user completely). Their terrible support for self signed certificates makes it a continuous pain to use HTTPS on embedded devices (where the CA model is completely broken anyways) and even for websites where we cannot justify buying certs.

From a policy point of view, HTTPS connections to unverified peers is not less secure than plain HTTP, and would have the additional benefit of defeating passive surveillance techniques. Unfortunately, HTTPS implementations such as mozilla's have precluded the possibility of enabling HTTPS _everywhere_, consequently many websites that would have enabled HTTPS are left using plain text HTTP, and we're all much worse off given the widespread instances wiretapping.

Reply Parent Score: 2