Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Thread beginning with comment 577252
To read all comments associated with this story, please click here.
Is something like that even possible?
by saso on Fri 22nd Nov 2013 00:18 UTC
saso
Member since:
2007-04-18

I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.
Is something like that even possible?

Your question doesn't make sense. Encryption is not a technological issue, it's a trust issue. How do you secure trust in a conversation "regardless of source or destination"? Preventing eavesdropping by 3rd parties is the easy part - you can buy or build a VPN endpoint box for funny money nowadays. The hard part is finding a way of establishing trust among unrelated parties. For this I'm not confident there's ever going to be a satisfactory method (X.509 was one attempt and look at the results...).

Reply Score: 5

panzi Member since:
2006-01-22

Exactly. The whole mess with certificate authorities seems to have no simple or satisfactory solution. Even if "everything" is encrypted, with whom am I talking? To really be sure there is no way around comparing out of band transmitted fingerprints.

What I wish for a start would be that all banks print their SSL certificate fingerprints onto all there brochures and any other paper work. Maybe also on the backside of debit cards (although debit cards often live longer than certificates). But if you ask bank clerks for their SSL fingerprints you just receive blank stares.

Reply Parent Score: 4

The123king Member since:
2009-05-28
Soulbender Member since:
2005-08-18

Not at all, it's just Tor in a box. All it does is hide your IP address and it does nothing about all the other ways you (or your system actually) can be identified. Tor is also not secure since as soon as you leave the Tor network, which you will do 99% of the time, you use the same old http/https/ftp/whatever protocols so unless you use an already secure protocol, like https, nothing is gained.
Also, think about this: who pays for the heavy-duty, high-bandwidth exit nodes and why?

Reply Parent Score: 4

Lennie Member since:
2007-09-22

Technically DNSSEC with DANE can provide that.

You are probably using domainnames, so you are already trusting the root- and top level domain operators.

Reply Parent Score: 4

Soulbender Member since:
2005-08-18

Technically DNSSEC with DANE can provide that.


Hey, that's a pretty neat idea. Now, if only DNSSEC didn't suffer from "design by committee"....
Also, if it gets traction expect a LOT of FUD from companies like Verisign.

Edited 2013-11-23 13:10 UTC

Reply Parent Score: 4