Linked by Thom Holwerda on Thu 21st Nov 2013 23:46 UTC
Internet & Networking

"We can end government censorship in a decade," Schmidt said during a speech in Washington. "The solution to government surveillance is to encrypt everything."

Setting aside the entertaining aspect of the source of said statement, I don't think encryption in and of itself is enough. Encryption performed by companies is useless, since we know by now that companies - US or otherwise - are more than eager to bend over backwards to please their governments.

What we need is encryption that we perform ourselves, so that neither governments nor companies are involved. I imagine some sort of box between your home network and the internet, that encrypts and decrypts everything, regardless of source or destination. This box obviously needs to run open source software, otherwise we'd be right back where we started.

Is something like that even possible?

Thread beginning with comment 577272
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by MOS6510
by MOS6510 on Fri 22nd Nov 2013 08:14 UTC in reply to "RE: Comment by MOS6510"
MOS6510
Member since:
2011-05-12

I agree, but I have little faith in the capabilities of the average user.

A few weeks ago a co-worked called me with a problem. I told him to repeat his story in our ticket system. He didn't know what that was, despite me sending several emails with explanations, screenshots with huge arrows. He denied it. So I asked him to fire up his browser, he didn't know what a browser was.

Another person lost all her files. She was trying to open Word files from Excel. Then she lost a bunch of emails, turned out she made a subfolder in Outlook with the same name at 3 different locations and spilt the emails over them.

I can't ask them to encrypt their stuff. Even if they manage to I'm sure many people then won't be able to get their stuff back. Forgetting a password is inconvenient, forgetting a decryption key is game over.

How many people refuse to abandon Windows XP? I doubt these people would even do encryption even if the state begged them to.

Sure we need education and motivation from the government, but a lot and perhaps most people just don't understand because they either can't or won't and a number that do give it a go may either encrypt their data and lose access to it or think they have encrypted it and actually haven't done so.

Reply Parent Score: 4

RE[3]: Comment by MOS6510
by kwan_e on Fri 22nd Nov 2013 09:18 in reply to "RE[2]: Comment by MOS6510"
kwan_e Member since:
2007-02-18

So I asked him to fire up his browser, he didn't know what a browser was.


Should have said "button for the internet" instead of browser.

most people just don't understand because they either can't or won't and a number that do give it a go may either encrypt their data and lose access to it or think they have encrypted it and actually haven't done so.


Hard drive encryption and VPNs these days don't require intervention from the user to, so it's really just about having it set up for them as part of the install is good enough for a basic user.

Reply Parent Score: 3

RE[4]: Comment by MOS6510
by MOS6510 on Fri 22nd Nov 2013 09:31 in reply to "RE[3]: Comment by MOS6510"
MOS6510 Member since:
2011-05-12


Should have said "button for the internet" instead of browser.


He did have it, it was behind a picture of the lady. The lady is not supposed to be there.


Hard drive encryption and VPNs these days don't require intervention from the user to, so it's really just about having it set up for them as part of the install is good enough for a basic user.


Yes, but then you again delegate some trust to someone else.

A preferred situation would be an educated user that knows the situation and can choose how to act upon it. This is of course a dream that will never come close to reality.

But perhaps a good start would be mobile phones. Many iPhone users didn't have a pass code. Apple came with iOS 7 that asked you to enter one. People didn't get upset, they probably didn't even realize what was going on and just entered a code and after that were too lazy to turn if off even if they disliked it.

So if every phone maker required the user to set a pass code and encrypted the phone's contents it would be quite doable to have, after a while, most phones encrypted and protected by a pass code.

As phones are easily lost, stolen, sold without wiping them first or sneakily looked at I think these are a much more dangerous attack vector when it comes to privacy than a computer at home. A firewall, anti-virus and installed updates can handle most dangers, no encryption needed.

Computers at home an have a very long live, much longer than phones. There are enough people running Windows XP on a 10 year old computer. It will be hard to force those computers/people to adopt beter security measures.

Reply Parent Score: 3