
Encryption is a necessity - rshetty10
https://blog.mozilla.org/blog/2016/02/16/help-us-spread-the-word-encryption-matters/
======
userbinator
_Companies should be encouraged to aggressively strengthen the security of
their products, rather than undermine that security._

On the other hand, I think they should most certainly not be encouraged to
secure products _against_ their users:

[http://www.gnu.org/philosophy/right-to-
read.en.html](http://www.gnu.org/philosophy/right-to-read.en.html)

What worries me the most about this seemingly frantic push for more encryption
is that it will accelerate the proliferation and acceptance of locked-down,
user-hostile devices. Security is important but so is freedom, and I feel like
we've already sacrificed too much of the latter for the former...

~~~
kardos
> accelerate the proliferation and acceptance of locked-down, user-hostile
> devices.

We're already there. Can you read the Windows 10 telemetry?

~~~
pjc50
On that subject, I'm kind of surprised that it's been out for months and
nobody's reverse-engineered it publicly yet.

------
mynewtb
Well, why not massively fund Thunderbird with a focus on usability and end-to-
end encryption then? :-( Or maybe invest in Signal to they can finally start
to fix and improve at a remotely competitive pace?

~~~
matwood
Thunderbird works pretty well with S/MIME to encrypt/decrypt emails. It does
not work as well as Mail.app on iOS/OSX, but it works.

~~~
dijit
it's

A) Not transparent

and

B) No longer supported by mozilla.[0]

[0] - [http://www.zdnet.com/article/mozilla-scraps-thunderbird-
deve...](http://www.zdnet.com/article/mozilla-scraps-thunderbird-development-
email-client-not-a-priority-anymore/#)!

~~~
hackuser
Why isn't it transparent? Isn't the code open source?

~~~
dijit
Not transparent to the user. Good security is one you don't have to have a PhD
to configure. How much encryption is in iMessage? (Lots) how much did you do
to configure it (none)

Transparent encryption (or, encryption for everyone even my mother) is the
best way for it to be effective. So when I say transparent. I mean it should
not be obvious to the end user and that user should not have to spend
significant time configuring it.

~~~
newjersey
At the end of the day, we need a way to handle key management for asymmetric
encryption like pgp.

How do we allow people to share their private keys across multiple devices?

------
chrissem
I agree...and with services like Keybase.io it's getting easier to use.

~~~
realusername
[EDIT: Thanks, I have one now :)]. Does anyone has an invite for Keybase by
the way ? I've signed-up a while ago but the queue is probably to long. It
seems a really promising service.

On my case, I've just migrated my domains to use letsencrypt, even if it's
just in beta, it's so so much easier compared to 100% manual previous
solutions ! Even if it's not domains with a huge trafic, I feel I'm doing my
part to help !

~~~
aban
Sure, I just sent you one to the email address on your profile.

~~~
mattkrea
You don't have another do you? I've been waiting for my invite for over a year
now. :-/

~~~
aban
Sorry I just saw your reply. Glad you got one.

I still have a bunch more, if anyone else wants them.

~~~
blaenk
If it's not too late and you still have some, any chance you can send me one?
would appreciate it!

~~~
aban
I tried but looks like someone else already sent you one.

P.S. Great looking Hakyll site!

~~~
blaenk
I was invited many months ago but I messed up the username. After
investigating I realized that there's no way to fix it, and keybase staff says
the only way is to delete the account and get re-invited [1].

I forgot to delete the account, but I did so now, so if you're still willing
and would be so kind as to try again, I would greatly appreciate it! If not,
no problem!

Thanks for the compliment!

[1]: [https://github.com/keybase/keybase-
issues/issues/803](https://github.com/keybase/keybase-issues/issues/803)

~~~
aban
I tried again as you said, but it still complained. What I ended up doing was
to send the invitation to your gmail address without the two dots (as it's an
alias for your original address), and apparently it worked.

I also emailed you the invitation code they generated, from my personal email.

------
danielconde
Encryption and security has always been a balance between convenience and
capability. Although HTPPS and such are mostly transparent to end-user, we can
see that slow adoption of public key encryption (GPG) indicates that people
either need to be educated or the user experience needs to improve
drastically. It's taken many years but there's a long road ahead.

~~~
CyberDildonics
> Encryption and security has always been a balance between convenience and
> capability.

You could say the same thing about PCs and the internet, especially during
their rise to prominence.

------
citizensixteen
If you are not sure where you are with the subject of encryption, backdoors
and privacy I suggest watching this video. It is also a great resource to
share with people who are not so technical.

This video is a production of the Washington DC Chapter of the Internet
Society. It is meant to be a starting point for discussions about encryption,
privacy, and cybersecurity.

The Internet Exposed: Encryption, Backdoors and Privacy – and the Quest to
Maintain Trust

[https://www.youtube.com/watch?v=F2D5dVtHXV8](https://www.youtube.com/watch?v=F2D5dVtHXV8)

------
throwaway23235
Video on a Mozilla page isn't playing on Firefox. Just saying...

~~~
exodust
It's a poor video, you're not missing much.

Painfully, it suggests "public vs private" hinges on encryption. The
implication is that without encryption, your co-workers will see everything
you do!

Public and private are distinct choices. Things can be private and
unencrypted. Lack of encryption means lack of security in the event of a
breach, it has nothing to do with choosing public vs private posts and web
searches.

Works fine in my FF.

And for what it's worth, I think Apple should assist in revealing the contents
of the phone if they can. I'm surprised people are defending Apple. My
understanding is the request is about making the phone open to brute force
attack, so it's not like encryption is under threat. It's poor password choice
that's under threat. Apple does not need to compromise any other phone in
doing this.

~~~
icebraining
Without encryption, anyone on the same network - including your coworkers -
can certainly see everything you do. Tools like Firesheep make it dead-simple
to do.

What you're talking about is encryption of data _at rest_ , which is a
specific subset of encryption. And even then, what makes you think the
breached data won't be available to your coworkers? The stuff on Ashley
Madison certainly did.

~~~
exodust
There still needs to be a breach, and intent. The video simplifies everything
down to the equivalent of shouting your private message across a room when
encryption is absent, which it certainly isn't.

If you want to sell encryption, please keep it real. A hand written letter to
your mother in the post is private unless intentionally and illegally
intercepted. By the logic of the video, the letter is passed along and read by
your neighbors before reaching its true destination.

~~~
NeutronBoy
> The video simplifies everything down to the equivalent of shouting your
> private message across a room when encryption is absent, which it certainly
> isn't.

Uh, if you're on wifi or a mobile connection, depending on the configuration,
it pretty much is _exactly_ like shouting a private message across a room

~~~
exodust
Except it isn't.

I could press a glass against the wall and listen to people having a private
conversation. Does that make their conversation public "like shouting it
across the room"? No. Of course it doesn't.

Get your analogies straight.

I could use my zoom lens to spy over your shoulder as you type your message
into your super-encrypted phone. I will now publish the video on youtube, your
private message now public. Serves you right for "shouting your message across
the room".

~~~
cyphar
That's not how WiFi works, it's not like a wall or anything. Your device
_literally_ "shouts" (transmits in RF) your private message across the room
(and into adjoining rooms). Anybody that can connect to the WiFi network (or
has a decent machine and half an hour to kill) can read your message (the
encryption in WiFi is fucked).

~~~
exodust
You've missed my point, again.

We live in a world where eavesdropping on a private conversation is possible
because people aren't talking in a cone of silence every time they want
privacy. The unlawful intent to listen in needs to be there, and then some
sort of action is required to hear the conversation, such as holding a glass
to a wall.

Exactly the same with digital messages. Sure, they can be listened to, but not
by just anyone accidentally, as the video seems to suggest. Unlawful intent is
required, and specific actions with specific software to listen in.

I'm all for encryption, but let's get something straight: unencrypted messages
are not dripping down the walls for anyone to read who passes by.

