
Metadata is the real data - mobitar
https://standardnotes.org/blog/4/metadata-is-the-data
======
cryptonector
You can encrypt all you like. It won't help.

Suppose you encrypt all your SMTP/SUBMIT traffic. If your upstream is a
commercial provider, then they will be subject to subpoenas. If you run your
own upstream, then watching who it connects to will often be sufficient to
gather metadata of interest.

Consider TLS. Before you can use it you must have used DNS. Today all DNS
resolution goes in the clear. So game over right there. Eventually your
client's DNS communication with a shared recursive resolver will not be in the
clear, but the operator of that resolver will be subject to subpoenas, so game
still over. Let's say we did deploy DJB's encrypted DNS solution. Well, you
can still see which domains people are talking to, roughly, at least as long
as they don't share nameservers, and if they do... You can see where this is
going. Now let's say you did get DNS resolution securely anyways, well, now
you have to connect to some IP address, and if it's not hosting many services,
then game over, and if it is hosting many services, then SNI will be game over
anyways (TLS 1.3 requires SNI). SNI cannot be encrypted.

The problem really is that metadata can't really be encrypted.

Mind you, criminals are defeated by data encryption -- mostly anyways.

And forcing governments to use subpoenas does mean increasing the cost of
metadata gathering. Plus there won't be infinite retention requirements,
perhaps. So, encryption does help somewhat, which means we must do it -- it's
just not a complete solution.

~~~
amelius
> Today all DNS resolution goes in the clear.

Yes, but I suppose you could decrease the signal-to-noise ratio by doing
random DNS searches.

~~~
tgragnato
Setting up unbound to use dnssec and tor is super-easy too.

And once you set up the router, the cost of configuration is zero.

~~~
fulafel
Dnssec still has your data in the clear, it just signs the data. (And is not
supported by most domains)

------
atemerev
The right to encrypt is the right to privacy.

Communications on the Internet are public by default; this is something that
human civilization never experienced before. If you want to make your
conversation or your behavior private, you have to encrypt it.

But there were many other things that human civilization never experienced
before, and we adapted.

Right to encryption is, indeed, an essential natural right. People who deny it
are the same people who think that everybody should have a government-supplied
monitoring camera in every room of every home, and fail to understand what's
wrong with it.

~~~
macspoofing
>The right to encrypt is the right to privacy.

Is there no right to encrypt? Because no government can actually prevent you
from encrypting anything and the maths behind cryptography are openly taught
and researched in all modern states. So are you saying that governments should
never have the right to compel you to decrypt what you encrypted (by, for
example, a fine or a prison term)?

~~~
mikepurvis
That's relatively recent, though. Until the 90s and PGP, encryption was very
much under the government's control, and regular citizens definitely did not
have a "right to encrypt". The Clipper Chip launched in 1993.

IMO the battle over privacy and crypto is well documented by Steven Levy:
[https://en.wikipedia.org/wiki/Crypto:_How_the_Code_Rebels_Be...](https://en.wikipedia.org/wiki/Crypto:_How_the_Code_Rebels_Beat_the_Government%E2%80%94Saving_Privacy_in_the_Digital_Age)

~~~
giobox
Wow the Clipper Chip is interesting reading, especially in light of the
current battles over cellphone encryption. Thanks!

------
theprop
Correct & important to grow awareness about! Sadly many so-called private
email or other services claim just encrypting your content brings you
privacy...while ignoring/failing to discuss the metadata.

------
legostormtroopr
_Descriptive metadata_ \- please, please stop misusing a term thats existed
since the 1970's -
[https://www.youtube.com/watch?v=L0vOg18ncWE](https://www.youtube.com/watch?v=L0vOg18ncWE)

Conflating the term "metadata" with "descriptive metadata" and "metadata
retention" makes it harder for data archives to get people to provide
"structural metadata" (aka. the real metadata), that effectively describes the
schemas and data structures of academic and open government data.

Yes, descriptive metadata retention is a huge problem, but say that instead of
abbreviating terms in a way that obfuscates the issue use the full term.

------
neom
Anyone using Standard Notes? Might give it a shot if it comes recommended.

~~~
jordanmoconnor
I've been using the free version for the past several weeks and have been
enjoying it. I am an avid Keep user, and StandardNotes has all but replaced
that.

I find it refreshing writing in markdown for minimal formatting, and the
interface gets out of your way to let you write.

I'd give it a try if you're wondering!

~~~
StavrosK
Does it support Markdown? I wrote a list with asterisks and it didn't get
"rich" formatting.

~~~
mobitar
Markdown is supported through editor extensions:
[https://standardnotes.org/extensions](https://standardnotes.org/extensions)

------
yawnbox
Concerning encryption, privacy, and the U.S. Constitution:

Confidentiality - First, Fourth, and Fifth Amendments

Integrity - First and Fourth Amendments

Availability - First and Fourth Amendments

------
bshoemaker
Are there any companies that sell something like privacy as a service? It
seems sorely needed that someone work on this

