
Protect your freedom and privacy - aurelien
https://www.fsf.org/campaigns/surveillance
======
zek
while I agree that users could do a lot of the computing that is now
outsourced to the cloud on their own computers, I think there is a lot of
convenience in the cloud model and it may be hard to get consumers to move
away from it. I would like to hear more about how we might actually effect
change so that the government simply doesnt have the right to requisition data
from companies as they have been.

~~~
znowi
As _amirmc_ said, I think the move towards a decentralized system, as the
Internet itself operates, can be a viable solution to the cloud problem.

What we see today is accumulation of great power and influence in the hands of
a few Big Tech companies. Even without cooperation with NSA, such imbalance is
dangerous.

It's like a reverse trend from personal computing back to mainframe era, where
users are expected to plug into the Source, conduct their affairs, and then
unplug, leaving all data in the central repository, looked after by someone
else.

If we could devise a set of standard protocols for cloud communication (like
we have for emails), it would give us an opportunity to shift control from
centralized proprietary platforms back to users. Any party could then
implement the protocol and any user would be free to choose how to access
their data, where to store, and who to communicate, as long as they're on the
Internet.

------
joshfraser
Has anyone tried [http://www.mailvelope.com/](http://www.mailvelope.com/) for
using PGP in Gmail or other hosted email providers? I'm curious how it works.

~~~
jjh42
I started using it after the recent prism fiasco (taught my wife how to use
it).

It's ok, adds a few extra clicks to each email. The main problem is I haven't
found a good solution for reading email on my iPhone.

------
chimeracoder
> Start using encryption to make your communication harder to snoop. GPG for
> email and OTR for instant messaging are great places to start.

I am oftentimes surprised by how few self-identifying hackers use end-to-end
encryption like PGP/GPG.

Many of us use clients like Thunderbird already, which make GPG setup and use
rather simple. I set up GPG on Thunderbird for my dad (who is a complete
Luddite) - it took me <15 minutes, and he's been using it to email with me for
over a year.

I encourage everyone reading this to set aside 15 minutes to set up GPG
encryption and send a GPG-signed/encrypted email to a friend[0]. You'll see
it's not so scary, and this is one of the single biggest things you can do to
protect your privacy online.

[0] If you don't have any friends with PGP keys, feel free to email me. :)

~~~
mahyarm
The UX problem with PGP is that you can't tell if some random has PGP before
you send an email to them without manual effort. The amount of friction
required is too much and leads to little adoption.

With OTR, if the person is 'online' you can just initiate a convo with them
and passively have OTR enabled if the other client supports it. You also have
forward secrecy, a critical feature PGP lacks.

PGP UX is horrible and still stuck in the 90s! It's great for people who need
it and it was really necessary to be invented. But something like OTR is the
real successor.

~~~
chimeracoder
> PGP UX is horrible and still stuck in the 90s! It's great for people who
> need it and it was really necessary to be invented. But something like OTR
> is the real successor.

As tptacek commented on an earlier post, all of the alternatives to PGP
provide more or less the same UX that PGP is capable of. It's not
inconceivable that my PGP client could do most of the legwork (ie, fetching
keys from keyservers, encrypting automatically, etc.) for me while maintaining
compatibility with PGP.

In any case, I don't really want to enter a PGP vs. OTR discussion right now,
because my original point is that many self-identified hackers use neither. If
people read this thread and begin to use either one or the other, I consider
that to be a win for now!

~~~
FedRegister
> (ie, fetching keys from keyservers, encrypting automatically, etc)

No no no no no! The keyservers have no authentication for key addition.
Anybody can put up a key for any email address and effectively wedge
themselves man in the middle.

~~~
bigiain
Also, the paranoid in me (and probably more significantly, the keyboard-
activist-in-the-safety-of-my-parents-basement) suggests that it might be wise
to access keyservers over TOR.

If _I_ were involved with PRISM, the pipe running to pgp.mit.edu would be one
of the most monitored connections around. "Hmmm, someone just searched for a
PGP key for FedRegister - lets see what else that IP address has searched for,
and what's in all the gmail inboxes that have ever been accessed using that IP
address…"

~~~
grabhive
Yes. This is the way that hackers should be thinking from now on.

------
MarkHarmon
Interesting article and I like the motivation behind it, which seems to be
owning your own data and keeping it private. It does get a little preachy for
me though with sentiments such as this "...which is bad like any nonfree
program". Why is any (or every) non-free program bad? That remark displays
close mindedness, but I realize that Stallman is the free software guy so I
guess it's to be expected. Just a little too idealistic and old fashioned
sounding for my taste.

~~~
grabhive
What is meant by 'non-free' is software that is not open-source and licensed
in such a way that it must legally remain so.

It's fairly simple to follow from there, isn't it? If the software you use
falls under such definition, then you are (unless handy with advanced
debuggers) mostly blind to what it is doing. To claim as much is the very
opposite of "closed-mindedness".

Now, according to the credit at least, Stallman didn't write this article
(though you are obviously correct in suggesting that his ethos drives the
point). But can we really in this PRISM era point to Stallman, whose
historical warnings were obviously prescient beyond the basic measure of sense
held by the dominant digerati, and dismiss him as 'preachy'?

------
miguelrochefort
Seeking privacy is as foolish is seeking fossil fuel. This is not a
sustainable model, and it has to change. Transparency is better in every way.

It might be a necessary evil for now, but the focus should be put on the real
problem (the government) rather than privacy itself.

~~~
DanBC
No.

Imagine that today you have a government you can trust. But what about 5 years
from now? Or ten years from now?

Some Americans think they have a bad government. Perhaps they should spend
some time in countries who'll shoot you or imprison you for your opinions.
Many people live under worse regimes right now.

Privacy protecting software is vital, and needs to be done as well as changing
bad government behaviours.

------
medde
Why isn't there more anit-virus software that stop "bad actions"? who cares
what the virus code/binary looks like...

