If you're unfamiliar, there was a strong meme in the late eighties through early/mid nineties among a certain set that the perfect storm of public key encryption (still wonderfully unbounded in our minds) and the emerging global network would be a nexus point for personal power in privacy, anonymity and security and in many real ways break down the bonds of the states. It's worth noting that this was about the time that the soviet union fell, and many in the know had gotten a first taste of global presence by hearing about the people in the streets via usenet before it made the news.
It wasn't that I was particularly a hard core believer or activist, at least compared to many I knew. But for those who understood what an immense impact the internet was going to have it seemed to everyone I knew - NSA, hackers, professors, that it was just how it would be. You couldn't hope to spy on pretty much anyone anymore when you could use perfect encryption to scramble a telephone call or an email. Kind of like when you knew everyone was about to have a touch phone.
I was ideologically aligned and mixed in such circles, nerds were still outcasts so not really too big a world, but my life was busy with other things - but I watched from a distance, fascinated with all the ideas and things to come. I'm not sure I've every really been more sure something was going to happen, at least to a very significant degree.
The government was sure too - that was when they came up with CALEA and people got upset but mostly scoffed - there was a real sense that they were just in their death throws.
Things got pretty busy, Internet boom. Company got bought by an agency, every big name anybody needed to be on the Internet yesterday. Was a blast though a bit of a blur - ended up in SF as the whole thing worked itself into a nasty hangover. Can't remember worrying too much about when the cypherpunks were going to win but still knew it had to be coming, err well it's just about adoption.
It really sucks to wake up after a bender and realize that you helped kill the dream that you were just waiting for someone else to make happen.
Working infosec as california recovered put me face to face with reality pretty early in this cycle. Not only was the thing I was so sure of totally not how it went down, with shift from relatively petty financial fraud and wankers to states and srs.bsns abandoning defense to focus solely of offense it's been very hard to square. It's hard to believe many people ever feel so sure about something that turns out so absolutely opposite.
Fuck, at least nobody killed rms.
"And never forget, the internet only knows what you tell it... more or less" --me!
Or so you think until it turns out an amendment to 2000-page farm appropriation bill actually mandated a government backdoor to be installed into any phone legally sold in the US, and 100% of US providers implemented in 5 years ago. And this backdoor is accessible without warrant since you communicate over public airwaves so you have no expectation of privacy.
Not good enough: you have to think of activating it. And even if you do, most traffic will still be unencrypted, making it easier for spies to tell who may have something to hide, and when they do.
To have real good, actual privacy, everything should be encrypted by default, the internet itself should be a giant scrambling overlay network such as Tor, and people should have symmetric bandwidth to encourage decentralization —no more need for YouTube.
I don't see it happen in the following decades.
A really safe internet has to look more like BitTorrent and less like YouTube.
There've been powerful incentives for software on servers; I think the above got in the way of p2p getting much of a foothold to develop its own advantages.
Regarding phones, this is already the case with iOS. The Full-disk and Full-filesystem encryption mechanisms appear to be fairly/very strong. I believe since Android 4, full filesystem encryption has been supported, but I'm not sure if it's as well-integrated as on iOS.
Apple has made an effort (although an imperfect one) to make text messaging secure by default.
Obviously Apple screwed up pretty badly by making all this stuff closed-source, and it's probably full of vulnerabilities, but the reality is that this seems to be, in practice, enough to thwart LEO attempts to surveil users of iOS devices.
I think we're on the right track.
- that it's implementation secure (for example Android FDE is trivial to crack for us, imagine what a joke it is for the NSA)
- that it's algorithms are secure (gone are the days where the NSA would warn us DES is broken to help US companies)
- that the data is never stored or sent in clear - the system has full access to the data, in clear, when its running.
- that there is no backdoor. each step of the implementation can have relatively hard to spot backdoors. Specially in proprietary code.
What vulnerabilities exist with the full disk encryption on android that make it insecure ?
If its done right, there are only 2 people capable of getting the content of the message: you and the intended recipient.
Companies are starting to realize that providing a good experience is the most important thing your company can do to stay relevant. Dreams often die in execution -- but I think we're getting to a point where a group of dedicated individuals focused on creating an exceptional Internet experience built on privacy and encryption really could make something happen.
I used to use GPG on Linux and OS X. I tried so very hard to keep using it. But it was the biggest pain in the ass, so eventually I just gave it up. I pulled up my key not long ago and had totally forgotten my passphrase.
The devil is in the details. Creating something familiar, something usable, and something that the average person would actually want to use is the part we need to get right.
I'm still terrified of a second McCarthyism.
1) Proper anonymity, so they don't know who to beat.
2) Deniable encryption.
4) (with 2) Sacrificial data of less significance to "give up" after sufficient beatings.
5) Social norms against beatings and similar coercion, extending to extreme circumstances.
6) Governmental transparency.
That's not enough. They still know who you talk to, where you are and just about everything except the contents of your conversation.
This is really what the rage on the internet is about. People like to pretend they're mad at the government overstepping its Constitutional boundaries, but what they're really mad about is the failure of their attempt to re-litigate the division of power between government and the people.
Not just easier: we made it possible.
The government couldn't have created Facebook on their own. But now that it exists, it's an intelligence agency's dream come true.
Every time we see another consumer web startup which relies on advertising or mining user data, we see yet another nail in the coffin in freedom and privacy for users. But, that's okay, because we're totally killing it, and that bridge round is coming any time now to keep us in our expensive lofts and designer foods.
Way to go, folks. Hope it was worth selling out the rest of your fucking race.
It seems Google had a significant number of employees in each camp. But the market logic was pretty firmly in one of those camps and not the other...
Oh, that's probably partly because that wouldn't help its detractors any one bit: as a dead martyr, RMS would be more powerful than as a living bitter old figurehead. (Disclaimer: I know nothing about RMS' actual mood.)
Only the monitoring computers have the time and patience to look at as much as they can ... and they can't parse text sentences (let alone voice comms) well enough to do anything but scrutinize for a few common terms ... let alone nuances (seen Google translate?). A couple of back-of-the-envelope calculations will demonstrate that to anyone.
The agencies and the corporations know that but they refuse to cop to it, possibly because it's so obvious that all they can do is -pretend- to be able to monitor a significant fraction of it all. Maybe because pretending is the only hope they've got left.