Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I disagree. Unless systems like TrueCrypt, PGP, Tor and Bitcoin are being outlawed, there is no need for such a protest.


Your threat model doesn't represent the current state of the world.

We don't just have have governments passively listening on wires is ways that are thwarted by encryption. The contemporary threat profile is

- Wholesale compromises of devices if they meet certain selectors.(Jacob Applebaum and Der Spiegel's reporting)

- Self replicating government malware with stockpiled zero days.( Flame and Stuxnet)

- Secret court orders for parties to turn over their encryption keys.(Lavabit)

- Cell phone tower dumps ( Verizon transparency report)

- Comprise of networking gear for large scale traffic analysis.

and more.

Edit to fix formatting.


> - Wholesale compromises of devices if they meet certain selectors.(Jacob Applebaum and Der Spiegel's reporting)

You're kidding, right? Most of those are hardware attacks that were guaranteed to be possible with physical access. A few exploits for sure, but definitely 100% expected stuff. If you want to thwart such attacks, use anonymity networks under virtual environments. Or consider that perhaps you're not high value enough for them to risk 0-day exploits on.

> - Self replicating government malware with stockpiled zero days.( Flame and Stuxnet)

Yes, anyone can write malware. It's fucking piss simple. This has little-to-nothing to do with mass surveillance. Again, virtualized environments which force things over an anonymity network are relatively simple to set up and beat this.

> - Secret court orders for parties to turn over their encryption keys.(Lavabit)

This could easily be thwarted if the solutions I suggested were used. End-to-end encryption is the only sort which should be used.

> - Cell phone tower dumps ( Verizon transparency report)

Easily thwarted. Use redphone or mumble. Run Orbot or similar on your phone for more. If you don't want your phone tracked, you're probably screwed, but if it's the actual data you care about then you have options.

> - Comprise of networking gear for large scale traffic analysis.

Have a party with that encrypted network data. Get cracking. Passive or even MITM attacks don't matter against every solution I mentioned.

So please, stop with your paranoid bullshit. The cryptography is good and solves most of these problems.

Yes, anonymity networks are a key to this and must be developed further, but it's far from as bad as you make it sound.


So instituting a massive cultural shift in adoption of strong encryption technologies AND winning an arms race against the NSA's inevitable attempts to subvert them is simpler than pushing for political change that is supported by the majority of the population and has strong support in congress and industry?

Both approaches are useful and can be complementary, but if you have to put all your money on one horse, I think you're choosing the wrong one.


When your options are an ineffective load of shit and something that might actually work, I'll take the one that has a chance.


To the other person's point, if you're the only one who gives a damn, then using PGP doesn't matter.

>Our control regime for abusive surveillance technology must include create a societal norm that these systems are morally unacceptable.

I couldn't have said it better myself.


But it hasn't done so or has completely failed to do so. Most people I've discussed this with have generally supported privacy, some have even changed usage habits to do so.

I believe there have been wide studies even on this that have largely shown that people world wide are against such practices.


Inspired by this wonderful essay on the Oakland DAC https://medium.com/p/b6e6043dad4f




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: