One of the great failures of the Internet era has been giving up on end-to-end encryption. PGP dates back to 1991, 22 years ago. It gave us the technical means to have truly secure email between two people. But it was very difficult to use. And in 22 years no one has ever meaningfully made email encryption really usable.

A big part of the problem is the architecture of Internet services. Most of us host our email on a third party server like Gmail or Lavabit or whatever. That makes true end-to-end encryption very difficult. Instead we have to trust our hosting service with access to our email, and as we find the government can compel them to rat you out (or simply break in).

We do have SSL/HTTPS, the only real end-to-end encryption most of us use daily. But the key distribution is hopelessly centralized, authority rooted in 40+ certificates. At least 4 of those certs have been compromised by blackhat hackers in the past few years. How many more have been subverted by government agencies? I believe the SSL Observatory is the only way we’d know.

The cypherpunks movement foresaw all of this surveillance risk. It outlined principles and technologies to protect individuals from both evil hackers and overreaching governments. It failed to actually implement it.

originally a Metafilter comment
  2013-08-20 15:59 Z

In your heart you know it’s flat

I love this phrase, the motto of the Discordian Flat Earth Society (early source). It neatly characterizes the problem of so much common sense knowledge, intuition, wisdom. Of course we know the Earth is flat; just look at it!

The older I get, the less patience I have with woo-woo people who praise intuition and folk wisdom. From child killing anti-vaccination superstition to muddled thinking about the dangers of cell towers, GMO foods, and nuclear power to the simple underinvestment in discovering how the universe actually works. In the words of Neil deGrasse Tyson, “The good thing about science is that it’s true whether or not you believe in it.”

  2013-08-19 18:23 Z