I'm actively encouraging the users of the sites I run to encrypt everything.
I'm giving advice in private messages about how to use Truecrypt (especially when using Dropbox or any remote backup or cloud sync service), what a VPN is and how to use Relakks or IPredator, etc.
Just basic things, yet the reaction has been extremely positive. One of the sites I run exists by donations, and just for giving this advice 1 person donated £100 to the running of the site because in his words "No-one else is telling me to encrypt or helping me.".
The big glaring omission in all of this is email. We all want a secure email system, and one that doesn't involve locking yourself into a single provider (Hushmail), and yet can co-exist with sending email to recipients on webmail and corporate solutions.
Talk about a big hole in the market.
I've not pitched this to my users as "here's how to pirate", it's just been "privacy is core to democracy, encryption protects your privacy". And additionally I've argued to them that if they were amongst the people who turned their Twitter avatars green last year for Iran, then by not using encryption they leave encryption to "terrorists, criminals and dissidents", who cares for the first two, but if you care for the last you'll encrypt too to ensure that their dissenting opinion can be voiced safely in private.
I got the idea for telling my users all of this from HN, and specifically a link to a Canadian site:
I truly think that the best response that the people of Britain can give to these proposals is to encrypt everything and take away from the government the ability to pervasively spy on their own populace like this.
With most governments and corps it always feels like that ask for a mile, and when we object they concede half a mile. We're happy, but then they do this a few times and they get to where they wanted to be.
What better way to halt this for good than to encrypt everything.
Now, if someone could just give us email v2, secure by default. I'd happily pay for it. Just make it work, and make it open source and aim for it to be standard... don't give me another closed service to achieve it.
PGP (and it's mathematical foundations to some degree) were invented to solve the secure email problem. Back then the proponents of PGP essentially predicted the situation we're in now. Up until now there's been plausible deniability for any of us normal people to care, so consumer adoption of PGP remains close to nil. Even corporate use I've seen only comes into play when dealing with another company who forces it be used.
That's changing fast. Their original use case (secure messaging in a monitored society) is no longer only a tinfoil hat situation.
The solution is for all of us HNers to adopt PGP 100%. Everyone who wants to talk to use would have to adopt PGP. The friction to start is rather huge but that is how something like this would get adopted.
As for "but it doesn't jive with my gmail nicely".. maybe it's time we give up gmail too. It's value proposition is based on reading your email to be better build a profile on you to sell to advertisers. That's why google plus wanted your real name, so they have a face to put all that mined data to.
Does any of this really stop the snooping, or is it just giving a false sense of security?
Then, would deploying all this on a day to day basis suggest to a paranoid snooper that one is hiding something than there for a legitimate target for more snooping?
I would also advise writing to your local MP (find them here http://www.theyworkforyou.com/). It's easier to ignore 4,000 digital signatures than 4,000 physical letters. It wouldn't hurt to call them either.
I find myself thinking "I don't want to live on this planet anymore" more and more often these days. Not sure if I'm just getting older, or the world really is going to shit.
So, mega snooping, well publicised. Any serious terrorist or lentil rights protester would encrypt or simply stop using electronics for communication. That leaves the rest of us being snooped on for no terrorist or what ever reason.
I'm a thick idiot and I can work that out, so presumably the government can too.
This is not about terror and all that scare story stuff, its population surveillance.
Some how these governments need reminding that we the people are supposed to be the boss. They serve us, not the other other way round.
Home Secretary Theresa May has said the move will help bring "criminals, paedophiles and terrorists" to justice.
However, the home secretary told the Sun that "ordinary people" would have nothing to fear from the government's plans.
I think those 2 quotes sum it up really. And they say the Arab nations are oppressive... I can't believe the kind of morons we have running this country for us, but certainly explains when we're in such a financial sh!t.
No, this was always accepted in times of war. The notion we have to fight is that of perpetually being at war (terrorists! child pornographers! pirates!).
It's worth pointing out that this law would allow monitoring of communications with a warrant.
The idea that communications can be monitored with oversight is not a new one. Law enforcement departments have been able to tap phones with a warrant for decades.
Edit: Hm, the article is actually a little unclear on whether or not a warrant is needed. At the top it says it is, and then in the middle it quotes a bunch of people saying it isn't...
It seems like there's little escape these days. I'm from the UK originally, and my adoptive country, Poland, yesterday had a story written about how it's the most surveilled country in the EU:
A nearly-identical law, the Recording and Interception of Communications Act (RICA), was enacted in 2002 in South Africa. While in theory it contained all the legal protections that have been proposed for the UK legislation, in practice it has been badly abused.
Between 2006 and 2010 just one of the South African government's regional interception centres (of which there are at least four and potentially many more) carried out over 3 million legal interceptions, a number which is known to have increased since then. Subsequent leaks to the media have revealed that even this is a drop in the ocean; illegal interceptions are performed routinely and are easily hidden from oversight amongst the millions of legal interceptions performed every year.
Looking at the numbers involved, it's not unreasonable to assume that every single connected South African will have their communications intercepted at some point, sometimes in illegal interceptions with no official control over the data collected. In fact, there have been examples of staff inside the interception centres being bribed by business rivals, spouses and others to spy on innocent citizens.
I see no reason why the UK will be immune to these types of abuses, despite having a less corruptible civil service. This kind of power in the hands of poorly-monitored government intelligence agencies is always a bad idea.
Not a definitive answer, but I quite liked the fact that my home country, Switzerland, apart from being neutral and having a government that doesn't have executive power centralised in a single person's hands, and having a relatively sane reaction to violent acts (see the Zug shooting, for example), also recently made a public statement that they did not feel that the issues that the movie/music industries face warranted any change of fair use or internet monitoring laws.
The proposal would allow the UK government to query, without a court order, logs of who talked to whom and when. They would have to apply for a court order to see the content.
It would compel UK based startups to keep a log of all this data, which of course costs time an money, reducing the UK's competitiveness.
How do all those European data retention laws apply to US companies? Do US companies (with offices in Europe, but servers in the US) need to adhere to those data retention laws, or is it safe to use US-based services?
If you think this has not already been implemented in the UK for a LONG time, i.e. pre-RIPA 2000, then you are very naive.
Ask anyone who has ever worked on infrastructure at a large UK ISP or exchange (e.g. LINX). Copious secret services systems are already used.
The key difference, the key burden that is being (publicly) demanded in 2012 by the services is real-time! Presumably, this was such a burden to the overall infrastructure of the majority of UK ISPs that they just pushed back when requested... hence the new law proposals.
Now you can observe the difference in Europe and US tech journalism. When an anti-internet bill (SOPA) was being discussed in the US, any noteworthy US journalist - those with and without vested interests in the matter - were talking about it very loudly. Compare with the similar situation where TC Europe and others are happily and silently carrying on their daily duties of - mostly - using their media outlet for their own personal short sighted benefits.
It only became news when the likes of Google and Wikipedia decided to protest and carry out a blackout... (I am not in the US, but this is what I have read)
[+] [-] buro9|14 years ago|reply
I'm giving advice in private messages about how to use Truecrypt (especially when using Dropbox or any remote backup or cloud sync service), what a VPN is and how to use Relakks or IPredator, etc.
Just basic things, yet the reaction has been extremely positive. One of the sites I run exists by donations, and just for giving this advice 1 person donated £100 to the running of the site because in his words "No-one else is telling me to encrypt or helping me.".
The big glaring omission in all of this is email. We all want a secure email system, and one that doesn't involve locking yourself into a single provider (Hushmail), and yet can co-exist with sending email to recipients on webmail and corporate solutions.
Talk about a big hole in the market.
I've not pitched this to my users as "here's how to pirate", it's just been "privacy is core to democracy, encryption protects your privacy". And additionally I've argued to them that if they were amongst the people who turned their Twitter avatars green last year for Iran, then by not using encryption they leave encryption to "terrorists, criminals and dissidents", who cares for the first two, but if you care for the last you'll encrypt too to ensure that their dissenting opinion can be voiced safely in private.
I got the idea for telling my users all of this from HN, and specifically a link to a Canadian site:
http://encrypteverything.ca/index.php/Main_Page
Then I also shared links to:
https://www.eff.org/https-everywhere
https://www.relakks.com/?lang=eng
https://ssd.eff.org/tech/encryption
I truly think that the best response that the people of Britain can give to these proposals is to encrypt everything and take away from the government the ability to pervasively spy on their own populace like this.
With most governments and corps it always feels like that ask for a mile, and when we object they concede half a mile. We're happy, but then they do this a few times and they get to where they wanted to be.
What better way to halt this for good than to encrypt everything.
Now, if someone could just give us email v2, secure by default. I'd happily pay for it. Just make it work, and make it open source and aim for it to be standard... don't give me another closed service to achieve it.
[+] [-] gravitronic|14 years ago|reply
PGP (and it's mathematical foundations to some degree) were invented to solve the secure email problem. Back then the proponents of PGP essentially predicted the situation we're in now. Up until now there's been plausible deniability for any of us normal people to care, so consumer adoption of PGP remains close to nil. Even corporate use I've seen only comes into play when dealing with another company who forces it be used.
That's changing fast. Their original use case (secure messaging in a monitored society) is no longer only a tinfoil hat situation.
The solution is for all of us HNers to adopt PGP 100%. Everyone who wants to talk to use would have to adopt PGP. The friction to start is rather huge but that is how something like this would get adopted.
As for "but it doesn't jive with my gmail nicely".. maybe it's time we give up gmail too. It's value proposition is based on reading your email to be better build a profile on you to sell to advertisers. That's why google plus wanted your real name, so they have a face to put all that mined data to.
Switch To PGP Day?
edit: relevant links
"simple pgp chrome plugin for gmail" - http://news.ycombinator.com/item?id=2918255
[+] [-] alan_cx|14 years ago|reply
Does any of this really stop the snooping, or is it just giving a false sense of security?
Then, would deploying all this on a day to day basis suggest to a paranoid snooper that one is hiding something than there for a legitimate target for more snooping?
[+] [-] Hates_|14 years ago|reply
http://epetitions.direct.gov.uk/petitions/32400
[+] [-] Sodaware|14 years ago|reply
[+] [-] MattBearman|14 years ago|reply
I find myself thinking "I don't want to live on this planet anymore" more and more often these days. Not sure if I'm just getting older, or the world really is going to shit.
[+] [-] ntmartin|14 years ago|reply
Sorry the total is 4,384. For some reason the site only shows you the latest number after signing.
(Edit: Correcting previous assertion.)
[+] [-] nodata|14 years ago|reply
[+] [-] alan_cx|14 years ago|reply
I'm a thick idiot and I can work that out, so presumably the government can too.
This is not about terror and all that scare story stuff, its population surveillance.
Some how these governments need reminding that we the people are supposed to be the boss. They serve us, not the other other way round.
[+] [-] nodata|14 years ago|reply
Because the monitoring is out of site, and cheap in terms of man power, now it's allowed.
I really find it amazing.
[+] [-] kamjam|14 years ago|reply
However, the home secretary told the Sun that "ordinary people" would have nothing to fear from the government's plans.
I think those 2 quotes sum it up really. And they say the Arab nations are oppressive... I can't believe the kind of morons we have running this country for us, but certainly explains when we're in such a financial sh!t.
[+] [-] mseebach|14 years ago|reply
[+] [-] weavejester|14 years ago|reply
The idea that communications can be monitored with oversight is not a new one. Law enforcement departments have been able to tap phones with a warrant for decades.
Edit: Hm, the article is actually a little unclear on whether or not a warrant is needed. At the top it says it is, and then in the middle it quotes a bunch of people saying it isn't...
[+] [-] DanBC|14 years ago|reply
[+] [-] mootothemax|14 years ago|reply
http://thenews.pl/1/9/Artykul/95154,Poles-still-under-watchf...
All round, rather depressing.
[+] [-] _djo_|14 years ago|reply
A nearly-identical law, the Recording and Interception of Communications Act (RICA), was enacted in 2002 in South Africa. While in theory it contained all the legal protections that have been proposed for the UK legislation, in practice it has been badly abused.
Between 2006 and 2010 just one of the South African government's regional interception centres (of which there are at least four and potentially many more) carried out over 3 million legal interceptions, a number which is known to have increased since then. Subsequent leaks to the media have revealed that even this is a drop in the ocean; illegal interceptions are performed routinely and are easily hidden from oversight amongst the millions of legal interceptions performed every year.
Looking at the numbers involved, it's not unreasonable to assume that every single connected South African will have their communications intercepted at some point, sometimes in illegal interceptions with no official control over the data collected. In fact, there have been examples of staff inside the interception centres being bribed by business rivals, spouses and others to spy on innocent citizens.
I see no reason why the UK will be immune to these types of abuses, despite having a less corruptible civil service. This kind of power in the hands of poorly-monitored government intelligence agencies is always a bad idea.
[+] [-] colinhowe|14 years ago|reply
[+] [-] swombat|14 years ago|reply
[+] [-] DanBC|14 years ago|reply
And GCHQ already have access to this data, the new law just makes access 'real time' rather than retrospective.
[+] [-] topbanana|14 years ago|reply
It would compel UK based startups to keep a log of all this data, which of course costs time an money, reducing the UK's competitiveness.
[+] [-] gst|14 years ago|reply
[+] [-] drucken|14 years ago|reply
Ask anyone who has ever worked on infrastructure at a large UK ISP or exchange (e.g. LINX). Copious secret services systems are already used.
The key difference, the key burden that is being (publicly) demanded in 2012 by the services is real-time! Presumably, this was such a burden to the overall infrastructure of the majority of UK ISPs that they just pushed back when requested... hence the new law proposals.
[+] [-] aes256|14 years ago|reply
Go on...
[+] [-] ksajadi|14 years ago|reply
[+] [-] kamjam|14 years ago|reply
[+] [-] wavephorm|14 years ago|reply
[+] [-] tantalor|14 years ago|reply
[+] [-] tgandrews|14 years ago|reply