It's terrifying that basically nothing has changed since the Snowden leaks. And most people simply don't care so governments can keep scooping up our data, sifting through it for whatever they may deem interesting.
DNSSEC doesn't encrypt anything - it's all plaintext on the wire. There are some DNS extensions that encrypt the query/response (DNS over HTTPS does this), but DNSSEC is not that.
DNSSEC is simply a way to verify that the response you get has not been meddled with in transit - it's the domain owner signing the DNS records so that you can verify that your DNS responses aren't being modified by a malicious entity (that may very well be your ISP).
However so many sites are using CloudFlare and other DDoS prevention and CDN services. I'm sure the NSA has fiber taps (beam splitters) at the point where the data travels unencrypted on the internal datacenter network.
CloudFlare itself might not even be aware of the taps. Or maybe only a few select employees know about it.
I think the solution to these problems is to reduce dependence on the Internet. It's now possible to torrent an entire library worth of books and have it all on your personal computer at home. 20TB HDDs are readily available, and constantly getting cheaper. Also check out https://reddit.com/r/DataHoarder. And we have local AI models, again these do not need the Internet to function.
https everywhere is literally throwing the baby with the bathwater. yeah we got a little better at hiding content, still leaking ton of metadata, and still vulnerable to all the root CAs in your browser... and lost cache and everything else that http had.
Something changed: government agencies are now clear that they can carry on, build more of it, and get away with it. Even try and build more of it into law (see EU). It was an expensive test but successful.
Plenty has changed. In general the technology industry cares a lot more about security these days. Things have gotten better and many services became much more secure by default. WhatsApp is the most widely used messaging platform in the world and it has end-to-end encryption. It's not ideal but the fact is never before have so many people used something this secure. It's foiled my country's courts more than once.
What we need now is to get these governments to accept defeat and stop trying to undermine our security with constant legislative assaults. The fact they keep trying is evidence that it's working.
this is not true and insulting at the same time. Individual people are powerless against organized commercial activity, and, more than one million people in the USA are on payroll with uniform services, so they cannot object.
in addition, the throw-away word "terrifying" is also useless and annoying.. really
It's absolutely an insult and frankly disheartening. And in order to get a word in edgewise you would have to rollup an entire decade of work into a simple cliche using appropriately PC keywords. Which is just as draining to contemplate as do.
SamuelAdams|2 years ago
Now people are focused on encrypting metadata, so things like DNSSEC took off.
There was a recent discussion about how state actors are using push notifications to spy on users. Maybe that is the next area of improvement.
https://news.ycombinator.com/item?id=38543155
Syonyk|2 years ago
DNSSEC doesn't encrypt anything - it's all plaintext on the wire. There are some DNS extensions that encrypt the query/response (DNS over HTTPS does this), but DNSSEC is not that.
DNSSEC is simply a way to verify that the response you get has not been meddled with in transit - it's the domain owner signing the DNS records so that you can verify that your DNS responses aren't being modified by a malicious entity (that may very well be your ISP).
127361|2 years ago
CloudFlare itself might not even be aware of the taps. Or maybe only a few select employees know about it.
I think the solution to these problems is to reduce dependence on the Internet. It's now possible to torrent an entire library worth of books and have it all on your personal computer at home. 20TB HDDs are readily available, and constantly getting cheaper. Also check out https://reddit.com/r/DataHoarder. And we have local AI models, again these do not need the Internet to function.
begueradj|2 years ago
[1]: https://www.youtube.com/watch?v=37irG5pKur8
Observer3082|2 years ago
[deleted]
ksjskskskkk|2 years ago
creer|2 years ago
matheusmoreira|2 years ago
What we need now is to get these governments to accept defeat and stop trying to undermine our security with constant legislative assaults. The fact they keep trying is evidence that it's working.
mistrial9|2 years ago
this is not true and insulting at the same time. Individual people are powerless against organized commercial activity, and, more than one million people in the USA are on payroll with uniform services, so they cannot object.
in addition, the throw-away word "terrifying" is also useless and annoying.. really
rnd0|2 years ago
I disagree: "terrifying" accurately sums up the future we're hurtling straight towards. I worry about people who are not worried, personally.
halJordan|2 years ago
halJordan|2 years ago
And not only that, but the posted article even goes into some of the high level changes.
But you are right in one aspect. People absolutely dont care to stay on top of this- case in point your comment and the upvotes it has garnered.
apapapa|2 years ago