The more I consider the ramifications of these news reports, the more I realize we need full decentralization and total encryption.
We have the tech: Strong encryption, Tor-like relays, and the blockchain. What we need is a way to make services based on these technologies not just as easy to use but easier to use for the average Jane.
If the internet as we know it is to survive, we have to crack this nut.
That's necessary, but not sufficient. We need both sane policies and technical measures to ensure that nothing less than those policies is possible. If we only have the technology, policy-makers can and will make life difficult both for the users and makers of these technologies; more draconian regimes will simply never allow those technologies to take root to begin with.
And you were doing so well until you said "the blockchain".
(The singular with a "the" means the Bitcoin blockchain, which is increasingly centralised under a decreasing number of Chinese mining pools. And this is apart from the stupendous list of problems with literally every single aspect of Bitcoin. It may not be a great idea to pin any of our hopes on the digital Cue::Cat.)
No, we live in a capitalist society - what is needed is a way to monetize such services that is as easy as trading in sensitive personal data behind the guise of "free" services.
Or a different social order (my favorite) - but the first problem is probably much easier to solve in a short time-frame.
We don't have the tech for two important, related things: user-friendly, trust management tools as effective as in person; key management for various, complex scenarios. These two have so many issues that even technical people screw up. I've certainly seen a lot of good work on these. Yet, we're not there yet and getting there is worth a ton of effort by anyone who will try.
We get that, then we might integrate it with our existing technologies to implement and use it. Need the foundation first, though.
It must have been an exciting surprise for attendees.
I'm glad Snowden said DNS should be encrypted. From the tweet stream provided by @conflictmedia, that was tied for 1st for most re-tweeted, along with making the Internet for users, not spies. (It should be noted that DNSSEC is not encrypted.)
Too bad his appearance wasn't recorded, but HUGE thanks to Niels ten Oever and Rich Salz for tweeting major points!
You know, it's funny because just last week, I chatted with a friend of mine in the UK giving me some pretty crazy rundown of DNS issues he was having. I found out that BT (UK's leading ISP) hijacks DNS for parental control purposes (read: pornblock).
This is where I get to plug djbdns and DNSCURVE over DNSSEC. I think DJ has been ahead of the curve (no pun intended) on these things for quite some time. I am currently in the process of migrating from bind9 (and avoiding bind10 like the plague) to djbdns wherever possible. Quirks and lack of updates/extensions not withstanding, it's great so far.
If a future DNS improvement (hopefully, blockchain based) starts providing SSL keys to reduce the latency required for an SSL connection on HTTP/2 (skipping the "Connection: Upgrade") and on HTTP/1 (when being redirected from http to https), it would provide advantages and would also encourage encrypted DNS queries.
Well, luckily for humanity this is exactly what I've been coding full time since December of 2014, dedicating my life to. I have been designing it for many years.
The first layer, MORPHiS, is a global secure encrypted distributed datastore that deprecates bittorrent, email and the web so far and is slated for release at the end of this Month!
Sorry for reddit; it is because I keep getting shadow banned here for being pro Snowden, Etc. Do not worry, MORPHiS is designed to deprecate hacker news! Anyways, the website is morph.is but doesn't launch until the 31st of this month. Read the only article in the /r/morphs subreddit for lots of details on MORPHiS!
Agreed. He actually knows little about most of INFOSEC compared to other, serious practitioners. He seems to be a good IT guy, expert on NSA tools, and have anecdotes of what they had trouble hitting. Far as security engineering, I'd trust a source with a good track record of building and breaking stuff similar to what I'm assessing.
People are leaning on him way too much for way too many things. I'm not even saying my statements apply to the article here so much as in general for people interviewing or citing him. Anyone reading posts of high-security engineers pushing strong hardware and software security pre-Snowden would've survived almost everything in NSA's toolbox using such methods. Leads me to add that Snowden seems totally unfamiliar with that stuff and it's unsurprising given his job was SIGINT-related rather than strong INFOSEC.
My only failure was not focusing on clean slate chips and hardware design enough. My priority was software but prioritizing the kind of hardware I've promoted here & elsewhere would've got me further. Makes the software easier to secure. Just was too lazy to learn all the hardware engineering knowledge it takes to (a) do custom hardware and (b) do sub-micron, custom hardware. I'm making amends now, at least.
[+] [-] s_q_b|10 years ago|reply
We have the tech: Strong encryption, Tor-like relays, and the blockchain. What we need is a way to make services based on these technologies not just as easy to use but easier to use for the average Jane.
If the internet as we know it is to survive, we have to crack this nut.
[+] [-] JoshTriplett|10 years ago|reply
[+] [-] davidgerard|10 years ago|reply
(The singular with a "the" means the Bitcoin blockchain, which is increasingly centralised under a decreasing number of Chinese mining pools. And this is apart from the stupendous list of problems with literally every single aspect of Bitcoin. It may not be a great idea to pin any of our hopes on the digital Cue::Cat.)
[+] [-] e12e|10 years ago|reply
Or a different social order (my favorite) - but the first problem is probably much easier to solve in a short time-frame.
[+] [-] unicornporn|10 years ago|reply
[+] [-] nickpsecurity|10 years ago|reply
We get that, then we might integrate it with our existing technologies to implement and use it. Need the foundation first, though.
[+] [-] SEJeff|10 years ago|reply
Pick one. That is why we are in the mess we are in
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] Panino|10 years ago|reply
I'm glad Snowden said DNS should be encrypted. From the tweet stream provided by @conflictmedia, that was tied for 1st for most re-tweeted, along with making the Internet for users, not spies. (It should be noted that DNSSEC is not encrypted.)
Too bad his appearance wasn't recorded, but HUGE thanks to Niels ten Oever and Rich Salz for tweeting major points!
[+] [-] scrollaway|10 years ago|reply
You know, it's funny because just last week, I chatted with a friend of mine in the UK giving me some pretty crazy rundown of DNS issues he was having. I found out that BT (UK's leading ISP) hijacks DNS for parental control purposes (read: pornblock).
More info here: https://thecomputerperson.wordpress.com/2015/02/18/bts-netwo...
It boggles my mind actual major ISPs get away with this stuff. Sure am glad to use dnscrypt.
[+] [-] arca_vorago|10 years ago|reply
http://dnscurve.org/integration.html
[+] [-] tedunangst|10 years ago|reply
And yet, when HBO screwed up their dnssec config and Comcast blocked the site, how did users react? By demanding Comcast stop verifying!
(Fully encrypted DNS can only fail in even more ways than dnssec.)
[+] [-] undefined0|10 years ago|reply
[+] [-] frankNo|10 years ago|reply
My vision is complete and planned, all the way until The World Brain! See: https://sherlock.ischool.berkeley.edu/wells/world_brain.html
The first layer, MORPHiS, is a global secure encrypted distributed datastore that deprecates bittorrent, email and the web so far and is slated for release at the end of this Month!
See http://reddit.com/r/morphis for details.
Sorry for reddit; it is because I keep getting shadow banned here for being pro Snowden, Etc. Do not worry, MORPHiS is designed to deprecate hacker news! Anyways, the website is morph.is but doesn't launch until the 31st of this month. Read the only article in the /r/morphs subreddit for lots of details on MORPHiS!
Peace all!
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] justwannasing|10 years ago|reply
[+] [-] nickpsecurity|10 years ago|reply
People are leaning on him way too much for way too many things. I'm not even saying my statements apply to the article here so much as in general for people interviewing or citing him. Anyone reading posts of high-security engineers pushing strong hardware and software security pre-Snowden would've survived almost everything in NSA's toolbox using such methods. Leads me to add that Snowden seems totally unfamiliar with that stuff and it's unsurprising given his job was SIGINT-related rather than strong INFOSEC.
My only failure was not focusing on clean slate chips and hardware design enough. My priority was software but prioritizing the kind of hardware I've promoted here & elsewhere would've got me further. Makes the software easier to secure. Just was too lazy to learn all the hardware engineering knowledge it takes to (a) do custom hardware and (b) do sub-micron, custom hardware. I'm making amends now, at least.