D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] OT: Privacy is not dead

 

On Sat, 31 Aug 2013, bad apple wrote:
And he is totally, utterly deluded when he starts waffling about SSL.
It's painful to read to be honest. SSL is NOT easy, trivial or in any
way "seamlessly integrated behind the scenes". He's apparently not heard
about CRIME or BEAST. Or the NSA. Or key escrow. Or SSL stripping. Or
the fact that all government agencies have access to the master keys
issued by any CA. Or browser implementations vs server implementations.
In short, he should probably never mention SSL in any technical capacity
whatsoever... *rolls eyes*

I think you're reading too much into what's essentially a throwaway comment: everyone who uses the Internet uses SSL, while barely anyone understands how it works - and many don't even know that they're using it in the first place. One the other hand, he argues, using PGP requires some basic understanding of how it works and that shouldn't be the case. I share Simon's scepticism about the possibiliy of making PGP work as seamlessly as SSL, but he does have a point when he says it would be good if it did.

I also think it's good not to see privacy as a black-and-white thing. I think we have good reasons to be very worried about what the NSA can do (and does) and it is very good to keep in mind that at least most implementations of SSL don't protect you well enough against that. But that doesn't mean that SSL doesn't provide ample protection against (almost all) people on the same wireless network, or even the owner of my router (assuming that wasn't me) reading my Gmail password.

I am well aware that my bank is obliged to inform law enforcement of transactions I make in case I am suspected of doing something wrong, and perhaps they even have some kind of direct access to my bank's systems, with or without the knowledge of the bank. It is also likely that the bar for this suspicious isn't particularly high. But that doesn't mean that my bank should publish my transactions on their public website - or even make them accessible to all their thousands of employees.

Martijn.


--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq