This article makes a strong case against the idea that "only criminals want encryption" or that people "with nothing to hide" shouldn't be concerned.
We have come to a point where end-to-end encrypting all your private data and private communications is no longer an ethical option, but an ethical duty.
This article makes a strong case against the idea that "only criminals want encryption" or that people "with nothing to hide" shouldn't be concerned.
Personal privacy is significantly tied to respect and dignity. That is why privacy is necessary. Once someone has stepped over the line of being dignified AND respectable, then law enforcement...
Personal privacy is significantly tied to respect and dignity. That is why privacy is necessary. Once someone has stepped over the line of being dignified AND respectable, then law enforcement might have a case.
Granted, I understand that these terms can be fluid, but I would like to posit that it is the direct opposite to being "open" and have "nothing to hide". A naked person hung up on a rack indeed has nothing to hide (which this article reminds me of, in a "nicer" sense). But that degrades everything private and respectable, which is how I personally view arguments like this.
It's probably a good idea but I'm wary of people making up ethical duties where none previously existed. Making a case for voluntary action is fine. Turning it into a duty is cheating.
It's probably a good idea but I'm wary of people making up ethical duties where none previously existed. Making a case for voluntary action is fine. Turning it into a duty is cheating.
The messaging is kinda muddled in general. The vibe I get from the contents of most of the article is that the moral imperative is making sure legislatures don't outlaw encryption, which I agree...
The messaging is kinda muddled in general. The vibe I get from the contents of most of the article is that the moral imperative is making sure legislatures don't outlaw encryption, which I agree with for the most part. You can do so by voting, and voting is a civil duty.
The title and the opening statement are kinda ???
We have come to a point where end-to-end encrypting all your private data and private communications is no longer an ethical option, but an ethical duty.
...what if I don't want a particular piece of data to be encrypted? There's plenty of reasons I would want that? I think encryption should always be an option, but saying it is an "ethical duty" to encrypt all your data just seems weird.
I believe they're talking about communications and data transmitted over the internet. Considering that IMO there is no reason to want your communications to NOT be encrypted other than laziness....
what if I don't want a particular piece of data to be encrypted? There's plenty of reasons I would want that? I think encryption should always be an option, but saying it is an "ethical duty" to encrypt all your data just seems weird.
I believe they're talking about communications and data transmitted over the internet. Considering that IMO there is no reason to want your communications to NOT be encrypted other than laziness.
SSL is just the S in HTTPS. HTTP sites are soft blocked by your browser now and any site not using HTTPS is being lazy and creating a security risk for their users.
Messaging. There is no reason to use non-encrypted messaging. The only reason we do is because people are on apps that don't support it. This isn't a reason NOT to encrypt IMO, its just a crappy reality.
Email. Encrypting email properly is harder, but again my argument is that reasons to NOT encrypt all due to poor adoption of current tools and lack of *easy* standards. Example, proton mail easily encrypts everything you send to other proton mail users, but AFAIK when you send it to other email services its no more secure than regular email.
To be clear, the whole "ethical duty" thing this guy is on about... ya he's just pushing his own agenda hard. I'm just arguing that there is generally no reason NOT to encrypt your communications.
If I were to encrypt my email, nobody I email would be able to read my messages. So that's quite a strong reason to not do it. And OK, perhaps I am "lazy" for not walking my parents - the only...
If I were to encrypt my email, nobody I email would be able to read my messages. So that's quite a strong reason to not do it.
And OK, perhaps I am "lazy" for not walking my parents - the only people I send personal email to any more - through how to encrypt their email but then also who cares if someone reads my message about whether they're coming to stay next week or not? (especially given the connection between their browser and gmail is encrypted anyway).
But am I lazy for not setting up crypto for all my customers who email me? What about the supplier I'm currently emailing about an order that they got wrong? Neither of those two are realistically possible. If you were trying to buy something and the shop insisted on you jumping through a bunch of confusing technological hoops for apparently no benefit just to get a price, you'd just go elsewhere. I can't afford to lose a single customer, let alone almost all of them.
There are reasons not to use crypto. The biggest is "nobody else uses it unless it's baked into the software they're already using", and I'd rather not expose my phone number to everyone I need to contact just so we can talk on Whatsapp.
Also even though end to end encryption have become quite easy to setup in for example iCloud, it is pretty much game over if you lose your keys. With regular iCloud you can always recover someway...
Also even though end to end encryption have become quite easy to setup in for example iCloud, it is pretty much game over if you lose your keys. With regular iCloud you can always recover someway through your Apple ID and I think many people value that reassurance higher than having perfect encryption for their photo album.
First off, you're right and I'm wrong to call it all laziness. A few points though, starting with: I'm not just talking about laziness on the part of the individual end user. using HTTP instead of...
First off, you're right and I'm wrong to call it all laziness.
A few points though, starting with: I'm not just talking about laziness on the part of the individual end user.
using HTTP instead of HTTPS. Again, that's the website admin being lazy and/or incompetent
email is obviously where I'm just plain wrong, but I think we're mostly being lazy/cheap by using gmail which doesn't respect our privacy. I know that's not encryption, but only still using gmail because I'm lazy.
e2e messaging. We are being lazy here as a group.
by not demanding it from the services we use
by not enabling it in Facebook messenger
by not even trying to get our friends onto more secure messaging services
I agree with this. I do not care about "privacy" in that sense. The exchange of free, fast, stable email in exchange for seeing a few adverts is fine with me. I don't feel like my privacy is being...
using HTTP instead of HTTPS. Again, that's the website admin being lazy and/or incompetent
I agree with this.
I think we're mostly being lazy/cheap by using gmail which doesn't respect our privacy.
I do not care about "privacy" in that sense. The exchange of free, fast, stable email in exchange for seeing a few adverts is fine with me. I don't feel like my privacy is being compromised in any meaningful way.
e2e messaging. We are being lazy here as a group.
In the UK we're doing pretty well on that one. 75% of adults use Whatsapp, which uses the Signal Protocol underneath. I get maybe 2-3 SMS messages from humans a year, at the most. Whatsapp has even better penetration in some other countries, especially in parts of Africa and India. My guess - and it is just a guess - is that more personal messaging is done with e2e than isn't these days.
Now as long as the UK and other governments don't try to force Meta to put a backdoor in WA, we're sorted...
I agree with the other reasons this article isn't great, but also, this sentence stood out to me: If you are doing activism for moral reasons, it is also a moral imperative to evaluate whether...
I agree with the other reasons this article isn't great, but also, this sentence stood out to me:
I don't know if that strategy was effective in the end, but the goal we pursued with it was right.
If you are doing activism for moral reasons, it is also a moral imperative to evaluate whether what you're doing is working, and adjust it if not. You don't get to hide behind "we did it for good reasons" when you didn't actually accomplish anything. History is littered with half-assed activism that failed to make a difference for various reasons, most of which reduce to "we felt like we were doing a good thing but everyone else ignored us".
Hasn’t that already been the case for some time now? I only have hazy memory of it, but I believe the encryption key for DVD and BluRay has been illegal to share (as if that ever stopped the...
In the future it might be that by developing and using some software and exchanging certain sequences of bits we will be breaking some law
Hasn’t that already been the case for some time now? I only have hazy memory of it, but I believe the encryption key for DVD and BluRay has been illegal to share (as if that ever stopped the internet from being the internet) for some time now. There’s even a Wikipedia page for it: https://en.wikipedia.org/wiki/AACS_encryption_key_controversy
I enjoyed using all of that software that came with big warnings that it wasn't for export outside of the USA... outside of the USA. That's a 90s memory for sure
I enjoyed using all of that software that came with big warnings that it wasn't for export outside of the USA... outside of the USA.
Has it ever made its way to court? I thought it being illegal was just the opinion of the copyright holder. I don’t remember anyone actually being sued or charged with anything.
Has it ever made its way to court? I thought it being illegal was just the opinion of the copyright holder. I don’t remember anyone actually being sued or charged with anything.
The author's idea of a totalitarian government is essentially the premise of Yevgeny Zamyatin's "We". A really interesting read, predating both Orwell and Huxley by decades.
The author's idea of a totalitarian government is essentially the premise of Yevgeny Zamyatin's "We". A really interesting read, predating both Orwell and Huxley by decades.
This article makes a strong case against the idea that "only criminals want encryption" or that people "with nothing to hide" shouldn't be concerned.
Personal privacy is significantly tied to respect and dignity. That is why privacy is necessary. Once someone has stepped over the line of being dignified AND respectable, then law enforcement might have a case.
Granted, I understand that these terms can be fluid, but I would like to posit that it is the direct opposite to being "open" and have "nothing to hide". A naked person hung up on a rack indeed has nothing to hide (which this article reminds me of, in a "nicer" sense). But that degrades everything private and respectable, which is how I personally view arguments like this.
It's probably a good idea but I'm wary of people making up ethical duties where none previously existed. Making a case for voluntary action is fine. Turning it into a duty is cheating.
The messaging is kinda muddled in general. The vibe I get from the contents of most of the article is that the moral imperative is making sure legislatures don't outlaw encryption, which I agree with for the most part. You can do so by voting, and voting is a civil duty.
The title and the opening statement are kinda ???
...what if I don't want a particular piece of data to be encrypted? There's plenty of reasons I would want that? I think encryption should always be an option, but saying it is an "ethical duty" to encrypt all your data just seems weird.
I believe they're talking about communications and data transmitted over the internet. Considering that IMO there is no reason to want your communications to NOT be encrypted other than laziness.
SSL is just the S in HTTPS. HTTP sites are soft blocked by your browser now and any site not using HTTPS is being lazy and creating a security risk for their users.
Messaging. There is no reason to use non-encrypted messaging. The only reason we do is because people are on apps that don't support it. This isn't a reason NOT to encrypt IMO, its just a crappy reality.
Email. Encrypting email properly is harder, but again my argument is that reasons to NOT encrypt all due to poor adoption of current tools and lack of *easy* standards. Example, proton mail easily encrypts everything you send to other proton mail users, but AFAIK when you send it to other email services its no more secure than regular email.
To be clear, the whole "ethical duty" thing this guy is on about... ya he's just pushing his own agenda hard. I'm just arguing that there is generally no reason NOT to encrypt your communications.
If I were to encrypt my email, nobody I email would be able to read my messages. So that's quite a strong reason to not do it.
And OK, perhaps I am "lazy" for not walking my parents - the only people I send personal email to any more - through how to encrypt their email but then also who cares if someone reads my message about whether they're coming to stay next week or not? (especially given the connection between their browser and gmail is encrypted anyway).
But am I lazy for not setting up crypto for all my customers who email me? What about the supplier I'm currently emailing about an order that they got wrong? Neither of those two are realistically possible. If you were trying to buy something and the shop insisted on you jumping through a bunch of confusing technological hoops for apparently no benefit just to get a price, you'd just go elsewhere. I can't afford to lose a single customer, let alone almost all of them.
There are reasons not to use crypto. The biggest is "nobody else uses it unless it's baked into the software they're already using", and I'd rather not expose my phone number to everyone I need to contact just so we can talk on Whatsapp.
Also even though end to end encryption have become quite easy to setup in for example iCloud, it is pretty much game over if you lose your keys. With regular iCloud you can always recover someway through your Apple ID and I think many people value that reassurance higher than having perfect encryption for their photo album.
First off, you're right and I'm wrong to call it all laziness.
A few points though, starting with: I'm not just talking about laziness on the part of the individual end user.
using HTTP instead of HTTPS. Again, that's the website admin being lazy and/or incompetent
email is obviously where I'm just plain wrong, but I think we're mostly being lazy/cheap by using gmail which doesn't respect our privacy. I know that's not encryption, but only still using gmail because I'm lazy.
e2e messaging. We are being lazy here as a group.
I agree with this.
I do not care about "privacy" in that sense. The exchange of free, fast, stable email in exchange for seeing a few adverts is fine with me. I don't feel like my privacy is being compromised in any meaningful way.
In the UK we're doing pretty well on that one. 75% of adults use Whatsapp, which uses the Signal Protocol underneath. I get maybe 2-3 SMS messages from humans a year, at the most. Whatsapp has even better penetration in some other countries, especially in parts of Africa and India. My guess - and it is just a guess - is that more personal messaging is done with e2e than isn't these days.
Now as long as the UK and other governments don't try to force Meta to put a backdoor in WA, we're sorted...
I agree with the other reasons this article isn't great, but also, this sentence stood out to me:
If you are doing activism for moral reasons, it is also a moral imperative to evaluate whether what you're doing is working, and adjust it if not. You don't get to hide behind "we did it for good reasons" when you didn't actually accomplish anything. History is littered with half-assed activism that failed to make a difference for various reasons, most of which reduce to "we felt like we were doing a good thing but everyone else ignored us".
Hasn’t that already been the case for some time now? I only have hazy memory of it, but I believe the encryption key for DVD and BluRay has been illegal to share (as if that ever stopped the internet from being the internet) for some time now. There’s even a Wikipedia page for it: https://en.wikipedia.org/wiki/AACS_encryption_key_controversy
You are correct. It was also illegal to export cryptography software, and also had many restrictions on use until the late 90s.
I enjoyed using all of that software that came with big warnings that it wasn't for export outside of the USA... outside of the USA.
That's a 90s memory for sure
Has it ever made its way to court? I thought it being illegal was just the opinion of the copyright holder. I don’t remember anyone actually being sued or charged with anything.
My reading of the linked Wikipedia article is nothing was ever tested in court. There were only DMCA takedown requests.
The author's idea of a totalitarian government is essentially the premise of Yevgeny Zamyatin's "We". A really interesting read, predating both Orwell and Huxley by decades.