What it knows about you.
This is one of the reasons that I rarely use Gmail. I only use my account as a backup, if my own server is down.
What it knows about you.
This is one of the reasons that I rarely use Gmail. I only use my account as a backup, if my own server is down.
Comments are closed.
Unless you are using encryption (like https) assume everything you do on the internet is public and available. The whole thing is designed to facilitate communication not security.
The equivalent is doing business in your local town using public roads and services. The only real security you have is the one you supply yourself. If you need to move something valuable you hire an armored car, and so on.
Those of us who understand how the Internet knew that something like we are seeing today was just a matter of time. There no technological barrier to stop other than securing your connection. Even then it is expensive in terms of resources, time, setup, and sometimes money. Which is why not every connection to a website is done under https. Or using relays to access websites anonymously is used by everybody.
In the long run I feel the solution is realize the Internet is not special and treat it how we do our other public spaces. If the government can’t do something legally on a public road then they can’t do it legally on the internet regardless how technically easy it is.
Another alternative is to make all the data public. Let every connection to be public and available to everybody. While it would suck for privacy there wouldn’t be any particular advantage to the information because everybody is under the same magnifying glass and has access to the same data. However somehow I don’t people will go for this radical of change.
Even https does not prevent you from man in the middle attacks. There is nothing preventing an ISP from giving you a fake certificate and intercepting all the communications anyway. In fact I have heard they do this in China for the usual purposes and elsewhere in order to cache encrypted content.
s/prevent/protect/
There is nothing preventing an ISP from giving you a fake certificate and intercepting all the communications anyway.
Uh, yes, there is, otherwise SSL would be worthless.
That fake key needs to be signed by a certificate authority you trust before your browser will accept it. And no certificate authority would survive long if discovered to be intentionally issuing fake keys; even those who’ve been hacked and used to issue fake keys have not fared well afterwards as much of the world removed them from their trust list.
The real problem is when you use SSL to legitimately connect to a remote site which then hands everything over to the NSA after it’s decrypted.
Yep, they need to get their fake root cert into your browser. There’s various ways to do this, but the easiest is to just poison your download of the browser in the first place.