Re: [perpass] perens-perpass-appropriate-response-01

Bruce Perens <> Wed, 04 December 2013 23:41 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id EF9281ADF59 for <>; Wed, 4 Dec 2013 15:41:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.177
X-Spam-Status: No, score=-1.177 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.723, RP_MATCHES_RCVD=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id P_1rCyVw9kSb for <>; Wed, 4 Dec 2013 15:41:25 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id EBF231AD948 for <>; Wed, 4 Dec 2013 15:41:24 -0800 (PST)
Received: from [] ( []) by (Postfix) with ESMTPSA id 056CB50008A for <>; Wed, 4 Dec 2013 15:41:22 -0800 (PST)
Message-ID: <>
Date: Wed, 04 Dec 2013 15:41:26 -0800
From: Bruce Perens <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131103 Icedove/17.0.10
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Dec 2013 23:41:26 -0000

On 12/04/2013 03:27 PM, Ted Lemon wrote:
As to the question of encryption generally, nobody questions (I hope) that we want our transactions with banks to be secure.
And this is a solved problem except for the fact that they tend to get unencrypted laptops stolen with our data. Which we can't solve for them.
I think it's generally accepted that what videos we watch is private (there's a federal law in the U.S. making it illegal for video stores to give out that information).
They are private, and encrypted, but the encryption doesn't protect us. It only "protects" the video provider who believes that the whole internet will run away with their content if we are not forcibly restrained. If it works at all.

 They make it too easy for _anybody_ to eavesdrop, and to use the information they acquire whilst eavesdropping in really nefarious ways (e.g. the watering hole attack someone referred to recently).
So, build browsers that request https preferentially. Publish that as a recommendation. But please don't lock everyone into your solution.