Wales: We'll encrypt Wikipedia if reborn gov net-snoop plan goes live Jimmy Wales, talking in a purely personal capacity, has lambasted Britain's Home Office for its plans to massively increase online surveillance of all UK citizens. The Maximum Leader says that such a draconian measure would prevent him from plonking Wikipedia servers on Blighty's soil. Talking in Westminster last night to a …
Lansman said the figure must have been based on "best guesses", and Hutty added "25 per cent of what?"
Jimbo simply claimed that the number had been plucked out of "thin air".
You can guarantee if this does get implemented those figures if accurate will rise anyway as more and more people use encryption, proxy's, vpns and as some companies are now offering a remote desktop based machine in another country.
This post has been deleted by its author
... we encrypt everything.
I can see this bill being self defeating. People like me, who remember both the cold war and the reasons for it, are not going to accept living in the surveillance society that we risked a nuclear Armageddon to avoid.
When you finally break the >kilobit encryption on my communications, you will find it is just email to my friends complaining about my job, my wife's horse, and the weather. When you break it on my laptop, all you will find is bank statements and correspondence. And you will wish in vain for the return to the world where you could focus your attention on the strongly encrypted stuff as the likely location of interesting material.
Mass surveillance is a legacy of the Cold War. When it ended organisations like the NSA had a lot less to do but then September 11th happened and (I suppose depending on your view) it was either a new opportunity to use their skills against the West's enemies or an excuse to turn the surveillance apparatus on their own populations. I understand the need to keep the expertise, but I find it incredibly sinister that the so-called democratic governments find it necessary to turn up surveillance on their own people.
"I find it incredibly sinister that the so-called democratic governments find itnecessaryto turn up surveillance on their own people."
Its to make sure that we don't know their dirty little secrets. Look at some of the fallout from the Murdoch Mess and read between the lines. I'm sure a lot of it is suppressed, the conspiracy theorists will be ridiculed and the people right on the money will be...handled.
The conspiracy theorists claim that September 11th was orchastrated to justify increasing surveillance on the general public as part of some Orwellian Illuminati scheme. While I don't subscribe to that view, it does all seem a bit over the top. Probably more people are killed by their own trousers than are killed in terrorist incidents!
> but then September 11th happened and (I suppose depending on your view) it was either a new opportunity to use their skills against the West's enemies or an excuse to turn the surveillance apparatus on their own populations.
For the benefit of historians looking at these ramblings in the future, I feel I should point out that 9/11 was the greatest failure of the US security services since Pearl Harbor. It could and should have been prevented at the time. The failure of the security services was the inability to put two and two together from snippets of information that were spread across several large agencies. Capturing more snippets of information is not the problem, yet that is exactly what more surveillance does.
"When you finally break the >kilobit encryption on my communications, you will find it is just email to my friends complaining about my job, my wife's horse, and the weather."
Now that one-2-one correspondence has been found to be "publication", the decrypt costs will be recovered from you by your irrate employer. Probably your wifes friends won't like being talked about like that either.
The ironic part for the government is that those people out there who don't know about encyption and proxys at the moment are more likely to look into and start using them since they announced the proposed bill, by the time the data retention is started there will probably be more people who use methods to avoid the monitoring than there is now.
The really sad thing is that the general reaction from everybody is an eye-for-an-eye. You snoop, I encrypt.
Both sides might do well to be a little self-absorbed and think further than their collective noses.
If we employ such thinking we might start by considering the root cause behind the proposed bill. I would suspect that if pushed far enough, most would settle on it being the avoidance of unnecessary deaths, be that by means of murder, plague, terrorism, racism, and so on.
If we establish then that the ultimate objective is to save lives, we might consider how our limited resources are applied to save the most lives. We'd quickly discover that the number of people that checked into the Wooden Waldorf because of murder and terrorism pales when compared with the likes of (for example - I have no idea about actual numbers) children born with aids, plague, and poverty.
We tackle those much more probable threats to life, and deal with low-probability threats like murder and terrorism in a manner appropriate to their probabilities.
This post has been deleted by its author
Unfortunately, work on real problems (like the ones you mention) simply won't interest the elites running most of the world.
They are much more worried about boarding an airliner with a bomb on it (and for many, that is becoming an increasingly justifiable concern).
Hence, it has become far more important to ensure that people will only have a 0.0001 % chance of dying in an air crash (as opposed to 0.001% ) and that nothing can prevent Hollywood moguls from making more profits each year.
That's what your elected officials want to do with technology because that's the stuff that gets headlines and campaign contributions, not because it actually makes a difference for most of us.
Feeding starving kids, creating employment or helping sick people doesn't really bring the votes or the money in, y'know?
So what does that leave us with ?
1) Increasingly draconian security measures to help "improve" airline security, monitor international financial transactions and "protect" broken business models.
2) The collection of massive amounts of data on "free" citizens
3) The tracking of large swathes of the "free" population's online activity
4) A chilling effect on people's civil liberties, freedom of expression and economic growth.
Which can only end in tears.
It will deepen and prolong the complete economic cluster-fuck and pain our political leaders seem hell-bent on maintaining.
IMHO it MAY ACTUALLY REQUIRE > 60 % of the internet population to become completely anonymous and encrypt everything before Western governments understand what they are up against. Building a massive spy apparatus is just a waste of time. It didn't work in Russia and Eastern Europe either. It simply pissed people off until they finally overthrew their leaders. It's hard to do anything productive when you are scared all the time.
The current trend (nay obsession) of marching us towards a surveillance society is counter-productive, dangerous and a complete waste of money.
Perhaps these fuckers should stop chasing imaginary bogeymen and start spending money on things that actually help people.
We could begin with stronger privacy legislation, limited data retention laws and default strong-encryption of all email and internet traffic.
Imagine if you will, that instead of printing more money and flushing it into the toilet bowl of state-sponsored capitalism, governments instead invested money into sectors that don't create artificial demand for more paranoid surveillance technology, more weapons, more law suits, and more oil wars. How about creating some jobs which don't require you to wear a uniform for a change, hmm ?
/end rant
Those people who _do_ know about encryption, but can't be bothered to implement it yet.
Though once they do they'll start prompting their circle of friends to jump on board the encryption train, or at least use TOR and whatever else comes up.
Rhetorical: What would it take for people to start putting postcards in envelopes before sending them?
Most peoples mindsets are in the postcard stage of electronic communication, but once it becomes obvious that the postmen are reading all the postcards would everyone make changes to keep prying eyes out? I suspect they would.
The most worrying part is that it's a government initiative, which means it will be compromised fairly quickly, and all our data will be public.
Personally I will be encrypting mail in the near future, using sites over SSL where possible, and anything critical goes through a VPN or two....
#
I know SSL can be done by a man in the middle attack, but as soon as the government forces ISP's to do that, then our country goes backwards....
"It can't be suspicious to be using encryption if everyone is using it."
More to the point, it can't be suspicious to be using encryption if you were forced to because the web-site in question does not offer an unencrypted version. Mainstream web-sites that switch to SSL are protecting their users from suspicion as well as from snooping.
Is that all browsers seem to think that an out-of-date or self-signed certificate is _WORSE_ than loading a page in plaintext.
Personally, I would prefer a warning at the top of the page, that simply tells me what is wrong with the certificate, so if my bank suddenly starts using a self-signed cert then I can phone their fraud department, while if wikipedia or the reg have an out of date cert, I can simply prod their admin by email and continue browsing. Of course if every page on the net suddenly goes self-signed, I can pick the appropriate tinfoil hat.
That would be much better than simply point-blank refusing to load the page unless I either manually trust the dodgy certificate or load the page in plaintext!
Of course if a bank's "login to online banking" link mysteriously changed to HTTP instead of HTTPS, most users, possibly including me, might not notice. There is nothing in browsers to protect users from accidentally loading a page in plaintext, but for using an untrusted certificate they could be forgiven for thinking they'd committed some sort of crime, the way browsers scream about it.
"The bureaucrats of the ministry seem to have learned to be opaque after being carpet-bombed by privacy advocates when they first attempted to introduce the Capability under its old name, the Interception Modernisation Programme. ®" -- Can anyone clarify at which point the UK became a Dictatorship comprised of a party of Dictators?
That depends on your definition of dictators.
In terms of "desire", I think you will *really* struggle to identify any UK government in all of history that hasn't wanted to be able to make people do as they are told and keep a watchful eye on anyone they like. If anything, they are less bloody-minded in recent centuries than in the past. The rot set in about 10,000 years ago in the Middle East as far as I can tell.
In terms of "ability", obviously we've seen changes in technology but since most of the same technologies are available to the populace (SSL-on-everything has been mentioned already) it isn't clear to me that the government has an advantage. If you look at the reaction of *real* dictatorships to the internet then you might reckon that the 21st century will see a truly historic shift in power away from the centre. (Like, the biggest shift in ten thousand years.)
"The bureaucrats of the ministry seem to have learned to be opaque after being carpet-bombed by privacy advocates when they first attempted to introduce the Capability under its old name, the Interception Modernisation Programme. ®" -- Can anyone clarify at which point the UK became a Dictatorship comprised of a party of Dictators? ...... Miek Posted Thursday 6th September 2012 08:46 GMT
The seeds were probably sown at Yalta, Miek? Do you know anything currently significant or presently particular and peculiar about ARGonauts, other than the fact that Spooks UKGBNI and/or Cheltenham GCHQ are embedded and in bed and in LOVE with them. But it is no big official secret for ARGonauts were openly BetaTesting Big Brother British Telecommunications and SMARTR InterNetional SISter ProVision ...... Communication Capability in Intercepted Modernisation Programmes .... with them as clearly as only yesterday in a Vulture Venture on El Reg ....... http://forums.theregister.co.uk/post/1535705
It is all a bit hush-hush though, and perfectly understandably so in its Myriad APT Phorms, as IT replaces Dunce Dictatorships with Meritocratic Minders ....... with SMARTR AI and Future Programmeable Apps.
And now no one can say that they don't know of such things whenever they are so clearly placed in the public and intelligence domains and virtual reality space. One's ignorance is only as a result of one not bothering or having no interest nor facility or curious capability to search for the truth of one's current condition, which are invariably a result of situations and programs of the past, and would now in their present engagements, be being presumably extremely well paid to boot and deliver one's present existence/opportunities/struggles.
Methinks the Great Game can up itself a level or three or more, don't you? To leave behind all that primitive stuff and nonsense which so blights the ignorant and fools the arrogant.
I thought that TLS/SSL encrypts the content of the communication. It doesn't hide the source/destination of the traffic. Looking at a Wikipedia article is a simple HTTP GET request from the browser. So snoopers won't be able to see the content of the Wikipedia article being transmitted from the server but they will be able to see the requested URL. Then all they have to do is visit the URL themselves and read the article.
Isn't that right?
No. The whole of the communication, apart from some of the certificate exchange and encryption negotiation handshake at the start, is encrypted. That includes what URL you are GETing. All they will be able to tell is that you connected to a particular IP address on port 443 (or whatever port they're running HTTPS on).
The thing to be concerned about is those sites which embed HTTP links and images into their HTTPS served web pages. Those will leak unencrypted information as you click on them, or as they are downloaded automatically by your browser.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
