modest proposal: scary certificate alert
Maybe Firefox should update its alert dialogs so every time you hit a site "secured" by one of these companies, it displays a scary certificate alert:
This Connection is Untrusted:
You have asked Firefox to connect securely to USTele.com, but we can't confirm that your private data are secure.
The certificate is not trusted because it is signed by a corporation that is subject to US law.
(Error code: sec_error_nsa_issuer)
What Should I Do?
If you usually connect to this site without immediately being killed by terrorists, then why worry about piffling little things like privacy or the US Constitution? But if you don't want all your data to be slurped, you shouldn't continue.
Get me out of here!
I've taken the following actions, which are working great for me, and I urge you all, take immediate action both as a moral stand and for the practical effect:
* make your calls using redphone rather than through the cellular or POTS network, MS-Skype or Google "hangouts" etc. When you dial a friend who's not on, redphone just sends them a message to get the free app. Nothing short of a mass exodus to end-to-end encryption will have any effect on anything. Redphone (from Moxie Marlinspike, open source all the way) seems as good a way to do that as any, and this is a space that dearly needs a champion people can rally round.
* use their secure text app (or GPG if you prefer) instead of cleartext email. Again, a mass exodus to end-to-end encryption is the only way to return to a world where advertisers, government and other spies DON'T monitor your every utterance.
* a few weeks ago I thought the Firefox phone an amusing sideshow. Now I can't see any alternative to going that direction because I want to OWN my device in terms of both control and security. (yes, I've rooted my android phones but what does that achieve when the whole ecosystem is spyware?) Do you use gmail? Google maps? Run your web searches on Google? Get all your voice mails automatically transcribed to text for you (and the NSA) by Google Voice? God forbid, do you upload your documents to "the cloud"? The basic problem is that these corporations are storing our entire lives, none of them can say no to the NSA, and now they don't even have to: NSA is permanently plugged in to their databases, and just runs "queries" (instead of applying to a judge for a search warrant with evidence sufficient for "reasonable suspicion" that a specific person is committing a crime).
* (on a side note I also switched to the excellent Qubes OS "security by isolation" distribution on my main laptop. I highly recommend this to anyone who's security conscious. It is a truly better way. You can run any mix of OS VMs you want in there (e.g. Windows if you have to) but you isolate work (especially connections to the outside world) in "disposable VMs" that are single-use (created to run an application once, then immediately destroyed). Got rid of Mac OS X and all my Ubuntu VMs, and loving every minute of the new system (I hadn't used Fedora much before, but it seems fine as the default VM in Qubes). Check it out: http://qubes-os.org)
<rant>Seriously people, the battle lines are being made uncomfortably clear: if you are using any elements of the mainstream system, you are now an officially plugged-in citizen of the Matrix. Of course, as any fule kno, the data are safe from misuse (you have nothing to hide, right?) ... until they're not. Because there ARE no protections, there IS no transparency. The first rule is, revealing the existence of this rule is a crime. It'll be dumb stuff like the cop who used surveillance data to see if his wife was cheating. It'll be obvious stuff like digging up dirt to destroy political enemies or whistleblowers. And certainly it will be shutting down leaks of embarrassing or criminal government actions, by nailing the sources and the reporters. (Or for that matter providing that same service for their true customer, corporations that are big enough to get a thumb in the pie). It'll be everything, over and over in dizzying array, too much too fast for anybody even to (futilely) react to. (sort of like the last few weeks... or for that matter, the last decade). It'll be the new normal. (oh wait, it already is). It won't be long before computers are as locked down and spied on as your phone already is. (oh wait, that's Office 365, android laptop etc. etc. etc.) This is where we are going; the only thing you need to think about is what you personally are going to do. Note that none of what I said even requires us to postulate a Putin. But once you KGBize how government and politics operate, won't you eventually get a Putin? And you can bet that now every right thinking apparatchik in every country is looking at this and asking "why don't WE have this yet?" (unless they do). So soon they will. Meanwhile the 99% are gawping at celebrities and Facebook.</rant>
So that pretty much leaves just us Reg readers to do something constructive and proactive, doesn't it? Get started moving yourself and all your friends back to a world where people get to make their decisions themselves, rather than just being ruled.