It’s Time to Encrypt the Entire Internet

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Security experts are saying that it is time to encrypt the entire internet. :eek:

Only a few sites — like Facebook and Gmail — actually use HTTPS to protect all of their traffic as opposed to just passwords and payment details. Many security experts — including Google’s in-house search guru, Matt Cutts — think it’s time to bring this style of encryption to the entire web. That means secure connections to everything from your bank site to Wired.com to the online menu at your local pizza parlor.
Click to expand...
 
Why not, I mean HTTPS only sits on top of OpenSSL, what could go wrong with that? :D
 
Okay, besides the fact that this is coming from someone inside Google, a company that wants to encrypt traffic to maintain the value of the data for a variety of reasons, like preventing anyone else from mining it and to shroud their own nefarious activity under another layer of security (also to brag about their use of supposedly better security by default), it really is a good idea to encrypt stuff. Even if there are weaknesses, doing nothing at all is probably worse than trying to keep traffic secured and failing once in a while at it.
 
Yes let's encrypt EVERYTHING so CreepyUncleLester can do all sorts of creepy things on the internet without any way to hold him accountable.
 
CreepyUncleGoogle said:
Okay, besides the fact that this is coming from someone inside Google, a company that wants to encrypt traffic to maintain the value of the data for a variety of reasons, like preventing anyone else from mining it and to shroud their own nefarious activity under another layer of security (also to brag about their use of supposedly better security by default), it really is a good idea to encrypt stuff. Even if there are weaknesses, doing nothing at all is probably worse than trying to keep traffic secured and failing once in a while at it.
Click to expand...

Creepy are you ok, what is wrong with you? Are you sick? Where should I send flowers?

You didn't mention giving the government universal encryption codes did you? Did I miss something? You are usually the proponent of government spying and keeping many tabs on its citizens.
 
dandirk said:
Creepy are you ok, what is wrong with you? Are you sick? Where should I send flowers?

You didn't mention giving the government universal encryption codes did you? Did I miss something? You are usually the proponent of government spying and keeping many tabs on its citizens.
Click to expand...

Nooo, I'm great thanks! I still think it's perfectly okay for government agencies to keep an eye on their citizens and encrypting information totally doesn't change my opinion about that. I'm pretty sure that since TOR and those personal VPN thingies are basically not able to stop that kinda thing from happening, encrypting stuff isn't going to change any of that at all. I just like the idea of promoting end-to-end and per link data security that deters criminals and other icky sorts from messing up life for normal people.

I know Google as a company isn't really worried since they already own most computers through Adobe Flash adservices junk and a large number of Chrome browsers that intercept stuff before encryption. Also they have Android phones that are constantly passing along updated where you are and what you're doing stuff. Oh and Gmail. None of that is encrypted on their mail servers.
 
Ur_Mom said:
We're being Scroogled. Damn.
Click to expand...

Of course Microsoft, the ones running the Scroogled campaign, then went and snooped through Hotmail/Live email accounts looking for evidence of corporate espionage...
 
Kueller said:
Of course Microsoft, the ones running the Scroogled campaign, then went and snooped through Hotmail/Live email accounts looking for evidence of corporate espionage...
Click to expand...

You notice they stopped those Scroggled campaign ads? :)
 
And how much slower will web servers be, and how much more money, extra CPU power & electricity will this require?

It's suprising how much more CPU is required to run a web server with a 2048 bit certificate and 256 bit encryption, unless you want to send more $$ for additional specialized hardware.
 
Ur_Mom said:
You notice they stopped those Scroggled campaign ads? :)
Click to expand...

I don't think those ads were as effective as Microsoft's marketing people thought they would be. Slinging mud isn't really something most people who think stuff through would take seriously when it's one big company saying it about another big company. Microsoft might be slightly less evil than Google because they don't depend on data mining based ad revenue for survival, but that's not really saying much.

I think what makes Microsoft less sinister is that they don't have super pervasive sets of services that can give them a really detailed picture of what people are doing. Not many people use Bing, Outlook.com, carry a Windows Phone, and submit to all the "do you wanna let us track your usage" stuff in MS products like Office (though you have to go into advanced setup options in Windows 8.1 to turn that off when you upgrade from 8 since its and Windows location services are turned on by default which is lame of MS to do since they were so anti-creepy in their Scroogled ads).
 
While in theory that is a good idea. You are then looking at making EVERYONE that wants to run a web server have to get a cert. Which no longer makes it free for everyone to just run a web server. Unless everyone just runs with self signed certs, then you have the damn are you sure you want to continue message on every page.
 
All the one way content and business stuff should be HTTPS, but social interaction needs to be OTR-style end to end encryption.

I'm quite sure my IM chats are of no interest to the NSA but I choose to encrypt them (where I get co-operation from the other party) because it's the principle of privacy which I value.
 
nutzo said:
And how much slower will web servers be, and how much more money, extra CPU power & electricity will this require?

It's suprising how much more CPU is required to run a web server with a 2048 bit certificate and 256 bit encryption, unless you want to send more $$ for additional specialized hardware.
Click to expand...

When google switched Gmail to SSL, they estimated it raised processing load by 1-2%. They also patched OpenSSL to reduce memory usage by around 90% Facebook also saw similar. It's not as big of a deal as it's made out to be.
 
Ryokurin said:
When google switched Gmail to SSL, they estimated it raised processing load by 1-2%. They also patched OpenSSL to reduce memory usage by around 90% Facebook also saw similar. It's not as big of a deal as it's made out to be.
Click to expand...

1-2%!!!!!!!! That is unacceptable. How do you expect people to deal with that much of a change.
 
Doesn't really matter if they encrypt since they hold the keys and NSA comes knocking with National Security Letter. The only real answer is to run your own servers or use p2p.
 
In March 2014, the International Court of Justice (ICJ) ordered Australia to stop spying on East Timor. This marks the first time that such restrictions are imposed on a member of the FVEY.
Click to expand...

Fucking East Timor. That's probably where Bin Laden is.
 
You must log in or register to reply here.
Back
Top