Secure version of the forum

[SirNick]

Someone called "Lightages" just posted a thread titled "Anynoe else want to burn down Chanel HQ?".

In the UK you can be arrested and prosecuted for that: http://en.wikipedia.org/wiki/Twitter_Joke_Trial

Every action that makes mass surveillance harder is an important step to protecting our freedom.

There is arguably good reason for that.  You forget that, often, if it is against some law somewhere, there's a valid reason for it to be so.  If you were the agency in charge of keeping your country's residents safe (at whatever level -- be that local law enforcement, or national security), your job is to sort through those BS posts on forums to differentiate between the dumb-**** that threatens individuals or entities as a joke, and the ones that are one snide comment away from strapping on percussive clothing.

I really don't know where I stand on the whole "should they be able to see what I do?" debate.  On one hand, I don't really want everything I do to be subject to scrutiny at the whims of some man in black.  OTOH, I also like not having my home attacked by terrorists.  So....  there's gotta be some give and take there.  Warrants are nice in theory, but there are no shortage of books, TV shows, movies, etc., where you see someone caught in red tape and the "bad guy" gets away.  Real life is just not that clean and neat, and sometimes it gets tough to differentiate between good and evil.  Some have called for large-scale discussion on this topic, and I think it's high time people were more aware of the reality.  Surveillance isn't new, it's just a little more high-profile now.  Not much has changed but the public's awareness of what's going on.

On the topic of ISPs being invasive chodes, well... you likely have anywhere from 30 to 100 ways per month to indicate your distaste for that practice.  I have worked for two ISPs now.  Once, we instituted a ban on outgoing SMTP unless you owned a static IP.  The intention was to prevent the unintended distribution of spam from all the many, many, many zombified clients we had.  Several of our customers let us know what they thought of that policy, and management was forced to consider the opposing viewpoint.  At my last gig, we didn't filter, period.  Having worked alongside a lot of techs, I can tell you, we as a general rule have absolutely no ambition to snoop on or molest your data -- and are usually opposed to any such suggestion.  If your ISP does otherwise, call them up, cancel your account, and tell the operator precisely why you're leaving when they ask.  Encryption is the wrong solution to that problem.

[linux-works]

Yep.
And then, at best it's protecting just their password, which should be a one-off for this forum anyway.

dave, I have a lot of respect for you, overall; but here, you are being quite ignorant.

its not the password that many of us care about, its what we write, when we write it, and the simple fact that its no one's business (not an isp or a core router owner or a transport owner) what my online activities are.

maybe I post a joke and maybe someone who spies on my data stream takes it way out of context.  maybe they store it for future use to be used against me.

please just trust us who have some background in data comm and networking.  data collection is not going to ever HELP us, the users; but surely it can and will be used against us, if the powers in charge so choose to, later on.  why feed the monster more data about ourselves?

yes, the forum is public and anyone can read what everyone else writes.  but that's quite a different thing from starting at point of origin (my demarc point) and seeing what *I* write, realtime, and being able to log it.  if the datastream is encrypted, they will know that I'm connecting to your site, but that's ALL they'll ever get out of my datastream.  what's that guy's username?  can't tell!  what's he posting about?  can't tell!  is he posting or reading?  can't tell!

please reconsider giving privacy to the datastreams for those who realize that its in all of our best interest to stay as under the radar as possible.  those in charge who can sniff data are pretty damned evil and I don't trust them any farther than I can throw them.  the sooner we all go encrypted, the better.  the days of trusting the networks are OVER!

[linux-works]

On the topic of ISPs being invasive chodes, well... you likely have anywhere from 30 to 100 ways per month to indicate your distaste for that practice.  I have worked for two ISPs now.  Once, we instituted a ban on outgoing SMTP unless you owned a static IP.  The intention was to prevent the unintended distribution of spam from all the many, many, many zombified clients we had.  Several of our customers let us know what they thought of that policy, and management was forced to consider the opposing viewpoint.  At my last gig, we didn't filter, period.  Having worked alongside a lot of techs, I can tell you, we as a general rule have absolutely no ambition to snoop on or molest your data -- and are usually opposed to any such suggestion.  If your ISP does otherwise, call them up, cancel your account, and tell the operator precisely why you're leaving when they ask.  Encryption is the wrong solution to that problem.

forgive me if I offend, but I'm guessing you know nothing about american isp's and the monopoly they now have.  almost none of us, now, can choose our isp anymore!  the local governments sign contracts - exclusive ones! - that lock us into ONE isp per area.  ok, two, if you consider cable modems vs dsl; but cable modems won and dsl is quickly dying.  so that really gives us one choice: the cable company.  are you seriously believing that we can change isp's?  and given that they are all mega-isp's now, none of them vary all that much.  and all are going to give-in if there is a NSL put out in your name.  not one of them will buck the system.

in fact, I run a vpn, daily, and this hides what I do from my isp (comcast).  and yet, when I run the vpn, I find that my connection is killed after a few hours, requiring the modem to be rebooted.  when I was not using the vpn, this didn't happen.  comcast is hostile to non-business users and employs dpi and is damned proud of it.  my vpn thwarts that and it pisses them off.  so, they try to punish me.  of course, I have a work-around (auto detection of my default router being unpingable and then I launch a job to reboot the modem, log the event and carry on).  but still, they are hostile toward vpn users.  should I switch isp's?  of course.  but CAN I?  not really.

20 yrs ago, we had choices (in the US, at least) about isp's.  there were many mom-and-pop small shops that offered net connectivity.  now, they are all swallowed up by the big guys and the big guys are all run but evil bastards.  the techs are not evil.  they are just techs.  but the BUSINESS GUYS are all nasty assholes and they are the ones who dictate policy.

you or I threatening to 'leave' will just make them laugh.

encryption IS the solution.  I find it so strange for anyone to argue AGAINST online privacy.  what the HELL, people??

[miguelvp]

What prevents anyone to use an anonymizing proxy service?

Edit: also I vpn to work every now and then and my provider doesn't reset me ever.

[Whales]

What prevents anyone to use an anonymizing proxy service?

Edit: also I vpn to work every now and then and my provider doesn't reset me ever.

Nothing does, but keep in a mind a few other things people need to weigh up:

• You need to place trust in the people running the proxy/routing service (if you can't run one yourself)
• Complexity

I hope no one scoffs at the latter argument     The end purpose of encryption is privacy in some form -- trouble occurs when that privacy is broken and used against a person.  But most people don't know or care how to prepare for this: it's highly unlikely for it to occur for any one particular individual.

Herein lies the problem: lots of people use this site and people rightly assume there is safety in numbers.  Encryption as an option won't necessarily help people who don't expect problems, but encryption by default could protect the small proportion that are going to be caught out.  I'm assuming here that >=1 person will have their actions on the EEVblog forums used against them somehow at some point, please feel free to argue this


The most important thing to keep in mind for debates like this
No one is stupid, only ignorant.  Not ignorant of your or my particular arguments, but ignorant of the fact almost all of what people argue is true.  What matters is the magnitude the arguments -- and how they stack up compared to each other.

Look at some of the arguments: many conflict with each other, yet they still have some semblance of being true if you consider them on their own:

• You should not need encryption, because you are not committing a crime
• Your actions should be private until you actively choose otherwise
• This is a public forum, there is no need for encryption
• Your password should be kept secure so it cannot be intercepted
• It should not matter if your password is stolen, because it's just a forum identity
• etc

The problem is that we are all weighing up the magnitude of each of these issues based off our personal preferences and experiences -- very few of us have first hand experience or data.  Some people here with a strong personal engagement with (stereotype) internet privacy movements  are probably putting forward that encryption's needs are more important than everything else.  On the other hand other (stereotype) less computer-culture interested users don't think the pros outweigh the cons.

 For everyone: how did you come to your answer?  Why do you think your weighing up is better than what other people said?

[gxti]

you watch: over the next few years, the internet set of protocols will start to include more encrypted and authenticated streams.  people don't like DPI and being spied on.  people don't like their packets changed on the fly by some 3rd party.  the days of trusted cleartext online are going to end and we'll see secure protocols starting to be preferred.

HTTP 2 is already going to be TLS-only. The protocol is not finalized yet, but Google has been pushing it (formerly as SPDY, now it's progressing to standards track). Google handles a ludicrous amount of traffic so you know they care about every iota of performance and arguments like "it's slow" or "it can't be cached" are things they address. Same goes for Facebook and many other "big sites". Modern CPUs have builtin AES acceleration that really does make it cheap, and features like ECDHE and session resumption make the handshake cheaper too. Many sites like Github that don't even have high privacy concerns are going HTTPS-only. This is just the way the internet is going to be -- encryption is essentially free, so there's no technical reason not to use it.

I'm not going to attempt to address any moral aspects, I'm not going to tell anyone that if they don't make HTTPS available they are violating my privacy rights or that HTTPS is necessary to combat the NSA or anything asinine like that. I just want to dispel any myths people might have about the technology of HTTPS. Dave and gnif have already made up their minds so attempting to convince them of the virtues of heading in that direction appears to be a lost cause. It's your site, you call the shots and ultimately I'm not invested enough in this issue to make a fuss about it, but I still believe you're making the wrong decision.

[Rigby]

Saying that encryption is unnecessary in any circumstance whatsoever is tantamount to saying that privacy is unnecessary in any circumstance whatsoever.

I want encryption on this forum, but I'm not going to demand it.  I pick my battles and there are things much more worthy of my attention.  That does not, however, change my mind on the issue.  I accept that Dave isn't willing to do that at this point.  Fine.  His site and I can leave any time I choose.  I choose to stay because this site provides value to me, and I, hopefully, provide value to others occasionally.

All of that said, privacy is important to me.  Asking for HTTPS wherever I can will say to whomever is listening that I value my privacy.  It's a right in many ways (thought not here) and I will use my rights wherever I can.

When a policeman pulls me over while driving, and he asks if he can search my car, I always demand a warrant.  It's my right, and if he wants some access to something that he doesn't have the right to access, I'm going to make sure that officer does what is required to gain access to my car.  NOT doing so is the same as saying "I do not value my right to privacy."

I value my right to privacy even when I am hiding nothing.

[miguelvp]

Only problem with that is that the Internet is not your private property, so warrants do not apply. Also the EEVblog is a public forum and all you do and say is as public as if you are in the public street.

Use hidemyass or similar services you only have one point that you have to trust and problem solved.

What I find strange is that people that want privacy for themselves are vocal about making information public and letting information free.

I want to know what everyone is doing and what kind of secret plots are they up to, but I don't want anyone prying on my private affairs.

[madires]

Sending login credentials in clear text? This is 2014, not the 90s. It's like putting the key under the door mat.

[jeremy]

Well in light of this continued discussion, let me add this article from a google engineer:

https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

The ‘S’ in HTTPS stands for ‘secure’ and the security is provided by SSL/TLS. SSL/TLS is a standard network protocol which is implemented in every browser and web server to provide confidentiality and integrity for HTTPS traffic.

If there's one point that we want to communicate to the world, it's that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it's just not the case any more. You too can afford to enable HTTPS for your users.

In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.

If you stop reading now you only need to remember one thing: SSL/TLS is not computationally expensive any more.

[SirNick]

And that is exactly why mass surveillance is bad. They looked at this one tweet in isolation, rather than doing a proper investigation.

That is the issue that needs to be fixed, then.  It's a harder problem, but laziness, ignorance, and bias are the root of a lot of turbulent social issues at the moment.

Has your home ever been attacked by terrorists? In the scheme of things your chance of dying at the hands of a terrorist are pretty small.

Nope, and I've never been hassled by the authorities for buying acetone, paint thinner, fertilizer, or an Arduino.  Both positions (men in black vs. terrorism) were equally exaggerated, intentionally.

You are seriously arguing that the plots of books, TV shows and movies are justification for massive, Orwellian scale invasion of privacy? David Cameron made the same ridiculous argument...

No, but subtlety is often lost in debate, so I'll be more direct:  I'm arguing that hiding is not the proper response to tyranny.

The thing that frustrates me more than any other aspect of modern social culture is how there are leagues of people whom all feel oppressed, but in the US midterm elections, something like 40% of people voted, and the issue foremost on people's minds around election day was how tired they were of advertisements.  It's no wonder people are being taken advantage of then.  The oppression they feel must be the weight of their own apathy.

THIS is why I argue against "privacy".  I feel like I shouldn't need to draw the shades and turn off the lights to talk about electronics.  I feel like it's reasonable to draw the line when my ISP starts manipulating the traffic I send.  I believe in freedom -- actual freedom -- not the ability to effectively avoid being caught being free.  That concept is f'ing ridiculous to me, and I would rather live in a society that collectively puts their foot down at injustice than one that is really good at not drawing attention to themselves.  The only thing that approach will achieve is an ever-smaller corner in which you can feel safe.  No thank you.

[SirNick]

It’s just far too easy to abuse that kind of power and its happening right now, just not to you so you don’t give a shit.

That would be an erroneous conclusion.  I care deeply, I just have a different fix in mind.

I believe strongly that absolute power corrupts absolutely.  But, I also believe that observation is necessary to some degree.  What degree?  Honestly, I don't know.  This is something that society needs to address, and there need to be consequences for exceeding that threshold.  Consequences that are reasonable and rational, but nonetheless firm.

The thing that concerns me most about where we, as a civilization, are headed is not the lack of privacy, it's the lack of community.  We really don't need any more walls.  It becomes way more difficult to have empathy for your fellow man when you have no idea who they are, much less know their story.  That's not to say I feel like it's my right to go through your trash bins and read your mail.  On the contrary, I think the thing that should stop me from doing so is not a sufficiently secure lock, but decency and respect for your privacy.  If those attributes are missing in those of authority, then why isn't FIXING THAT the number one priority of everyone?

They're not overnight fixes, and mankind will never be truly trustworthy, but that doesn't mean you give up and hide.  That's no way to live.

[miguelvp]

The fix is to make the taping illegal, not to bring more encryption, that just feeds the fire and increases the budgets of the parties involved.

[HackedFridgeMagnet]

If there's one point that we want to communicate to the world, it's that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it's just not the case any more. You too can afford to enable HTTPS for your users.

While this may be true for Google it definitely doesn't apply to every web server. For instance an embedded web server.
It's misleading to imply that it does.

[Richard Crowley]

The fix is to make the taping illegal,

Alas, that requires us to trust the people who make and enforce the laws to actually abide by them.
We don't seem to be doing very well with that in our country. 
I suspect many other people here have the same problem in their countries, also.

[ve7xen]

The fix is to make the taping illegal, not to bring more encryption, that just feeds the fire and increases the budgets of the parties involved.

As has repeatedly been brought up, state actors are one threat. Making tapping illegal is going to take a rather long while, and may not ever happen, and there are complicated jurisdictional issues as well. I don't ever expect the entire world to agree on the rules and actually follow them. There is a practical technical solution that makes these issues, for the most part, moot and can be done today. The two tacks are not mutually exclusive, and I don't think implementing crypto should stop efforts to reduce the warrantless tapping, but will in the end likely be more effective. State actors are also by no means the only threat, or even a likely threat.

Further, a fairly strong argument can be made on security alone, ignoring the privacy implications. I'm much more concerned about a shared-medium, public-access network being used to gather credentials and/or "dox" people than I am about the NSA.

Personally I don't understand why people are arguing against crypto, there aren't really any significant cons and you get privacy, some protection against forgery, and increased security.

[miguelvp]

Encryption is a false sense of privacy and doesn't change the problem. Think about it, who designed the cyrptos? Are you sure we aren't just taking that they are not reversible at face value?

For all we know anything they designed has countermeasures in place in case it get's into the wild and used by others against the designers of the algorithm.

Even someone well versed in math unless they put a lot of effort might not see the security holes in the algorithm.

I know one example where a company sends communications in the clear if they are generated by a user probably because they didn't want to give their secret crypto algo away. That company now uses standard SSL/TLS and they no longer require to send the communication in the clear. That tells me that there is no concern from the actors in the play about SSL/TLS.

[Rigby]

Lots and lots of people attack TLS and everything else all the time.  The people who know a great deal more about this than you or I trust certain algorithms wholly.  Encryption is not imaginary.

[ve7xen]

Lots and lots of people attack TLS and everything else all the time.  The people who know a great deal more about this than you or I trust certain algorithms wholly.  Encryption is not imaginary.

It does depend on some unproven assumptions, but the basic principles have held for decades. A great deal of cryptanalysis has been done on important production ciphers, and few weaknesses are found, most being reduced-keyspace attacks which merely reduce the brute force effort from heat-death-of-the-universe levels to collapse-of-the-sun levels.

If the crypto we depend on is actually broken in a major way, it is a carefully guarded secret and will not be revealed without national security level cause. Or it will be revealed to everyone via responsible disclosure and we can do something about it.

Anyway, even if you suspect the crypto is broken, how the fsck is no crypto at all better than crypto that might be weak? I can guarantee you that even if an attack exists against modern crypto, it's going to be non-trivial, which increases the cost of performing it en-masse as can be done with cleartext.

[miguelvp]

Lots and lots of people attack TLS and everything else all the time.  The people who know a great deal more about this than you or I trust certain algorithms wholly.  Encryption is not imaginary.

TLS/SSL is no encryption is just the handshake protocol for security. The actual encryption is negotiated and it's based on X.509 certificates.
TLS 1.0 is pretty much SSL 3.0.
Current algorithms in TLS 1.2 are all designed by you know who.

Just because you or I can't break the encryption, we don't know if they where designed with countermeasures in place in case the tech was used against the designers and they are not truly asymmetrical, or they are asymmetrical but can be circumvented by the designers.

[Rigby]

AES wasn't designed by "you know who" but by two Belgian dudes.

AES is used in TLS 1.2. 

AES is also highly trusted and under continual scrutiny by researchers.

Again, it is trusted by people who know a hell of a lot more about this than you or I.

[miguelvp]

And approved/consulted by you know who
But who am I to say the NIST is compromised? not me. Maybe the New York Times was just blowing hot air:
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html

Anyways, I really don't know or care much, I just act the same as if I'm in public view because to me the internet is as public as it gets.

[ve7xen]

You can't just speak of AES and TLS in isolation. It is a cryptosystem and the transport protocol, asymmetric crypto, key exchange is intimately intertwined with the symmetric cipher and block chaining mode used for the bulk data. Crypto failures in the wild are usually related to failures in the cryptosystem, not any particular component of it. They are bugs relatively easily fixed, not a flaw in the crypto itself.

All of this is negotiated between client & server in a fairly flexible manner. Don't like AES because NSA? Use Camellia.

Just because you or I can't break the encryption, we don't know if they where designed with countermeasures in place in case the tech was used against the designers and they are not truly asymmetrical, or they are asymmetrical but can be circumvented by the designers.

The ciphers are open and well documented. Cryptanalysis is done by white- grey- and black-hats from all over the world. They often publish their findings, and some weaknesses in popular ciphers have been found. AES has been in heavy production use for over 15 years, under constant attack the entire time, and is not 'broken'. Likewise for the fundamentals of RSA and Diffie-Hellman, but on even longer time scales.

So they've stood up to decades of attack by serious mathematicians, and to the best of our knowledge haven't been broken, but the fact that they are not provably unbreakable is a good reason to use cleartext instead? WTF man.

[miguelvp]

ve7xen, I'm not saying to use clear text for everything, but for this kind of forum is silly to use encryption just in case you are targeted and later prosecuted or whatever scenario they are talking about that involves big brother.

And I know how it's all negotiated, it's not rocket science. Well the cryptos kind of are, and yeah the algorithms are solid, the implementations might have bugs and the certificate production might be compromised, so?

One thing I know is that the more complicated the cryptos become and there are less exploits the more money is going to be thrown at it, do I want my tax money to go that route? not really I just want secure banking so that Chuck can't get to my credentials online.
Eve I don't mind her at all. Mallory well I would be a fool to trust self signed certificates to begin with. And Oscar just like to show off at the chaos communication congress, maybe he will steal some pocket money from my bus card or prevent me to get a text message if I happened to be in the area just as a proof of concept

[linux-works]

this restaurant I know of sells 2 kinds of ice cream: chocolate and vanilla.

I think it would be silly to pick vanilla.

(do you see my point?)

if you provide both, you keep both kinds of people happy.

its just that simple.  to argue against choice is pretty bizarre, when https is nearly free in every sense of the word.

you don't care about your data stream to forums.  fine!  won't you allow for others to keep their comms from prying eyes?

go lookup the famous youtube video 'dont talk to cops' (part 1 and 2).  the lawyer in that video gives a good simple explanation of why even innocent 'info' can be used against you in ways you didn't think of.

do you disagree?  then put everything of yours in cleartext.  that's YOUR choice.  but it sounds like you want to make my choice for me.  THAT is where I get really annoyed.