On 2014-11-17 at 18:02, Robert J. Hansen wrote: >> But sorry, I disagree a little bit. If we want literally to jam the >> secret service's attempts to decrypt mails, then it makes sense to use >> encryption for every single mail, private, business, nonsense and spam.... > > This would have the ultimate effect of destroying email as a > platform. Email works as well as it does -- as well as fails so > miserably in other ways -- largely *because* it's open to inspection.
Because today it works the way it works is not a reason to let it work that way forever whatever is context. > As an example, pervasive end-to-end encryption would require antispam > defenses to move to the client rather than being deployed at the > mailserver or relay. This would essentially be tantamount to giving > up, since there are no really effective client-side antispam measures. Internet is fundamentally superior to all other technic networks invented by mankind for this reason: moving intelligence to periphery, make work client-side, make things horizontal, decentralized everything, giving control on everything to everybody locally, making everybody able to do anything wathever others do. That’s what distinguish Internet from what existed in France before Internet : the minitel. The minitel is a dumb terminal only able to connect via phone-lines to a server, send input to server and display what server send back. It were popular when computers where too much expensive and nobody could have one. In the free software and decentralized/secure internet movement in France, we generally use the term “Minitel 2.0” to humorously speak about (and mock) GAFA and all ultra-centralized services where quite everything tends to be made server-side, where the client is just a dumb terminal controlling nothing and delegating everything to the server. Where the server can do anything. rms also denounced SaaSS as worse evil than proprietary software, and that’s true. Because with just proprietary software you can still cut the Internet (or even just its access to it), and even do reverse-engineering. With SaaSS, URSS and 1984 seem a happy pink poney world. The fact is that doing everything client-side, you can adapt everything even better than Google would do, because *you* control it. You could use spamassasin-like rules based on naive bayes filtering, and choose yourself what you identify as a spam, then choose to make a message more visible or not according its probability to be it. Then you could even make more category than just “vacation/viagra/enlarge-penises-like spam”, you could try to do the same thing about insulting messages, (death/rape)menaces messages, racist, sexist, homophobic, transphobic nationalist, classists messages (all containing some interesting common patterns, and it could even be useful on some mailing-lists, more practical than just banning people, could just prevent people to read messages that they could consider psychologically hurtful to them, while letting other trying to deal with some people’s annoying ideas). If that can work, you could even share score lists in a F2F manner, and ponder that according bonds, and then secure everything with cryptographic signature, and identify people with DHTs, etc. etc. Decentralizing you can do quite everything, and very very very very interesting things. Then with just complex maths, moderns DHT, etc. you can achieve quite spectacular things, avoiding issues like “Facebook has a considerable part of mankind population subscribed, is able to statistically determine if someone is homosexual even without him/her knowing it, and activally collaborate with especially intolerant authoritarian governments or agencies, especially if payed well” (yellow star seems pointless in front of that). Give a look to what GNUnet tries to do. > Similarly, it would assist in the spread of malware and viruses and > for the same reasons. If a mailserver can't inspect the email, it > can't recognize malware and quarantine it for the health of the > internet. Malware and viruses is the problem of client, only client, always client. If we have to make a less freedom-compatible internet because of client not doing its job, there’s a problem. As far as I know that especially regards proprietary systems. > Etc., etc. I am fanatically in favor of people's right to protect the > privacy of their communications, but there's a flipside to it: we also > need to be responsible and prudent with how we do it. Simple, naive > solutions like "encrypt everything!" aren't a fix: at best, they'll > trade our current set of problems for a new set of problems which > we'll have even less knowledge of how to handle. So instead of trying to make nice authorities known for their authoritarian interests and with a creepy background, you’ll try to just invent, and most of time just implement, new algorithms… One of these solutions seems more realist to me.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
