For example, I might (with reservations) be perfectly happy to trust Facebook not to be evil with a subset of my personal data. But I don't trust my ISP to carry the data back and forth without leaking it (or the metadata, if it's encrypted), I distrust the legal process which could subpoena it (from the ISP or FB), and I very much distrust the governments and agencies involved.
So, I think we actually need to fix the infrastructure. For example, Firefox should always embed Tor (and make it easy to run an intermediate node); Thunderbird should include enigmail; part of the setup for every Linux distro should include crypto; we need a genuinely trustworthy SSL certificate root (and perhaps a body such as the EFF to allocate free SSL certificates to every Linux installation: for example, when I set up apache, it should be able to get an SSL cert automatically, much in the same way that openssh-server generates a key on first run).
Also we need a solution for *routing*. I don't know how this could be done... for example, how do I make a DNS request without the DNS server's administrator knowing; or how do I send an email to a friend without leaking the metadata of the fact of that communication: who spoke to whom and when. [Has this been solved in any of the bit-torrent protocols?]
On the up-side, we now mostly have >10Mbit/s connections for most ADSL users... that means that most of the time, we could tolerate a 10x slowdown in data speed (especially if combined with pervasive, transparent use of rsync and compression). So Tor-by-default might be a good way to go.
Also, much of the world has smartphones now... so Android could implement encrypted, off-the-record messaging by default.
In my view, what we need now is leadership and co-ordination. While I'd like to hope we can defeat the NSA at the ballot box, we will probably have to do it in source-code: not just for ourselves, but for our less-technical friends and family, even those in the Windows world.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds