Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The number of people that can implement secure communications without relying on third parties is close enough to zero that they basically don't count.

ISIS recruitment would plummet to zero if people had to get TLS working before joining.



I don't think that you understand that the TLS technology used for online banking (which would still be legal) is the very same technology that lets you create a secure communication channel with other users.


I don't know why you think that. Perhaps I was unclear.

The average prospective terrorist / criminal etc isn't going to be able to set up TLS. If they encrypt their communications, the odds are it's going to be going via a third party. Next time you send an email, tell the recipient that from now on you're going to communicate directly by TLS, and they'll need to set up a server before you can talk to them again. I believe that most people will have considerable difficulty doing that.

So, you're reliant on third parties who constitute single points of failure and potential targets of legal action.

Individuals who can securely set up TLS (or PGP or whatever) for their own communications are sufficiently rare that they effectively don't matter.


TLS is currently simply a matter of point and click on a graphical interface.

For hosting provider setup, to domain name registration and TSL certificate generation there are thousands of online tutorials.

You don't need to be an expert or a developer to know how to setup TLS on a Wordpress blog.


A Wordpress blog run by a third party does not constitute a secure messaging system, even if you have TLS enabled on it. And it's still a lot less easy than using WhatsApp.


Installing pidging, otr, starting a chat and confirming who you're talking too doesn't exactly require a comp sci degree.

This isn't really about stopping that though, it's about the snooping nanny state plain and simple.


Using PGP securely is as easy as downloading some software, typing in your message, and clicking a button. It's not something that requires any knowledge beyond basic computer usage. You aren't going to be able to stop people from sharing PGP software on the internet.

I think you're severely underestimating the intelligence of people in general. If we're talking about ISIS, all it takes is one moderately experienced computer user to show everyone else how to use PGP.


> Using PGP securely is as easy as downloading some software, typing in your message, and clicking a button. It's not something that requires any knowledge beyond basic computer usage. You aren't going to be able to stop people from sharing PGP software on the internet.

And yet we find a bunch of supposedly encrypted stuff where the user did something wrong, leaving the stuff effectively unencrypted.

See also people uploading keys to github etc.


What software are you talking about? I've seen very clever people struggle with PGP. In fact Ed Snowden famously screwed up when he first emailed Glenn Greenwald.


GPGTools, for example (https://gpgtools.org)

I suppose I omitted the step of copying and pasting your recipient's public key, but that's not especially conceptually difficult, either.


That does look quite nifty.

There's also keypair generation, which is the step that derails most people I think. Plus the fact that people have to grok the concept of public and private keys, and be able to distribute / not distribute them as appropriate. And revocation certificates. And public keyservers. And trust levels. Etc.

I do think an organised, disciplined group might manage to get PGP working as intended, but I doubt there are many such groups.

My point is, I doubt individuals implementing encryption have much to fear from whatever proposals may emerge from this. Maybe they will later. But it seems to me it's much more likely to target companies that offer/facilitate encrypted messaging.

Edit: Thanks to whoever just put my karma over 2000. Does anything exciting happen when you get to 2000 points?


Hmm. I guess my thought is that if it became well-known that using Whatsapp, iMessage, etc. to communicate about illegal activities frequently led to arrest, then knowledge of PGP and the like would spread because it's not too difficult to use. So then government would be able to read everyone's communications through those channels for no appreciable benefit.

Obviously, that's total conjecture, though.


Using PGP is as easy as understanding PKI, which is beyond most people that don't work in tech, and a substantial amount of people that do.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: