Samir’s Selection 07/03/2013 (p.m.)

  • tags: irony protest funny culture

  • tags: privacy secrecy cryptography encryption security email internet SSL howto Microsoft Linux

  • Adding strong encryption to the most popular Internet products would make them less useful, less profitable and less fun.
    “Security is very rarely free,” says J. Alex Halderman, a computer science professor at the University of Michigan. “There are trade-offs between convenience and usability and security.”

    while [SSL] this kind of encryption will protect users against ordinary bad guys, it’s useless against governments.
    That’s because SSL only protects data moving between your device and the servers operated by Google, Apple or Microsoft. Those service providers have access to unencrypted copies of your data. So if the government suspects criminal behavior, it can compel tech companies to turn over private e-mails or Facebook posts.
    That problem can be avoided with “end-to-end” encryption. In this scheme, messages are encrypted on the sender’s computer and decrypted on the recipient’s device. Intermediaries such as Google or Microsoft only see the encrypted version of the message, making it impossible for them to turn over copies to the government.
    Software like that exists. One of the oldest is PGP, e-mail encryption software released in 1991. Others include OTR (for “off the record”), which enables secure instant messaging, and the Internet telephony apps Silent Circle and Redphone

    End-to-end encryption creates other headaches for users. Conventional online services offer mechanisms for people to reset lost passwords. These mechanisms work because Apple, Microsoft and other online service providers have access to unencrypted data.
    In contrast, when a system has end-to-end encryption, losing a password is catastrophic; it means losing all data in the user’s account.

    PGP “is not usable enough to provide effective security for most computer users,” the authors wrote…

    tags: privacy secrecy cryptography encryption security email internet SSL PGP

Posted from Diigo. The rest of my favorite links are here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s