Re: HTTP2 Expression of Interest

+1 especially the part about user control, from a user.
I'm tired of data miners that pretend to care for my privacy.

Werner

Am Wed, 18 Jul 2012 21:37:39 +0200
schrieb "Nicolas Mailhot" <nicolas.mailhot@laposte.net>:

> 
> Le Mer 18 juillet 2012 16:03, Yoav Nir a écrit :
> > Wow. It's like I have to run to the other side of the table to
> > argue for the other side…
> >
> > On Jul 18, 2012, at 4:24 PM, Nicolas Mailhot wrote:
> >>
> >> That being said:
> >>
> >> 1. I don't read the bank (or other correspondence) of my users
> >>
> >> 2. I'm not asked to read the bank (or other correspondence) of my
> >> users, either by management or a police state (divulging it would
> >> take a legal injunction I think, never had to deal with those)
> >
> > It's a good thing that you don't read bank transactions and that
> > you don't get asked to. But you could read the bank transactions if
> > you wanted to (or were asked to).
> 
> No one is going to ask me to do so. Much simpler to hire some shady
> character to deploy a keylogger on the target user computer, and no
> need to involve an honest general-purpose network joe like me. Your
> threat assessment is faulty.
> 
> > If the data goes over HTTP you can do it with
> > something as simple as TCPDUMP. If it goes over SSL, you'll need a
> > TLS proxy.  The security issue is not that you want to do it, but
> > that you and others with similar jobs to yours can do it.
> 
> The security issue is that the protocol is not well behaved and does
> not let users negotiate the level of protection they deem necessary
> and which is possible to negotiate in a particular social setting.
> The protocol is an absolute god-awful under-specified mess that
> leaves users at the mercy of web sites, intermediaries and browser
> writers. Instead of giving users the tools to assess and control
> connexion state, so they are able to perform this negotiation (which
> they are the *only* ones legitimate to perform) browsers and big
> sites have embarked in an anal blind quest to apply TLS everywhere
> and *that* is the reason there are MITM ssl interception boxes
> sprouting right and left today.
> 
> In an all-or-nothing world users get *nothing* on networks where they
> are guests if the protocol and tools do not provide them the means to
> behave like guests.
> 
> In an all-or-nothing world me and other intermediary operators get
> total control because there is no middle knob between no control and
> total control, and no control is not acceptable to the network owner
> who has veto power by definition.
> 
> It's no use advertising the triply iron-clad TLS door to a social site
> when said social site leaks user information like a sieve, often
> deliberately. Not only it is not helping the user it's actively
> deceiving him.
> 
> The day the protocols and tools help user check what is send in clear,
> what had been integrity checked, what has been crypted, by whom and to
> whom (and whom send the various error pages), and decide themselves
> what they want (to they allow middlemen to accelerate or
> malware-check some elements ; do they insist that others must be
> totally opaque even at the cost of losing connection on networks they
> do not control) then people can claim they are pro-users.
> 
> (it's not rocket science, it's just defining a protocol that permits
> different compromise levels, providing means to users to tag accesses
> as belonging to one category or the other, and having the web client
> negotiate automatically the best compromise it can on the available
> networks. And yes that would also permit users to bloc collection of
> data by advertisers and other commercial entities if they wish so)
> 
> All the mashup, sharding, clouding, ajaxy stuff while convenient for
> web site and browser developers has resulted in a mess no normal user
> could identify any trust domain in. No amount of TLS-ing is going to
> fix the trust problem. Multiplexing will make the situation worse,
> not better. So please instead of continuing to make choices for the
> users please make http connexions simpler to understand by users so
> they can make educated security decisions (and putting grocery
> shopping on the same level as bank account accesses is no making
> connexions simpler to understand it shows users you don't give a fig
> about their actual needs).
> 
> I defy any of the pro-crypto people here to poll random people in the
> street and make them say they'd rather have the internet become even
> more complex and opaque, to provide total confidentiality, instead of
> being as simple to use as a wired phone (even if everyone knows
> governments can wiretap wired phones)
> 
> >> 3. When confidential (company or user) data leaks it's always at
> >> the server endpoints, usually because those endpoints didn't care
> >> a bit about
> >> user data confidentiality.
> >
> > Well, we know that some countries monitor traffic for censorship
> > and to discover dissidents. Most would call this data leakage, and
> > it's not at the endpoints.
> 
> I'm quite sure those countries also read dissident blogs and social
> sites and that they get more info this way than by monitoring traffic.
> 
> >> 12. we absolutely do *not* want to eavesdrop on bank accesses,
> >> e-government forms, etc. We'd much prefer if such a traffic could
> >> be send
> >> in encrypted payloads with in-clear routing metadata (there I
> >> differ a bit
> >> from Willy, but I accept he has customers with stricter
> >> requirements than
> >> ours)
> >
> > Does "we" include the no such agency?
> 
> The no such agency has backdoors in all the big US web sites that
> want to save people in other countries from spying with TLS. It does
> not even need to profile people anymore those sites are doing it
> openly and for free in its stead. With likedin it can downsize its
> economic intelligence arm too (or even peek directly at data
> processed in the clouds of Amazon & friends)
> 
> This is spook paradise
> 
> > Does it include its counterparts in Iran and Syria?
> 
> I'm sure they will catch up on the new way of offloading intelligence
> to web site operators soon if they haven't yet. The Chinese certainly
> did a long time ago.
> 
> >There are all sorts of people installing middleboxes.
> 
> And there are all sorts of people that do not want to be made targets
> because their technology provider decided it was smart to make them go
> dark and behave like enemies of the state.
> 
> You don't solve political problems with simplistic binary technical
> changes (especially when you focus on the element which is not the
> worst problem today). Governments and populations adapt either way.
> And just because some populations do not like their government does
> not necessarily mean they prefer to give the keys of their lives to
> facebook or google (which is what will happen with a system too
> complex to control by anyone but first-rank websites)
>

Received on Wednesday, 18 July 2012 21:35:49 UTC