Things we know and can hopefully agree upon w.r.t. the state of the web today.

I wanted to focus on what we all agree upon for a moment.

I'll note that I am not debating the goodness or badness of encryption, so
please don't bring this into the thread-- I am completely aware that the
definition of "the right thing" to do varies depending on the party wishing
to define it, the particular user, site, or legislative jurisdiction, etc.


So... I'm hoping for this thread to affirm or debate the following things:

a)  we cannot effectively impose changes on already deployed infrastructure
or content

b)  we have the ability to create and define opt-in or opt-out mechanisms
for encryption

c)  non-encrypted plaintext on port 80 is reliable today when only it is a
particular subset of http/1.1

d) the definition of "the right thing" to do with respect to using or not
using encryption varies depending on the party wishing to define it, the
particular user, site, or legislative jurisdiction, etc.

e)  there is pervasive monitoring today, and that some of this monitoring
includes entities with malicious intent (i.e. criminals).

f)  users do care about privacy to the extent that they want to choose what
should be public and that they don't want their lives damaged or destroyed
as a result of legal online activity (i.e. don't want their identity or
assets stolen)

g)  sites do care about privacy: at a base minimum they want to retain the
trust of their users

h)  users don't have the technical depth to understand what is necessary to
achieve privacy, let alone security

i)  educating and communicating about technical issues that can potentially
affect users is extremely difficult and would take significant time, if
possible at all


-=R

Received on Monday, 18 November 2013 17:10:13 UTC