Re: 2 questions

In message <>, Stephen Farrell writes:

>But studies like these are still (for me anyway) far more worth
>paying attention to than yet more anecdotes and prognostications.

I fully agree as long as their results are interpreted carefully
and precisely.

However this study only tells us that MitM is unlikely to be less
than 0.41%, we have *no* information about any upper limit.

But I find your continued belittlement of "anecdotes and
prognostications" problematic even without this study.

I know of no usable measurements of how often courts allow or mandate
MitM as part of criminal investigations.

Yet, we know that it happens:  Occasionally we spot bogo-certs
and here and there tidbits emerge from courthouses.

If we (try to) make MitM impossible for law-enforcement, courts
will approve use of more drastic and damaging means and measures,
and legislators will neuter "impediments to law-enforcement" if
necessary, no matter how ill advised that may be.

Remember how much privacy we lost after 2001 ?  Today we're probably
just a single convenient crisis, real or manufactured, from key
escrow becoming the law of the policestate.

Blindly pushing the "HTTPS anywhere" agenda through to completion
is at best a distraction and at worst it risks doing more damage
our privacy in the long run.

The only real solution is to make make privacy a protected human right.


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Tuesday, 31 March 2015 23:07:26 UTC