- From: Tim Bray <tbray@textuality.com>
- Date: Tue, 9 Dec 2014 21:17:11 -0800
- To: Marc Fawzi <marc.fawzi@gmail.com>
- Cc: Bjoern Hoehrmann <derhoermi@gmx.net>, Mark Nottingham <mnot@mnot.net>, Noah Mendelsohn <nrm@arcanedomain.com>, "www-tag@w3.org List" <www-tag@w3.org>
- Message-ID: <CAHBU6itv9SeTgoon3SdJoon=Accnu4h_JH6DtbC6w7A_Fdd4jQ@mail.gmail.com>
The arguments about the desirability of ubiquitous encryption have been going on a long time, but unfortunately tend to circularity because few *new* arguments are introduced in any given year. I have written a draft which assembles the most-commonly-heard arguments against the universal deployment of privacy technology, and provides counter-arguments. I suspect much of it is material to this discussion, and it’s not very long: https://www.tbray.org/tmp/draft-bray-privacy-choices-00.html : “Privacy Choices for Internet Data Services” On Tue, Dec 9, 2014 at 7:36 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote: > I think this list is public for a reason, right? So concerned citizens of > the web can voice their opinion? Or maybe another reason? > > Anyway, as far as opinions go I think that APIs that only work on HTTPS > but could in reality work on HTTP means that if some app wanted to use such > API then it must purchase an SSL certificate (I think they still cost a lot > of money) and incur extra cost in the cloud or data center. > > > > Sent from my iPhone > > > On Dec 9, 2014, at 1:23 PM, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > > > > * Mark Nottingham wrote: > >> When I talk to browser folks about this, they say that you can still > >> install a CA to observe traffic, or look at the console / dev tools, > >> etc. I think that's a reasonable answer, but one that needs better tools > >> available to foster this kind of research. > > > > It is actually quite common that you cannot install certificates and do > > not have debugging tools available, or would not be able to rely on them > > because their use is detectable. Considering that heteronomous computing > > is being made a fundamental part of the Web, it seems very unlikely that > > the TAG would agree that users have a right to know what their computers > > do and what data they send and receive. > > -- > > Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de > > D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de > > Available for hire in Berlin (early 2015) · http://www.websitedev.de/ > > > > -- - Tim Bray (If you’d like to send me a private message, see https://keybase.io/timbray)
Received on Wednesday, 10 December 2014 05:18:00 UTC