- From: <chaals@yandex-team.ru>
- Date: Fri, 09 Jan 2015 02:43:01 +0300
- To: Harry Halpin <hhalpin@ibiblio.org>, Tim Berners-Lee <timbl@w3.org>
- Cc: Henri Sivonen <hsivonen@hsivonen.fi>, Public TAG List <www-tag@w3.org>
05.01.2015, 15:16, "Harry Halpin" <hhalpin@ibiblio.org>: > On Mon, Jan 5, 2015 at 12:04 PM, Tim Berners-Lee <timbl@w3.org> wrote: >> š[earlier someone wrote]: >> >>> š* The example of a village with poor access (e.g., in Africa) has regularly >>> šbeen šbrought up in the IETF as an example of a population who want >>> sharedšcaching, rather than encryption. The (very strong) response from >>> folksšwhošhave actually worked with and surveyed such people has just >>> as regularlyšbeen that many of these people value security and privacy more. [....] As I understand the statement, it means some people would prefer privacy and security, and others prefer convenience and entertainment. This might just be projection. In some things, I am intensely protective of my privacy and security. In other matters, I couldn't care less about it. And while I'm far from infallible, I am regularly able to make reasonably informed decisions which demonstrate that I don't hold carefully to one or the other side of this apparent dichotomy. >> šAs it happens I just talked to someone who runs a small remote island with >> šabout 400 people. >> šI didn't ask but he brought it up of his own accord, that with everyone on >> šwifi and a (17Mb/s ?17MB/s ? he wasn't sure) link supporting everyone, he >> šhad been recommended and was planning to install a commercial island-wide >> šweb proxy cache product, as he felt a lot of people watched the same movies. >> >> šHis concern about bandwidth and response time was paramount. He wasn't >> šprimarily, as far as I could see, concerned about the privacy of the folks >> šbeing invaded by foreign power and the extent to which that was affected as >> šhe made the decision as to how to balance running a proxy with getting more >> šbandwidth. >> >> š...šIf people were happy to have the >> šmovies they watch spied on, then they would retain the ability to have >> šend-end secure communications across the net for other things. > > However, in terms of ethics, I would hold that disabling an > architecture of pervasive surveillance is probably more important than > the speed of watching movies in terms of the future of the Web. I respect your right to that opinion, but I if that is the dichotomy we face I would hold that this particular opinion is nonsense. (Fortunately, I think it is premised on a false dichotomy - we could eat *some* of the cake, but keep some for tomorrow). > In that regard, the long-term goal should be able to make such MITM > attacks impossible as the same architecture that leads to MITM attacks > for "legitimate" uses will inevitably be used for repressive purposes > IMHO. This assumes that there is a repressive measure that can be taken based on the sharing of movies. Which is clearly the case sometimes, but equally clearly is unlikely to be the case always. It is true that almost any useful tool can be used for repressive purposes. It is also true that people make choices about what to do now because they don't understand the collective impact of those small instantaneous choices on their future. > The question then is how can we create an architecture that allows a > proxy-like features (i.e. fulfills the use-cases of internet proxying) > without actually interfering with traffic? That is one question. There is another, which is about how we should motivate people toward different possible outcomes - e.g. should we reward the serach for a secure system that allows proxying by breaking proxying now, or should we reward the search for a new way to do security by maintaining an insecure but cacheable web? Given my judgement of your opinion on the tradeoffs you mention, it seems we don't share a complete understanding yet. FWIW I am not a fan of surveillance. But I note Russia is where Edward Snowden lives, for his own security. I appreciate governments working to e.g. stop violent attacks on normal people from happening, there are trade-offs of security and privacy worth making and others that are not worth making, and they are generally complex questions. Having those decisions made for me and enforced by a bunch of technical architects is a problem that I place somewhere near the problem that spies whose salaries my taxes pay for are spying on me in terms of concerns about who is interfering in my life. > This seems like it could be > something that could be offloaded into browsers and OS-level > functionality. Ditto, how can we do caching for some cases like movies > on the server-side while still encrypting to the client? These are all > soluable problems likely that need to be fully understood. Yes... as does their impact. >> šJust saying that the economics of this and the balance between the various >> šconcerns are not to be understood well with a few anecdotes and some bar >> šBOFs. > > I agree in general, and this is precisely the kind of hard question > that the academic/industrial research community, OECD, and others > should be tackling. I think that you, Tim and I are in agreement on the fact that the problem is one that is unlikely to be solved well without looking fairly carefully at the shape of the world wide web. cheers -- Charles McCathie Nevile - web standards - CTO Office, Yandex chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Thursday, 8 January 2015 23:43:32 UTC