biglove wrote:
Horse Feathers wrote:
First, get hundreds of sites & apps to add proven security (like SSL).
That's a good start but need the commitment of network infrastructure (hardware) vendors, network service suppliers, and end user device manufactures to commit to not embedding/enabling surveillance tools.
Agreed. I can encrypt all I want but if the NSA has paid for flawed server side software, not going to help me much.
I could give a rat's ass if the NSA reads my emails. It is the principle of it that is unconstitutional.
http://arstechnica.com/security/2013/12 ... e-default/
That link outlines just the RSA product offering, cryptography libraries (data encryption) and token devices (authentication). The issue is well beyond server "software". Think router, NIC (network interface card), etc. with deliberately implemented microcode elements to facilitate spying. Average Joe's like you and I are most likely not concerned. It was originally done for HW sales to other countries (they called Putin paranoid to exclude US based computing products but he was right, still a Fucking idiot though)
It's quite interesting when you are part of a team troubleshooting a network communications issue that gets to that level. My companies contract requires that we have access to this code for our security teams to review prior to implementation or upgrade or for general troubleshooting. The code is highly readable and looks like this:
We have been given printed versions with blacked out sections and others that were...ummm, quite interesting. 
Statistics: Posted by Horse Feathers — Today, 9:17am