[opendtv] Re: F.C.C. Proposes Privacy Rules for Internet Providers - The New York Times
- From: Albert Manfredi <albert.e.manfredi@xxxxxxxxxxx>
- To: "opendtv@xxxxxxxxxxxxx" <opendtv@xxxxxxxxxxxxx>
- Date: Sat, 19 Mar 2016 20:09:27 -0400
Craig wrote:
So? It is secure from deep packet inspection. It is secure from hackers. It
is
secure from nosy politicians, at least until they can get a warrant.
No. So here's a clue, Craig. The ONLY credible purpose for
encryption-in-the-middle, provided either by ISPs or by your iCloud, is to
protect the network. Not the user's data. For example, if provided by ISPs, it
protects the ISP's routing tables, it protects the configuration of their
nodes, and so on. For Apple, it protects their iCloud servers. That's the
purpose.
It is not protection for the user! In your case, all you have to do is tap in
somewhere outside this iCloud, and with DPI, any packet from the iCloud
traveling outside that iCloud can be read, if it hasn't been encrypted end to
end. The iCloud is not the entire Internet, Craig. If you knew what you were
doing, you'd never trust iCloud encryption alone for your online bank
transactions, for example. That would be foolish.
I've repeated this point countless times.
Other ISPs cannot read my mail. Several years ago iCloud mail was only secure
between iCloud users. In 2014 Apple started making it secure with all e-mail
servers.
Repeating this again. This is false. As long as the decryption of that iCloud
email is occurring at an ISP's mail server, and not at my own PC, it means that
the ISP can read the email. You would know if your email client was set up for
encryption, Craig. Because you would be the one having to acquire and renew
certificates, and you would be the one having to figure out what type of
encryption certificates are needed by whoever it is you need to communicate
securely with.
That is why DPI is used in many firewalls,
I'm glad to see that occasionally at least, something does sink in.
It is very possible to build encryption that the builder
cannot decrypt.
Craig saying things he doesn't really understand.
So here's the deal, Craig. As long as my email client is not decrypting that
email, and I know this because I have not enabled encryption for the email, it
means that the ISP's mail server is decrypting it, before sending it on to my
PC. Everybody knows that simply knowing how an encryption algorithm works does
not mean you can decode encrypted messages, Craig. The point is, if YOUR OWN
client is not doing the decrypting, that message is going to be plaintext going
from server to client. The ISP *has* to be able to decrypt the email, in short,
when it's using encryption in the middle only.
Here are the main points that (as usual) are taking way too long to get across:
1. To protect user data, the protection must be end to end. Like, between your
PC and the bank's internal server. Or between your email client and the email
client of the other guy. If it's not end to end, then it's not protected as far
as the user is concerned.
2. An individual user typically has *no control* over what gets encrypted end
to end. Bank transactions do, as well as anything requiring payment. Other than
that, very little indeed.
3. If ISPs can use deep packet inspection, for WHATEVER reason, it's exactly
the same thing as wiretapping your phone. The user can protect against that,
sure, WITH END TO END ENCRYPTION. It doesn't matter whether the wiretapping is
done to "sell" the information, or for any other reason. Your information is
not private.
Bert
----------------------------------------------------------------------
You can UNSUBSCRIBE from the OpenDTV list in two ways:
- Using the UNSUBSCRIBE command in your user configuration settings at
FreeLists.org
- By sending a message to: opendtv-request@xxxxxxxxxxxxx with the word
unsubscribe in the subject line.
Other related posts: