[Cryptography] escalating threats to privacy

[Christian Huitema]

On 3/30/2017 2:38 PM, Florian Weimer wrote:

> * John Denker via cryptography:
>
>> I'm wondering what the remedies might be:
>>  -- Negotiate with the ISP to pretty please not do that?
> You need to negotiate with everyone along the path.  The Internet was
> designed with the goal that you don't have to do that, and that's a
> major source of its efficiency.

Actually, having a trusted first hop ISP helps a lot. The traffic going
out of that ISP will be the aggregation of the traffic of multiple
customers, which means that individual users are harder to track. Also,
in many cases, the path leads directly from the ISP to a content
distribution network such as Akamai, or to the presence point of a big
service like Google. After that, there is literally nothing to see in
"the core". And of course, the traffic should be encrypted.

> ...
> The other problem is that on the current web, sites actively collude
> to break anonymity for various commercial purposes, and more and more
> web sites require some form of authentication.  That happens on the
> server side, and technology like Tor isn't going to change that.  The
> New York Times will still know which articles you read.
Yes. The real problem is not so much the ISP as the "advertisement
funded" business model. That's what I wrote in this short note:
https://huitema.wordpress.com/2017/04/01/privacys-reductio-ad-absurdum/.
Congress authorized a free for all, in which ISP can gather information
about you in the same way as web sites do. This demonstrates to our
society the extreme danger of the business model pushed by Silicon
Valley in the last 20 years. A classic “reductio ad absurdum”. If one
company does it, it is probably not too much of a problem. But if you
allow one company to do it, you must allow all of them. And if all of
them do it, the result is patently absurd.

-- Christian Huitema