Hacker News new | past | comments | ask | show | jobs | submit login

You're not wrong, but the realistic alternative is having it the same way, just without any encryption.



Yes but in this case caching proxies and other distributed approaches still would work out of the box as alternatives to cdns. I am not sure what I have gained. Nobody cares about end to end email encryption. This would be a real benefit, but Google could not build profiles so easily...


> Nobody cares about end to end email encryption. This would be a real benefit, but Google could not build profiles so easily...

AFAIK google states (in their privacy policy) they do not do anything with the contents of your emails in a gmail account.


Which is fine too, since not all communication needs to be secure (even on the internet).

These numbers are meaningless without a proper context and can potentially create a "security theater".


> not all communication needs to be secure

There are good reasons to make all communication, even trivial conversations, secure.

If we only secure "important" communications then we are unnecessarily broadcasting useful meta information to prospective attackers. Encrypted communications rise to the foreground in visibility and that gives away who and when and where sensitive information is shared.

OTOH, if we secure all communication then we make the work of attackers or over-reaching governments much more difficult because no communication clearly says "high value sensitive information"


There's plenty of reasons to secure all communication as much as possible, regardless of the content.

Even if you don't care about what your ISP sees from a privacy standpoint, they still can inject ads or other content into your webpages if the connection isn't secured (at least, from the perspective of your ISP). And this helps prevent attacks against users in coffee shops or other public, unsecured WiFi.


>Which is fine too, since not all communication needs to be secure (even on the internet).

There was just an article on the front page today about "I have nothing to hide" and why it's wrong.


An example may illustrate my point: download software zip/tar files from a non-secure link. Obtain the signature and checksum files over a secure link, and verify the integrity of the software offline.

Not every communication is about hiding personal stuff.


And then find that your file doesn't match, because your ISP brokenly injected a human-targeted message at the start of your download, or some proxy corrupted it by stripping out the executable (yes, this happens)...

Absolutely nothing is lost by encrypting the downloaded data as well.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: