Hacker News new | past | comments | ask | show | jobs | submit login

Agree Snowden is significant because he was able to encourage enough people to INSIST on strong privacy/encryption. Then it all comes down to basic game theory. Why would a company ever want to release any product without strong encryption (end-to-end) when users never complain about their data being encrypted. The only reason companies don't encrypt is when they have a vested interest in spying, either in their own interest or the government's interest. Anytime I see something not have strong encryption, it is a red flag to me that something nefarious is up.



> Why would a company ever want to release any product without strong encryption (end-to-end) when users never complain about their data being encrypted. The only reason companies don't encrypt is when they have a vested interest in spying...

I think the second thought doesn't follow from the thought before it. to my experience, the main reason companies don't encrypt is because it's simply makes it that much harder to debug problems and consistently provide successful connections for users. HTTPS can fail in ways that HTTP does not.

If users aren't clamoring for encryption as a feature, the main reason not to provide it is simplicity and quality of service along the axis users appear to care about. If users want encryption enough that they're willing to tolerate that sometimes browser misconfiguration or server side error will cause the connection to fail because it cannot be trusted, then companies will implement it.


Encryption in the last decade has also become a hell of a lot easier to implement, so "why wouldn't we just do it" has less opposition


I think this is underappreciated.

High-quality crypto libraries / systems lead to broader implementation, which makes it harder for elements in mostly-free societies to pressure implementers.

It's one thing for the NSA to quietly lean on ATT (and only ATT). It's a completely different thing for them to quietly lean on 1,000 different organizations and authors.

Similarly, it's easy to sneak a CALEA-alike amendment into national law when only PGP exists. It's harder when the narrative becomes "The government wants to take {beloved product used by millions} away."


I don't think I know many people who insisted on strong privacy/encryption. However, after the Snowden revelations people did consider it a preference. In that sense, it helped.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: