Hacker News new | past | comments | ask | show | jobs | submit login

BCP 188 "Pervasive Monitoring Is an Attack" sets Best Common Practice for the IETF to say that mitigating pervasive monitoring is appropriate because it's an attack on the network. So that's a pretty long way from "nobody cares".

It's very carefully written, it does not propose to make a moral judgement about whether the things Snowden revealed are evil only to show that in a technical sense they were an attack and so it made sense for the network to try to mitigate them. Work like D-PRIVE (privacy for DNS) was driven by this concern, and of course it influenced a lot of other work including QUIC.




While a BCP is indication that “nobody cares” is false, it’s pretty far from even a majority of people caring. If BCPs mattered, IP spoofing wouldn’t be an issue on the Internet.


I think the reason the majority doesn’t care is that most people can’t imagine what could happen.

They’re reading my WhatsApp messages? So what?

I hardly have an answer for that, except for: imagine you’d live in an authoritarian state.


I like the explanation that simply explains "privacy": When you are going to the toilet, and everybody knows that your going and what you'll do there, but you still close the door (for the most of us, most of the time).


Sure, but people close the door out of modesty not really privacy. If there was a machine that provided a written transcript of what someone did in the bathroom with no video/audio I don’t think people would mind.

Like when you’re in high-security areas and have to be monitored in the bathroom there might be a door between you and your guard but no real privacy.

Or when people loudly object to strip-searches at the airport but the scanner that sees everything but then only shows a cutout highlighting suspicious areas to pat down are mostly fine.


I think it's a pretty good workable analogy actually. People don't mind if you know they go to the toilet as an abstract thing, but once you start keeping a notebook of who is going to the toilet and when it starts getting creepy and undesirable. And that's just for collecting metadata! imagine if someone would actually intercept your sewer and analysed the makeup of your turds, folks would be up in arms.


We need this information to correctly gauge the interest on different kinds of foods we should keep available to purchase in the cafeteria.

It's also helpful as we can notify you early if you have some undiagnosed medical issue. You could unknowingly spread your illness to your children without this early detection. We're even able to reduce your monthly health insurance premium by providing this data to the insurance company!

This also enables us to find troubled Individuals before it's too late and address building drug issues before they're full addictions. We'll be able to get them the required attention they need to get back on their feet and be productive members of our society. (Maybe not here though)


Scary... but still very theoretical and thus people can't really relate to that I guess because


Similarly, you can still get falsely validated HTTPS certs via spoofing (not to mention older, easier validation exploits), and so it's possible all the newly encrypted traffic may result in most people having a significant false sense of security.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: