Encrypting the web

Has anyone been following the British and US government desires to monitor all web traffic? It's something out of a scary future, but the problem is that it is technically feasible and to some extent it's here already if not coming very soon.

I'm rather protective of personal privacy, and I don't subscribe to the view that "If you've done nothing wrong, you've got nothing to hide."... that I think is one of the most logically flawed arguments of our time [Scribd, 2, 3].

Anyhow, as such policy becomes reality, and the web and everything that passes over it really is logged and analysed... I'm becoming of the opinion that if we can't trust our governments to allow us our open communication safe in the knowledge that we're not being spied upon, that perhaps the response to such things is that the web should be encrypted, and that the implicit capability to observe what is going on should be removed.

What I mean by this is simple, it used to be the case that techies would say that you have to use SSL encryption technology ( https:// ) over plain text ( http:// ) if you were sending passwords or credit cards over the internet. Now what I am considering is that any plain text should be sent over SSL.

So what could this mean? It means I'm actually considering taking a political stance and enforcing that stance upon this web site and all other websites I run. The stance is that all web sites I work on will go to https:// by default, and http:// would be unavailable.

I might still serve javascript, css, images, etc from http:// (so they can cache and the pages load faster, etc) ... but all web pages would go over https://

The question I have for you lot, is as this is one of the busiest sites I run... would this impact you? Do you have trouble accessing the SSL version of this site? Do you access the site from a phone that would have trouble with this?

Basically... what's the impact on you of such a change?

And the only way I can know this is for you guys to try the SSL version of the site and to let me know if you have any problems with it.

The SSL version is the same as this version, just that it's URL starts https:// rather than http://

I'm down with that VB

YouTube - Broadcast Yourself.

It's always worked fine for me. Feels a bit sluggish though. Still, I'm up for some https action!

its taking a little longer to load but if it stops our evil government then I'm all for it.

I'm fully ssl'd up

Yup, couldn't agree more. Btw, been meaning to thank you for making the phone version of the site, since I got my iphone I can get my fix anywhere! Cheers.

Sound good vb.

its taking a little longer to load but if it stops our evil government then I'm all for it.

Yeah.

When you use SSL nothing gets cached... so your browser doesn't have copies of any of the images, etc.

This is good for pages as those are not cached anyway. But it's bad for images.

So what I would do is use a mix of both. Images, script and other files that were not the page content I'd continue to serve over non-SSL so that they could be cached and things would still be zippy. And then the pages themselves would be SSL and not cached.

I'd probably give you an option in your UserCp.
1) Full SSL encryption (slower, uses more bandwidth, good for the paranoid and those whose workplace blocks access).
2) Mixed SSL encryption (faster, uses less bandwidth, good for the majority of users).

excellent. thanks VB.

if you're interested in privacy, I'm involved with privacy international - pm me...

who is going to get paid to read all the waffle thats on the internet for the governments??

Hey VB major respect for raising this as an issue and you are absolutely right that the arguments are hugely flawed. I would say that the real threat comes from The data Communications Bill which has been pushed in to the long grass for the moment as its too contraversial.

I am hoping that reason will win out and our political leaders will realise that tracking our internet use is just plain wrong and represents a real step back in terms of the relationship between the individual and the state.

In terms of your stance with encrypting the site, I'm not sure it is entirely necessary but things like the alleycat races and some discussions could be used against the site and cycling in general if journo's or busybodys got hold of them. However, would that restrict access to newbies who are searching for fixed info?

who is going to get paid to read all the waffle thats on the internet for the governments??

Computers.

And they're good at it. Military technology is 10 to 20 years ahead of Google in terms of context relational language searching. And they can process a very impressive volume of data, so it is quite feasible that everything could be processed.

Our stuff is very uninteresting, but that's not really the point. The point is that we have a right to privacy in our communications and if we're not exercising that right we will likely end up losing it.

In terms of your stance with encrypting the site, I'm not sure it is entirely necessary but things like the alleycat races and some discussions could be used against the site and cycling in general if journo's or busybodys got hold of them. However, would that restrict access to newbies who are searching for fixed info?

It wouldn't stop the site being discovered, indexed by Google, searchable, etc... it would just prevent anyone between my server and your browser from viewing what you were doing. That is all. The site won't go underground, it would just make it so that no middle-man could view what was happening.

There's another view: Advertising. A lot of ISPs signed up last year to investigate the use of technology to analyse web pages being served, discover white space on those pages and to inject adverts into those areas. Encrypting the traffic means this would be impossible, as the ISP is a middle-man too and they wouldn't be able to see through the SSL encryption.

Lovin' your work VB... We definitely need to keep our inane musings from The (Wo)Man... ;]

but if you're posting on a public internet forum, then the info is err, public?

i don't know what any of the above stuff means but hopefully if there are any problems there are enough tech-heads to help.

BOMB
fuse
fertilizer
catylist
gordon brown
jaguar
pipe
stolen van
ransom
muslim
jihad
prisoner
free
kill
suicide

you missed hippy ;)

5 minutes before the SAS come flying thru every forumenger's window?

VB earlier today > http://meltyourfaceoff.files.wordpress.com/2007/10/tin-foil-hat.jpg

just kidding, very legitimate concern to post about, keep up the good work fella

Messenjah.

And he's very good at it. Messenjah technology is 10 to 20 years ahead of Google in terms of context relational language searching. And they can process a very impressive volume of data, so it is quite feasible that everything could be processed.

Our stuff is very uninteresting, but that's not really the point. The point is that we have a right to privacy in our communications and if we're not exercising that right we will likely end up losing it.

Fixed

Presume innocence rather than guilt until proven otherwise. It that not the basis of law?

Don't get me started on Phorm.

Quite happy with both options around the SSL.

I'm not sure what I think about this.
I get VB's point that we should be allowed unfettered private communication.
But, dog's is right as well, this is a public forum and anyone who cares to, can read the tosh that I, and the rest of you post.

SSL or not? I don't think I mind

At present my wife thinks that I spend my evenings looking at Redtube and Youporn. Imagine how shocked she would be if a civil servant were to tell her that I spent my time chatting away with you lot.

Even more worrying is that government officials can, presumably, if they wish, monitor everything that I send to clients. Is it appropriate that the government ought to be able to have access to a lawyer's advice to clients?

Why does the government think that it needs such powers? Why is it spending our money to develop them?

Complete technodimwit question, but if military technology is that far advanced, is SSL actually going to stop them monitoring?

thing is there is going to be soooo much info, how do they find what is relevant.

99% statistics are about statistics.