[luan42]

With no real reaction after the NSA leaks and with people in various governments trying somehow to criminalize encryption and anonymity, this is exactly what we need. We don't need another centralized Google/Facebook/etc. powered application.

[Panino]

> With no real reaction after the NSA leaks

I know where you're coming from but I don't think this is the case. There are too many examples to give but here are some nice ones:

In 2013, there were only a small number of E2E encrypted messenger users. Now there are over a billion Signal Protocol users alone, not even including other systems. This isn't getting deployed because it's easier to develop, support, or use than plaintext.

In 2013, RC4 was widely used in TLS and random number generation (on BSD systems). It has been kicked out and now ChaCha is seeing wide deployment in the same places (although FreeBSD is lagging behind).

Let's Encrypt has substantially increased TLS availability and usage.

In 2013, the default crypto in OpenSSH was (IIRC) P-256 and AES-CTR, with ECDSA host keys. It's now X25519 and ChaCha20-Poly1305 with EdDSA host keys.

In 2013, TLS was mostly RC4 and CBC. Now (on my servers) it's mostly GCM and ChaCha. Even the IETF has said to stop using RC4.

The NaCl family, including in particular Libsodium, has a TON of users. Besides supporting only strong crypto, the high-level API has made it almost impossible to publish a successful new crypto library today that's in the style of OpenSSL where the only answer to "how to I accomplish X?" is "go fuck yourself." Good riddance to Russian roulette crypto libraries.

We're even seeing movement in pqcrypto. So while some people are being reactive and switching out bad crypto for good (as in above examples), some are being proactive. Google is experimenting with pq-safe key agreement, as just one example. Tor is working on it as well. So not only has there been a positive reaction since 2013, but people are beginning to be more proactive as well, trying to stay ahead of the curve.

The number of users of strong crypto has increased by several billion since 2013.

[pdimitar]

Paranoid response alert:

This doesn't mean much, in my opinion. It might stop several thousand teams of garage hacker heroes but it's hard to argue it would stop NSA / GCHQ / anybody else on their level.

With all of the leaks (good chunk of them are just theories, admittedly) that claim that agencies can utilize hardware backdoors remotely, it's hard for me to imagine I am safe from snooping, ever. What good would a stronger SSL/TLS key do if the agencies can directly connect to my CPU? What good would a strong VPN and a network like Tor do if my NIC reports my traffic via a backdoor in its driver without a chance of me ever noticing?

I definitely agree some progress has been made. No two opinions about it.

I do question if these countermeasures achieve anything at all against the biggest and most formidable snoopers however. I feel like they are letting us argue over things they've cracked long ago and are letting us think we're safe.

Usually when public statements are made by them which try to smear/outlaw a technology, it's then I'd think the agencies are having a hard time. If they don't say anything, I'm presuming they got things well under control and where they want them to be.

Not the ideal theory but all of this reply was just my thoughts anyway. If I had any facts whatsoever, I'd most likely be in a prison, so there's that. We can mostly only theorize here.

[alanwatts]

Compromised endpoints is the elephant in the room in the crypto debate.

[pdimitar]

Indeed they are. And it's somewhat discouraging seeing people argue over the best encryption algorithm instead of trying to hunt down Intel's rootkits, for example. Again, I can't claim anything; I am just reading and hearing things. They might be total crap and I might be an idiot for thinking they might be true. But they're still worth considering IMO.

[kardos]

It's not at all discouraging to argue over the best encryption, it's plenty healthy to keep the research going so weak/defeated methods get deprecated and only the strongest remain in use.

But you're right that endpoint security is the next monumental task and the challenges are not entirely unknown [1]. How do you suggest we proceed to achieve trustworthy hardware?

[1] https://libreboot.org/faq/#intel

[pdimitar]

That's a very good question and a very tough one to answer. In my opinion we the humanity gave up the easy way to a secure and publicly audited hardware when Intel started growing. We lost the battle right there and then. To try and do the same they achieved in 10-15 years but be entirely transparent and auditable... seems impossible right now. :(

However, projects like Raspberry Pi are admirable and are efforts in the right direction (even though recently it has been questioned if it can be hacked the same way that Qualcomm-based Androids can). I recently heard about that 1000-core CPU as well. I wonder if that's entirely public? If it is, it might render the x86 / AMD64 model irrelevant so we shouldn't spend gigantic efforts in trying to catch up with 10-15 years of hard work from Intel.

So probably the general direction would be to make old and good hardware protocols famous by trying to "libre"-ify them and bring them up to speed to today's computational requirements (mind you, I still want to play my games on Ultra settings). Even if we start replacing things one by one, every iteration could decrease the attack sufrace. That'll force the malicious actors to take counter-measures; for example, I'd think trying to outlaw ARM (or economically attack its usage, which is the much more used way of doing things IMO) and only license Intel/AMD for certain applications would be a telling sign that somebody doesn't like what's happening.

I am not a hardware person (wish I was; I am not even electrical / electronical engineer!) but I am a privacy-conscious person, and quite paranoid too. I am sure there's a way but alas, I can't answer you in as constructive manner as I'd want to. I can only do a "boss speak" and be oblivious to the details. And at 36 with a well-built career I am beginning to doubt I'll ever try and become a hardcore hardware engineer in addition to my programming/sysadmin experience.

My apologies if I wasted your time reading this.

EDIT: btw, the linked article is scary....