[betterunix]

"For most of American history, "privacy" meant that what happened in the walls of your home or in the confines of some other private place remained private"

The problem is that today there are very few private places, and it is very hard to get to a private place unnoticed. Private, secluded places are becoming rare as security cameras are installed. Even if you can find such a place, your trip to it might be recorded by security cameras and license plate scanners. Even if records of postal mail had been kept in the past, it would have been very difficult to make use of that data -- but data mining techniques are changing that.

"The internet is really not designed to keep communications over it secret or private in any way, and platforms like Google and Facebook are built on exposing as much private information about users as possible."

I once had this view, but I have come to see that it is flawed. Most people are not making an informed decision about this, and there is almost no effort to teach the background needed to make such an informed choice. What we are seeing are governments and corporations taking advantage of the general population's ignorance. It is not that people do not value privacy, it is that they do not even realize the extent to which they are giving it up.

[rayiner]

I don't disagree that many people aren't making an informed decision about this, especially all the kids and young teenagers who use Facebook and Google, etc. But my point is about the technology, not the people. The technology isn't designed to keep information private. SMTP sends plain-text e-mails through intermediate servers. Anybody can inspect the packets flying by on their network, which mostly have plain-text contents. Apparently at Google (from what we've learned from the David Barksdale stalking story: http://gawker.com/5637234/gcreep-google-engineer-stalked-tee...) lots of people have extensive access to customer data. I don't imagine the situation is much better at Facebook.

The technology didn't have to be designed that way. Google could, e.g. encrypt your gdrive contents client-side, and I bet there would be a way to store e-mail accounts encrypted so only the inbox/outbox would be stored in plain text on Google's servers. Facebook might be harder but it would be an interesting technical challenge to see what extent to which Facebook accounts could be stored encrypted on Facebook's servers. But by and large the internet is not designed that way. It is designed to leak your data all over the place, to every sysadmin at every intermediary, which makes privacy very hard to achieve, whether from the government or from companies.

[sneak]

> I bet there would be a way to store e-mail accounts encrypted so only the inbox/outbox would be stored in plain text on Google's servers.

What makes you think that's not being done now?

[krallja]

The fact that search works implies that the contents of your email are not encrypted.

[sneak]

It's easy to search encrypted data, you just decrypt it first.

What makes you think Google would be reckless enough to store unencrypted private data on disk, or incompetent enough to not implement search over an encrypted set of data?

[rayiner]

My suggestion was to encrypt the data client-side and store the accounts encrypted, so Google couldn't themselves decrypt the accounts. The purpose is to think of ways to structure the technologies so the hosting providers don't have to be trusted entities.

[sneak]

That doesn't work, as anyone providing you a clientside cryptosystem can provide you a backdoored clientside cryptosystem at the government's demand (one that silently uploads your key material to the server).

It doesn't matter if they don't normally store the key. It's a webapp.

Also, they need the key to do search. Furthermore, this does nothing to hide the metadata surrounding your communications, which necessarily must not be encrypted for services to work.