[DanBC]

> The only way to prevent security agencies from indiscriminately monitor web traffic is to make it technically impossible.

The vast majority of people do not want that Internet. See, for example, the popularity of Facebook. (About 1.2bn users per month).

You need technical measures, and law, and effective oversight.

[x1798DE]

I would guess that the vast majority of users don't know enough to have an opinion about the security and privacy of their browsing experience, but would be in support of such improvements if it caused them no inconvenience.

Law and "oversight" are really not likely to be effective. They're only useful as part of a "defense in depth" strategy, where we make it technically impossible for any attacker to get this information, and if our protocols have flaws in them, the government shouldn't be allowed to look at them anyway, so we have a second (weaker) layer of defense behind our primary defense.

[Zigurd]

Privacy or "oversight," pick one. With strong croup and deniability privacy is absolute, unless you want torture to be a law enforcement tactic. If you can't handle that, you might as well communicate in the clear.

[DanBC]

What?

Oversight is a legal measure applied to police and security agencies to ensure that they are obeying the law, not something you do to the general public.

[Zigurd]

Ideally, but in these times...