Hacker News new | ask | show | jobs
by bad_user 4330 days ago
If a global adversary can do it, then it is only a matter of time before a local crime syndicate can do it as well, after all stealing credit cards and other sensitive info is a booming business.

And what really bothers me is that this will give people a false sense of security. At least right now I'm seeing regular folks refraining from exposing sensitive info online out of fear of evil hackers that are often the subject of news. So yes, I think unencrypted email is better than a solution that isn't secure.
1 comments
_delirium 4330 days ago
I agree, and I think that's especially a good argument for email. For mail submission at least, I think most users for that use-case are now either using or moving to encrypted SMTP AUTH with certificate checking, which should be fairly robust on the local side (between you and your ISP/company), modulo the problems that exist with the CA system. For IM though I think lots of people are more worried about embarrassment than crime: someone grabbing & posting your cybersex logs online; or your comments about office politics (or an affair, or whatever) being read by snooping IT staff, that kind of thing. Some people specifically use IM for office-politics stuff rather than email, because they assume (probably correctly) that IT staff can more easily pry into their email.

Of course for that use-case you don't really need end-to-end encryption: an encrypted connection to the IM server would be fine, and maybe actually better. But a bunch of services don't support that (though Google Talk does).

link
XorNot 4330 days ago
You need end-to-end encryption anytime the IM server isn't under your control. It's a reasonable assumption that if they could log everything, some manager somewhere has ordered them to do it regardless of legality.
link
_delirium 4330 days ago
If the threat you're trying to protect against is your local IT sysadmin eavesdropping on your conversations about office politics, the fact that Google Talk may internally log your IMs is close to irrelevant. The NSA might be able to get those logs from Google, but your coworkers probably can't.
link