Uhhh I'm not so sure tech is so innocent here. The honeymoon period with big tech ended after 2016, when society finally realized exactly how much influence big tech has over our minds, and how they absolutely show no responsibility towards the power they wield to alter people's realities, instead hiding behind silly excuses about just being platforms.
This isn't just about contrarian views. This is the fact that, thanks to big tech, any nut job can have the same real-estate and influence as a more established journalistic organization that has many people that internally also argue about how to convey messaging to the public.
I say all this as someone who frequently criticizes the mainstream media for also drumming up drama where it doesn't exist, and misinforming the public. So I'm hardly a cheerleader for them. But at least there is some sort of self-policing going on, and a realization of the responsibility they carry in society. There isn't much of that the big tech companies like Facebook.
Not just newspapers. Warren (and now many others) are interested in breaking up large companies because their power threatens the governments power. Articles like these help test the waters since NYT supports the left more than the right.
That's what they wanted when they pushed Let's Encrypt. https meant something before, since a certificate was expensive and required proof of identity. Yes, those methods weren't infallible, but they were good enough. Now we've lost that with free https.
Certificates weren't expensive before Let's Encrypt, several outfits offered free certificates, especially on a "trial" basis that would be adequate for criminals even if it was largely useless to legitimate users.
But expensive certificate were, and still are, available to those with the Apple mindset. DigiCert will sell you a certificate for $218. Lasts 12 months.
And you're probably thinking: Right, that's a _proper_ certificate, that'll assure me of who bought it, and it comes with true security and all this amazing stuff. Nope, that's the same DV assurance that Let's Encrypt gives away, except DigiCert gets $218 of your money, and why not?
If there's a guy wants to buy one glass of water from me for $100 who am I to insist drinking water is free?
Anyway, no, certificates did not require "proof of identity" prior to Let's Encrypt, in fact back then they only required that the CA use "Any other method" a term of art in the rules that meant the CA could use its own best judgement (perhaps clouded by commercial considerations) to decide what was enough to be sure you controlled example.com before issuing you an example.com certificate.
_After_ Let's Encrypt, and with substantial input _from_ key Let's Encrypt people this was reformed to the Ten Blessed Methods (there are not actually ten of them today, but I like that name and it seems to have stuck) in which there are explicit methods defined for how a CA must check that you control the DNS names you want certificates for.
You are living in an all too common fantasy world. A world where you needlessly spend more money to achieve less security because you don't want to be confronted with facts.
> When you paid with your card they knew your identity.
Who's the "they" in that sentence? As it stands, a certificate reseller knows that the Paypal account "some.name.here@gmail.com" paid for a SSL certificate for "www.unrelatedcompany.TLD"
The certificate itself tells you nothing about who paid for it - it doesn't even tell you which email account was used to confirm some level of association with the unrelatedcompany.TLD domain.
Then PayPal has the data and LE can follow the trail. Because it's about LE being able to tell who actually bought the certificate, telling me end users can't do that is kinda moving the goalposts.
Maybe your "people" are cool with LE reading their salty messages to significant others, or hot take political commentary, but all the "people" I know expect privacy as good responsible citizens should.
One might reasonably assume the "bad guys" they're trying to catch would go elsewhere though, if they have any sense. So then you're just left with innocent people to spy on.
What if catching the stupid bad guys just means the smart bad guys take their place? Like a spray that kills 99% of bacteria, all you're potentially doing is applying a selective pressure towards being more technically smart.
And in this case, being more technically smart might just mean clicking the link to the E2E encrypted web chat site rather than the server-to-client encrypted site. Perhaps, though, the government will start banning websites that offer E2E encrypted chat, and require hosting companies to not let you host such apps yourself.
One of many basic cultural differences between the UK and the EU. In the EU you must give up your biometrics (fingerprint) by law. Doesn't surprise me that they are leaving.
I think surveillance techniques and invasion of privacy are often spearheaded by the UK. I remember the CCTV cameras where everywhere long before other countries leveraged them at that scale.
That happened to me too. Min payment was 120€ or so, and when I had amassed that amount (it took me like one year), bam, banned a few days before I could cash out. Obviously on purpose. That was ten years ago or so I think.
Eh, not sure what you mean, but yeah some DRM is obnoxious and almost spyware. Warden, World of Warcraft's DRM, is for example profiling your system hard.
It speaks to the priorities, attitude and / or the work ethics of the developers involved. I wouldn't trust people who care about using teenager slang and looking cool to write secure and efficient services that I could use in production with customer data. I may be wrong, but my confidence is still low.
