Google Welcomes Netflix to High Speed Networks





  • It just seems that Google's all over the map... some days they are great partners of humanity.. other days.. not so much.

    At least today they are on humanity's side.



  • Their ISP division seems to reliably do great things.



  • On the top of Google doing good things.. they are discussing the options in creating end to end encryption for gmail users. I hope they can pull it off. It would be great if they can also help push out GPG technology to the masses.



  • Office 365 is end to end encrypted while in flight. I don't see any real value to encrypting at rest as long as you use an enterprise setup. Except where required by law.

    GPG everywhere would be a huge pain. If you automate it enough to make it work easily you also defeat its value.



  • Sure, but you also don't see the value in having all websites use SSL even if there is no need to keep things from prying eyes. Personally I think all things on the internet should be encrypted. No one needs to see what I'm pulling from a website. Hell it bothers me that they can see that I'm attaching to that website (unless I use something like TOR).



  • @Dashrender said:

    Sure, but you also don't see the value in having all websites use SSL even if there is no need to keep things from prying eyes. Personally I think all things on the internet should be encrypted. No one needs to see what I'm pulling from a website. Hell it bothers me that they can see that I'm attaching to that website (unless I use something like TOR).

    But why? Does it bother you that people see you driving or at the grocery store?

    What value is there is encrypting 9gag or the daily news or MangoLassi? What are you doing that hiding that activity from your ISP ( the only people with visibility) matters? And the ISP will still see the traffic, just not know exactly what was requested. They will still see you on the sites.



  • I think too much security, like encrypted everything, results in a situation similar to security through obscurity where we start to confuse people and they think that they are hidden when they are not and actually make them overall less secure.



  • I care less about the ISP than I do the feds... I do believe in the tenants of 1984. I do believe that perhaps some day I'll do something somewhere that will piss someone who is high and mighty off and they will go to their NSA buddies and say.. give me this guys life story for the past 20+ years... and they'll find some little really shouldn't matter BS that they'll use against me. Yes you can call me a bit paranoid...
    But in light of Snowden's releases can you honestly tell me there is no possibility of that?

    Hell, even the 4th amendment is being trumped by the courts as long as the search and seizure is automated and not done by a computer... it's just horrible!



  • Plus, adding more encrypted data to the internet is just that much more work those intercepting that data has to do. So I'm all for slowing them down any way I can.



  • I think that they can see the traffic just fine. Just increasing the tax dollars spent on it 🙂

    Especially since they see the endpoints most likely. So encrypting in the middle probably does little.



  • eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?



  • @Dashrender said:

    eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?

    Yes. I'm implying that they have access to pretty much everything of value. From network gear back doors to direct database dumps.



  • @Dashrender said:

    eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?

    SSL decryption's pretty easy for a man-in-the-middle.



  • @alexntg said:

    @Dashrender said:

    eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?

    SSL decryption's pretty easy for a man-in-the-middle.

    What? Please explain.

    I have to give Scott his point that the hardware has already been compromised, so the encryption is potentially pointless since they have direct access to it pre encryption, but post SSL encryption being 'easy' to decryption... help me out here.



  • @Dashrender said:

    @alexntg said:

    @Dashrender said:

    eh? are you implying that they have compromised most of the websites out there? or at least the big boys? if not, assuming it's encrypted from my desk to their server, how would they have unecrypted access?

    SSL decryption's pretty easy for a man-in-the-middle.

    What? Please explain.

    I have to give Scott his point that the hardware has already been compromised, so the encryption is potentially pointless since they have direct access to it pre encryption, but post SSL encryption being 'easy' to decryption... help me out here.

    It's fairly common now for content filters to decrypt SSL traffic. If enterprise-grade products can do it, why wouldn't government-grade ones do it too?



  • You're forgetting a major part. The only reason the enterprise devices can do it is because those enterprises have rolled out a trusted cert to their clients that allow the edge devices to create on the fly certificates that make the client device think they have end to end encryption.

    Now.. of course.. if the NSA has a CA in their back pocket (and why wouldn't we think they do) or are a covert CA themselves (hell anyone can be a CA these days), then life is a bit easier for a man in the middle type attack. But you'd still have divert the traffic to your own servers that are using the 'fake' cert for the website in question, which would then act as a proxy for the real site (exactly like the enterprise systems).

    This problem can be mostly solved by CA stapling. CA stapling can be seen here http://en.wikipedia.org/wiki/OCSP_stapling

    Of course to really make this all work much more securely we need secure DNS, and I'm not sure how much longer that's going to take, if we ever get it.


Log in to reply