Company pledges
This commit is contained in:
parent
62a2d0693a
commit
fc07be049b
3
faq.org
3
faq.org
|
@ -16,6 +16,7 @@
|
||||||
| [[How do I get a domain name?]] |
|
| [[How do I get a domain name?]] |
|
||||||
| [[How do I get a "real" SSL certificate?]] |
|
| [[How do I get a "real" SSL certificate?]] |
|
||||||
| [[Why use self-signed certificates?]] |
|
| [[Why use self-signed certificates?]] |
|
||||||
|
| [[Why not use the services of $company instead? They took the Seppuku pledge]] |
|
||||||
#+END_CENTER
|
#+END_CENTER
|
||||||
|
|
||||||
* Why not supply a disk image download?
|
* Why not supply a disk image download?
|
||||||
|
@ -182,3 +183,5 @@ Almost everywhere on the web you will read that self-signed certificates are wor
|
||||||
Security of web sites on the internet is still a somewhat unsolved problem, and what we have now is a less than ideal but /good enough to fool most of the people most of the time/ kind of arrangement. Long term a better solution might be to have a number of certificate authorities in a number of different jurisdictions vote on whether a given certificate actually belongs to a given domain name. Experimental systems like this exist, but they're not widely used. Since the current certificate system has an enormous amount of inertia behind it change could be slow in arriving.
|
Security of web sites on the internet is still a somewhat unsolved problem, and what we have now is a less than ideal but /good enough to fool most of the people most of the time/ kind of arrangement. Long term a better solution might be to have a number of certificate authorities in a number of different jurisdictions vote on whether a given certificate actually belongs to a given domain name. Experimental systems like this exist, but they're not widely used. Since the current certificate system has an enormous amount of inertia behind it change could be slow in arriving.
|
||||||
|
|
||||||
For now a self-signed certificate will probably in most cases protect your communications from "bulk" passive surveillance. Once you've got past the scary browser warning and accepted the certificate under most conditions (except when starting up the Tor browser) you should not repeatedly see that warning. If you do then someone may be trying to meddle with your connection to the server. You can also take a note of the fingerprint of the certificate and verify that if you are especially concerned. If the fingerprint remains the same then you're probably ok.
|
For now a self-signed certificate will probably in most cases protect your communications from "bulk" passive surveillance. Once you've got past the scary browser warning and accepted the certificate under most conditions (except when starting up the Tor browser) you should not repeatedly see that warning. If you do then someone may be trying to meddle with your connection to the server. You can also take a note of the fingerprint of the certificate and verify that if you are especially concerned. If the fingerprint remains the same then you're probably ok.
|
||||||
|
* Why not use the services of $company instead? They took the Seppuku pledge
|
||||||
|
[[http://seppuku.cryptostorm.org][That pledge]] is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "/on our side/". Post-[[https://en.wikipedia.org/wiki/Nymwars][nymwars]] and post-[[https://en.wikipedia.org/wiki/PRISM_%28surveillance_program%29][PRISM]] we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
|
||||||
<head>
|
<head>
|
||||||
<title></title>
|
<title></title>
|
||||||
<!-- 2014-10-28 Tue 22:10 -->
|
<!-- 2014-11-09 Sun 18:29 -->
|
||||||
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
|
||||||
<meta name="generator" content="Org-mode" />
|
<meta name="generator" content="Org-mode" />
|
||||||
<meta name="author" content="Bob Mottram" />
|
<meta name="author" content="Bob Mottram" />
|
||||||
|
@ -187,6 +187,10 @@ for the JavaScript code in this tag.
|
||||||
<tr>
|
<tr>
|
||||||
<td class="left"><a href="#unnumbered-5">Why use self-signed certificates?</a></td>
|
<td class="left"><a href="#unnumbered-5">Why use self-signed certificates?</a></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
|
<tr>
|
||||||
|
<td class="left"><a href="#unnumbered-6">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
|
||||||
|
</tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
</div>
|
</div>
|
||||||
|
@ -475,6 +479,14 @@ For now a self-signed certificate will probably in most cases protect your commu
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div id="outline-container-unnumbered-6" class="outline-2">
|
||||||
|
<h2 id="unnumbered-6">Why not use the services of $company instead? They took the Seppuku pledge</h2>
|
||||||
|
<div class="outline-text-2" id="text-unnumbered-6">
|
||||||
|
<p>
|
||||||
|
<a href="http://seppuku.cryptostorm.org/">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div id="postamble" class="status">
|
<div id="postamble" class="status">
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue