Let's face it, PGP is pretty old school. It's like pocket-protechor old-school. I've personally taken several runs at trying to get PGP up and running. The problem has always been: once I get PGP working, there's nobody to send encrypted email to. PGP just has never had enough scale to get even close to mainstream. Enter keybase, which is trying to revolutionize the way people use and think about PGP with a friendly web site and integration into services such as Twitter, reddit and github. I finally cajoled an invite out of a friend today and have been giving it a whirl.
My first impression is that Keybase does not entirely solve the problem of making public-key encrypted email work better. For one: if you want to incorporate PGP email into Apple Mail, you still have to download and install GPG tools, and the command line keybase tools (which require Node and NPM). And though there is some integration between the GPG tools and the Keybase tools, it's fiddly and requires lots of command line usage (e.g. to make sure people you "track" on the Keybase web site also have their public keys imported into your GPG keychain so you can send them encrypted emails from within Apple Mail. AND you have to use GPG tools to manually add additional email addresses into your key, if you generated the key with Keybase. So that's a pretty high bar if you want seamless PGP email from the desktop. I haven't even tried to get it running on any of my mobile devices yet - which will definitely mean moving to a new email client (or just not being able to access encrypted emails on mobile, which is not ideal). There's a lot of work going on to remedy these issues if the github issue threads are any indication.
What Keybase does allow you to verify PGP signatures without physically validating fingerprints in person, though proofs you add to your social networks.
Anyway, I now have some keybase invites. If you would like one, please message me in some way and have a look yourself.
#blogthis #pgp #keybase
So first of all, I was confused initially about who was supporting it. The logos at the bottom left panel include HM Government but also the more recognizable Facebook and Twitter logos (without explanation) which seems (to me) to mean "this is being sponsored by the government, Twitter and Facebook" or possibly "this is a government initiative with sponsorship provided by Twitter and Facebook." In fact, reading the web site, it appears that neither Twitter nor Facebook have any formal role, so the presence of their logos is somewhat mystifying. I Suppose they just mean "we are on Twitter and Facebook" but honestly, these days who isn't?
But putting this to the side for a second, I really don't know what to make of this campaign. On the one hand, it's exactly the kind of public awareness campaign thatI feel is needed. People need to start getting more aware of the the web basics, especially around privacy, e-safety, scams. use of strong passwords, installation of updates and use of security software. So yes. Great. But the information provided doesn't seem to cover a lot of the key basics that I would think need to be covered. For example, under "privacy" i find no mention of private browsing modes or when you might want to use them, and no discussion of tracking on the web. Under "keeping your child safe online" I see "Parental controls are available through your internet provider." but no mention of Apple's built in parental controls. More importantly, the text on this screen looks like a placeholder. As I'm leafing through their site, I'm asking "where is the actual content?" It feels like this could be a good use for wizards or possibly a cartoon. Also this campaign seems to be aimed both at businesses and families, and those are two different groups with different needs - so that's weird. Finally some of the advice is a little questionable. For example: always download updates. Yes, but: sometimes phishing scams can masquerade as software updates as a vector to get malware into your computer. I know that's a difficult message to package into a Tube advert, but it feels like the messaging could be better thought through. "Sign up to security software provided by your bank, such as Trusteer Rapport." No. No, no, no. Judging from my experience with the software my own bank was trying to push me, I don't think this is good advice - at all. Rather, how about educating people about how they can click on the padlock icon in their browser to verify the provenance of that certificate.
So I haven't done a rigorous analysis of the whole campaign, but I'm of two minds about what I've seen so far. On the one hand: yes, it's needed and yes, some good info. On the other hand some of the info provided makes me suspicious about its provenance and whether or not it has all been fact-checked by actual domain experts.
What do you think? /cc #blogthis
So the hacker in me loves the idea of this, but actually I think it's probably over-kill (and an over-promise) for most people's web privacy needs.
First of all, if you want to surf the Web through the Tor network you just have to download an install the Tor browser bundle (https://www.torproject.org/download/download - also see this Guardian article from last year: http://gu.com/p/3k569) . This application download actually pairs a heavily customized (with additional anonymity-enhancing features) Firefox browser with the Tor networking software. But even that is overkill for most casual "private browsing." If you are just trying to search privately (for example, for medical-related topics that you don't want showing up in your ads the next time you search the web) then the private browsing modes that now come as standard with modern browsers (Chrome calls it "incognito") are perfectly fine. What these modes don't protect you from is your network provider (ISP) snooping browsing. Tor does encrypt your network traffic (to the Tor service) but it comes with major downsides such as slowness. Because of the way Tor works, routing your traffic around the Internet until it finally pops out onto the public Net at an "exit node", your traffic will also appear as if it's coming from another country than the one you live in. So for example if you live in the UK you will find BBC iPlayer will not work through Tor. Also if you run all your traffic through Tor but don't use private browsing modes, or Tor's special browser build, then you are still exposing yourself to tracking through cookies, fingerprinting and other techniques.
But if you do use TorBrowser it also blocks certain technologies such as Flash player, so it's a trade off.
Basically people need to gauge how much privacy they need in a given situation and employ the right tool for the job. Unfortunately it doesn't look to me like anyone is working to drive general public awareness of Web privacy these days, which is a shame.
#blogthis #privacy #tor #privatebrowsing
Dan is also a co-chair of the W3C Technical Architecture Group (W3C TAG). The TAG is a special working group within the W3C, chartered (under the W3C Process Document) with stewardship of the Web
[Updated: fixed this G+ event to show the correct date - the 13th of November.]
- TelefonicaOpen Web Advocate, 2013 - present
- TelefónicaHead of Product Management, BlueVia, 2011 - 2013
- Vodafone Group PlcSenior Architect, Tech Strategist, Web & Internet Evanglist, 2002 - 2011
- VizzaviSoftware Development Manager, Vizzavi UK, 2001 - 2002
- TheStreet.co.ukCTO, 1999 - 2000
- TheStreet.comDirector of Content Management, VP of Global Technology, 1998 - 1999
- E-DocDirector of Engineering, 1995 - 1997
- Visix SoftwareTech Writer, 1993 - 2005
- Carnegie Mellon UniversityCognitive Science, 1987 - 1991
Daniel Appelquist on web modernisation and net security
The open-web advocate and early web pioneer Daniel Appelquist discusses the future of the internet with Jemima Kiss
Can We Extend the Web Cleanly? - Programming - O'Reilly Media
Design by Committee is rarely a compliment. Can the Web shift away from that model, retaining some order without falling into troublesome ch
Firefox OS carves out low-end smartphone market niche
The higher-end smartphones market may be saturating with iOS and Android devices, but demand for low-cost models has given Mozilla a way to
Transport for London uses Google Maps to help people navigate the city’s...
Posted by Phil Young, Head of Online, Transport for London Editor's note: Today's guest blogger is Phil Young, Head of Online for Transport
Meet the TAG: Q&A Panel and Web Developer Mixer
An event in London, England featuring Peter Linss, Tim Berners-Lee, Yehuda Katz and more...
Tim Berners-Lee: encryption breaking by spy agencies 'appalling and fool...
Inventor of world wide web calls for debate about 'dysfunctional and unaccountable' oversight of NSA and GCHQ
Mozilla’s Lightbeam Firefox tool shows who's tracking your online movements
Browser firm says its new browser add-on will be 'a step forward in the fight for greater openness across the internet'
What's 'Over the Air'? Think overnight hackathon meets developer confere...
The 'Over the Air' event series feels more like a festival than a tech event.
Websites Begin Supporting Safari Push Notifications Ahead of Mavericks L...
Ahead of the final unveiling of OS X Mavericks at tomorrow's media event and an expected public launch soon after, several high-profile webs
The many meanings of Open | Sir Tim Berners-Lee for #TheOpenAgenda | Tel...
Sir Tim Berners-Lee, founder of the world wide web, blogs for Telefonica on the critical implications of "openness" - across the web, data a
Google wants to patent splitting the restaurant bill
It's one of the great social difficulties of our time. Now Google would like to offer (and own) an allegedly equitable solution. Read this a
Disney’s Crazy Invention Lets You Feel Phantom Objects Floating In Air
Microsoft’s Kinect is an amazing device. It can track virtually any motion you make, allowing your real body to interact with an amazing inv
Breaking Down The Inertia Around Android And iOS Innovation
There's an argument over whether Android is the better innovation platform, or maybe it is iOS. Maybe it is neither.
Firefox OS Building Blocks find a new home, and get more streamlined
One year ago we started working on what is known as Firefox OS Building Blocks with the idea of creating a set of reusable components ...