Good points by the OP.<p>I've railed about similar things. Most notably, VPNs are a UX disaster. And that is a shame because the fundamental technology behind VPNs would be a prerequisite to a model that I describe as "PAO" [1] wherein I host my own omnipresent applications and data. The failure of VPNs to deliver a user experience that casual users can manage is one of the many contributors to the rise of the traditional cloud. I contend that regular people would be perfectly fine buying and replacing hard drives in a home disk array if the experience were straight-forward (it's anything but). Similarly, regular people would be fine buying Internet connectivity with high upload speed if this was part of ensuring secure, (nearly) everywhere access to their data. Regular people would be fine joining a federated backup cartel with friends and family if it were easy to set up.<p>The savvy can do many of these things with today's mediocre UX, but the tremendous amount of money to be made by solving the problem using proprietary centralized servers explains why R&D has been directed toward the cloud as opposed to self-hosted application servers.<p>Diving into minutia for a moment, in light of this week's news, I also recently ranted that it's a real shame that GPG suffers from one of the worst user experiences across all modern software. PGP from 10 to 15 years ago was a better user experience than GPG in 2013. The Thunderbird+GPG interface is absolutely horrific and even when I know I should encrypt a particular communication, when faced with the reality of getting my recipient configured with GPG, I flinch at the certain pain and suffering. I concede, "well, it's probably not needed anyway--who is likely to be listening?"<p>[1] <a href="http://tiamat.tsotech.com/pao" rel="nofollow">http://tiamat.tsotech.com/pao</a>
See also "Why Johnny Can't Encrypt: A Usability Study of PGP 5.0", Whitten et al <a href="http://www.gaudior.net/alma/johnny.pdf" rel="nofollow">http://www.gaudior.net/alma/johnny.pdf</a><p>and its followup, "Why Johnny Still Can't Encrypt: Evaluating the Usability of Email Encryption Software", Sheng et al <a href="http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstract.pdf" rel="nofollow">http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstr...</a>
We developers, especially those of us who consider ourselves activists, have been too slow to move this stuff forward. I’m fairly certain that is because most of us are “savvy enough” to use the tools that exist, etc. The movement has been growing to evolve these tools to catch up with the needs (well...) of modern users, but that evolution is really just beginning.<p>One among many such projects, I am a developer at LEAP ( <a href="https://leap.se" rel="nofollow">https://leap.se</a> ). We are working on this very problem. We’re getting ready for public beta of our Encrypted Internet Proxy ( VPN for now, Tor and more features to come) and will be rolling out truly end-to-end secure email, IM, SMS, and voice. Also calendar, contacts, and possibly password management. All client encrypted. All syncing across your devices. All in an Open Source, Trust No One, user friendly way.<p>There are many tools and services out there already, but the ones that the technology un-savvy can use happily mostly run in a centralized fashion, requiring that you trust your service provider. No different, except in mission statement, than what people use today with big mail or chat providers and social networks. Would it were not so, but we live in an era where that trust is a vulnerability that we are seeing exploited.
Another thing: p2p is totally broken. You can work around it with central servers, but then [ <i>cough</i> skype ] you have a dependence on a big server farm that costs a bunch of money. In the long run, they won't keep you safe.<p>As an addendum, at least with home connections the technically inclined could badger their routers into allowing incoming connections. Given that computers (that can run long-running background services) and land lines are going to be the exclusive domain of the rich or the programmers in a few years, there is essentially no hope at all of fixing this.
Good article, but I'd like to disagree with the notion that what Google and bing are doing with long-term tracking is necessary to have good search results. blekko has its own crawl and index, doesn't do any per-user tracking, and doesn't even save unconnected and anonymized clicks if you have DNT set. We don't use super-long personal session data to pick whether we show you Fox News or the NYT article on Prism. Our results could certainly be improved, but having a bigger crawl and more unconnected and anonymous clicks is how we'd improve them, not by making a huge database which could easily be used to reconstruct our users' lives going back years.
It is so easy to blame software, is it?<p>1. If you are not able to manage your keys, which includes a simple unencrypted key-backup, you are doomed, even with a pretty interface.<p>2. If you insist on other people to take away the responsibility from you, no service, hard- or software will provide security or privacy for you.<p>3. You don't need a cloud, when decentralized or local services crater you much better and faster.<p>4. Sharing data isn't really a problem, it's the lack of transparency of the data collecting entity that creates the problem.<p>The conclusion is, to protect your security/privacy and to successfully utilize any crypto-toolchain you have to accept that responsibility isn't comfy, and delegation will lead to compromise.<p>Did you really believe that any government, or parts thereof, in the world would not tap the vast resources that packet-switched networks, centralized services would offer them?<p>Zacqary knows nothing about security, secure procedures or even cryprography.<p>If you delegate your private, unsecured communications to an entity for a comfortable user experience, you did not want either security and privacy.<p>Sorry, to tell you so.
Check out what my friends at CozyCloud are working on: <a href="https://www.cozycloud.cc/" rel="nofollow">https://www.cozycloud.cc/</a><p>They want to be your user-friendly personal cloud. Easy as an an App Store. Open source. Host it wherever you want. Your data and your apps are yours.