Snowden: Privacy can't depend on corporations standing up to the government

No surprise that security updates are the center of this conversation. Software patching is a source of vulnerabilities turned off (exploitation from fixed bugs) and turned on (update provider can be malicious).<p>When heartbleed broke that was evidence that the &#x27;many eyes&#x27; theory of secure open source software hadn&#x27;t worked. Alternatively, the bug was found because big corporations with security budgets were getting serious about holes, so maybe &#x27;many eyes&#x27; is starting to be true. Certainly apple&#x27;s &#x27;goto fail&#x27; and RSA&#x27;s key strength bribery are examples of &#x27;not enough eyes&#x27; for closed software.

If we all used free software, would that even be a problem?

&quot;I didn&#x27;t use Microsoft machines when I was in my operational phase, because I couldn&#x27;t trust them&quot; ... I&#x27;m not really sure that open source should get a free pass in terms of trust - it&#x27;s not possible for you as an individual to single handedly verify that the open source software is trustable either; you need to assume that the group maintaining it has your best interests at heart.

Snowden generally seems not to open his mouth unless he has something worthwhile to say, so I imagine he might have addressed this in the actual talk of which this article is such a brief summary, but: what choice do we have? No, it&#x27;s not great, but we typically use government power to check corporations, so I don&#x27;t see anything inherently wrong with using corporations to check an unaccountable, runaway government.

I was thinking about encryption the other day. It struck me that whenever the topic came on HN we tended to see encryption as 100% or nothing.<p>I however think we should instead focus on creating good enough encrypted communication for email, chat... for two reasons.<p>1. It&#x27;ll make things a little bit more expensive for the &quot;watchers.&quot;<p>2. It will create noise. I.e. right now, if one person is using encrypted communication, he automatically becomes a target. With everyone using some level of encryption...<p>3. It&#x27;ll serve as an intro to security. The same app that provides base level encryption can give TIPS on how to become even more secure. Think Windows &quot;Tip of the day.&quot;<p>There&#x27;s no perfect security. An insecure world-wide, easy-to-setup encrypted communication is better than nothing. Because, it&#x27;ll at least make people more security&#x2F;privacy conscious.