I wouldn't be a doomer about it, but it is important to understand that there will always be a man in the middle. That's literally how the Internet is designed. Your computer connects to an ISP which connects to some other ISP which connects to some other ISP (and so on) which connects to the destination of your message. Cryptography has afforded us the ability to ensure the messages aren't tampered with, but they can still be recorded and timestamped at every hop along the way.
To have real anonymity on the Internet would be like expecting to be able to mail a letter with no address written on it. You could get away with making a dead drop here and there, but not anything persistent.
tangential, but I remember reading about a physical dead drop method neatly updated for the internet age: a fake rock that had short-range wireless communication (I forget if it was bluetooth or wifi or what) that all you had to do to dead drop was walk past it with a keyed partner device and it would either upload or download the payload
Yeah, but ideally we'd have our DDoS protection done by someone other than the issuer of our certificate, so that they can't trivially decrypt and log any traffic.
Edit: https://hexbear.net/post/127316
Looks like there's plans to switch certificate providers.
I wouldn't be a doomer about it, but it is important to understand that there will always be a man in the middle. That's literally how the Internet is designed. Your computer connects to an ISP which connects to some other ISP which connects to some other ISP (and so on) which connects to the destination of your message. Cryptography has afforded us the ability to ensure the messages aren't tampered with, but they can still be recorded and timestamped at every hop along the way.
To have real anonymity on the Internet would be like expecting to be able to mail a letter with no address written on it. You could get away with making a dead drop here and there, but not anything persistent.
tangential, but I remember reading about a physical dead drop method neatly updated for the internet age: a fake rock that had short-range wireless communication (I forget if it was bluetooth or wifi or what) that all you had to do to dead drop was walk past it with a keyed partner device and it would either upload or download the payload
I think the youtube channel The Modern Rogue did a demonstration on that.
Yeah, but ideally we'd have our DDoS protection done by someone other than the issuer of our certificate, so that they can't trivially decrypt and log any traffic.
Edit: https://hexbear.net/post/127316
Looks like there's plans to switch certificate providers.
They can't trivially decrypt and log the traffic if any cipher suite with forward secrecy is used. ECDHE is a good example.
They can and do trivially decrypt the traffic. The CF certificate is used only between the client and CF's servers, which decrypt the data.