"I don't have to tell you things are bad. Everybody knows things are bad."
I've taught more people about the Web Of Trust and how to use GPG in the last ~1.5 months than in the last ~1.5 decades.
"...and we sit watching our TV's while some local newscaster tells us that today we had fifteen homicides and sixty-three violent crimes, as if that's the way it's supposed to be."
Something about this current drama has made the whole concept of encryption and the realities of surveillance suddenly resonate with a LOT more people. It's not a majority yet, of course, but a change in perception this dramatic is a amazing.
"We sit in the house, and slowly the world we are living in is getting smaller, and all we say is, 'Please, at least leave us alone in our living rooms.'"
I have people emailing me encrypted email now, who just last year ignored the idea with the usual dismissal of it being "unnecessary" or "too complicated"[1].
"Well, I'm not going to leave you alone. I don't want you to protest. I don't want you riot. I don't want to write to your congressman because I wouldn't know what to tell your to write."
So now that people are finally noticing the reality they live in, and are finally getting mad, I see this as what educators call a "teachable moment" to try and suggest a few broader concepts tan the gpg lessons they are asking for.
"I'm as MAD AS HELL, and I'm NOT going to take this anymore!"
A few things I've been trying to teach recently, now that there are actually people listening:
* General education on the concept of data mining, and the power of a handful of JOIN clauses. The idea of grabbing all your phone calls is something most people already understand. Connecting a few random bits of entropy together to get a surprisingly reliable primary key is still not widely understood.
* Web Of Trust - Starting small and local is good, just like in elections. It would be amazing if somehow the Key Signing Party could be worked into some traditional social ritual.
* Stop supporting the feudal model of email, by tying your identity to an @company.com ___domain. Land is king IRL, and staking your claim on the internet is important for similar reasons. It would be nice if everybody could change their MX records and hosting service as easily as they change POTS long distance providers.
* Stop using webmail - many of the benefits of encryption are lost if you don't keep the keys in your physical possession, as demonstrated by lavabit and elsewhere.
This doesn't directly fix the problem[2], but it is stuff that can be done (and is being done) now, and these are certainly things that would help immediate problems faced when organizing a revolution. The NSA doesn't have the manpower or money to strong-arm their snooping routers into every last-mile endpoint. This kind of long-term cutting of the data the NSA can see is one of the better weapons we have against them.
"Then we'll figure out what to do about the depression and the inflation and the oil crisis. But first get up out of your chairs, open the window, stick your head out, and yell..."[3]
[1] You would think a Biology professor would understand an argument about how this isn't necessary about them, but about maintaining the "herd immunity" of the email ecosystem...
[2]: It might in the long run, once a lot more software support is written, and it finally becomes possible for regular people to extend their web of trust as far as, e.g. groklaw.
[3]: Incidentally, the lecture at the end of Network comes to mind every time the government panics about Snowden: "...and YOU have meddled with the primal forces of nature, and YOU...WIIL...ATONE!"
I've taught more people about the Web Of Trust and how to use GPG in the last ~1.5 months than in the last ~1.5 decades.
"...and we sit watching our TV's while some local newscaster tells us that today we had fifteen homicides and sixty-three violent crimes, as if that's the way it's supposed to be."
Something about this current drama has made the whole concept of encryption and the realities of surveillance suddenly resonate with a LOT more people. It's not a majority yet, of course, but a change in perception this dramatic is a amazing.
"We sit in the house, and slowly the world we are living in is getting smaller, and all we say is, 'Please, at least leave us alone in our living rooms.'"
I have people emailing me encrypted email now, who just last year ignored the idea with the usual dismissal of it being "unnecessary" or "too complicated"[1].
"Well, I'm not going to leave you alone. I don't want you to protest. I don't want you riot. I don't want to write to your congressman because I wouldn't know what to tell your to write."
So now that people are finally noticing the reality they live in, and are finally getting mad, I see this as what educators call a "teachable moment" to try and suggest a few broader concepts tan the gpg lessons they are asking for.
"I'm as MAD AS HELL, and I'm NOT going to take this anymore!"
A few things I've been trying to teach recently, now that there are actually people listening:
* General education on the concept of data mining, and the power of a handful of JOIN clauses. The idea of grabbing all your phone calls is something most people already understand. Connecting a few random bits of entropy together to get a surprisingly reliable primary key is still not widely understood.
* Web Of Trust - Starting small and local is good, just like in elections. It would be amazing if somehow the Key Signing Party could be worked into some traditional social ritual.
* Stop supporting the feudal model of email, by tying your identity to an @company.com ___domain. Land is king IRL, and staking your claim on the internet is important for similar reasons. It would be nice if everybody could change their MX records and hosting service as easily as they change POTS long distance providers.
* Stop using webmail - many of the benefits of encryption are lost if you don't keep the keys in your physical possession, as demonstrated by lavabit and elsewhere.
This doesn't directly fix the problem[2], but it is stuff that can be done (and is being done) now, and these are certainly things that would help immediate problems faced when organizing a revolution. The NSA doesn't have the manpower or money to strong-arm their snooping routers into every last-mile endpoint. This kind of long-term cutting of the data the NSA can see is one of the better weapons we have against them.
"Then we'll figure out what to do about the depression and the inflation and the oil crisis. But first get up out of your chairs, open the window, stick your head out, and yell..."[3]
[1] You would think a Biology professor would understand an argument about how this isn't necessary about them, but about maintaining the "herd immunity" of the email ecosystem...
[2]: It might in the long run, once a lot more software support is written, and it finally becomes possible for regular people to extend their web of trust as far as, e.g. groklaw.
[3]: Incidentally, the lecture at the end of Network comes to mind every time the government panics about Snowden: "...and YOU have meddled with the primal forces of nature, and YOU...WIIL...ATONE!"
edit; formatting