On 09/02/2013 12:08 PM, MZMcBride wrote:
What information, exactly, are we trying to prevent governments from getting ahold of?
There are three such things, in (my personal) order of importance:
1) credentials, especially those of editors that have rights allowing further privacy encroachments (i.e., checkuser, oversight, even sysop to some degree);
2) association between user account and person (this one is /especially/ difficult to hide to a determined attacker that can do whole-network monitoring); and
3) what users are interested in (reading), whether logged in or not.
But I should also add that governments are most certainly not the only entity we are trying to protect against; anyone in a position of authority - or who would like to position themselves as such - are potential attackers that might like to collect information to use against their targets. This means employers, schools, parents, and multitude others.
Governments seem the most salient mostly because they have the capacity to do so on a massive scale; but to me scenarios like a fellow student doing a tcpdump in the lab to find "dirt" to use against someone is at least as important to protect against.
All of those three points are greatly countered with *uniform* encryption at the network level (ranging from "solved" for the amateur attackers to "vastly increased cost and complexity of mass monitoring" for the bigger ones).
-- Marc