In related news, DuckDuckGo has seen a huge spike in traffic (https://duckduckgo.com/traffic.html). Even if the NSA has probably circumvented DDG's privacy features, it's still worth using them for trying to preserve user privacy. And in my experience, DDG's search results have improved drastically, to the point that I very rarely have to resort to Google.
I wonder what Gabriel Weinberg would do if the NSA told him to hand over his SSL keys so they could view all his traffic. Would he shut down like Lavabit did? Would be interesting to get a statement out of him about this.
Have to give you more than an upvote here. This is an excellent point, and could be extended to many companies that are concerned with privacy. It would be great if their leaders made preemptive public statements on how they would handle that situation.
What we need is not someone who will shut down the server like Lavabit did, but someone who will refuse to hand over the keys and yet keep the service running. Someone who will fight. I get it, it's better to shutdown than to be evil and hand over the keys, but it's much better to fight.
You've got to draw the line somewhere, unless you're fine with the conclusion that you can't trust any form of computing technology (which leaves you powerless against mechanized systems of control).
It seems like we should be able to progress on this front, but I haven't seen much work towards it. Trustable computers are necessary but clearly not sufficient to push back against tyranny, which is why I (like everyone else) just assume my computing base is solid (or at least not infecting the software I'm writing), while working on software to help get us out of this VC-fueled "web 2.0" trap.
1) You can generally trust network equipment because there are many types of it, produced by many companies all over the world.
2) This means any backdoor in your computer that transmits information over the network would be trivial to detect and therefore useless for NSA et al.
With that in mind, the most dangerous backdoor that could feasibly exist is probably the one that subverts the RNG. Here is a discussion about a hypothetical backdoor in the hardware RNG built into new Intel CPUs: http://crypto.stackexchange.com/questions/9210/technical-fea...
There'd be plenty of ways to use existing network traffic as a side channel when you've tapped the network a few hops away (eg adjusting packet timings or sequence numbers). Also, a backdoor doesn't have to be active all the time (although that would hinder dragnet surveillance)
Much of DDG's privacy stems from not having any user data to store in the first place. While that can be circumvented to some extent, it's hard to do so without outwardly visible consequences.
I have tried DDG a bit for the last week, but unfortunately for me its results have been so much inferior to Google's that I had to give up on it. I hope it gets there.
I use DDG as my default, and when I'm not getting the results I know I could get with Google, I go to Google. It's usually pretty obvious. This way I support DDG, while not sacrificing my productivity (too much).
