Net surveillance laws - will it impact the way you create apps?

This is a good read:

  • How will this change the way you develop apps?
  • Are you opting for more secure methods of communication for your users… or less?
  • Will you (like Apple) do your bit so that decryption is made impossible?
  • Or is this something that doesn’t concern you or the kind of apps you create?

How does this make us feel as users/citizens ourselves? Will you choose apps you use more carefully?


I think we have to be realistic the likelihood that SSL certificate providers are not cooperating with the likes of NSA are infinitely close to 0.

1 Like

My foolproof plan for sanity:

  1. Stick my head in the sand
  2. Encrypt everything (except some things, which in reality means pretty much all things)
  3. Tell myself everything’s fine

Never have I felt more like that cartoon dog sitting in a burning room than when considering life on the Internet in 201X.

On a serious note, I think we all just need to fix point 2 and push hard on it.


Hear hear.


Torsocks for the win, in my case.
Also, I’ve always focused on applications that would be used in LANs, with a great ease of maintenance and deployability

1 Like

A couple years ago, I would be right there with you. But I see it differently now, which is why I’m trying out other tactics for a more “open data”-centric world (much like how our world is more “open source”). So with ibGib (NB the big scary privacy disclaimer), I am focusing more on two things primarily:

  1. Authentication & Identity
  2. Content guarantees.

So, for example WRT identification, every ibGib (it’s like a “thing” or “datum”) is identified with at least one identity. And you can log in with multiple email addresses, “layering them” as more evidence of your identity - very much like claims-based identity. In the future, I’ll have more methods: OAuths most likely, but maybe not user/pass because it’s so weak.

As for content “guarantees”, most ibGib contain a sha256 hash of its data content (and ib and rel8ns), so a client could check this hash against the content to help battle tampering.

I’m working on other dynamics as well, but overall the goal is to get the data used for data analytics that is already being collected by the big entities “into the light” for use in a distributed information system by “the rest of us” in order to protect ourselves from the “secret police” mentioned in that article. In the end, it’s always possible for end users [*1] to privately encrypt their data, but then they don’t get the benefits that come with transparency.

So I personally think it’s more of a concern about governments cracking down on censorship. “Live in the Light” just isn’t possible without Freedom of Speech! :smile:

[*1] Or consumers of the API when I get the write side done - only the read API is currently implemented similar to a CQRS design.

1 Like

I really say you need to make an article (markdown in your repo maybe? easy to post around then) that build up from the basics about why, how, and etc… about your whole setup. :slight_smile:

1 Like

That’s totally the plan! :smile:

Currently, I’m working bit by bit with the repo’s wiki, but I am planning on doing the website content with that info once the next interactive “multiplayer” version of ibGib comes out…but you’ve inspired me to create an issue on it!