SSL Encryption Coming To The Pirate Bay

An anonymous reader writes "The Pirate Bay, in response to Sweden's new wiretapping law, will start offering SSL encryption to its user base this week. Although copyright issues really have little to do with national security, The Pirate Bay knows its population is uneasy with the recent legal change. The encryption will mostly benefit Swedish users living under the current law. Since The Pirate Bay and its servers are not hosted in Sweden, the additional security offered to outside users could be comparatively minimal."

A broader lesson

[dfaulken]

While this particular instance doesn't concern me, it seems that, more and more, we're seeing reasons to start encrypting most data that we send across the Internet--certainly we would encrypt IMAP/POP3 sessions, Jabber and whatnot--why not HTTP as well?

Yes, there might be some performance drawbacks, but, on the whole, it seems to me like the less data we send in plaintext, the less we open ourselves up to identity theft, and being spied on by governments (not necessarily our own, mind you).

So I tend to think that this is just a manifestation of this broader trend towards encryption in all Internet transactions. I think the real question is whether we'll see people using SSL/TLS for things like checking the weather or sports scores.

Re:A broader lesson

[dfaulken]

If you look at the postal system, people have been using security envelopes or at least sealed envelopes since pretty much the beginning. This is exactly the problem, though--people are accustomed to using envelopes, whereas getting people to use e-mail encryption requires some serious additional effort, which most people aren't willing to put in.

Re:A broader lesson

[nine-times]

Yeah, it seems to me that it was an oversight that networking wasn't encrypted in the first place. When lots of these protocols were being developed, security didn't seem to be much of a consideration.

It's about time that these things got rectified, but I'm not sure what the best course is. For example, using SSL concerns me in that we've accepted the convention that certificates should be issued by certain set organizations that require exorbitant fees. I mean, hundreds or thousands of dollars per year for an SSL cert? Seems a bit much to me. Yeah, I know you can generate your own, which will cause you to get complaints from your websites' users when they see what looks to them like an error message.

I'm not a security expert, but I get the sense someone needs to go back to square one and figure out how to build a coherent, open, and secure model for networking that doesn't rely on giving such control to a small number of companies.

Re:A broader lesson

[David+Jao]

Yeah, it seems to me that it was an oversight that networking wasn't encrypted in the first place. When lots of these protocols were being developed, security didn't seem to be much of a consideration.

You may be too young to remember this, but until 1997, it was for all practical purposes illegal to transmit cryptography software over the internet because of ITAR regulations.

As a result, during the formative years of the internet when networking protocols were being designed, there was no practical way to include security as a requirement. A cynic would interpret this state of affairs as being exactly the goal that the US government had in mind when they made cryptography illegal.

About time

[nurb432]

Lets hope this is just the beginning.

*everything* should be encrypted by default, and no unencrypted connections should be offered.

I don't care that i'm doing nothing wrong, its no ones business.

ya, there is a performance hit, but thats just part of the deal to have your communications remain private.

Re:speed

[Maxo-Texas]

I agree with your general point and agree that recent material that is still in print should be either paid for or ignored.

That being said, I torrent.

I use it for
1) Movies that I can't buy if I want to.
2) Comics that I grew up with and can't buy if I want to.
3) Anime that isn't for sale in the U.S. (This has lead to be buying anime when it does become available- like Stand Alone Complex)

And I do draw the line 28 years (the original terms before our governments sold out to disney and other companies and sold away the public domain to them). And I could get fined or go to jail for that activity. I keep that in mind, so I use peer guardian and other techniques to keep a low profile. But mainly, I stay away from new hot shit. Mostly, new hot movies you can buy for $5-$7.50 within 18 months of them coming out. Why risk prison/ fines to see a movie 18 months early? And more importantly, creators do deserve *some* compensation for creating.

Re:speed

[WeblionX]

Wait, so I can now buy HD movies online and download them as fast as my connection allows legally? I thought I had to drop a wad of cash on a new disc drive then had to either go out and buy or wait for it to ship to get the movie, then I had no option to put it on my computer (legally). This is all news to me.

Re:speed

...creators do deserve *some* compensation for creating.

Which is EXACTLY the point. They're product isn't *worth* anything if it isn't scarce. With digital medium nothing is scarce making it worth whatever the public is willing to pay - simple economics. What pisses me off is that media companies are allowed to force artificial scarcity. I have no sympathy and don't believe hiding their greedy little faces behind corrupt bureaucrats should be tolerated by the general public.