I think with today's ability to conduct retrospective fishing expeditions, and in light of how easily the government slipped into harassment of anti-Iraq-war groups and Occupy, that the danger of political spying is now inherent in all spying.
In a few words, mainly ammunition for the government to persecute and discredit critics (which isn't new), but also alarmingly but unsurprisingly, a way for those with access to this information (specific individuals within law enforcement and government) to exert this power over other private individuals for spite, profit, blackmail, coverup, etc.
It's even worse than that. Because they have these systems they don't need any actual evidence. If they don't like you (or you're divorcing someone they care about) they can just accuse you of wrongdoing that they "discovered" through surveilling you. How are you going to prove that you didn't do what they accuse you of? Audit their systems? Mmm hmm, I'm sure they'll let a known pedophilistic-terrorist or his designee in to check everything out. Even when you can audit systems it's hard enough to prove a negative.
That's why democracy and freedom can't exist in relationship with a secret police, acting domestically on secret data and laws.
My current thinking re: online privacy is an extension of what I long suspected, that its getting to be an all-or-nothing choice because the cult of power is going off the deep end. Orgs like the EFF are failing us here, because they keep suggesting we resort to using a laundry list of piecemeal privacy measures when much more comprehensive and effective tools are available.
Anyhow, if you want to see what Wired is calling the Apple of Linux OSes, take a gander at Elementary OS. I can appreciate them striving for the 'Just Works' mantra, but it needs to 'Just Work' with the tried and true ways of doing things that Unix and friends have enjoyed for decades now.
Actually it doesn't need to do that at all. If you read eOS' website, you'll see a declaration (be still my beating heart!) that its intentionally not working in the 'Linux distro' mold, and doesn't want "Linux" to be any part of its identity to regular users. They don't even particularly want compatibility with the existing base of Linux desktop apps, opting to convert some of them to the new paradigm instead. They consider the Linux desktop a failure, as in 'so bad, you can't even give this stuff away'.
I gather they will take what they need from the open codebase, and then not give a damn about honoring old uncle greybeard living "upstream" when it comes to making radical modifications. If upstream doesn't like the changes, they can leave them out of their own branch. elementaryOS is set to fork a lot of code, I think...
Knowing this, you should never have mounted your home dir wholesale under eOS. Their philosophy doesn't engender that level of compatibility, and in a few more releases doing this may be about as advisable as mounting home under OS X.
Then I realized the only part about the UI that bothered me was Dash. Adding classicmenu fixed that.
Between Dash being a mess and its online integration, these two things account for the lions' share of dissatisfaction with Ubuntu's direction, IMO. The rest of the changes they're making remind me of the good parts of OS X and I welcome the effort Canonical is putting into them.
OTOH my limited time with Mint places it little better in terms of smooth operation than Fedora or Debian. I do NOT like my screen contents flashed for 3 sec when waking from sleep, and I do NOT like having security updates held back.
those expanded warranties they introduced to compete with Samsung came to mind. I wonder if they were being sincerely offered in the first place, or if they were just a gamble against what time they had left.
T430s somewhat improved those issues: Ivy Bridge is easier on the battery, and about 9 months into the model's run Lenovo decided to stick with the AUO panels which are significantly brighter than the T420s displays I've put mine next to. What did not improve is the viewing angles.
These are strong/fast/light & modular machines. Its worth it to spend a bit more for the bay battery, IMO.
The X series are also great.
As for the current crop, the T440s has no bay for an optical drive, and the "front" battery is integrated though I'll bet its easily replaceable with a couple tools on hand. On the plus side it has Haswell, IPS FHD screen and a bit less weight.
Surprisingly, the bigger T440 also lacks an optical drive.
I think from the point of view of trusting one's hardware, the board design does rank pretty low and in the case of having closed ICs it doesn't matter at all... it can't protect the users from malicious microcode.
I2P and Qubes OS, though I am not yet contributing directly I do use them and understand them to some extent. My main concern is that the solutions are comprehensive and thus get used consistently, instead of diddling around with numerous application-layer protocols and OS add-ons.
Thank you for driving your point home. Often I feel the same way when reading screenfulls of (indeed) defeatists telling us not to worry about system intrusion or privacy because 'why would NSA/mafia/whomever be interested in a speck like you'?
I haven't gotten over myself and I'm glad you haven't, either.
Until you are. Then you're fucked, even if it's a bullshit reason, like making anti-NSA political statements on the Internet, while also being an OS developer and having knowledge of unpatched OS exploit vectors, and developing your own cryptographic ciphers. Then you may find your router firmware mysteriously bricked by an exploit gone wrong -- You see, upon suspicion of odd things going on in my network (like 350 MB uploads in the middle of the night when no one was using the net to IP addresses owned by the US government) I cleansed my systems and replaced my router and its firmware, but caused it to still be fingerprinted as stock. That's called a canary, and my canary is dead.
The NSA prefers routers, it seems. I wish there were more focus on security in this area, but its 'fast wireless gaming multimedia' that gets all the attention these days. One consolation is that having a secure OS and network stack can greatly reduce the impact of a compromised router.
If everyone uses that freedom, there should not be a problem.
That's a crock, because the organizing principle behind naive 'free markets' amplifies differences in wealth. Larger accumulations of capital have more opportunities to garner large profits; their own money-making 'efficiency' increases as their competition and most of their customers are driven to greater relative inefficiency.
Unregulated wealth accumulation has its own built-in network effects that lead to monopoly situations. Thus the subject of finance should never be considered without a healthy dose of class awareness.
Anybody know what the current reputation of The Netherlands is?
Awful. The prime minister even refuses to say anything bad about the unlawful interceptions, because "it could harm our interests as well". Clearly "our interests" do not include the interests of the citizens. And our domestic affairs minister wants to give the police unwarranted tapping powers with the possibility to install spyware, only controlled by their own organisation.
There are plenty of places that get favorable press for "economic freedom" because they ignore the dealings of (only) the wealthy. As far as overall freedom is concerned, however, I wouldn't place Singapore far from Dubai. Online traffic is intensely political now- not merely "economic activity".
I think everyone concerned about privacy should look at I2P instead of VPNs... having "private" in the acronym doesn't mean that in 2013 they are much good in actually protecting privacy. Only a proper darknet can prevent the who, where and when metadata from being exposed by basic traffic analysis.
Using I2P obviates 1-4 in that it keeps everything encrypted end-to-end and mixes your packets with traffic from many other people (this also addresses #6 from StripedCow). Its the P2P twist on Tor-- everyone routes packets thus contributing to bandwidth and overall privacy. Make Google and your ISP irrelevant with respect to your data.
For the general populace today, your list just looks like a convoluted mess (and there is no common sense when it comes to IT... we only see the tip of the internal system iceberg at any given moment). Online privacy can't be done piecemeal, one security scheme per application; that's just a disincentive to follow through and actually use it.
As for a secure open source system, see my tagline. Qubes is hypervisor-based and enforces security to an extent that I've never seen in other desktops.
If Linux isn't secure enough for you then you might like OpenBSD.
A hypervisor-based OS is much more robust than any BSD by itself; Serious people don't rely on traditional kernel-based security anymore.
You need to use VMs to reduce the attack surface as much as possible, and IMHO there is no better VM configuration than Qubes OS which is the most secure desktop out there. Actually, its designed to go beyond what most VM configurations will do for security by running the display and IP stacks in special VMs, for instance, and you can even use it to assign hardware devices to specific user-defined VMs.
The downside is that you end up separating your data into different domains (having varying levels of trust), but that's not so different from using jails. The upside is that you can run most Linux and Windows apps.
So my overall advice is to run I2P on top of Qubes if you value privacy.
This. We also need to make it much easier to find out which tools/services are worth people's time, energy, and money. Even something as seemingly simple as intelligently choosing an ISP, VPN, email provider, etc. requires a massive investment in time to learn the basic technical aspects of each service & relevant features, scour the Web to find non-spammy reviews hidden among the SEOspam, compare prices & feature offerings...
None of these approaches works anyway unless the other end of the communications also uses the same protocols, so you might as well specify a single robust, comprehensive tool. My take is that VPNs are vulnerable to traffic analysis (providing the who, when and where of your communications) and it requires a true anonymizing network with P2P routing to actually hide these details.
We've been advocating encryption and privacy to users in too piecemeal a fashion for the past 20 years. Now I think the best approach is to insist on applications that specifically utilize a protocol like I2P so all your encrypted traffic is intermixed with packets from other apps and other users. There is no need to be aware of OTR + PGP + HTTPS + how each app implements them and whether or not they're even turned on in each app. That's a dead end. Use apps written for I2P and be done with it.
One could advocate Tor in this role, but at this point it seems only marginally more popular than I2P which seems to also have more software written for it. Most of the stuff that supports Tor is primarily geared to unencrypted communications so that might leave us with the same dilemma of wondering if you have everything configured correctly to maintain privacy.
The real problem is: how do we get all of the public to adopt something like this.
One way is to say, "You can reach me at this address using I2P...". If enough people started using it for their interpersonal communications, it could become a standard of sorts that eventually gets adopted by business. People use Facebook, Skype and Twitter for business communications these days and the latter two had scarcely any marketing to speak of and spread through informal, personal use.
...which sounds like an oxymoron. I thought the Internet was to be considered a hostile environment, at all times. And if servers generally make this assumption, then everyone should.
Its PCs that need to be made safer, more trustworthy. And the requirements on his list seem to suggest that. For instance, target dispersal. How do you disperse responsibility for net traffic? Create more ISPs? Break them up? No class of corporate aristocrats and their politicos will stand for that. Its laughable! The establishment will only perform legal CYA and face-saving measures in response to surveillance revelations. Even then, the response will be less and less sincere after a short time and then only the people who run these companies will have any measure of privacy while the rest of us get lovingly-crafted PR as comfort.
I argue that the natural destination points for the dispersal are personal computers, in whichever shape they come. I2P is like a marriage of bittorrent and Tor-- THAT is the architecture which actually satisfies Bruce's suggestions. It is disingenuous for him to focus on backbones and ISPs given what he's asking for.
BTW, you may recognize many of the qualities touted by the Diaspora project in the responses below:
'Ubiquitous encryption' (on backbone, because that's where NSA taps are)
I2P goal is ubiquitous encryption between all routers and clients (which are essentially the same thing to it). Also, its general purpose so its possible ubiquitous among applications.
'Target dispersal'
If each person or organization routes traffic and mints their own crypto-based addresses, then power over communications is far more evenly distributed over the net. In many of the ways that matter, each node is acting as their own ISP and the physical ISPs become far less relevant to the legal machinations of the spies.
'Usable application layer encryption'
Apps are written for / adapted to I2P for the purpose of providing encryption; they will not be able to communicate with other nodes unless the I2P router service is running.
'More open source and standards'
Check - I2P is open source and libre.
'Better integrated anonymity tools'
Anonymity is the initial default for anyone starting to use I2P. Identities and trust relationships can be firmed-up in much the same way as ssh.
'Better assurance against system compromise'
I2P doesn't address this specifically, as the changes here need to begin more at the hardware and OS levels. Qubes OS, for instance, shows the hypervisor-enforced security context of programs via the window frame color. It also has a scheme to verify system authenticity at boot time using TPM hardware (if present). (I'm typing this now on a Qubes system.) Thus I2P apps running on Qubes can be placed in separate trust domains that are verified by the user at a glance.
Note: All of these points can be addressed on PCs; this may even be out of necessity. The surveillance problem is structural more than anything else-- the political and corporate classes are taking advantage of a reborn mainframe monoculture mainly "because we can". And if PCs are what made the Internet interesting and special in the first place, then probably PCs are where the change in the Internet needs to happen.
Conventionally encrypted links naively tell listeners the who, where and when of the communications.
Schneier makes good points in your first link: He asserts metadata=data, and makes special mention of the NSA's hatred for Tor. This is very apt, IMO... Tor is there early in his speech as an NSA bugaboo because anonymization networks are uniquely suited to hiding the metadata. Onion routing provides resistance to traffic analysis, and traffic analysis easily provides the who, where and when details of simplistic crypto links.
To get past the metadata surveillance problem, our encrypted communications will have to become both decentralized and structured. And the structure that current information technology can provide essentially boils down to a marriage of P2P and onion routing.
Now, if you want verification along with your onion routing, that is simpler than you may think because addresses on these networks also happen to be cryptographic keys that can be used to verify identity. If your systems remain secure, then no one else can reasonably impersonate you or the parties you're communicating with... as long as you stick to using.onion and.i2p addresses. This use of encrypted onion routing is known as 'darknet'.
So... To get past the surveillance problem and facilitate mutual trust, our communications will have to shift toward darknets. Online privacy requires the tools of anonymity every bit as much as it needs the principles of open source.
I'd actually recommend I2P - not Tor - as a model for a privacy- and trust-hardened Internet, because ubiquitous end-to-end encryption means no more need for "exit nodes", and also because I2P is intended to be general purpose, less centralized and more scalable... and the topology more closely mirrors a physical mesh network. They even have a server-less email system based on DHT running.
I2P is almost as old as Tor, and has increased its rate of growth considerably over the past few years. To me, the only real question about how appropriate the I2P concept is for a hardened Internet is just how many nodes it can really scale.
I design UIs occasionally. What iconography would you suggest replace the floppy disk for save? The down arrow and some bits?
Use a cylinder for crisesake, which is what IT used to symbolize secondary storage before the floppy disk. Its abstract enough to encompass different physical storage technologies while still having a historical grounding. You could have a smaller cylinder with a USB symbol or connector to mean removable storage. You could also show the cylinder 'filled' according to the allocated space on the volume.
My new Thinkpad still uses the cylinder for the HD activity light on its bezel.
This really, really is not hard. And switching back would be less confusing than the current trend of tucking application menus under a striped square, for just one example of current GUI fickle-ness.
When holographic Crystal Storage becomes the new de-facto storage standard a gleaming spinning cube will be a suitable iconic replacement representation.
Then why not use a flash module now? Is a cube better because its a simple shape? What makes you think the spinning-cube-scifi-sex-object won't be hidden inside of a shell if/when it becomes mass produced the way flash is?
For that matter, why not use hover to show animations of certain icons... to actually depict an action as such?
Because nothing else makes any damn sense...
You're basing your whole comforting but idiotic argument on a piece of skeuomorphism that hung around too long. IMO, the floppy doesn't remain in GUIs because people need it; its just a confusing smudge that no one has bothered to clean. It you want a historical symbol that nicely depicts 'volume', use a cylinder!
Slashdot Mirror
I think with today's ability to conduct retrospective fishing expeditions, and in light of how easily the government slipped into harassment of anti-Iraq-war groups and Occupy, that the danger of political spying is now inherent in all spying.
In a few words, mainly ammunition for the government to persecute and discredit critics (which isn't new), but also alarmingly but unsurprisingly, a way for those with access to this information (specific individuals within law enforcement and government) to exert this power over other private individuals for spite, profit, blackmail, coverup, etc.
It's even worse than that. Because they have these systems they don't need any actual evidence. If they don't like you (or you're divorcing someone they care about) they can just accuse you of wrongdoing that they "discovered" through surveilling you. How are you going to prove that you didn't do what they accuse you of? Audit their systems? Mmm hmm, I'm sure they'll let a known pedophilistic-terrorist or his designee in to check everything out. Even when you can audit systems it's hard enough to prove a negative.
That's why democracy and freedom can't exist in relationship with a secret police, acting domestically on secret data and laws.
My current thinking re: online privacy is an extension of what I long suspected, that its getting to be an all-or-nothing choice because the cult of power is going off the deep end. Orgs like the EFF are failing us here, because they keep suggesting we resort to using a laundry list of piecemeal privacy measures when much more comprehensive and effective tools are available.
Anyhow, if you want to see what Wired is calling the Apple of Linux OSes, take a gander at Elementary OS. I can appreciate them striving for the 'Just Works' mantra, but it needs to 'Just Work' with the tried and true ways of doing things that Unix and friends have enjoyed for decades now.
Actually it doesn't need to do that at all. If you read eOS' website, you'll see a declaration (be still my beating heart!) that its intentionally not working in the 'Linux distro' mold, and doesn't want "Linux" to be any part of its identity to regular users. They don't even particularly want compatibility with the existing base of Linux desktop apps, opting to convert some of them to the new paradigm instead. They consider the Linux desktop a failure, as in 'so bad, you can't even give this stuff away'.
I gather they will take what they need from the open codebase, and then not give a damn about honoring old uncle greybeard living "upstream" when it comes to making radical modifications. If upstream doesn't like the changes, they can leave them out of their own branch. elementaryOS is set to fork a lot of code, I think...
Knowing this, you should never have mounted your home dir wholesale under eOS. Their philosophy doesn't engender that level of compatibility, and in a few more releases doing this may be about as advisable as mounting home under OS X.
Then I realized the only part about the UI that bothered me was Dash. Adding classicmenu fixed that.
Between Dash being a mess and its online integration, these two things account for the lions' share of dissatisfaction with Ubuntu's direction, IMO. The rest of the changes they're making remind me of the good parts of OS X and I welcome the effort Canonical is putting into them.
OTOH my limited time with Mint places it little better in terms of smooth operation than Fedora or Debian. I do NOT like my screen contents flashed for 3 sec when waking from sleep, and I do NOT like having security updates held back.
those expanded warranties they introduced to compete with Samsung came to mind. I wonder if they were being sincerely offered in the first place, or if they were just a gamble against what time they had left.
T430s somewhat improved those issues: Ivy Bridge is easier on the battery, and about 9 months into the model's run Lenovo decided to stick with the AUO panels which are significantly brighter than the T420s displays I've put mine next to. What did not improve is the viewing angles.
These are strong/fast/light & modular machines. Its worth it to spend a bit more for the bay battery, IMO.
The X series are also great.
As for the current crop, the T440s has no bay for an optical drive, and the "front" battery is integrated though I'll bet its easily replaceable with a couple tools on hand. On the plus side it has Haswell, IPS FHD screen and a bit less weight.
Surprisingly, the bigger T440 also lacks an optical drive.
...hundreds of thousands of tcp connections per second...
Hold on there, I'm still using DNet!
I think from the point of view of trusting one's hardware, the board design does rank pretty low and in the case of having closed ICs it doesn't matter at all... it can't protect the users from malicious microcode.
I2P and Qubes OS, though I am not yet contributing directly I do use them and understand them to some extent. My main concern is that the solutions are comprehensive and thus get used consistently, instead of diddling around with numerous application-layer protocols and OS add-ons.
I've started writing about them in my journal...
Thank you for driving your point home. Often I feel the same way when reading screenfulls of (indeed) defeatists telling us not to worry about system intrusion or privacy because 'why would NSA/mafia/whomever be interested in a speck like you'?
I haven't gotten over myself and I'm glad you haven't, either.
Their open source hardware is the board, not the CPU.
Hmmm... The board design is just the tip of the iceberg in the overall operation of these systems. Almost insignificant.
To what extent is this Cortex A7 open source??
Until you are. Then you're fucked, even if it's a bullshit reason, like making anti-NSA political statements on the Internet, while also being an OS developer and having knowledge of unpatched OS exploit vectors, and developing your own cryptographic ciphers. Then you may find your router firmware mysteriously bricked by an exploit gone wrong -- You see, upon suspicion of odd things going on in my network (like 350 MB uploads in the middle of the night when no one was using the net to IP addresses owned by the US government) I cleansed my systems and replaced my router and its firmware, but caused it to still be fingerprinted as stock. That's called a canary, and my canary is dead.
The NSA prefers routers, it seems. I wish there were more focus on security in this area, but its 'fast wireless gaming multimedia' that gets all the attention these days. One consolation is that having a secure OS and network stack can greatly reduce the impact of a compromised router.
If everyone uses that freedom, there should not be a problem.
That's a crock, because the organizing principle behind naive 'free markets' amplifies differences in wealth. Larger accumulations of capital have more opportunities to garner large profits; their own money-making 'efficiency' increases as their competition and most of their customers are driven to greater relative inefficiency.
Unregulated wealth accumulation has its own built-in network effects that lead to monopoly situations. Thus the subject of finance should never be considered without a healthy dose of class awareness.
Anybody know what the current reputation of The Netherlands is?
Awful. The prime minister even refuses to say anything bad about the unlawful interceptions, because "it could harm our interests as well". Clearly "our interests" do not include the interests of the citizens. And our domestic affairs minister wants to give the police unwarranted tapping powers with the possibility to install spyware, only controlled by their own organisation.
Disclaimer: I live there.
My condolences... http://slashdot.org/journal/570913/privacy-for-the-surveillance-age
There are plenty of places that get favorable press for "economic freedom" because they ignore the dealings of (only) the wealthy. As far as overall freedom is concerned, however, I wouldn't place Singapore far from Dubai. Online traffic is intensely political now- not merely "economic activity".
I think everyone concerned about privacy should look at I2P instead of VPNs... having "private" in the acronym doesn't mean that in 2013 they are much good in actually protecting privacy. Only a proper darknet can prevent the who, where and when metadata from being exposed by basic traffic analysis.
Using I2P obviates 1-4 in that it keeps everything encrypted end-to-end and mixes your packets with traffic from many other people (this also addresses #6 from StripedCow). Its the P2P twist on Tor-- everyone routes packets thus contributing to bandwidth and overall privacy. Make Google and your ISP irrelevant with respect to your data.
For the general populace today, your list just looks like a convoluted mess (and there is no common sense when it comes to IT... we only see the tip of the internal system iceberg at any given moment). Online privacy can't be done piecemeal, one security scheme per application; that's just a disincentive to follow through and actually use it.
As for a secure open source system, see my tagline. Qubes is hypervisor-based and enforces security to an extent that I've never seen in other desktops.
If Linux isn't secure enough for you then you might like OpenBSD.
A hypervisor-based OS is much more robust than any BSD by itself; Serious people don't rely on traditional kernel-based security anymore.
You need to use VMs to reduce the attack surface as much as possible, and IMHO there is no better VM configuration than Qubes OS which is the most secure desktop out there. Actually, its designed to go beyond what most VM configurations will do for security by running the display and IP stacks in special VMs, for instance, and you can even use it to assign hardware devices to specific user-defined VMs.
The downside is that you end up separating your data into different domains (having varying levels of trust), but that's not so different from using jails. The upside is that you can run most Linux and Windows apps.
So my overall advice is to run I2P on top of Qubes if you value privacy.
This. We also need to make it much easier to find out which tools/services are worth people's time, energy, and money. Even something as seemingly simple as intelligently choosing an ISP, VPN, email provider, etc. requires a massive investment in time to learn the basic technical aspects of each service & relevant features, scour the Web to find non-spammy reviews hidden among the SEOspam, compare prices & feature offerings...
None of these approaches works anyway unless the other end of the communications also uses the same protocols, so you might as well specify a single robust, comprehensive tool. My take is that VPNs are vulnerable to traffic analysis (providing the who, when and where of your communications) and it requires a true anonymizing network with P2P routing to actually hide these details.
We've been advocating encryption and privacy to users in too piecemeal a fashion for the past 20 years. Now I think the best approach is to insist on applications that specifically utilize a protocol like I2P so all your encrypted traffic is intermixed with packets from other apps and other users. There is no need to be aware of OTR + PGP + HTTPS + how each app implements them and whether or not they're even turned on in each app. That's a dead end. Use apps written for I2P and be done with it.
One could advocate Tor in this role, but at this point it seems only marginally more popular than I2P which seems to also have more software written for it. Most of the stuff that supports Tor is primarily geared to unencrypted communications so that might leave us with the same dilemma of wondering if you have everything configured correctly to maintain privacy.
While I agree with you.
The real problem is: how do we get all of the public to adopt something like this.
One way is to say, "You can reach me at this address using I2P...". If enough people started using it for their interpersonal communications, it could become a standard of sorts that eventually gets adopted by business. People use Facebook, Skype and Twitter for business communications these days and the latter two had scarcely any marketing to speak of and spread through informal, personal use.
...which sounds like an oxymoron. I thought the Internet was to be considered a hostile environment, at all times. And if servers generally make this assumption, then everyone should.
Its PCs that need to be made safer, more trustworthy. And the requirements on his list seem to suggest that. For instance, target dispersal. How do you disperse responsibility for net traffic? Create more ISPs? Break them up? No class of corporate aristocrats and their politicos will stand for that. Its laughable! The establishment will only perform legal CYA and face-saving measures in response to surveillance revelations. Even then, the response will be less and less sincere after a short time and then only the people who run these companies will have any measure of privacy while the rest of us get lovingly-crafted PR as comfort.
I argue that the natural destination points for the dispersal are personal computers, in whichever shape they come. I2P is like a marriage of bittorrent and Tor-- THAT is the architecture which actually satisfies Bruce's suggestions. It is disingenuous for him to focus on backbones and ISPs given what he's asking for.
BTW, you may recognize many of the qualities touted by the Diaspora project in the responses below:
'Ubiquitous encryption' (on backbone, because that's where NSA taps are)
I2P goal is ubiquitous encryption between all routers and clients (which are essentially the same thing to it). Also, its general purpose so its possible ubiquitous among applications.
'Target dispersal'
If each person or organization routes traffic and mints their own crypto-based addresses, then power over communications is far more evenly distributed over the net. In many of the ways that matter, each node is acting as their own ISP and the physical ISPs become far less relevant to the legal machinations of the spies.
'Usable application layer encryption'
Apps are written for / adapted to I2P for the purpose of providing encryption; they will not be able to communicate with other nodes unless the I2P router service is running.
'More open source and standards'
Check - I2P is open source and libre.
'Better integrated anonymity tools'
Anonymity is the initial default for anyone starting to use I2P. Identities and trust relationships can be firmed-up in much the same way as ssh.
'Better assurance against system compromise'
I2P doesn't address this specifically, as the changes here need to begin more at the hardware and OS levels. Qubes OS, for instance, shows the hypervisor-enforced security context of programs via the window frame color. It also has a scheme to verify system authenticity at boot time using TPM hardware (if present). (I'm typing this now on a Qubes system.) Thus I2P apps running on Qubes can be placed in separate trust domains that are verified by the user at a glance.
Note: All of these points can be addressed on PCs; this may even be out of necessity. The surveillance problem is structural more than anything else-- the political and corporate classes are taking advantage of a reborn mainframe monoculture mainly "because we can". And if PCs are what made the Internet interesting and special in the first place, then probably PCs are where the change in the Internet needs to happen.
Conventionally encrypted links naively tell listeners the who, where and when of the communications.
Schneier makes good points in your first link: He asserts metadata=data, and makes special mention of the NSA's hatred for Tor. This is very apt, IMO... Tor is there early in his speech as an NSA bugaboo because anonymization networks are uniquely suited to hiding the metadata. Onion routing provides resistance to traffic analysis, and traffic analysis easily provides the who, where and when details of simplistic crypto links.
To get past the metadata surveillance problem, our encrypted communications will have to become both decentralized and structured. And the structure that current information technology can provide essentially boils down to a marriage of P2P and onion routing.
Now, if you want verification along with your onion routing, that is simpler than you may think because addresses on these networks also happen to be cryptographic keys that can be used to verify identity. If your systems remain secure, then no one else can reasonably impersonate you or the parties you're communicating with... as long as you stick to using .onion and .i2p addresses. This use of encrypted onion routing is known as 'darknet'.
So... To get past the surveillance problem and facilitate mutual trust, our communications will have to shift toward darknets. Online privacy requires the tools of anonymity every bit as much as it needs the principles of open source.
I'd actually recommend I2P - not Tor - as a model for a privacy- and trust-hardened Internet, because ubiquitous end-to-end encryption means no more need for "exit nodes", and also because I2P is intended to be general purpose, less centralized and more scalable... and the topology more closely mirrors a physical mesh network. They even have a server-less email system based on DHT running.
I2P is almost as old as Tor, and has increased its rate of growth considerably over the past few years. To me, the only real question about how appropriate the I2P concept is for a hardened Internet is just how many nodes it can really scale.
I design UIs occasionally. What iconography would you suggest replace the floppy disk for save? The down arrow and some bits?
Use a cylinder for crisesake, which is what IT used to symbolize secondary storage before the floppy disk. Its abstract enough to encompass different physical storage technologies while still having a historical grounding. You could have a smaller cylinder with a USB symbol or connector to mean removable storage. You could also show the cylinder 'filled' according to the allocated space on the volume.
My new Thinkpad still uses the cylinder for the HD activity light on its bezel.
This really, really is not hard. And switching back would be less confusing than the current trend of tucking application menus under a striped square, for just one example of current GUI fickle-ness.
When holographic Crystal Storage becomes the new de-facto storage standard a gleaming spinning cube will be a suitable iconic replacement representation.
Then why not use a flash module now? Is a cube better because its a simple shape? What makes you think the spinning-cube-scifi-sex-object won't be hidden inside of a shell if/when it becomes mass produced the way flash is?
For that matter, why not use hover to show animations of certain icons... to actually depict an action as such?
Because nothing else makes any damn sense...
You're basing your whole comforting but idiotic argument on a piece of skeuomorphism that hung around too long. IMO, the floppy doesn't remain in GUIs because people need it; its just a confusing smudge that no one has bothered to clean. It you want a historical symbol that nicely depicts 'volume', use a cylinder!
uses bias to judge people news at 11
Oh, the irony of sympathizing with those who judge for profit.