|Worried about spooks?|
For a lot of the history of the Internet, any sort of encryption was an add-on. The idea was that the network allows communication, and is robust. Indeed, it was devised by the military originally. Their concept, I am sure, was that the underlying communications lines were physically secure. But the world has changed. Communications goes via any number of companies and countries.
These days we use DNS, and we go to web sites, and a lot of that is "in the clear". Even so, we do not expect to be tracked and logged. Yes, a web site will log accesses (by IP) which could be traced to us, but most of us know and trust that web site operators cannot be arsed with holding that or handing it to the police, especially as they are probably not in the same country as us a lot of the time. The biggest "threat" most consider (to the point of crazy nanny state laws on cookies) is advertisers profiling us in some way.
But we also use https, even for "normal" things now, like google, and Facebook. Someone monitoring the underlying connection can tell we are accessing google or Facebook, but not what we are doing.
Similarly, email was normally "in the clear" over the network. Increasingly the links between clients and servers, and even between servers, are being encrypted, but if someone runs an email server, they can log and see the emails. The fun with the internet is that you can run your own mail servers and you don't need a "service provider" - a concept that does not make sense to government. Even so - who are you emailing and who is emailing you and what servers have logs of those emails? The only way to be sure is to use end to end encryption like PGP, but even then there is the meta-data of email addresses and even subject line "in the clear".
But why are any of us so paranoid?
I perceive some threats to my privacy... What are they?
Companies: We all see that there are targeted adverts and people tracking what we do when we interact with them and this feels wrong some how. Some of it is good in a way as it saves time when a site remembers my details for me, but some of it is spooky and worrying. Then you worry about how well these people protect all that personal data.
Criminals: We all have concerns over criminals - not people using data "legitimately" for marketing and other gains, but people getting that data and mis-using it. The most obvious being credit card fraud. I am sure we have all suffered from that at one point or another, but even so I have had massively more hassle from my banks hair-trigger of a fraud detection system than any actual fraud. Ultimately the actual fraud is against my bank and not me anyway. That said, my personal data could be used in other ways as a weapon against me. If I did have something to hide, I could be the subject of blackmail.
Government: This is perhaps the most worrying of all - they are better funded than companies or criminals, and their intentions are not clear. I am not a criminal, and as such I really dislike the idea that the government has any data on me and what I do on the Internet. I don't trust them with that data - either to keep it safe from leaking to criminals (or companies) or for what they might do with it. I don't trust them not to abuse that data themselves if ever I am thought to be "wrong thinking" and they can find something to use against me. I really dislike the idea that they then want to out-source collecting data about me to ISPs and other companies that also cannot be trusted with that data.
Nothing to hide?
I have nothing to hide, do I? No affairs; No dodgy deals; No tax avoidance; No criminal activity; No dodgy downloads; No drugs (apart from coffee and whisky). Much of my life is an open book - heck, I'll even admit to watching porn occasionally. Not everyone is so open, and they should not have to be.
But really, we all have something to hide. Anyone reading this that thinks that they have nothing to hide, please post a reply with your credit card number start and expiry, name, date of birth, address, and code from back of your card: Oh, you want to hide that do you? OK post your medical history: or do you want to hide that? What about your last 50 payslips: No, want to hide that too? Tell us what porn you like: No? What about installing a public webcam in your bedroom, or toilet: No?
Of course we all have something to hide, and we expect and demand some level of privacy. We are entitled to privacy - it is a basic human right. Some of us expect a lot more privacy. Most people do have something to hide which is entirely non-criminal. A few people have something to hide which is criminal. Some people are even politicians!
For some people their web history could almost be as invasive as a webcam in their bedroom. And for people that do have a web cam in their bedroom - to use in "conversations" with their "friends" over the Internet - that traffic may be something they want to hide from the world too.
If we have a right to privacy, then we need to understand who can monitor what we do on the Internet, when that is "visible" and to whom it is "visible".
One of the great things in the world today is end-to-end encryption, so you can communicate with someone and know that only they can see what you are saying.
At the end of the day - privacy is always an option. We can communicate using the means we have, and we can use end-to-end encryption (even without using a computer). If the law says we cannot, then there are ways to do that covertly with no way to prove the use of encryption (steganography). So laws can only encroach on our privacy and not actually stop people communicating covertly. There is no point in such laws and they need to be blocked.
What we need is a society at a national and global level where people do not feel the need to be terrorists or criminals - tackle these problems at the root. If we give up our privacy and our way of life then the terrorists win by default. Don't let that happen.
P.S. cool halloween photo, Andrew (who also carved the pumpkin).