The cypherpunks have yet to do their greatest work. Join us.
Nice ending, a call to action and all that. Quick quiz then - what do fellow HN'ers see as some of the greatest work still to come from a cypherpunk-like movement?
If you are a moderately advanced user, then you can start using such methods right now. While no method is "perfect", they do exist.
Because you're advanced, you do not need to wait for Apple, Google, Microsoft, etc. to introduce them to you in their products and services.
Until these methods become popular beyond only advanced users, there will be a tradeoff in "convenience".
"Engineering" by nature involves tradeoffs. I think (and again, this is only my opinion) you have to decide what is more important to you and better in the lng run for everyone using computers: a. "convenience" or b. what is by advanced users perceived as "the smarter way" (for lack of a better phrase).
The large monopolies mentioned have set their focus not on the advanced user but on the user who purportedly values "convenience" (a subjective definition) above all else. They make guesses about what things might become popular and they make assumptions about what their end users want. The future of computers is always uncertain. These companies will react to what users are doing.
If you want the companies that provide "convenience" to redirect their focus toward what you believe is "the smarter way" then I think you must lead by example. Start using the methods you prefer, even when it is less convenient than not using them.
I do not believe any large company have economic interest in developing such technologies, in part because they can subvert current business models that are built on centralized identity authorities and communications monitoring, so I rely on independent efforts to see variants of these technologies that can reasonably be adopted by the people I interact with.
But we should be careful to distinguish technologies aimed at home users versus those aimed at the enterprise. Unlike the consumers they serve, US corporations are allowed and encouraged to secure their communications and the storage of their information. What technologies might be useful to them in this regard?
I also believe that when any software or system reaches a sufficiently large userbase, large companies will be soon to follow - whether their interest is in adopting the software/system for their own internal use or for some other reason, e.g. developing and marketing it themselves, under their own brand perhaps, to consumers. Software user mindshare has inherent economic value[1], even if the software users are attracted to is developed and distributed "for free" and even if it begins life with a cryptic command line interface.
1. Just as Microsoft. They will always react to whatever becomes popular among software users. Always. Even when it costs them milions with little hope of ROI.
For example, being able to communicate in an encrypted way with anyone.
This is not yet a solved problem, because now I can do that only with someone who is able and is willing to install PGP or other tools - a very limited number of people. That would be quite an achievement.
That would be nice, but such a goal faces at least five major challenges: not everyone has or wants computers, those with computers these days often don't control them anymore (OTA updates to or vendor-locked devices), most people aren't educated enough to use any solutions that do exist, global discoverability requires central or at least hierarchical registration prior to key exchange, and secure key management is still so painful that average individuals are not going to opt in to it without some kind of serious requirement on their part... or deal well with a potential scenario of key loss.
Don't forget identity management. It's easy to want to say you should be able to carry on an encrypted conversation with anyone as long as you think you can reasonably identify the other party as not being a government agent (or man-in-the-middle).
Yes, that was exactly my point - solution based on secure key management doesn't work for most people, so probably something completely different should be invented. I don't have solution that would work, I was just answering the question what "cypherpunks" can work on.
If there is a voice or video medium in the call, you can be pretty sure. If you are concerned about MITM for text and other data media, better to use non-real-time system that would use signed keys and public key crypto.
It sure would be nice if some major internet service offered a PKI-like service.
I'd call it X.509 Certificate Authorities. Unfortunately, the root of that is busted, so we should build on something else.
The same thing could be done with GPG, via identity validation (jumping through whichever hoops are required to link people's claimed 'real' world identities with their keys; probably checking documentation and then signing a key). However, that's probably best achieved via some decentralized method rather than trusting a centralized corporate intermediary as per X.509 CA's.
Nice ending, a call to action and all that. Quick quiz then - what do fellow HN'ers see as some of the greatest work still to come from a cypherpunk-like movement?