Centralized servers, search and DNS, go against the spirit of the web.
Could the unnecessary SSL push be used to setup a two tier internet?
Will fakeologist go to the second, unsearchable tier?
SSL and Lets Encrypt – a Trojan horse for internet censorship?
Since this is on the wall right now (good call to clean up the chatbox) I just want to voice my concerns regarding SSL (Secure Sockets Layers) technology and its implications.
First of all, SSL is a great thing. What it does is to encrypt a connection between two parties and ensure the identity of these by the use of asymmetric encryption and a certificate chain. This is very useful when we do bank transactions or purchase things on the internet since it’s harder for an internet eavesdropper to get hold of for example card information. SSL has been in use for many years by banks and e-commerce.
However what’s happened the last years is that the idea has taken foothold that a website is somehow inherently insecure if it does not implement SSL. And to help every website implement SSL, a free certification entity – Lets Encrypt has emerged and Google has started punishing websites that do not use SSL, regardless if they have any functions that actually justify the technology. Why would for example a web forum be safer because of SSL? It makes no sense.
What does makes sense however is the usual problem, reaction, solution dialectic. Despite Google, YouTube, Facebook, Twitter and an enormous disinformation machinery, the free web is still causing problems and needs to be controlled. And with a certificate chain in the hands of the Nutwork and web clients that does not accept communication from servers outside this chain, there is a swift way to shut down unwanted sites. I think this is the actual reason for all the care and effort being spent right now on having SSL universally implemented. Its a Trojan horse for internet censorship. In the future we might read in New York Times about how Russian cyber criminals have staged attacks from certain websites but that our valiant protective agencies have eliminated the threat by revoking their SSL certificates…