Hi all,
While we are here mostly to share, the forum itself is surely surveyed by NSA. This makes professionals unwilling to even browse the forums, as their rules sometimes even prohibit leaving SSL area. I think it would be a good moment to introduce AES-based SSL (not just DES/3DES/RC4 SSL which is very weak) connection for the site. We all deserve some basic privacy, also in when working at public research.
Replies
Hi,
Would be nice to know if DIYDrones do have, or do not have a view with regard to this matter.
brakar
This is a public site whether the traffic between your computer and the server is encrypted or not really doesnt matter as all discussions are open and can be viewed by anyone. If your primary concern is that people read what you have to say, then dont post. If your traffic is encrypted and then readable by everyone a few moments later what exactly does SSL buy you ? The simple answer is nothing.
If you want privacy why do you include your name on a site that is viewable by anyone who wishes to participate ?
#1 nothing prevents the NSA from using the google crawler to survey EVERYTHING on www.diydrones.com.
#2 Several of the formerly trusted Certificate authorities have been broken into and signing private keys stolen, including the former one for the dutch government.
#3. ANY CA in the browser chain can issue a false, ambiguous Cert for ANY website and the browser lacking further tools will accept it happily and regard it as trusted.
#4. the NSA can use a court order and NSL to obtain these from US hosted businesses and has the NSL to serve as a gag order.
#5. google and other search engines spider this site on a regular basis, the nsa can look just like anyone else.
#6 PFS - Perfect forward Secrecy is needed for conversations that cant be decoded later its based mostly on DH exponential key exchange 80% of websites DONT support it at the last survey.
#7 PFS would help with password security especially for those folks that reuse a password at more than one site
(NOT. and you should be using a password manager such as keypass or keypassx at a mininum.)
#8 better get the roll of tin foil out along with the scissors and ruler, you are going to be making a LOT of tinfoil hats!.
#9. if anonymity is an issue(as it is for moi) may I suggest tor and other methods? and use of tradecraft(hint google it)
#10 tools to have anonymous discussions exist ,
I suggest some light reading on the subject such as http://www.cypherpunks.to/faq/cyphernomicron/cyphernomicon.html
#11 there is also zerobin(google it) for anonymous discussions and pastes there are even zerobins found on tor.
hotel zulu lima
ps now encryption of circuits carrying MAVlink data.. thats a horse of a different color!
SSL Support will not protect you from NSA, but I don't condone the acceptance of NSA oversight as a consequence. Nobody should, especially in foreign countries such as mine (Switzerland), where a right to personal privacy is enshrined in law.
The overreach by the NSA is stunning in it's scale and audacity, and needs to be curtailed immediately before damage to US relations become permanent.
Re: the site - while some websites should be wary of NSA intrusion, diydrones is not one of them. It is an open forum, for an open source FC. Why on earth would you post anything here that was confidential? I do agree though, that diydrones - and it's ISP - should publically disclose when an oversight request has been received, and what details were requested. They will also need to adhere to country-specific privacy laws.
Simple reason: if I am browsing the site reading an application of bottle dropping, and some time later google would like to try to takeover civilian UAV market in Poland, they would surely try to frame any competitors and NSA as always protecting US businesses beyond the scope of privacy, would show my browsing as 'evidence'.
Because I am not completely stupid, net result is, I must refrain from using diydrones since Snowden affair until proper privacy protection measures take place.
The same scenario affects everybody in the mapping business who is or might be close to being number one in his small country.
As a result of the lack of this basic browsing protection, the forum will quickly restrict to regular US consumers looking for pure hobby and any potential inventors will go away.
"We all deserve some basic privacy"
Obviously there are various thoughts about this ;-)
"I think it would be a good moment to introduce AES-based SSL (not just DES/3DES/RC4 SSL which is very weak) connection for the site."
Sounds like a good idea, but will it make any difference to encrypt the connection to the site, if "the forum itself is surely surveyed by NSA" ? (except for those who are just browsing) ?
Probably best to get used to the idea; if you are online, NSA will record everything you do, (to your own good).