Hopefully so much feedback from experts will send a strong message to politicians. Predictably, when politicians get so much unified feedback from so many experts, they will give it strong consideration and then do the exact opposite of this good advice.
There are two different kinds of Leaks of Classified information.
1. A person who swore to maintain the secrecy of classified information reveals it to the public. 2. A person who swore to maintain the secrecy of classified information reveals it to the public.
In leak number 1, the fact the the government is creating an apparatus to become a police state is kept as a secret. In leak number 2., the the public becomes aware that the government is becoming a police state.
Leak number 1 can go overlooked. Leak number 2 cannot be overlooked.
> We force their hands, making back doors to bypass > the encryption become mandatory.
If that's the way it must go, then that is better than what we have now.
If we're going to make back doors mandatory, then let's get it out in the open in front of God and everybody. None of this sneaking around crap.
That way, everyone can clearly see how their governments are acting and then judge whether it is in their best interests. That way, everyone, even politicians can see that it is them too who are being spied upon by the state apparatus.
> Certificates get lost or fall into the wrong hands. And it still doesn't > protect you that well against a man-in-the-middle attack.
Certificates can be revoked.
There have only been two attempts at a third party abusing CA powers -- and they were both detected early. The ramifications of the discovery were big.
More and more parties are actively looking for MITM attacks. For example, even though Honest Achmed's Trusty Certificates of Tehran Iran may be recognized by your browser, it would be a dead giveaway if they (or Verizon) were to issue a Google.com certificate.
There is Certificate Pinning. There are browser extensions that people run to see what CA originally signed every certificate and notice if that ever changes and raise a red flag.
Despite the imperfections of the CA system, it is a whole lot better than doing nothing. And it can be improved.
> Which only works as long as your browser or app gets updated when the certificate changes...
I would suspect that browser manufacturers are smarter than you think about this. Paranoid even.
Here is my unproven hunch. Speculation. I'll just use Chrome as an example. Google could use a private self-signed certificate that nobody else, including Verizon can impersonate. This self signed certificate is not from any CA. Google would have their own private CA. When Google's Chrome browser communicates with the mother ship to get an update, it would check that the update is signed by a certificate from Google's private CA. That way the integrity of updates is completely protected, even from a successful MITM attack against the existing CA infrastructure. The browser would not care that any other CA signed the download. Only Google's private internal CA would be the one that your existing browser on your computer would trust to sign an update before it would be accepted.
Very similarly I bet Microsoft (and Ubuntu, and others) use this approach to verify the integrity of updates to operating systems.
If an OS or browser maker were really paranoid, they might build in a list of other apparently unrelated places to check for the availability of an update. That way, it is unlikely that Verizon could block the browser or OS from discovering the availability of an update. That way, the end user would soon be told that the update cannot be obtained because it is being attacked by an MITM.
> protest when people start telling you your > not allowed to speak
Your never going too get you're weigh on this. Their are just two many people out they're using there words wrong too get to upset. Sew don't loose you're cool about it. You can sea mini common examples that exist of incorrect usage. People pick the write words two use according too there porpoises. But you'd have two be a fool to begin or end a sentence with the word "but". And only an idiot would begin or end a sentence with "and". And a preposition is a very bad word too end a sentence with.
> you have to protest when people start telling you your > not allowed to speak even if they are not stopping you!
Nobody is telling you that you are not allowed to speak.
But people can tell you to speak your mind elsewhere.
I would immediately jump to your defense if I actually believed your freedom of speech were in danger. It is not. Your ultimate remedy would be to set up your own website and speak all you want to. Yes, really! Attract vast numbers of people from far and wide who want to come and hear your wiz-dumb.