Golly mister Martin, "modern usage" is ephemeral, dontcha no?

She might have to kiss Trump instead of kissing up to him.

People take money from rich people all the time without consequences, that's how venture capital works.

She took money from rich people in the wrong way.

The UI is bad. In places where people do care (like Debian voting) it gets used. How can the UI be improved?

• *) A place to store keys. Currently storing them in a text file is just not easy. Apple's Keychain Access does some work here.
• *) I shouldn't need to copy-paste messages into gpg on the commandline to read email. My mail app should be able to access the Keychain store to decrypt messages.
• *) Many ways to improve key exchange, including:
  1. (*) copy and pasting the key (which exists now)
  2. (*) scanning into contacts from a QR code on a business card
  3. (*) uploading/downloading from gmail
  4. (*) I should be able to download your (gweihir) public key from Slashdot.
  5. (*) I should be able to right-click on a link to a key in the browser and select "import key."
  6. (*) When you send someone an email or text message, a link to your public key should be included in the meta data

Encryption tools can and should be pervasive, but the government does actively fight against making them so.

PKI infrastructure is more than just DNS.

For example, your addressbook SHOULD have an entry for "public key[s]" (or encryption key or whatever). Then you can import the public key from a text message, or from a twitter message, or a QR code on a business card, or any other way that you get people's email address and phone number.

OSX has some infrastructure for handling encryption keys that is worth mentioning because it is featureful, but it's not quite user friendly yet, and hasn't been integrated into the personal contacts system.

A problem worth mentioning, but the only thing added to DNS is the public key. So if DNS is hijacked, I encrypt a message with that fake public key and send it to you, then you can't read it. That's it. We know something weird is going on.

If we're doing a manual conversation I can just use shared contextual knowledge to authenticate (what did we have for dinner last night? or something similar). Or send you a text message via a separate channel (your phone number). Automated authentication is trickier of course, but PKI makes it easier.

Someone (that I know) recently asked me for my social security number over text message. Of course I said no, since that's not a secure channel of communication.

PKI solves all of these problems. The reason we don't use PKI is because the UI is difficult. The UI is difficult because governments keep working to prevent strong encryption from happening. For example, the browser certificate problem is easily solved by having a public key DNS entry. But we don't do that.

Bullshit. There are multiple Supreme Court rulings upholding the free speech rights of non-citizens. I recommend you start with Bridges v Wixon. And even the current very-conservative court is going to rule against the administration in the end, just watch.

Also, I notice that you ignored the points about suppression of freedom of the press or the ability of lawyers to advocate for clients who oppose the government. Care to point out where Obama did those things?

I get that you're (rightly) pissed at Trump and Elon, but that's just dead wrong. SpaceX isn't getting any handouts from the federal government. They're getting launch contracts, yes, but at a lower price point than any other launch provider, ever. Hate on Elon all you like, but the Falcon 9 is the cheapest and most reliable orbital rocket ever built, and has reduced US space launch costs enormously, especially if you count the political costs of being beholden to Russia for space access. Or would you rather go back to the space shuttle, with per-launch costs of upwards of $2B, rather than the ~$80M SpaceX charges?

He's also firing most of the IRS, which means the wealthy just have to make sure their taxes are complicated to cheat, since the IRS won't have the staff to review anything complex. On paper they might owe more (even assuming he's not just blowing smoke, which he probably is, and even assuming he can get it passed, which he probably can't), but in practice gutting the IRS means they'll pay less.

At the same time his tariff policies are hammering the economy, which will reduce revenues, and he's cutting taxes, which will reduce revenues, and he's decimating the value of T-bills, which will increase debt servicing costs. Deficits are gonna skyrocket, and stagflation is going to set in. We're going to need another Jimmy Carter to make the hard decisions to fix the economy when Trump is done with it... and they'll be all the harder because Trump is also working to exclude us from international trade and to remove the dollar's status as the world's reserve currency.

We are so screwed.

I've been in Canada all week. Seems very nice. The massive pro-life protest at the capitol yesterday was a little annoying, just because it was hard to get through the packed crowds, but good on them for having free speech, even on topics their government disagrees with. I don't think the news media that cover the issue or the law firms that file cases about it even get sued or lose access to work with government!

Free speech seems like a pretty cool idea. Maybe we should try it in the US.

Anyway, it's time for me to log off and wipe my devices. I'm about to head to the airport and I don't want ICE to see this post and detain me, or send me to an El Salvadoran gulag.

Easier than cancelling gmail.

Both the EU and UK are participating in international standardization efforts, so it will work fine. It'll take some time to get there, of course.

Plastic cards suck, for many reasons.

1. They're forgeable. Digitally-signed data is not. Sure, governments can and do implement lots of anti-forgery mechanisms, but it takes almost as much expertise to use those anti-forgery mechanisms to validate a legitimate card as it does to fake one. Approximately no one checking plastic cards knows how to properly validate them. Digital ID cards require a bit of equipment to check them, but the equipment is ubiquitous (almost every smartphone in existence has all of the tech necessary, all you need is an app), and unless the attacker can either pwn the verification device or subvert the legitimate issuing system, they're unforgeable.

2. They cannot provide data minimization. Electronic IDs enable you to provide only the subset of data that is needed for the current use. For example, if you're buying alcohol the only information the store needs is whether you're over the minimum age. They don't need your home address, your driving privileges, your name... they don't even need your birthdate. Just a single yes/no bit -- plus some way to prove that the person presenting the ID is the legitimate holder (there are some good privacy-preserving options here, but that's a subject for another post). Contrast that to a plastic card with all the info printed on the front and repeated in a 2D barcode on the back, enabling easy snarfing of the whole data set. Digital IDs are better for privacy than plastic cards.

3. They don't work online. We use various workarounds for this, but they're all far worse for privacy, requiring users to provide far more information about themselves, not only beyond what's minimally necessary for the transaction, but even beyond what the ID card has. This is because the most important information isn't so much the content of the card as the proof of authenticity.

In the future we're going to look back at the era of ID cards and papers and shudder at how bad they are.

Of course, there are also risks. The biggest one is that having an ID that does work online means that more online services will want to use that ID. This is good where it enables transactions that currently can't happen online at all, and probably good where it makes transactions that occur now but are risky less risky. It's bad where it facilitates user data collection and user identification for transactions that don't really need it at all. But IMO that risk is better managed refusing to provide ID when it really isn't warranted, and by insisting that when ID presentation does make sense that the data provided is held to the absolute minimum required, rather than forgoing all of the other privacy, usability and security benefits of digital IDs.

Apple is just saying whatever they think will prevent the court from taking away their revenue. That is the only "why"