From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: "Perry E. Metzger" <perry@piermont.com>
Newsgroups: gmane.emacs.devel
Subject: Re: A couple of questions and concerns about Emacs network security
Date: Sat, 7 Jul 2018 08:18:33 -0400
Message-ID: <20180707081833.37561702@jabberwock.cb.piermont.com>
References: <m236xe5vo2.fsf@mobilecat.lan>
	<eba313cf-104d-50dd-f1cd-4acb15864c0f@cs.ucla.edu>
	<m3a7rm2yrh.fsf@gnus.org> <m3602a2y7o.fsf@gnus.org>
	<c2d2b039-e012-f85f-bfbe-62f813bfc886@gmail.com>
	<m37empby3g.fsf@gnus.org>
	<20180705093346.071e6970@jabberwock.cb.piermont.com>
	<83wou9n66t.fsf@gnu.org>
	<20180705112920.076265d5@jabberwock.cb.piermont.com>
	<83r2khms1j.fsf@gnu.org>
	<20180705164500.0bde16cd@jabberwock.cb.piermont.com>
	<83bmbknafs.fsf@gnu.org> <E1fbZqU-00060y-Jp@fencepost.gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: blaine.gmane.org 1530965832 4644 195.159.176.226 (7 Jul 2018 12:17:12 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sat, 7 Jul 2018 12:17:12 +0000 (UTC)
Cc: Eli Zaretskii <eliz@gnu.org>, eggert@cs.ucla.edu, emacs-devel@gnu.org,
	larsi@gnus.org, wyuenho@gmail.com
To: Richard Stallman <rms@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Jul 07 14:17:07 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fbm9A-00012j-RB
	for ged-emacs-devel@m.gmane.org; Sat, 07 Jul 2018 14:17:04 +0200
Original-Received: from localhost ([::1]:33522 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fbmBH-0007i8-Vh
	for ged-emacs-devel@m.gmane.org; Sat, 07 Jul 2018 08:19:15 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:55522)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1fbmAg-0007hs-VC
	for emacs-devel@gnu.org; Sat, 07 Jul 2018 08:18:39 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <perry@piermont.com>) id 1fbmAf-0000kL-Vl
	for emacs-devel@gnu.org; Sat, 07 Jul 2018 08:18:38 -0400
Original-Received: from hacklheber.piermont.com ([166.84.7.14]:42216)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <perry@piermont.com>)
	id 1fbmAc-0000h6-B7; Sat, 07 Jul 2018 08:18:34 -0400
Original-Received: from snark.cb.piermont.com (localhost [127.0.0.1])
	by hacklheber.piermont.com (Postfix) with ESMTP id 9AB3D160;
	Sat,  7 Jul 2018 08:18:33 -0400 (EDT)
Original-Received: from jabberwock.cb.piermont.com (jabberwock.cb.piermont.com
	[10.160.2.107])
	by snark.cb.piermont.com (Postfix) with ESMTP id 755E32DEE99;
	Sat,  7 Jul 2018 08:18:33 -0400 (EDT)
In-Reply-To: <E1fbZqU-00060y-Jp@fencepost.gnu.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 166.84.7.14
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:227051
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/227051>

On Fri, 06 Jul 2018 19:08:58 -0400 Richard Stallman <rms@gnu.org>
wrote:
> [[[ To any NSA and FBI agents reading my email: please
> consider    ]]] [[[ whether defending the US Constitution against
> all enemies,     ]]] [[[ foreign or domestic, requires you to
> follow Snowden's example. ]]]
> 
>   > I think we should assume people generally know whether thugs
>   > with torture chambers might be after them.  
> 
> I agree, provided we encourage them to ask themselves the question.

There is ample evidence that people in such situations rarely if ever
understand what the right thing to do is.

There's also another issue we've discovered: at one time, people
believed having software provide "levels" of security made sense,but
we now understand based on bitter experience that everyone, whether
their greatest threat is unimportant or whether their greatest threat
is a nation state, uses the same software and same default settings
99% of the time, so software needs to be built with the needs of
people under threat in mind.

And let me repeat, there's excellent field evidence that
people under threat generally have no technical expertise to make
serious security decisions, and that includes people with programming
backgrounds.

The other thing is, in spite of the constant claims, running with the
level of security provided by Firefox or Chrome or Safari isn't the
least bit inconvenient, so there's no obvious reason not to do at
least _that_. It's not like there's any actual tradeoff involved.

Perry
-- 
Perry E. Metzger		perry@piermont.com