If you are referring to the San Bernardino phone thingy, the FBI withdrew the request exactly because they did access the phone by themselves. It just cost more money.
> pgp encryption is another one
lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).
> > "invasions of privacy" is not a use case.
> Why not?
Because I want specifics. Just saying someone "invaded your privacy" doesn't tell me anything. Tell me a full story: entity X did Y to know Z from W. And show me how using gmail made W more unsafe on that case. And what I'm trying to tell you, is that there are two cases:
- legal government related. In which case Google can't (and won't) protect you. It's a fair claim. If you are doing something that the US government wants to know about, don't use gmail. But most things won't protect you from that anyway. Ask Dread Pirate Roberts about it. :)
- non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)
> That's a completely illogical argument. "We shouldn't ensure privacy/security because other things in life fail more often" makes no sense.
Where did I say we shouldn't ensure privacy/security? What I'm refuting is your claim that "it's bullshit because it failed once". Gmail does a better job than most other things. Most things in your life fail more often than that. And most things don't evolve security/privacy wise as well as gmail does.
> the FBI withdrew the request exactly because they did access the phone by themselves
As far as I saw, that was just speculation. Any source on that? I'm inclined to believe it, but if true: why do they want the encryption removed rather than just snooping that data on the sly? It's better if your victims think they are secure.
> lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).
Possibly. But if so, I haven't seen them. Sources please.
While meta-data is absolutely useful, contents are even more useful. Just because something has one security issue doens't mean that we should give up security altogether.
This isn't anything new. Having access to communication is pretty much the basis for espionage. If you don't see how that applies.... I'm not sure I can help you.
> legal government related. In which case Google can't (and won't) protect you
That's my point. They can protect you, they choose not to. Zero-knowledge encryption is still a thing. Just because Google doesn't use it doesn't mean it's not possible.
> non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)
Only if Google can't access that data. If they can, it's much easier to bypass encryption and just ask Google to hand it over. Google can solve this problem but chooses not to.
> Where did I say we shouldn't ensure privacy/security?
When you say that gmail should be trusted. There are clear privacy/security holes with their model that you are ignoring. That's what this whole discussion is about.
> What I'm refuting is your claim that "it's bullshit because it failed once"
A) It didn't just fail once.
B) Failing just once proves that the system is not secure, and needs to be fixed. Failing multiple times from the same attack vector proves that they aren't taking security/privacy seriously, because they won't fix the root problem.
> Most things in your life fail more often than that
... so? Whether thing A fails more often than thing B has no bearing on whether thing B can and will fail.
If you are referring to the San Bernardino phone thingy, the FBI withdrew the request exactly because they did access the phone by themselves. It just cost more money.
> pgp encryption is another one
lol. Isn't there tons of reports claiming that PGP leaks too much metadata? And that the NSA is collecting those? And that there's no reasonable way to use PGP without leaking those (like hidden-sender whatever).
> > "invasions of privacy" is not a use case. > Why not?
Because I want specifics. Just saying someone "invaded your privacy" doesn't tell me anything. Tell me a full story: entity X did Y to know Z from W. And show me how using gmail made W more unsafe on that case. And what I'm trying to tell you, is that there are two cases:
- legal government related. In which case Google can't (and won't) protect you. It's a fair claim. If you are doing something that the US government wants to know about, don't use gmail. But most things won't protect you from that anyway. Ask Dread Pirate Roberts about it. :)
- non-government related. In which case you are better protected with gmail than most things you can reasonably do. Ask Hillary Clinton. :)
> That's a completely illogical argument. "We shouldn't ensure privacy/security because other things in life fail more often" makes no sense.
Where did I say we shouldn't ensure privacy/security? What I'm refuting is your claim that "it's bullshit because it failed once". Gmail does a better job than most other things. Most things in your life fail more often than that. And most things don't evolve security/privacy wise as well as gmail does.