The recent revelations of mass monitoring by the US government leads me to wonder, "why isn't the internet private?"
Open source runs a sizeable portion of the internet. It's developed and maintained by volunteers who care about freedom and privacy and justice. End-to-end encryption is straightforward to implement, we've known how to do it for years. A simple interface (checkbox, for instance) that turns encryption on or off would be straightforward to implement.
So I have to wonder, why hasn't anyone done it? More precisely, why is it always an add-on with a complex interface — why isn't it seamlessly built in?
(The author continues)
The HTML and SMTP protocols allow optional experimental fields in the message headers (X-something). These could be used to advertize the sender's public key, and also to tell the recipient that the message body is encrypted.
Suppose Firefox implemented a checkbox "keep browsing private, when possible". When run, the browser could generate a public/private key pair and send the public key with each HTML request. When receiving packets, it would store the public key sent by the website. The first time a user visits a website could be snooped, but every time thereafter the browser could encrypt the request using the site's stored public key.
Suppose Apache implemented a plugin which understands the X-encryption field and does the encoding/decoding. The server doesn't store the user's public key, since it's sent with each request and a new one is generated when Firefox starts up anyway. (Key replacement can be handled with server status codes: 506 — "wrong public key, use this instead")
With SMTP, the mail reader could generate a key when the program is installed. The first message sent to a friend would be in the clear, but once a response is processed you use their public key for future correspondence. (This is for communication, not storing messages. Storing encrypted data requires key management, which is a complex issue that user's don't want to deal with.)
Theoretically, a MITM attack is possible but really hard to do, since you cannot guarantee all the packets will go through the same node. Also, siphoning off data for later inspection is easier than inline processing. Mass-surveillance using MITM would be unfeasible.
If the Firefox+Thunderbird+Apache people got together and implemented endpoint encryption, it would be a selling point for the software. People would prefer these packages, especially in oppressive regimes around the world. Deep-packet inspection would be impossible. This would encourage closed-source companies to support the changes in order to remain competitive.
Most importantly, we could let the government have its "pen register" information (what sites you visit and when) while keeping the actual information safe.
So, why hasn't anyone done this? Why is it always a complex inconvenient-to-install-and-use add-on?
Why isn't it "just built in"?"