As someone most involved in operations, I think you fail to appreciate how hard the basics are. Just try to keep ALL of a reasonably size organization's internet facing thingums patched. I haven't heard of a anyone being successful at that. Software and systems are thought of like consumer goods: you buy them, they have a natural life, and you repair for a while or replace before that gets too costly.
For internet facing services, it's more like fruit. You expect to put fresh fruit out there every week, because no-one is going to buy two month old watermelon. Acquire fresh fruit, qa them for damage, for ripeness, etc... and put them on the shelf, in a day or two. And a week later, you need new fruit.
That's the thing people aren't really grasping. When they contract out development, and they accept delivery from something. A week later, they either have support or it starts going bad and needs to be thrown out within a few months. You can't really buy software, or it's a really bad deal if you do, because a *perpetual license* is good for a week or two.
Patching is hard.
The likely result: people use other channels with less surveillance because they don't trust the network. If I don't trust my employer's network, I'm going to Starbucks at the coffee break to do my banking (and my data exfiltration.) Employer loses employee productivity and visibility into traffic.
but that isn't the bad thing... If their web cache ever gets hacked... holy crap what kind of liability do you think there will be for intercepting EVERYONE's banking/medical/personal information, as well as ALL TRANSACTIONS of the company including all relevant secrets? The bad people can impersonate the corporation and/or any employee in any way whatever to whatever outside entity in a way that is undetectable to employees. And the company did it. The company made trust of their web cache, where I can't tell the difference between legit and compromised connections, a condition of employment. To me, if my employer puts in an MITM web-cache, and they get hacked, and someone drains my bank account, that company is liable.
I've seen that implemented in one project.
It's fine to prefer https when available, but there should be a way to say: this site really is intentionally https, and not have it flagged as having cooties.
It's just a real shame that the power that comes from a complete surveillance state invariably results in oppression and tyranny. Makes the occasional stabbing seem more tolerable than the endless face-stomping of jackboots.
The thing about people in Jackboots is that they will be surveilled also. The key is always *who watches the watchers*, and I think the only solution is that everyone has the option of watching anyone. The guys with jackboots would be caught and punished. Besides, Jackboots are so 20th century. I expect something like Chinese social networking points style oppression in this century. The government will just assign you demerit points, and folks will be graded based on the company they keep, so you will get gradually ostracised by *right* thinking people. It will be awful, but it won't be sooo bad that people rise up en masse. Why get folks riled up?
I don't think saying *yeah people get stabbed a bit* will be an answer that will convince. There will always be those who believe in the perfectibility of man.
not real thrilled with the choices, but given what it is... I think I prefer big brother... just sayin'
Cops aren't anonymous. Film the cop beating someone up, and he gets brought up on charges, and the law happens.
but yeah... whistleblowers are good case for real anonymity, but that is a far narrower case, and it should be a special one, not the default that allows the casual cost-free reprisals we see today.
PURGE COMPLETE.