Debian isnt changing huge parts of the codebase all at once and calling it a security fix.

1) Google is blocked in china.
2) Thats partly because of the massive police state and strong net censorship they have going on over there-- but I'm sure YOUR data would be safe over there
3) Google is probably the only company formerly doing business in China that wont give your data up to the CPC. As a consequence of that, see #1.

There are maybe a small handful of places better than the US for hosting as regards privacy, and in any of them a court order will compel you to give up customer data.

Why especially? AFAIK Google is the only one of the big 3 webmail providers not currently bending over backwards for the Chinese Government. There was a warrant in this case; even the famed lavabit had to fold when given a warrant.

Its absurd to go after Google for following the terms of a court order; you'd do better to ask whether the order was justified, and if not ask why the courts issued it and who can be held accountable.

>court-issued warrant
>gag order

Do tell, what would you have done in their situation? Told the courts to go stuff themselves? Cause that almost never goes well.

Theres also the problem that if you were to predict that there was a 99% chance that the world blows up today, MAYBE someone will believe you. Predict that for the next 20 years, and youre sort of nuts if you think anyone will take you seriously.

The GFW is many years beyond port-based blocking; they use DPI to identify protocols regardless of the port used. Im glad you have TCP 443 OpenVPN working; I have never been able to get that to work with client/server certs-- only static-key tunnels worked.

At the moment, my experience has been that IPSec/ is the next best contender because its more of a corporatish vpn protocol. Im really surprised that you hear people recommend OpenVPN-- I have NEVER heard anyone recommend that in China because of how heavily it is targetted. Even googling "OpenVPN China GFW" you get stuff like this:
Which VPN Protocols To Use?
  * OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
  * L2TP: This is a fast protocol for China and currently it works quite well

And theres no shortage. OpenVPN may work for a bit, but my understanding is that about 20 minutes into the connection the remote server gets probed a bit, and then the connection gets reset. I wouldnt use PPTP because of its known security issues; it wouldnt surprise me if they had that nut cracked.

OpenVPN is trivially identifiable on port 443, and has been for some time. Im not sure why theyre not blocking you-- perhaps you're using a site-to-site tunnel with static keys. Certificate-based OpenVPN is notoriously unreliable in China because they fingerprint it within about 20 minutes and kill the connection.

Part of the reason I know it can be fingerprinted-- aside from the fact that Im well aware of what works and doesnt behind the GFW-- is that Im good buddies with my employer's security team, and they have on occasion let me know when they see my port 443 OpenVPN shenanigans. I believe it has something to do with the way the certs are exchanged; regardless, SSL and HTTPS are two different things and they have different signatures.

AFAIK its technically illegal to have an encrypted laptop in China. Any guesses as to whether my employer, or federal employees, or other major companies just go "oh gee, better turn off disk encryption"?

Businesses arent going to just sacrifice a market, but theyre also not going to blithely let their secrets be stolen upon entry into China or on net usage.

Not really.

Security is not an all-or-nothing proposition. In the real world, an adversary will NOT attempt to crack your encrypted filesystem. Instead they will do one of a hundred other attacks, like swapping your laptop with one that has a cloned disk and hardware but an embedded keylogger, or add in a shim between the disk and interface, or install an infected MBR that logs the decryption password, or perform a RAM sniffing attack to steal the keys, or simply extort the keys out of you.

Security is a process of analyzing the most common risks, and determining the best way to deal with them. Sometimes this means determining that a particular security action will lower your security by attracting the attention of entities with far more sophistication than you are prepared to deal with; if you are worried about criminals stealing your laptop, and your mitigation ends up attracting the attention of the NSA, you have lost the security battle.

IDS / antivirus have no ability whatsoever to detect a hardware keylogger, by the way. If you attract the attention of someone who can gain physical access to your hardware, you lose-- period.

AFAIK it gets revisions with every major release. Like the EXT family its backwards compatible, transparently.

What big features is it missing aside from the checksumming / self-healing stuff thats already in ReFS? Feature wise its a pretty decent FS; its biggest flaw AFAICT is its bad performance in directories with huge numbers of files.

Republican speech is often characterized in exactly this way. But I cant play the victim card here, because it could very easily shift in the opposite direction.

Stifling free speech truly doesnt benefit the average citizen of any party.

You say that extreme speech needs to be controlled: Wonderful! Theres only one problem left to solve-- figuring out who makes the call of what constitutes "extreme". In the 40s and 50s it was far-left political ideology. Today, might it be the far right? Tea partiers?

Noone denies that "free speech" brings out some nasty characters like the Westboro Baptist Church. But you really cant tread down the middle on this issue; when you start saying "we're only going to allow the reasonable folks" you have to have someone deciding who that is, which in fact ends up controlling the entire political dialogue. Inevitably you will end up with a scenario where "reasonable" is synonymous with whatever ideology is in power.

Comparing the two is disingenuous. True, we have nastygrams for infringement, NSLs,etc-- but their use tends to be fairly limited. We do NOT have grossly expansive libel laws that allow entities to demand that true-but-damaging information be suppressed for no other reason than that it is damaging.

It never ceases to amaze me how much people on the internet love to hate on the US, all the while European countries (and Australia) seem to be running with open arms towards heavy state-controlled censorship. Maybe Europe isnt the utopia people love to paint it as. Maybe you truly cant trust the government to have your best interest in mind all the time.