This is certainly not a new idea. It is sometimes referred to as the "rapture of the nerds" version of a technological singularity. Ray Kurzweil is a big fan of the idea and one of the major proponents.
As to the actual feasibility, I ran across Whole Brain Emulation: A Roadmap a little while ago, which discusses the possibility given our current knowledge of how the brain works. It provides dates on how long Moore's Law would have to continue based on varyingly optimistic assumptions about how much work is necessary to actually emulate a brain.
Overall, I think there are two main problems with expecting immortality via brain uploading: (1) 40+ years is a very long time to assume Moore's Law for and (2) even if we can emulate a human brain, scanning an existing one and transferring it into a computer may not be possible.
This is certainly not a new idea. It is sometimes referred to as the "rapture of the nerds" version of a technological singularity. Ray Kurzweil is a big fan of the idea and one of the major proponents.
As to the actual feasibility, I ran across Whole Brain Emulation: A Roadmap a little while ago, which discusses the possibility given our current knowledge of how the brain works. It provides dates on how long Moore's Law would have to continue based on varyingly optimistic assumptions about how much work is necessary to actually emulate a brain.
Overall, I think there are two main problems with expecting immortality via brain uploading: (1) 40+ years is a very long time to assume Moore's Law for and (2) even if we can emulate a human brain, scanning an existing one and transferring it into a computer may not be possible.
But what exactly does this get me over SSL Client Certificates?
Less importantly, e-mail verification: the third party is providing a federated e-mail verification service, which Mozilla hopes is a service which will be done by the e-mail provider but is also providing themselves (as well as allowing any other third-party to offer).
More importantly, by taking the [very common] assumption that control of the e-mail address for an account is equivalent to control of an account, this appears to essentially give the decision of which public keys are tied to an account to whoever controls the e-mail address. That means that having multiple devices with different keys is easy, and, more importantly, losing all of your private keys is not a problem as the public keys can be changed as long as you can still log into your e-mail. Of course, the downside to this is that, as far as I can tell, your e-mail provider can now log into any of your accounts without resetting the password. In fact, I am not seeing why this would not give Mozilla (or any other trusted third-party) the ability to log into any account supporting this. (Of course, to be fair, an OpenID provider has the same power and this has the additional advantage that the provider does not need to be told which websites the user is logging into.)
Using SSL Client Certificates, either each host you use would have to have the same certificate or each service you use would have to know about every public key you use. Or, I guess, you could give the service a public key used to sign the keys you do use, but then you would still have the problem of needing to use e-mail verification to recover if you lost your keys.
I think the number you want is the "Illicit Drug Use in Lifetime" for people 18 and over. This table (part of a much larger report) gives the number as 49.3% in 2009, so not quite 50% (although if you scroll up to Table 1.11B, you can see that people 60 and above are pulling the average below 50%).
I am not really sure where to look for data on ill effects or even exactly how you would quantify them, but the same study does make some attempt to do so. For example this table shows (past year, not lifetime) rates of dependence and abuse for both illicit drugs and alcohol.
Since Facebook users volunteer up the information that pretty much makes it public information.
Okay, so if I post information on Facebook (either editing my profile or posting a status) then I am voluntarily giving that information to Facebook, so that makes it public information? Even though I expect only people I have marked as friends to see such information by my privacy settings? What if I send a Facebook message? It has a clear "To" header like an e-mail; should that information be considered public? For that matter what about GMail? I am inputting information into a textbox on a website with the intent that (specific) other people will read that text. Should I therefore treat that text as public knowledge? For a physical analogue, suppose I write my text on paper (perhaps multiple copies) and put those pieces of paper into envelopes and send them to my friends via snail mail. I, once again, have written text and tendered it to a third-party for delivery to a specific set of private individuals. Should I still expect this text to be public?
The United States has laws about privacy and due process. New technology should not make it so the government no longer has to follow due process in collecting private information on its citizens. Unfortunately, due to the nature of network effects, a lot of information gets concentrated in the hands of a few entities (in this case, Facebook) who do not necessarily have much interest in dealing with the government, so they simply freely hand over the information. I suppose privacy laws could be written to make it illegal for Facebook to hand over information about its users to the government, but it is not clear what such laws would even look like nor who would be supporting them.
Seriously, I don't care if you know that I'm at the book store buying a coffee. If I don't want this information to be public I don't post it. Problem solved.
You are right that a lot of this information actually is not that important. At the same time, I do not like the idea that law enforcement personnel can peer into my private life as recorded by various services I use without even having to justify the invasion of my privacy to a judge.
Of course, see my sig: I dislike the idea of monolithic services that are able to collect such information and would prefer that social networking (and other) services be made up of collections of smaller separately administered nodes, each of which would have far less information. How to do that while still having a usable service is, unfortunately, an open problem.
The reasoning is that the vast majority of the time, no one is doing a man-in-the-middle attack and furthermore that doing a man-in-the-middle attack on any significant proportion of the connections on the internet is assumed to be above the capabilities of any known attacker, so it means that you are probably talking to the owner of the DNS entry and normal passive sniffing attacks (ex. Firesheep) won't work. Also, the attacker may not be able to tell which connections are verified and which ones aren't (especially if the browser assumes self-signed sites will always use the same certificate until it expires), so even man-in-the-middle attacks on self-signed certs are non-trivial.
Also, the information being protected is generally assumed to be relatively low value, so protecting it with a relatively easy to break security layer is not a large problem: after all, it is currently being sent unencrypted.
Of course, hopefully verifying certificates via DNSSEC will be supported soon, which will make the entire self-signed certificates argument moot. (Err... well, eventually, once it is widely deployed.)
A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson
