I'm not sure that intelligence, beyond a certain baseline, really enters into the formula for creating long lived social structures. For the individual, there is no tangible benefit to creating structures that will last more than a few generations. After a few generations, as you point out, they will require the efforts of other people to keep alive, so there is little that the originator can do to ensure that the structure survives.

The most rational course of action for all individuals involved in a society is to maximize their personal benefit and plan to pass that benefit on to their offspring. Tangling with those who are successful at maximizing their benefit has real negative consequences, so the most rational action for the downtrodden is to take as much of the scraps as possible or jealously guard what you have while staying out of the eye of others.

The ambition to create structures that will outlast you and your offspring comes from irrational motivations. Historical drivers for this are abstract concepts like duty, fairness, or religion. There is no tangible benefit to creating these structures and there is often great personal cost. As there is no assurance that the structures will even survive, no matter how well you craft them, it's hard to say that building them is an intelligent choice.

I think that improving the lot of humanity as a whole is a noble goal, but I don't think that it has anything to do with intelligence or rationality. History is littered with people who have tried, and sometimes succeeded, to do so at great personal cost. Often their success only lasted a few generations, if that, before being undone by others. What real benefit to we get from creating these structures and how does that benefit weigh against the costs required to build them?

Those negative characteristics are only negative in the context of forming long lasting social orders (really only in the context of forming long lasting egalitarian social orders -- dynastic empires last longer than most of our social structures). They are extremely positive in the context of the affected individuals and in the case of avarice, they are beneficial to the affected's offspring (and their offspring, and so on). There is extreme benefit to be had from sabotaging the social order and norms.

We humans are intelligent enough to form effective and equitable social structures, we just don't have the collective stomach for removing the saboteurs from our society. So we/they continue to undermine every system we devise.

Of course it sends the keys to WhatsApp! If you install the client on a second phone, it just works, right?

So they're either:
1) generating a new key on each device and encrypting all incoming messages to every client's public key (or just encrypting the session key, a la PGP. -- While this isn't sending the key back to the mothership, new keys can be added at will, so copying traffic is easy.)

2) generating one key per account and shuffling it to newly installed clients through their server (possibly encrypted with the user's password... which they already know)

3) generating a key from the user's password directly with PBKDF2 or the like (a la SpiderOak, but (like SpiderOak) the client is closed source and they already know your password or could get it easily).

4) randomly assigning a symmetric key to each session and communicating it in-band to the clients involved in the chat.

Personally, I think 3 or 4 are the most likely because the infrastructure is the easiest and it still carries "end-to-end encryption" buzzword compliance.

The single hardest part of properly using encryption is key management. It's also the most vulnerable aspect of even weak crypto. Anything that simplifies this for end users, without requiring anything of them, is likely making serious security/convenience compromises.

[I'm still a big fan of hardware tokens for key storage and decryption. It greatly simplifies user key management while giving the user something familiar to associate their "key" with. It's not perfectly secure, but having to compromise a smartcard secure element requires more of the adversary.]

In the end, I wouldn't be surprised if any case the US had at all for extradition is ruined by all of the misdeeds they've done in their attempt to 'get' him. They're really overplaying their hand here (as the DoJ has a tendency to do) and it's going to end up biting them (as has happened several times in the past).

I'm in the same boat and I've found that just sending all of my domain's email through Comcast's servers works well enough. I hate doing this on principle, but it has saved me so much hassle that it's not worth fighting.

Depending on your MTA, the configuration will be different, but the arrangement is generally referred to a using a Smart Host. Basically, your MTA directly connects to the ISP's SMTP server and sends the mail from there. Comcast requires authentication to use their servers, but they don't do anything funky to the mail they pass on. All of the headers remain intact except for the DKIM-Signature, which is replaced(?) when Comcast signs the message. I've never had a bounced message that I rerouted through their servers and they support TLS and IPv6, so it's not the worst setup.

I'm sure that if you share your MTA details, someone can help you with the configuration.

White is a more valid descriptor than Caucasian since most "white people" aren't from the Caucasus region. It's fascinating (in a disgusting sort of way) that people have latched onto that term to describe white people. The term "Caucasian" itself is pretty heinous, being coined by Christoph Meiners as part of his theory of polygenism, where he described black people as basically being subhuman animals.

I think "white", "black", "red" or whatever is the least racist form of descriptor since it makes no assumptions of identity, culture, or heritage. The color of our skin is certainly useful as a means of physically describing someone: the tall black man or the brown-haired white woman. Anything more than that presumes to make important inferences about a person based on the color of their skin (read: prejudice).

There's more to the world "outside of Germany" than just the US. Your response falls squarely into the "...but the US is doing it, too!" line of reasoning. If citizens of other countries are pissed at being spied on by the NSA, why wouldn't they also be pissed at being spied on by the BND?

They get away with it because it's hidden from the customers.

Most people who bought the sensor either went to GoToMyDevices.com and were delighted to see the sensor data there or didn't go to the website, didn't see the option in the configuration, and never even knew it was happening.

If every single person who noticed and cared that this was happening returned the item, those returns would likely still count fewer than returns of units that should have failed QA. The whole thing wouldn't make a blip on the manufacturer's radar and they'd keep getting away with it. Informed and savvy users are not very common and almost never figure into these businesses' decisions.

Awww.

That's a bit of an oversimplification. There's a whole class of crimes that involve willing, if misinformed or deceived, people: fraud.

And while the definition of "willing" is debatable, the impact of consent is also subject to reasonable (IMHO) constraints, as with minors or people of otherwise diminished capacity (drugged, intoxicated, or mentally retarded). Once you start accounting for the nuances of reality, your maxim doesn't have quite the same truthy ring to it anymore.

Boo hoo.

Why would your government bother to act in your interest when you are so willing to blame others for them selling you down the river?

Trade retaliations are in violation of international treaty. If you stop rolling over and taking it, maybe the bully will stop dishing it out...

I'd say that it's actually the opposite situation. Auditors are there so that all of the information doesn't come directly from upper management. If management needs the cooperation of all of the rank-and-file to commit fraud, then the whole organization is a criminal operation or somebody's going to blow the whistle.

Upper management are the people who benefit the most from fraudulent schemes like these. How many low level employees are going to take on criminal liability so that the CxOs can roll in their piles of cash?

You had me until this:

Thanks, America ... this really is your fault.

By blaming the malice or incompetence of the rest of the world's governments on the dirty stinking Americans, you absolve everybody else of responsibility for their actions. Bad American laws are internalized by other countries (especially OECD members) because their lawmakers have the same goals.

Why is the focus here on "apps" instead of protocols? Wouldn't it make the most sense to decide on suitable protocols and work forward from there? Many of the tools that are scored use the same underlying protocol and thus pass/fail the same criteria.

Several of the criteria are not ever likely to be met by most "tech companies" (available for independent review or audit), so why not push a set of robust protocols and encourage everyone to adopt them? A thousand messaging "apps", each with their own incompatible protocol is a security nightmare and only builds impediments to communication (users settle for the least secure, most commonly available protocol).

You're having a hard time seeing the problem here because you're familiar with the units. FWIW, what you're feeling right now (the whole, "what's the problem?" feeling), is exactly how people in the US feel about their non-metric units. I use SI every day for work, so I'm familiar with metric (and like it very much), but not with the customary metric units (which break the elegance of SI to make people feel comfortable).

The issue with the units we've been discussing is "due to the many different conversion factors". All of the factors are multiples of ten, which helps, but the nice consistency in order of magnitude is lost. For example, mass is measured in grams and masses larger or smaller than a gram can be denoted by changing the order of magnitude associated with "gram"... except if the mass is above 10^6, in which case a new unit is used without a prefix (or sometimes with one). Converting between megagrams and milligrams is easy, as metric should be. But converting between tens of thousands of tonnes and milligrams is much less elegant.

You'll keep your tonnes and hectares for the same (invalid) reasons as Americans (and sometimes Brits) will keep their odd units and no argument will convince them otherwise.