I installed solar panels on my house for exactly this reason. It's really just a whole house UPS, but once the batteries, chargers, and inverters are installed, adding panels is a minor extra cost. No more power outages. Saving money (and not giving as much to the power company) is a bonus.
I'm not sure that intelligence, beyond a certain baseline, really enters into the formula for creating long lived social structures. For the individual, there is no tangible benefit to creating structures that will last more than a few generations. After a few generations, as you point out, they will require the efforts of other people to keep alive, so there is little that the originator can do to ensure that the structure survives.
The most rational course of action for all individuals involved in a society is to maximize their personal benefit and plan to pass that benefit on to their offspring. Tangling with those who are successful at maximizing their benefit has real negative consequences, so the most rational action for the downtrodden is to take as much of the scraps as possible or jealously guard what you have while staying out of the eye of others.
The ambition to create structures that will outlast you and your offspring comes from irrational motivations. Historical drivers for this are abstract concepts like duty, fairness, or religion. There is no tangible benefit to creating these structures and there is often great personal cost. As there is no assurance that the structures will even survive, no matter how well you craft them, it's hard to say that building them is an intelligent choice.
I think that improving the lot of humanity as a whole is a noble goal, but I don't think that it has anything to do with intelligence or rationality. History is littered with people who have tried, and sometimes succeeded, to do so at great personal cost. Often their success only lasted a few generations, if that, before being undone by others. What real benefit to we get from creating these structures and how does that benefit weigh against the costs required to build them?
The reality is human beings just aren't intelligent enough to form long lasting social orders because too many people have negative evolutionary characteristics they've inherited from the past. Our primate psychology is at the root of everything regardless of what collection of words and labels one flies under. The biology is still there.
Those negative characteristics are only negative in the context of forming long lasting social orders (really only in the context of forming long lasting egalitarian social orders -- dynastic empires last longer than most of our social structures). They are extremely positive in the context of the affected individuals and in the case of avarice, they are beneficial to the affected's offspring (and their offspring, and so on). There is extreme benefit to be had from sabotaging the social order and norms.
We humans are intelligent enough to form effective and equitable social structures, we just don't have the collective stomach for removing the saboteurs from our society. So we/they continue to undermine every system we devise.
Of course it sends the keys to WhatsApp! If you install the client on a second phone, it just works, right?
So they're either:
1) generating a new key on each device and encrypting all incoming messages to every client's public key (or just encrypting the session key, a la PGP. -- While this isn't sending the key back to the mothership, new keys can be added at will, so copying traffic is easy.)
2) generating one key per account and shuffling it to newly installed clients through their server (possibly encrypted with the user's password... which they already know)
3) generating a key from the user's password directly with PBKDF2 or the like (a la SpiderOak, but (like SpiderOak) the client is closed source and they already know your password or could get it easily).
4) randomly assigning a symmetric key to each session and communicating it in-band to the clients involved in the chat.
Personally, I think 3 or 4 are the most likely because the infrastructure is the easiest and it still carries "end-to-end encryption" buzzword compliance.
The single hardest part of properly using encryption is key management. It's also the most vulnerable aspect of even weak crypto. Anything that simplifies this for end users, without requiring anything of them, is likely making serious security/convenience compromises.
[I'm still a big fan of hardware tokens for key storage and decryption. It greatly simplifies user key management while giving the user something familiar to associate their "key" with. It's not perfectly secure, but having to compromise a smartcard secure element requires more of the adversary.]
In the end, I wouldn't be surprised if any case the US had at all for extradition is ruined by all of the misdeeds they've done in their attempt to 'get' him. They're really overplaying their hand here (as the DoJ has a tendency to do) and it's going to end up biting them (as has happened several times in the past).
I'm in the same boat and I've found that just sending all of my domain's email through Comcast's servers works well enough. I hate doing this on principle, but it has saved me so much hassle that it's not worth fighting.
Depending on your MTA, the configuration will be different, but the arrangement is generally referred to a using a Smart Host. Basically, your MTA directly connects to the ISP's SMTP server and sends the mail from there. Comcast requires authentication to use their servers, but they don't do anything funky to the mail they pass on. All of the headers remain intact except for the DKIM-Signature, which is replaced(?) when Comcast signs the message. I've never had a bounced message that I rerouted through their servers and they support TLS and IPv6, so it's not the worst setup.
I'm sure that if you share your MTA details, someone can help you with the configuration.
As an aside, I see a lot of Caucasian dudes in IT, sure, but "white" isn't a race any more than "black" or "brown" is. There's a lot of variety of cultural heritage when it comes to "white" folks. Italians. Scandinavians. Greeks. Icelanders. Canadians. French.
White is a more valid descriptor than Caucasian since most "white people" aren't from the Caucasus region. It's fascinating (in a disgusting sort of way) that people have latched onto that term to describe white people. The term "Caucasian" itself is pretty heinous, being coined by Christoph Meiners as part of his theory of polygenism, where he described black people as basically being subhuman animals.
I think "white", "black", "red" or whatever is the least racist form of descriptor since it makes no assumptions of identity, culture, or heritage. The color of our skin is certainly useful as a means of physically describing someone: the tall black man or the brown-haired white woman. Anything more than that presumes to make important inferences about a person based on the color of their skin (read: prejudice).
...spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic.
There's more to the world "outside of Germany" than just the US. Your response falls squarely into the "...but the US is doing it, too!" line of reasoning. If citizens of other countries are pissed at being spied on by the NSA, why wouldn't they also be pissed at being spied on by the BND?
They get away with it because people put up with it.
They get away with it because it's hidden from the customers.
Most people who bought the sensor either went to GoToMyDevices.com and were delighted to see the sensor data there or didn't go to the website, didn't see the option in the configuration, and never even knew it was happening.
If every single person who noticed and cared that this was happening returned the item, those returns would likely still count fewer than returns of units that should have failed QA. The whole thing wouldn't make a blip on the manufacturer's radar and they'd keep getting away with it. Informed and savvy users are not very common and almost never figure into these businesses' decisions.
The problem is, there is no crime between two willing people.
That's a bit of an oversimplification. There's a whole class of crimes that involve willing, if misinformed or deceived, people: fraud.
And while the definition of "willing" is debatable, the impact of consent is also subject to reasonable (IMHO) constraints, as with minors or people of otherwise diminished capacity (drugged, intoxicated, or mentally retarded). Once you start accounting for the nuances of reality, your maxim doesn't have quite the same truthy ring to it anymore.
Why would your government bother to act in your interest when you are so willing to blame others for them selling you down the river?
Trade retaliations are in violation of international treaty. If you stop rolling over and taking it, maybe the bully will stop dishing it out...
Auditors are there to prevent stupid and/or low level employees from robbing the company. When the CEO is involved? The auditors are useless.
I'd say that it's actually the opposite situation. Auditors are there so that all of the information doesn't come directly from upper management. If management needs the cooperation of all of the rank-and-file to commit fraud, then the whole organization is a criminal operation or somebody's going to blow the whistle.
Upper management are the people who benefit the most from fraudulent schemes like these. How many low level employees are going to take on criminal liability so that the CxOs can roll in their piles of cash?
You had me until this:
... this really is your fault.
By blaming the malice or incompetence of the rest of the world's governments on the dirty stinking Americans, you absolve everybody else of responsibility for their actions. Bad American laws are internalized by other countries (especially OECD members) because their lawmakers have the same goals.
Why is the focus here on "apps" instead of protocols? Wouldn't it make the most sense to decide on suitable protocols and work forward from there? Many of the tools that are scored use the same underlying protocol and thus pass/fail the same criteria.
Several of the criteria are not ever likely to be met by most "tech companies" (available for independent review or audit), so why not push a set of robust protocols and encourage everyone to adopt them? A thousand messaging "apps", each with their own incompatible protocol is a security nightmare and only builds impediments to communication (users settle for the least secure, most commonly available protocol).