They're probably not found in twinkies.
It's called getting defensive and slipping in a freudian way.
The NSA has been heavily monitoring Internet traffic since the 90s
Contrast that with today, where the NSA is actively storing all internet traffic and data mining it later. I could be wrong (it's the NSA after all), but I bet the scope of their operations did not extend to storing and retroactively data mining all internet traffic in the 90's. Perhaps they were storing information on certain key individuals that their monitoring software flagged, but not everybody's.
Admittedly, these programs have been around since the early 2000's and there's been whispers of it in that time period, but while those were rumors then, now there is evidence.
No, no it's not missed. What tends to be missed is that the needs of the content creator are different from the needs of the content consumer. Nerds, being almost exclusively content creators (i.e. the nerdier, the more significant the creations), find it difficult to understand the needs of the content consumer and see little value in appeasing it.
It's not wrong or bad, just how many of us see the world. On the flip side, people who primarily consume content do the exact same things. They can't understand why anyone wouldn't want something like a walled garden to keep them safe.
But let's say Apple's shitting gold. Eating their poop might not be such a bad idea, especially if you have the tenacity to wait for it to come back out the other end.
I'm no expert in the field, but my understanding is that there are several models of network security based on real-world notions of security.
VPN is a part of your traditional wall security, where your typical authentication and authorization happens at each level of security zone. Once you're in, you can do anything the zone permits you to do. VPN is, as stated by others, placed at the perimeter.
BTW, full internal company-wide encryption just means putting the secure zones under a roof so no one flying overhead can see what's going on from above (e.g. big brother).
Another model of security relies on negative feedback. There are no locks anywhere, and no one has keys, but missteps have consequences. That's the security model most modern governments employ against their citizens. The levels of surveillance, strictness of the deeds, and harshness of the punishment determine the repressiveness of the model. The level of security is proportional to the amount of monitoring (a place like prison being maximum security).
There are other models, I'm certain, but like I said, I'm no expert. These are the two more prevalent ones out there right now.
Zero trust is completely different. It's almost like a double-blind experiment. There's no trust anywhere. Not the users/developers, not the administrators, not the auditors, not anyone. Authentication is fundamentally a trust-building mechanism, and a zero-trust model means authentication is obsolete (remember, encryption is merely erecting a roof over everything). Anyone can get in and do all the same things. The only difference is in the domain knowledge of the actors, which differenciates those able to do more things from less things if anything at all.
A rather dirty analogy of zero trust would be hosting an open project on Github. Anyone can go in and make modifications, but only those who know the code could make modifications that do meaningful work. And then, of the people building the code and running it, only those who who possess the ability to verify the modifications would know that they're not harmful specifically for their use cases.
Another analogy of zero trust would be to have an open e-mail account. There's no guarantees the sender is represented by the name. Every e-mail is assumed to have been read by anyone capable of entering the system. (Changing or deleting e-mails can be universally prohibited.) Such an account would be mostly useful for communications of metadata information, i.e. where and when to meet, and trivial matters.
I don't think Google's gone quite that far with their security model. They may have gotten rid of the VPN (or not...), but there are still SSH keys used for authentication and authorization, and users still need to log in to their machine to use it. After all, zero trust implies that even we the ultimate end users can't trust what's coming out of Google to be accurate (assuming that we could before--that's another debate for another time). And I don't think Google wants to make that impression.
It may be that they started with a zero-trust model, and identified the areas where trust is unnecessary, which they left insecure. At the same time, they also identified where trust is absolutely necessary, as well as the level of trust that's appropriate, and put up the necessary strength of walls to secure them, as well as levels of monitoring to see who's entering different zones. That sounds far more reasonable to me, especially considering the amount of trade and other secrets Google is holding onto.
And I gotta say, watching YouTube is a much poorer activity than reading news websites. Sorry, I remember when I was able to download the embedded videos I wanted to watch, and watch it on the player of my choice.
That's what happens when you have the perfect trifecta of greedy companies, lazy developers, and uneducated users. It's kind like the U.S. government right now.
It's better than auto-pay.
pretending it doesn't won't make it go away.
One of the biggest issues is that we don't even have ballpark numbers for what the parameters for this should be. We have some of the parameters figured out. But 1) they're based on analysis on our own history and 2) you and people who think like you are not taking some very crucial bits into account.
I want to challenge one of your positions that you've mostly glossed over, and that is that once a civilization has expanded beyond its home planet, its years of existence automatically increases significantly. First of all, what is significant? One order of magnitude? Two orders? Human civilization (proper civilization) has existed for around 10K years. Two orders of magnitude puts it at 1M years. That's a drop in the bucket compared to the 14-18B years (minus 15 million) of the livable universe. What are the chances of multiple civilizations surviving for ~1M years meeting? What are the chances of them continuing to survive past the point when they meet? The assumption of one or two orders of magnitude is predicated on the civilization not immediately being wiped out by some neighboring advanced civilization.
Now, I'm going to challenge that two orders of magnitude statement a little further. Look at human migration out of Africa as an example. The genetic diversity of all the humans in the rest of the world pales in comparison to the diversity of the population currently in Africa. All it takes is for one bad virus (like an airborne ebola with a two week incubation period), and the only people left on this planet will be living in Africa. Do you really think this won't be the case for when humans move off the third rock? I'm going to posit that genetic diversity among the populartion of any theoretical interstellar colonies will be significantly less than the diversity found outside of Africa now, by about the same order. Those settlements are going to be genetically fragile in the long run. In fact, I posit that as a space-faring civilization continues to age, its overall genetic diversity, irrespective of whether the home planet remains habitable or not, will continue to decline. That's assuming natural genetic aging and excluding artificial factors like war.
Eventually, that civilization will utterly cease to exist, leaving behind dead, non-communicating artifacts that will also inevitably cease to be. Just think, we're digging up all these dinosaur bones right now. In a hundred million years, when humans are not around, what will there be left for that next intelligent species to discover?
Therefore, I think one order of magnitude would be a more realistic number than two for the increased lifetime of a civilization that's reached space. For us, that might be somewhere around 2-500K years should it happen.
See, most people think once humans are able to colonize other planets, we're set, humanity as a race somehow becomes immortal. I think, just as civilizations rise and fall, complex life forms rise and fall. There is no immortality, be it personal or societal. It is merely wishful thinking to believe otherwise.
So the fact that we're not meeting other intelligent species out there would not be too surprising. The chances of two space-faring civilizations arising at almost precisely the same time (because in universal time scales, a 100K-year difference is less than a blink of an eye) are almost nil.
If anything, if we ever end up on other planets, we might eventually find some remnants of other space-faring civilizations past. The remnants may, and necessarily at that, be superior to humanity's then-present technology. But we most likely won't find any living remnants. And to make matters worse, we won't find anything on any homeworld(s), because if humans are any indication, they'd have stripped their world bare before leaving it. That is, assuming that their civilization's remains haven't completely decomposed before we get to it. But chances are, I think we'll see scars at worse, like archeologists sometimes find on Earth.
Again, this is all predicated on a human template. If other space-faring civilizations are completely different from humanity, we can't even begin to fathom the variables involved, much less estimate the numbers.
The real problem was that none of the aliens spoke English.
The greater the complexity in a system, the greater points of failure. All this movement of processing onto the client just leads to more client side security holes. HTML5 is so complex, there are so many potential points of attack, it is the NSA's wet dream to have all browsers compete on implementing it fully. If Firefox 17 had 0-days that the NSA could use to attack TOR (yeah yeah, it was the FBI, I completely believe that it wasn't a crumb the NSA gave them), I imagine a fully HTML5 compliant Firefox XX will have enough 0-days out there to keep the NSA stringing the FBI along for another century or two. (As as aside, the NSA, on the other hand, has taken a wholistic approach to breaking encryption; they record everything and figure once they manage to get a quantum computer working in about 5-10 years, they'll be able to decrypt all of it in one shot.)
Where can one find a browser that just displays marked up, laid out content that implement the latest security protocols these days?
Sorry, if you want guns to be ubiquitious, then the training for how to properly handle it should also be ubiquitious.
I really wouldn't mind living in a society where every individual was a well-trained sharpshooter. In fact, that's one of our founding principles. I would mind a bunch of idiots or uneducated individuals possessing more firepower than they can intellectually be responsible for. That is a scary world, knowing that the chances of your and your kids' death just by being at the wrong place at the wrong time skyrockeeted due to everyone suddenly possessing firearms but lacking equally in sense on when to use or even display it.
What was that line again? Oh yeah. With great power comes great responsibility. Unfortunately, our society is shedding personal responsibility. Do you really think giving great power to these same individuals is really a good idea?
At this point, I'm inclined to believe that this to be true, rather than it still being a mere possibility.
The question I have at this point is, who's really pulling the strings around here?
Nixon thought that with his unprecedented public support and with Hoover finally dead, he'd be in the clear to appoint whomever he wanted as the next head of FBI.
He was wrong.