End To End Encryption
-
Failure to end to end encrypt or offer easy to use end to end encryption should be treated as gross negligence.
Let me begin my rant by saying that the naysayers will say end to end encryption is bad because bad guys exist is no argument. My rights don't end when someone else abuses their rights. In my view any data breach should result in an automatic $5,000 dollar fine per each data point per person. Likewise, failure to end to end encrypt or present the ability of easy to use end to end encryption in the case of legacy protocols should be treated as gross negligence on the part of the company offering a service. For email, that means you build OpenPGP and S/MIME into the interface and you support common keyserver protocols. For chat apps that means you use protocols like the Signal Protocol or MTProto. For cloud drives you use a system like Megasync or Proton Drive. For operating systems you use full disk encryption by default using programs like Veracrypt, CryptSetup, Filevault or Bitlocker. Again, failure to use end to end encryption where possible should be treated as gross negligence on the part of software, hardware and services. Props to Vivaldi for making end to end encryption mandatory for their Sync service and supporting OpenPGP for their webmail.
--
ModEdit: Title
