It would be financially detrimental for any country. Technology is going to play a bigger and bigger role in the future of all businesses, and stifling it now will hurt its growth in whatever countries try to limit it in this way. I say try because encryption and mathematics are not governed by human laws.
Plus, the government relies on encryption for communication too. Are they going to say that only certain government officials should be allowed to use secure devices? What happens when someone in government wants to have a private conversation with someone in the private sector? The private sector person will need a secure device too, and we're back where we started.
The fact is our government needs to figure out how to keep us safe without relying on backdoors.
> I'm skeptical that cloud flare can somehow be roped into 'corporate censorship' -- they IMHO clearly were not founded or intended to enable some sort of nefarious intent. Quite the opposite in fact.
The fact that CloudFlare makes it challenging for users from a particular network to access common resources is, in itself, a form of censorship. This is especially problematic due to the nature of people who tend to use Tor, i.e. those who seek some level of anonymity for various reasons. I don't believe CloudFlare is malicious or intends to block legitimate Tor users. But it is censorship nonetheless, hence the title.
Linux Mint doesn't seem to prioritize security in general. No TLS for ISOs, no easily spottable signatures for ISOs, marking security updates untrusted by default...
They also ignore (at least they used to) DNS servers from DHCP and use Google's public DNS servers completely oblivious of why users might not want this.
Sorry for the delay. It's turned out that parsing is hard, especially in the absence of a formal grammar for configuration file formats!
If you don't need the certs automatically installed, nginx users are generally doing well with the webroot plugin (which automatically creates files to perform the ACME challenge, regardless of what webserver is serving those files). This will also work for renewal, as long as you're able to do the initial configuration of your nginx to work with the certs you get.
I don't think Apple is in the key escrow business anymore; on OS X they had such an option, to show the user the DEK and optionally store it. I don't think the DEK or KEK are backed up at all in iCloud. If you forget your password, all options I see involve device erasure.
> Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.
https://en.wikipedia.org/wiki/Elliptic_curve_point_multiplic...