On 20/09/2013, at 9:16 PM, Masataka Ohta <mohta@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote: >> As such the only practical way for a typical user to protect themselves >> against PRISM is to switch to other providers based in jurisdictions that >> provide the appropriate protections, or agitate to change the applicable >> laws within their own jurisdiction, where appropriate. > > Not necessarily. > > The proper protection is to avoid cloud services and have our > own end systems fully under control of ourselves. > > Toward the goal, IETF should shutdown all the cloud related > WGs and never develop any protocol to promote cloud service. I draw the opposite conclusion, actually. With good standards, we can encourage a larger number of services to exist, raising the cost of monitoring them all. The problem is that the data is all concentrated in a small number of places, making it too easy to collect. To wit, right now Dropbox has a stranglehold on the personal data sync market; if I try to run my own server, or use an alternative service, I lose a significant number of benefits. I should be able to choose my own data sync server, whether it's one I run, or one run by my paranoid friend, or by a local company, or a US company that's in bed with the NSA. Good standards allow that to happen. Sticking our collective heads in the sand and saying "cloud isn't happening" isn't going to change anything. Cheers, -- Mark Nottingham http://www.mnot.net/