My Solution to Fix the Screwed Up Internet Encryption
Vložit
- čas přidán 18. 05. 2024
- Web Encryption (HTTPS/TLS) no longer guarantees us any security or privacy because of the abuse by various stakeholders of the Public Key Infrastructure. Anyone currently can call themselves a Root Certificate Authority and intercept internet traffic and strip away the encryption. In this video I make a proposal that if implemented would eliminate the risk of a Man-In-The-Middle and "Make the Internet Great Again" (reducing mass surveillance).
00:00 Intro
02:09 How Web Encryption Works
03:52 How PKI Works
11:55 PKI Proposal
-----------------------------------
Privacy Safe Phones, BytzVPN, and BraxMail are now available on brax.me. Sign in to the platform to see the store. You will not be asked for personal information like email.
-----------------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Support this channel on Patreon! www.patreon.com/user?u=17858353
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
brax.me/home/rob Store for BytzVPN, BraxRouter, De-googled Privacy AOSP Phones, Linux phones, and merchandise
bytzvpn.com Premium VPN with Pi-Hole, Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source
Please follow me on
Odysee
odysee.com/$/invite/@RobBraxm...
Rumble
rumble.com/c/robbraxman - Věda a technologie
![tattoo printer tutorial[제품단순선물]](http://i.ytimg.com/vi/g40_GwEJak0/mqdefault.jpg)
I guess you folks don't like this video because I referred to Google! But if you're not going to watch the video, let me say I'm really talking about the Chromium developers because they control what goes into Chromium browser (which is the source of many of the alternate browsers including Brave)
As you described the problem, I was thinking that most likely the obvious solution already exists in the form of the "B-word" or "web3". Then my second thought was "Mr. Braxman does not use the B-word for fear of being de-platformed, so he has likely thought of a different solution", so I listened curiously. Then you SHOCKED US ALL by actually daring to utter the B-word multiple times as the actual solution, confirming my initial thoughts. Perhaps the video is not being watched by the masses because it is being supressed by CZcams due to your multiple utterances of the B-word. Alternately, the content may be too technical. Heck, even I struggle to fully understand "keys".
You could be right that use of the word Blockchain could restrain CZcams from sharing it. I even said Ethereum and ERC tokens. LOL. I'm zucked
That's a very good solution, which I hope people in the tech sphere pick up on.
I'm not sure there are any good arguments against it.
And if some browsers start implementing it, that could make it become a standard.
I have mixed feelings about a forced EU certificate, and I think it would be ridiculous on many levels to enforce such a law.
The mere suggestion that it should be illegal to remove it, implies they want to use it for surveillance.
I'm unable to imagine a different potential reason for that move.
Why would a certificate need to be illegal to uninstall?
Why should they care how my OS is configured?
Just thoughts: Could this be done as a 'browser extension' and created by the 'open source' community. Would 'Lets Encrypt' be a useful starting point for 'certificates'.
Nah, doesn't bother me yet all we can hope for, is that it gets sorted..
FINALLY.
Rob, you need the backing of the richest man in the world to implement your ideas who would agree with your vision. "X" marks the spot.
Great suggestion.
probably bought it to run it into the ground, let that sink in, he will wash his dirty hands after the job is done.
and now he is driving the everobnoxious alex jones into it like hammering a giant screw into a coffin.
The use of a public 'block chain' is an excellent idea that makes this possible! I believe this technology is already used for contracts and 'land ownership records' in the USA? That it is an immutable 'audit trail' is the really important point.
The rest of the proposals are again excellent and essential. Well done for working out this, quite feasible, and secure system. i.e. No new 'technology' is required.
I like how you confirm all my suspensions.
You must have been a bad, bad boy.
Or did Rob come to your house to check your shock absorbers and were they all found in working order?
@@MartinMaatCan confirm, his suspensions are sound.
Also Rob did offer a neat option for auditing trust chains. Unfortunately it might go against 'their' interpretation of transparency.
Don’t you mean suspicions but anyway yeah
@@antoniobabb1938 Oh, don't ruin it!
Mmmm ... couldn't my friends and I make and share our own certificates, and thus create a network of websites only accessible to us ?
This seems very interesting to me ... Piggyback on public infrastructure to shut out official authorities, and everyone else, from our content :)
yes you can
thanks Rob for everything you do
Rob, YOU are a hero.
Fantastic insights as usual Rob! Use of blockchain to ensure PKI integrity is a practical and necessary evolution. I suggest use of an existing blockchain like Filecoin storage protocol. Hope your proposal can gain traction!❤
this information shows that it is already being done by the three letter agencies on box os's
Google does NOT want encryption to be fixed! Best thing we can do is use OTHER encryption methods...
I died when I heard 'Hanky Panky business'. 🤣
This is a good proposal.
I have only 1 issue to improve on this and that is to make sure the blockchain can never be overruled in any way by 1 common entity, thus preventing any blockchain hosted provider or small group of rich to act badly. It should require that each miner should be independent and has no any financial ties to the majority decision holder when it comes to decide important roll back or other solutions when a conflict needs to be resolved because an successful rouge block been created!
Proof of stake in this sense is an enemy fundamentally.
Proof of work is a much better solution but not impossible to create an majority rule situation where the majority of the mining rigs are controlled directly/indirectly by 1 or a very small group of people!
At the end you still need to trust the platform, the implementation and the people behind the infrastructure!
That's the advantage of using an existing blockchain like Ethereum which already handles contracts today.
@@robbraxmantech I think not. Eth is POS and BTC is POW, etherium is primarily in 1 organization’s control and that is Buterrin. BTC is not, yet, although there are too many shared cloud mining centers and the center itself belongs to a few thus it can easily be abused in the future to get majority vote by them kicking off small independent miners!
@@robbraxmantechYou could build that on bitcoin. Bitcoin is backed by the biggest hash power in the world as far as I know. I have made a comment under this video about one possible way of doing it and encoding it on bitcoin, I have not discussed it with anyone else yet but your video has made me go back to it.
Great video Rob! Right on point, most people just trust the system. I like the idea and there are a number of derivative ideas that could be created out of this. Let's build it! When do you want to get started? PS Thorium browser might be a good starting point.
Come on Google. You have the power, money and Bard/Gemini to fix this problem! Thanks Rob for showing unbridled compassion.
Glad yourback.
There are two scenarios for this Rob's suggestion - realistic and fantasy.
Realistic:
In near future aliens come down to earth and with collaboration with Doctor Who from future makes Rob's solution a real thing.
Fantasy:
Governments stops wanting mass surveillance.
I believe the certs linux has are the certs provided by Mozilla's certificate distribution.
Hi Rob. Appreciate your efforts. Retired software engineer. In my opinion, your solution would only serve to both facilitate and accelerate government control over our lives with its own, only legalized cryptocurrency. It’s really over for all of us if that happens. My two cents.
When you consider the current PKI design was probably built with this kind of abuse in mind, can you really say it's "broken"? I guess you could say that from the false premise of what they promised to deliver, but not when you take into account the obvious lies.
The system works AS (not so secretly) INTENDED, so it's not "broken" in that sense.
Coming from an ex communist country ... I have to admit that I started to get sick of all the efforts from EU to control everything as basically it takes me back where I left from... communism. Having this implemented would be great indeed ... you are totally right about being rejected as of course they don't like this. I doubt that Google will do this ))).. even though it would be nice.
Genius!
❤Thank you Rob 😊
Just an FYI , google is trying "Not" to load your websites, they sit there and stall for too long and eventually load real slowly.
Are you pointing out the issue where any certificate authority can validate without public disclosure? And your proposed fix involves mandating
CAs to validate through a public blockchain-is my understanding accurate?
Thanks for this Rob, I like the idea. Using blockchain and having CA's that can only issue specific types of certs is a pretty clever way of doing it but like you said, those 3 letter agencies and tyrannical governments would never let it fly. My question is; who will host the blockchain?
Do you know if the de-blobbed fully open source distros, like Trisquel OS, have these strange certificates?
Check.
Hi Rob. Would it be a bad idea to delete the Windows certificate certificate from my Windows and Linux machines?
Methods that do not rely on trust are more than very desirable. I hope the browser makers are
listening and will act.
I got a similar idea few week ago. I thought that you could use the UTXO tree on bitcoin to create a tree of trust. Basically a certificate authority would publish a transaction (basically a root cetrificate) with a certain amount of outputs (and metadata for each one) and then you could spend (so connect) those outputs to connect your own subtree to the CA's root. That connection would be immutable. Basically I would encode the whole tree of trust into the UTXO tree. And why would I want to use bitcoin blockchain specifically? It has the biggest hash power behind it, so it would be most secure. And as you said it would be independently verifiable. I could give more details of it, but I am sure it could be made more better.
13:04 that is
There are a couple more requirements. First, since it wasn’t explicitly clear in the video, that blockchain needs to have posted to it every certificate issued for every website. We will know that impersonation is occurring when a website has multiple valid certificates in the blockchain. That’s the kind of search power that we are currently lacking in our PKI to spot man in the middle attacks.
Second, if a website were to have two valid certificates, it should only be an issue if the web server public keys being validated by the certificates are different. Let me explain by example. Suppose a webmaster wants to change the certificate authority his site uses. He will get a new certificate most likely while the current certificate is still good, meaning that the website will have two valid certificates. Having two valid certificates is the condition that we are attempting to identify with the blockchain to determine whether impersonation is occurring. However, only the webmaster for the real site will be able to generate both certificates using the same web server public key. Should the public keys be different, that would be an indicator of impersonation (i.e., a man in the middle).
Hello Rob,I was looking for the video you've made about Jami app. Did you deleated it? I'm trying to send a request to my university for the implementation of free software for online clases,but i was counting on that video. Technology is not my thing and the least i can do it's to research to mention a couple of alternatives to zoom in my letter. Having in mind that now Jitsi requires registration Jami came to my mind.
I have not made a Jami video
Very, very good suggestion to make browsers control certificates through blockchain! Great idea how do I keep updated?
If Elon is truly pro freedom ask him to fund this
I still struggle with the concept of PKI, but I understand at least the concept of HTTP being a plain text protocol, and once you strip away the encryption, that's all she wrote.
You should tell us all about goggle dorks
Hi dear sir, please make a video on chatgpt vulnerabilities. Thank you.
Hey rob I hav or had a brax me acct, but wen I go to sign in it just comes up a blank page!! I nd ur help my friend!!
Good video! Maybe the truth is, some wish things to stay br0ken. 😄
A small goup of people run the Key Code but you never mention who they are. Why is that?
Could you elaborate on which piece of EU regulation you're talking about? E-ID exists already for over a decade in some EU countries and the issued certificates can be used by the individual to access government services or to electronically sign documents. That they would be used to sign software certificates is news to me, it should even be illegal as that would require you to potentially expose sensitive personal information to non-safe harbour entities (like your, for EU citizens, foreign three letter institutions). That the government has access to your documents and signatures is in itself not really a problem, as they issue those documents and as such are full owners of them, and signatures are deemed valid unless contested anyway, so from the governments point of view, being able to abuse your electronic key for document signing is practically worthless. But as said, using these certs to sign apps and authenticate websites would be ridiculous.
As ridiculous as buying houses by e-mail or sending legal notices by sms, so I'm not saying it's impossible, it's just not surfaced on my radar yet ...
Create a browser extension that checks multiple CA so they have to agree
Without an immutable database there is no actual foolproof record of certificates being granted.
“Make the Internet Great Again” (MIGA) could be the slogan of the Trump Certificate Authority.😂
last review notice