Well, yes. But let's get back to the point of the original post in this thread.
There are two problems: 1) we can't trust the networks that our data travels over and 2) we can't trust US-based companies with our data. The first problem is fairly easily dealt with (encrypt and authenticate), while the second one is much worse. A company based in a country that does not have laws enabling agencies to snoop on and prevent the disclosure of said snooping would automatically be more trustworthy than any US-based company.
> A company based in a country that does not have laws enabling agencies to snoop on and prevent the disclosure of said snooping would automatically be more trustworthy than any US-based company.
The ultimate irony is that by using providers in a country that spies and is unwilling to admit, over a country that spies and is willing to admit, is that you're forgoing the "trustworthy" spying country in favor of the "untrustworthy" spying country.
You know the US spies. How much do you really know about the ones that are staying nice and quiet right now?
I didn't realize secrecy equated with trustworthiness.
How about a country which doesn't spend trillions on spying and thys probably doesn't have capacities anywhere close to those of the US, secret or not.
It may be "worse" in a variety of senses, like political tenability, but the solution is simple: bring data given to third parties under the 4th Amendment, which is the entire underpinning of companies being able to give your packets to the government willy-nilly. Well, not willy-nilly, the government pays for the privilege.
The problems with passing a privacy law that attaches to data given to third parties, like is done in many countries with higher standards of living than the US, are not the citizens' problems. Political tenability is a problem for politicians, but that is of zero consequence. If the populace wants (for some measurable quantity of want) this to happen, politicians will either make it happen or lose their careers or lose their heads to pikes (as has happened throughout history). However, politicians are counting on people having low self-esteem and taking "no" for an answer. It's not the citizen's duty to be cowed by their laziness and bad hearts, though.
I do not think (1) is solved with cryptography because you can spy on the traffic flow and the route and timing of the connections give extra information. To overcome this we need extra measures.
There are two problems: 1) we can't trust the networks that our data travels over and 2) we can't trust US-based companies with our data. The first problem is fairly easily dealt with (encrypt and authenticate), while the second one is much worse. A company based in a country that does not have laws enabling agencies to snoop on and prevent the disclosure of said snooping would automatically be more trustworthy than any US-based company.