I do agree with this what you say, but I'm just giving some advice. HTTPS is a recommended way to do things, and it has a large community supporting it, but if our community wishes to create another protocol, I'm all for it.

On your first point, we could make it better by not showing where the traffic is going and where it is from. See "The Onion Router" (TOR) for a similar system. It works but it is very slow. Improvements can always be made

On your point about individuals, yes the FBI will not go looking for one person, but what if this person was the creator and distributor of the software to make things secure?

On the third point: Uh, that is what I said...

Addressing your fourth point, HTTPS is a very expensive (CPU-wise) way of encrypting. That is one of the major reasons that not many people use it. Also it is expensive in the financial sense as you do need to buy a certificate. I don't think that all the webmasters can pay for it every year. Yes, you can make your own but users get a suspicious "This certificate is not valid and can be a malicious phishing site" warning, which will deter many users.

Again, I'm not trying to oppose you or the community, just trying to give a few points (also I like to debate too)

Heh, I like debates too. I just want to help you think through this idea as much as possible. It is an "absolutely f***ing massive" undertaking that you're proposing, to put it mildly. The protocols that form the internet are designed to scale to monumental systems and solve some of the most difficult problems in networking. However, even ignoring all of those, you still have a problem of getting the security right, which is far from easy. History is littered with the corpses of cryptosystems that the inventors though were secure and actually weren't. Even Bruce Schneier gets it wrong sometimes and quite frankly, most people aren't going to trust a system made by a community relatively inexperienced in the field without a very strong proof of security. Security is *very* easy to mess up.

As for the claim that HTTPS is expensive CPU-wise, well, that's perfectly accurate. Here's the problem: Any encryption system worth its salt is. The fact that HTTP itself is expensive doesn't help much though.

On your point about individuals, yes the FBI will not go looking for one person, but what if this person was the creator and distributor of the software to make things secure?

You mean like the creators of the hundreds of other cryptosystems the NSA can't crack who are out there? There are a lot of ways to hide your data from just about anyone on the planet that you care to.



TL;DR There are an absolutely massive number of problems with this to be sorted out before anyone does any coding. The current system is probably best described as "ugly" or "painful," but it works. That's an amazing accomplishment in and of itself. I'd be happy to contribute help to this, but the problem really needs to be a lot more specific. All of this is of course to say nothing about user adoption, which is its own thorny problem.

PS: I've spent some time thinking/learning about secure networking lately for a project, if that isn't clear

To be honest, I wish I was better at all this computer stuff. I only ever code/design for games, but it would be VERY handy knowing how to bypass servers and stuff

Hm. I think China would hate us here.

true, true, i need to learn some networking stuff....

I know a little from java studies...but I would love to know more

i dont know much, but i just started learning
i wonder what the best language would be to use

I think Java would be good....but thats just in my own opinion

i wonder what the best language would be to use

English.

yea, C