It used to be easy to dismiss opportunistic security as a waste of time, it
is now clear to most that it is ....
[BA] Merely a waste of money.
"Opportunistic unauthenticated encryption" that does not defend against
man-in-the-middle attacks has no value against targeted surveillance. So if
the goal is to protect dissidents, look elsewhere. Unfortunately, the line
between "targeted surveillance" and "mass surveillance" is a thin one.
The value against mass surveillance is predicated on the assumption that "large
scale targeted surveillance" is infeasible or that the cost of large scale
meta-data collection can be increased to the point where it is too costly even
for a nation-state.
The first assertion, is likely to be proven false by the first gear to include
built-in man-in-the-middle attack support. Care to wager which appears first,
carrier-class gear supporting man-in-the-middle attacks, or significant
deployment of "opportunistic" encryption?
The second assertion is likely to be proven false as soon as "opportunistic" is
deployed widely enough to necessitate a surveillance budget increase (based on
purchases of the above gear) necessary to defeat it.