Most of you are by now hopefully familiar with the latest revelations of the U.S. government agencies planting backdoors in software, hardware, and 'standard' algorithms; stealing and using corporate encryption keys; intercepting, decrypting, and storing SSL traffic.
Read here, for example:
http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption#odni-responseTime after time we were told to avoid attempts to develop own crypto methods and instead use published standards. There are compelling justifications behind this advice.
Standardized crypto, on the other hand, obviously enables standardized, automated surveilance by a sufficiently powerful agency that has either built subtle weaknesses into the standards, or has discovered them later on. The surface of their attack is small and well defined, and resorces at hand are enormous.
In a security-through-obscurity world, this universal threat would be eliminated, as no agency has sufficient resources to figure out each and every implementation - no matter how clumsy the implementations are. This would require lots of manual labor, and would in effect force them to use resources for targets that are actually of the national security interest, instead of spying on everyone and everything, inevitably leading to the abuse of collected information for the non-national-security purposes.
What the free world needs now is the popularization and proliferation of a variety of cryptographic, steganographic, and security techniques, DIY projects, and generally a crypto culture. We should avoid mainstream, standardized solutions, and always opt for the new and obscure, preferably with a DIY mods. If you feel you need to establish a secure channel of communication - why, just build one as an appropriate mix of code, steganography, encryption, one-time pads, fragmentation, etc. If you don't feel you need secure channels - why, still use any of the methods just for the spamming pleasure.
