even with e2e email like pgp or s/mime, a lot of email metadata (even subject lines, commonly) gets leaked onto the wire. improving transport security prevents that.
It's an anti-separatist crackdown that can be compared to China's similar crackdown on Tibet. In fact, the top official (Chen QuanGuo) who ran and experimented with surveillance technology and forced assimilation in Tibet was transferred to Xinjiang in 2017 to essentially build up and run the same type of program, in less time, and for a much larger region (in both area and population). Hence, the camps.
In no way is any of it justified-- it's millions of people, and even the Uyghurs that escape are being continually hunted by the government.
From one party's perspective, it may just look like the other party does not support TLS. Without another point of reference, MTAs can't tell the difference between a lack of TLS support and a downgrade attack.
Alternatively, the government could also conduct a TLS certificate man-in-the-middle, which would work in most cases since almost no MTAs validate certificates outside of occasionally trying DANE (a spec for pinning certs over DNSSEC).
In the majority of cases, TLS for SMTP (delivery between MTAs) is still trivially downgradeable. So they could presumably downgrade and read SMTP traffic that's going between MTAs in Norway and MTAs outside Norway.
> Yes, the exact guidelines are going to be vague, that’s a good thing. It might just show they understand that it should be okay to allow art and breastfeeding and other forms of nudity that aren’t explicitly pornographic.
"Vagueness" and room for interpretation is not inherently bad, as you point out. But it's dangerous when your policies for automated filtering are vague, because filters almost always play it safe and end up creating a large number of false positives (i.e. wrongful content takedowns).
My father grew up in a neighboring town to Liqian, in Gansu. This is essentially an urban myth of sorts that several locals still believe, though as the article itself points out, it's been proven false a decade ago. In recent years they've constructed several faux monuments and landmarks in a cheesy emulation of Classical architecture in order to attract tourists.
People want to believe it; it's an interesting theory. However, the genetic diversity in this region comes primarily from Yugurs (a Turkic group related to the Uyghurs which converted to Tibetan Buddhism around a thousand years ago) and Mongolians.
That would be fine, too, and reflects in part what MTA-STS is trying to do.
A point that may be obvious, but I would like to make explicit, is that unlike on web, end-users have no good way to express whether they prefer security over deliverability on a connection, which makes downgrade attacks more difficult to deal with. Everyone defaults to preferring deliverablity (falling back to plaintext). In the absence of user intent, it's more important for an email sender to know the recipient mailserver's intent: what level of security should they expect? This can be achieved at varying degrees through DANE, MTA-STS, or a "HSTS Preload List" equivalent for email, but there is currently no reliably deployed standard for this.
(edit: something I forgot to mention: of course, you'd have to trust the initial DNS lookup as well)
This is the model for internet/Facebook access in several sub-saharan African countries and others:
https://en.wikipedia.org/wiki/Free_Basics#Participants
They've partnered up with large telecom operators in these regions to offer zero-rated Facebook access.
The Guardian has a couple of decent writeups about it too:
A point that is brought up occasionally, but probably not enough: Deleting Facebook really isn't possible for a nontrivial percentage of the world population, since Facebook is the internet in some places. Their monopoly over internet infrastructure in some developing countries is such that people can't afford non-Facebook internet packages, and seems to disincentivize actual low-cost internet infrastructure from being built out.