Brad Ideas - Privacy - Comments

It's not about security

J Harrell — Mon, 09 Jan 2012 08:54:05 -0800

It's (usually) not about security, it's about generating hits on their website. Marketing 101 believes that the more a customer interacts with you, the more likely they are to remain a customer or expand the relationship. If they just gave you the info you needed up front, you'd never see their web site at all and there would be no chance to cross-sell you all their other services. Ok, fine - at least give me a direct path to get that statement instead of hiding it under layers upon layers of menus and pages.

Deployment of encrypted mail

brad — Sun, 08 Jan 2012 22:25:03 -0800

Yes, it is not widely used. It is, however, fairly widely deployed, but few people have created keys.

I believe if the sites that sent all these annoying, “You have an E-mail, why don’t you log in to read it” E-mails instead offered to send encrypted and signed email using s/mime or PGP, with instructions for how to turn that on, I think a lot more people would deploy it.

However, I want something even easier, a box that says, “I use encrypted SMTP on my server, so since you had better use it too, I OK you sending me confidential e-mails to this address.”

This would actually enable a lot of folks. For example, now that gmail is all accessed via https, all users of GMail and similar services could turn on that box. That’s actually quite widely deployed.

Encrypted Email just hasn't made it

John Moore — Sun, 08 Jan 2012 10:12:05 -0800

I agree in general with your complaint, but have a few observations...

As far as I can tell, encrypted email just isn't in wide enough use. I am a long time developer with network and security experience, and I don't use it. None of my correspondents, including one whose profession is network security consulting, use secure email. It is one of those good ideas that hasn't come anywhere close to critical mass.

My flex benefit provider has a partial solution. They send me an encrypted PDF and I have to enter part of my associated debit card number to decrypt it. That seems reasonable.

BTW, another gripe I have is those that don't use enough security. The same outfit that sends me the encrypted PDF requests that I send them back data on medical expenses, but suggest FAX (somewhat secure but unreliable and clunky) or email with NO security.

Finally, another related issue. Lots of sites require that you provide data to use if you forget your password (favorite dog name, high school name, etc). I consider feeding this information to lots of sites to itself be a security hazard, especially when the site security is really not important to me.

...even sillier

josh — Sat, 07 Jan 2012 11:41:52 -0800

These systems often will often offer to email you a new access password in case you forgot yours, so anyone who can read your email can also get a new password to log into the system and read your waiting protected messages. In these cases, there *no* actual security/convince tradeoff - just 100% annoyance.

With no rational justification, I'd always assumed that there must be some legal reason why they do do this. Maybe by having you log in, they fulfill some requirement to deliver the communication to you that would would not be (at least legally) fulfilled by just blindly sending you the same communication in email?

The Universal Commercial Code has all sorts of rules about the timing of communications. Sometimes it matters when the signer sends it, other times when the receiver receives it- and it changes if the agent is a common carrier (like the US Post Office) or not. Maybe an expert on UCC could weigh in on how these rules apply when email is involved, and if this could be the cause of this behavior?

-josh

You seem to have nailed most of the reasons I didn't think

Baylink — Thu, 25 Aug 2011 17:38:33 -0700

that Diaspora would work. Did you write this before they announced?

What's on encrypted hard

Anonymous — Fri, 29 Apr 2011 00:45:46 -0700

What's on encrypted hard disks is none of their business. I am a crytographer, cryptanalyst for a government, and all my computers and laptop are encrypted with high levels of security and encryption. There is no way customs of any country would have me decrypt one of my laptops, ever. Because doing so would have me sent to prison for life in my country, as high treason charges. Some companies work in special areas (weapons, and high level industrial secrets) and do encrypt laptops that leave the company.

Double passwords

John — Wed, 16 Feb 2011 18:35:51 -0800

CitiBank does something very similar to what Brad suggested - if you wan t to do a wire transfer (a very hight fraud potential activity) you need to enter your additional info - the question varies (it's not a password but it does provide a second level of protection). CitiBusiness uses one time tokens but they won't let me assign a token to my personal account (lame).

Not dying

brad — Wed, 02 Feb 2011 11:00:00 -0800

Note that I am still going to post on robocars, but at lower volume, and avoiding areas of technology that might disclose confidential information or reflect a conflict of interest. Indeed, I cover so many topics here that you won’t be able to guess what Google is working on or not by what I do or don’t blog about.

Re: Working on Robocars at Google

Randy — Mon, 31 Jan 2011 05:46:03 -0800

Robocars have been a dream of mine for over 30 years now. Although I will miss your insights and essays, I hope your involvement with Google's team will create a better and safer Robocar that I can use...soon!

Good Luck,
Randy

after releases?

Russ Nelson — Sat, 29 Jan 2011 17:08:59 -0800

The typical NDA will release you when information has been made public. Do please tell us if you've contributed when something is announced!

Cell phone auth

brad — Tue, 18 Jan 2011 00:30:58 -0800

Yes, I say that’s the likely long term situation. Of course GSM is not hard to crack, and once we do use our phones for this, you can bet that attackers will move their resources into pwning phones, which gets easier the more we want the phones to do. But having yet another token is not a great answer.

Out of Band One Time Passwords

Dean — Mon, 17 Jan 2011 22:46:12 -0800

Reusable passwords are a loss in all ways. "Certificate" systems based on public key cryptography need a secure store for private keys, and PCs can be assumed to be 0wned by hackers, and the site needing authentication can't distinguish an honest Linux system or Mac from a lying Windows PC. Nobody really wants to carry around a keyring with dozens of OATH tokens hanging from it. The problem with card codes is that they're patented, and license terms are apparently expensive, so they're not often used despite their convenience and low actual cost. The US Treasury uses them for "Treasury Direct" bond purchases, though. But cards can be lost, and you won't notice if you don't use the account frequently.

The best system I've encountered so far is used by my bank, which sends a one-time-use PIN to my phone via text message. Leverages existing infrastructure, zero investment in user-carried stuff, easily revocable and reasignable, can't be lost or stolen without the user noticing; what's not to like?

Skype and servers

brad — Sun, 26 Dec 2010 07:04:41 -0800

The Skype trick has some merit, though some people are a bit bothered by it. In order to be superior to Facebook, it has to work from your mobile phone and laptop and desktop even when the others are off or disconnected from the net, just as Facebook and the rest do.

The question is, can you do that with the Skype supernode approach? With Skype, the calls go through the supernodes (and failed last week because of this) but they are encrypted end to end so the supernodes can’t listen. If you want to rely on the servers of random people to provide hosting and processing for your data, then they could possibly look at the data and publish strange things they find — a non-starter I think. You can’t do it all with zero knowledge operations.

Yes and no

Bjarni Rúnar Einarsson — Sat, 25 Dec 2010 11:21:07 -0800

Yes, for anything to take down Facebook et al, it has to actually be better, not just free-er.

However, I do disagree with the installing a server bit. It just has to be really easy.

People install software all the time - games, apps, networking tools like Skype. If anything, things like the Android and iPhone app stores are making this easier and more common.

The complexity of server software is not necessarily any higher than the complexity of something like a web browser or a word processing tool - making a server of some sort equally easy to install, use and keep secure/up-to-date is in no way impossible. Hard yes, but not impossible.

Arguably, companies like Skype are doing it already. They just don't tell people it's a server. :-P

A good step

brad — Thu, 23 Dec 2010 11:00:45 -0800

Though I remain convinced that to get adoption beyond the true believers, the final result must match or exceed what people get from facebook and similar sites in terms of ease of use, performance, abilities, and initially cost — ie. free.

Down the road I suspect people will pay for their own hosting to get better that what is offered free or free-with-ads. But it must be as easy to sign up as it is to sign up for facebook, which is a high bar but one that must be overcome. Having to set up a server yourself is a non-starter.