Main Area and Open Discussion > Living Room
Knight to queen's bishop 3 - Snowden charged with espionage.
IainB:
There is an announcement dated 2015-05-05 on the Google Cloud Platform blog:
Announcing Google Cloud Bigtable: The same database that powers Google Search, Gmail and Analytics is now available on Google Cloud Platform
Amongst the verbiage, it gives a list of "key benefits", which list also makes the classic confusion of features with benefits. One of these "benefits is described thus:
Security: Cloud Bigtable is built with a replicated storage strategy, and all data is encrypted both in-flight and at rest.
--- End quote ---
Pretty impressive, eh?
Yes, but it set my BS alarm off. What exactly does "in-flight and at rest" mean? Well, it's using ambiguous clichés, so it could mean anything you wanted, or more probably it means nothing, but the desired implication would seem to be that everything is safely encrypted and cannot be decrypted or viewed by other parties. So why didn't they just say so? Probably because if they did say that, it would not be true/provable, and they don't want to lie about it because it could not be confirmed in contract, and they know that very well and so just obfuscate instead. Heck, this "announcement" is only a marketing puff, after all.
In other - possibly related - news, it might not have escaped your attention that Dropbox have announced that they are setting up data storage farms in Ireland to house all the data belonging to their business users and other paying customers outside of North America.
Now why would they do that? ;D
Renegade:
There is an announcement dated 2015-05-05 on the Google Cloud Platform blog:
Announcing Google Cloud Bigtable: The same database that powers Google Search, Gmail and Analytics is now available on Google Cloud Platform
Amongst the verbiage, it gives a list of "key benefits", which list also makes the classic confusion of features with benefits. One of these "benefits is described thus:
Security: Cloud Bigtable is built with a replicated storage strategy, and all data is encrypted both in-flight and at rest.
--- End quote ---
Pretty impressive, eh?
Yes, but it set my BS alarm off. What exactly does "in-flight and at rest" mean? Well, it's using ambiguous clichés, so it could mean anything you wanted, or more probably it means nothing, but the desired implication would seem to be that everything is safely encrypted and cannot be decrypted or viewed by other parties. So why didn't they just say so? Probably because if they did say that, it would not be true/provable, and they don't want to lie about it because it could not be confirmed in contract, and they know that very well and so just obfuscate instead. Heck, this "announcement" is only a marketing puff, after all.
-IainB (May 06, 2015, 08:24 AM)
--- End quote ---
DISCLAIMER: I worked at ESTsoft many moons ago.
ALPass, from ESTsoft, was unforgiving if you forgot your password. It's a password manager where you have a master password for the database. The online version stored your password database in ESTsoft's servers.
The thing there was that all encryption was done client side, so ESTsoft never had your password.
I talked with the director once about it and he said that they didn't ever want to have that password, even for recovery purposes.
Now, how does that relate to the above "in-flight at at rest"?
I take "at rest" to mean that data is stored encrypted, like with ALPass. The "in-flight" part I would take to mean an additional layer of encryption for when data is transferred between a client and server.
But, that's just conjecture on my part.
So, is there some BS going on? Very well could be. Perhaps I'm looking at it the wrong way, i.e. through the eyes of an honest developer. :) :P
In other - possibly related - news, it might not have escaped your attention that Dropbox have announced that they are setting up data storage farms in Ireland to house all the data belonging to their business users and other paying customers outside of North America.
Now why would they do that? ;D
-IainB (May 06, 2015, 08:24 AM)
--- End quote ---
Heh! :)
I've not kept up with Ireland's data laws, but my guess is that they are very pro strong encryption and privacy.
It would make good business sense for anyone actually interested in serving customers. 8)
IainB:
I wasn't sure whether this came under the category of "silly humour" or "Snowdengate", but either way it made me smile:
Microsoft Invests In 3 Undersea Cable Projects To Improve Its Data Center Connectivity | TechCrunch
I guess this sort of thing is increasingly likely to happen, as US Cloud-hosting corporations attempt to at least give things a semblance of "wanting to be seen to be not in league with the NSA" and so start planting their data centres offshore of the North Americas.
It will be interesting anyway. There could be far more capacity in those cables than MS would be likely to need...
Maybe MS is about to offer telco services too? :tellme:
Some people (not me, you understand) might query whether the NSA will be connecting to these cables as they are being laid, or afterwards; however, I couldn't possibly comment.
TaoPhoenix:
And ... some of the over-reaching provisions are starting to expire and lapse! Yay!
And then someone's spin doctor got the green light, because the following is among the most inflammatory writeups of that event I have ever seen!
>:(
http://news.yahoo.com/senate-takes-house-bill-fails-070641402.html
"Senate takes up House bill but fails to avoid spying lapse"
(THAT headline?! Really?!)
The rest of the article is more slanted than a snow-resistant roof on a house!
IainB:
This Slashdot item made me wonder "Why is this news?":
Two Years After Snowden Leaks, Encryption Tools Are Gaining Users
Patrick O'Neill writes:
It's not just DuckDuckGo — since the first Snowden articles were published in June 2013, the global public has increasingly adopted privacy tools that use technology like strong encryption to protect themselves from eavesdroppers as they surf the Web and use their phones. The Tor network has doubled in size, Tails has tripled in users, PGP has double the daily adoption rate, Off The Record messaging is more popular than ever before, and SecureDrop is used in some of the world's top newsrooms.
_____________________________
--- End quote ---
...and then today, I read this rather interesting post from Lauren Weinstein's Blog:
Lauren Weinstein's Blog: Falling Into the Encryption Trap
(Extracts below copied below sans embedded hyperlinks/images.)
...But in some of the attitudes I see being expressed now about "forced" encryption regimes -- even browsers blocking out fully-informed users who would choose to forgo secure connections in critical situations -- there's a sense of what I might call "crypto-fascism" of a kind. ...
...
...Yes, we want to encourage encryption -- strong encryption -- on the Net whenever possible and practicable. Yes, we want to pressure sites to fix misconfigured servers and not purposely use weak crypto.
But NO, we must not permit technologists (including me) to deploy Web browsers (that together represent a primary means of accessing the Internet), that on a "security policy" basis alone prevent users from accessing legal sites that are not specifically configured to always require strongly encrypted connections, when those users are informed of the risks and have specifically chosen to proceed.
Anything less is arrogantly treating all users like children incapable of taking the responsibility for their own decisions.
And that would be a terrible precedent indeed for the future of the Internet.
_____________________________
--- End quote ---
This thought had struck me a few months back, in the form of: "If everybody is obliged to have, or is persuaded that it is a "Good Thing" and that they need to have highly secure and encrypted communications, then this could effectively be a de facto way of censoring sites deemed officially as being "undesirable" or "risky", and before we knew it we would have embraced the Corporate State's control of our Internet freedoms.
I had dismissed this idea as being too paranoid and unlikely, but now I'm not so sure.
So, the first supposed "news" quote - Two Years After Snowden Leaks, Encryption Tools Are Gaining Users - could just be part of a steady drip, drip of propaganda that may become a torrent...
This could mean that we're likely to be forcefully and fully censored and have our communications spied upon by the proprietary gatekeepers - by an "iron fist in a velvet glove" approach - whether we want it or not.
I'm sure it'll all be in our best interests.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version