Main Area and Open Discussion > Living Room
For better security, maybe it's time to abandon e-mail?
40hz:
@Wraith - didn't I say "metaphore" earlier? ;D
I'm of the opinion we don't need something else. We need something new. 8)
wraith808:
Just for conversation's sake... what would that look like from the abstract? Maybe we can hash it out? Any thoughts?
My requirements for adoption are simple. Not real-time, and not brief form- though it would support almost real-time and brief form communications.
40hz:
This to me is a people problem.
-Stoic Joker (December 22, 2014, 09:18 AM)
--- End quote ---
Absolutely. It always is.
Reduced to its essence, the main problem boils down to the fact there are basically three types of people in this context:
* people who just want to use and enjoy their computers
* people who want to sell these people software and services to run on their computers
* and people who want to fuck with the people who use computers
None of that is going to go away.
But if we can curtail the range of motion and minimize the opportunities for harm from that third group, that's a decent enough win. And probably as good as it will ever get short of caving in and instituting a fully regulated and monitored global network. Which is a cure far worse than the disease. Especially now that we know our own governments are in the habit of straying more and more into that third group of people. So handing them the keys and absolute authority won't help matters. It will only make things worse by an order of magnitude.
But that's not to say we need to roll over and accept what we currently have as the way things are or need to be.
No system will likely ever be completely secure. But almost everything we're currently using could be made considerably more secure. Because we don't need a "perfect solution." A better one will more than do for starters - even if it doesn't catch all boundary cases.
Getting one user's data is probably not ever going to be completely preventable. But getting things to where obtaining one user's data no longer so easily allows you to use that subset to get at every other user's data certainly is. That's just employing better engineering. Like our electrical codes - they can't prevent every single fire or accident. But they do reduce the number of incidents to a very tiny statistical probability. Because they contribute to enforcing "known good" standards and "best" practices that minimize the damage when an incident actually does occur.
And that's good enough for day to day use AFAIC. :Thmbsup:
40hz:
Just for conversation's sake... what would that look like from the abstract? Maybe we can hash it out? Any thoughts?
My requirements for adoption are simple. Not real-time, and not brief form- though it would support almost real-time and brief form communications.
-wraith808 (December 22, 2014, 12:12 PM)
--- End quote ---
So far we have:
* not real-time - but timely
* not restricted to brief form
I'll add:
* fully decentralized - no persistent servers or trackers
* non-logging protocol
* encrypted end-to-end, with primary encryption done on the local machine -
(note: additional encryption layers may also be added further down the chain)
* some type of "trust" mechanism between peers to minimize risk of "man in the middle" attack vector
which ideally would also serve to identify "poison" peers
* mechanism to identify tampering attempts with messages
* integral tombstone/self-destruct mechanism available for all messages with "delete after reading" as the default. "Save this message?" must be specifically invoked (a simple push button, check box, or right-click will do) for each message in order for it to be retained.
* to preserve message store security, encryption is "always on." Messages are only in an unencrypted state when being displayed. Unopened messages are left encrypted. Saved messages are automatically re-encrypted on close. Deleted message are zero overwritten in background.
What else?
SeraphimLabs:
A secret is safe with three, if two are dead. This is the only thing that struck me regarding the Sony/Email fiasco.
The message format/fact that it was an Email is IMO irrelevant. Because... If there exists a document, that contains damning/damaging information - that you have within your power the option of destroying with impunity - what the hell did you save it for?!?
This to me is a people problem.
-Stoic Joker (December 22, 2014, 09:18 AM)
--- End quote ---
Its also a legal problem. Strictly speaking you are required by law to keep record somewhere somehow of all company internal written communications as much as is practical. At least in my understanding of business law anyway- I've seen quite a few cases where the courts order a company to present such.
Thus they were legally obligated to keep that information on record becase on the off chance they got investigated, it could be held as evidence in the courtroom and whoever was involved would be effectively screwed by the discovery of its contents.
All that happened here was that a hacker simply did without proper warrants what a courtroom could order if it suspected illegal activity happening under Sony's roof.
Even if it had been a message carried over the bitcoin blockchain, a hacker could have compromised the private key of an endpoint and still leaked that same message.
Just the nature of the beast- if it is connected to the internet, it is with certainty hackable.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version