Virtually everything we work with on a day-to-day basis is built by someone else. Avoiding insanity requires trusting those who designed, developed and manufactured the instruments of our daily existence. All these other industries we rely on have evolved codes of conduct, regulations, and ultimately laws to ensure minimum …
"Both these options have their own significant problems. The centralised LastPass store is an unbelievably tempting target for every ne'er-do-well on the planet. Although it is defended by a team of über cyber ninjas, if LastPass should fall, everyone who uses it is screwed."
The LastPass hashes live in the cloud. All you have to do is download the client, feed it the password and it will fetch the hashes and install them locally. Your master password is not stored on the LastPass cloud, but a hash of that password is, so that you can authenticate and then download your password information.
That makes the whole thing a pretty damned tempting target. A hash is almost as vulnerable today as a plaintext password. It's pretty terrifying how quickly a well-trained cyrpto-cracker can wade through a list of millions of hashes and crack upwards of 95% of them in a few days. We like to ignore it, yet it happens with alarming regularity.
It doesn't matter if the hashes are stored in a database as hashes in the traditional sense, or an encrypted file filled with password info (which is probably worse, as it's a single attack point.) The point is that your information is wrapped up in increasingly easy-to-defeat encryption then stored centrally, alongside everyone else's.
As to storing them on my local machine being somehow "safe"...tell me, sir, are you 100% positive - willing to bet your finances, your job, your life on the fact - that your local machine is not compromised by malware? If you are then I invite you to please write an article for The Register detailing exactly how you know that. Nothing is really safe, it's just a question of which systems are worth the value to attack.
"As to storing them on my local machine being somehow "safe"...tell me, sir, are you 100% positive - willing to bet your finances, your job, your life on the fact - that your local machine is not compromised by malware?"
Nope.. and I haven't anywhere said that.
And if any children out there there think they can ever be safe, I recommend, reading about the exploits of Kevin Mitnick in Cyberpunk. It makes a nice bedtime story.
Hashes are much, much more secure when they are salted properly.
Each hash should use a unique salt.
This means that for a rainbow table attack, an individual table would have to be generated for each hash. This is very computationally-intensive and would make it uneconomical to crack a single password, for the vast majority of use cases.
Schemes based on this premise are already in wide use. I would hope that LastPass are among them.
Actually, if LastPass are using individual salting, then this is about the best protection a person can expect from PATRIOT snooping.
LastPass cannot know your passwords. If requested, they can only give up the hashes that they store. The US Gov would then have to go to extra effort to retrieve the actual security credentials. Individual salts make that largely not worth the effort.
Just a single character salt means that around 200 rainbow tables would have to be generated in order to crack a single password.
I suppose you could choose to only store hashes in the LastPass system, and add another layer of encryption with individual salts, secured by a different secret that only you control or see. I'm sure some software could be written to layer on top of the LastPass app to do this automatically.
You say "200 rainbow tables would have to be generated" like this was a barrier of some variety. I don't think you comprehend just how mind-bogglingly huge the compute resources of US.gov are.
Even as huge as the resources of US.gov are, there ARE physical limitations. Barring an exploit, a large collection of individually-salted credentials would take more time and energy than the human race can currently exploit. Further along, you run out mass and energy on the PLANET, and we're not even close to ready to exploit extra-planetary mass and energy resources.
Put it this way. As much as people believe there's a black helicopter for everyone, consider the cost of building one, then multiply by the number of people in the country, then factor in the available US budget, which IS finite and having some debt issues.
Again, you go back to "brute forcing is a measure of the crackability of a cypher." It's proven not to be true. Rainbow tables combined with knowledge about how people choose and create password can make cracking even the best algorithm's encryption relatively easy. Will you ever get 100% of the items you are trying to crack? No. You'll you walk through 90%+ with ease.
I don't think you really truly understand what a yottabyte datacenter is. I don't think you understand the raw scale of the decryption they can do in a facility like that. Not through brute forcing, but through other, simpler means.
I do wonder how we got into the position whereby our leaders, or moreover, the people behind our leaders care so little about the privacy and rights upon which most of our nations were founded.
>how we got into the position whereby our leaders, or moreover, the people behind our leaders care so little about the privacy and rights upon which most of our nations were founded.<
Because the media and Lumpenprole demand the sacrifice of freedom for security from pedo-drug dealer-turrorist-tax avoiders.
Fear, mostly ...
Boil it down, then distill the vapors therefrom, and one arrives at a simple fact: governments live in fear of their people. The follow-on fact: it is absurdly easy for a fearful government to incite fear in their people, of other people. All else is a by-product.
Nothing is secure
But if you want to get as close as possible, simply don't use online passwords at all.
And certainly not third party repositories of them.
I don't have mobile devices. If I want to log into my bank, I do it form one location behind a firewall over an HTTPS connection.
I have my own mail server. My mail is not held on anyone else's, bar the fact that it is in fact a VPS, so fleetingly before it gets downloaded to my own personal mail system it might be visible.
Maybe my home server is less secure than a professionally maintained cloud. Maybe the fact that its inaccessible from the internet means it is in fact far far more secure. Ditto my desktop machine. Short of burgling the house I don't see how anyone could get at the data.
I am the sysadmin they warned me about. You want secure and you want trust, if you can't trust yourself, who can you trust?
The internet will never be secure. Too many random people on have root access to too many machines. Use it sparingly, fleetingly and assume that in the limit, whatever you put out there is 100% available for someone else's scrutiny, and that someone, you can't trust.
100% security and trust you cant do. But anyone who wanders around with their data and means to access that data on a portable device deserves to lose it. Ditto if it is on someone else's cloud.
And, frankly, one persons private data on a couple of machines at a residential address are hardly a tempting target for the hacker.
Re: Nothing is secure
The internet will never be secure.
Very true but something increasingly being forgotten. Inevitable really. The longer you've been using it the more you accept it as part of life and become blasé. I use it a lot but I'm technical (going back to 1982) and although it's important to me - it's still a separate resource. I still have the mentality then when I'm going on line I'm going somewhere different and I modify my behaviour accordingly.
The internet remains - for me - something that I do rather than something that I am and that encourages me to be protective of my personal information. But that's just me. It's a viewpoint that seems to be becoming less common and therein lies a major problem.
Re: Nothing is secure
"And, frankly, one persons private data on a couple of machines at a residential address are hardly a tempting target for the hacker"
Unless that person happens to be [insert name of head of nation/MP/security service here]. Okay so Cameron lives at Number 10, but our MPs all have private addresses.
Your VPS's hypervisor is not an MTA. However, as it relays the network packets it could feasibly capture the plaintext from the SMTP communication.
You could enable SSL on SMTP for your mail server to help guard against this.
What are the possibilities for widespread, and reliable, biometrics?
Whipping out a smartphone or keyfob every 5 minutes is indeed a pain. Whipping out an eyeball every five minutes, less so. Really need to rephrase that last sentence.
Also, thanks for scaring the bejesus out of me re OSI layers. I've been preaching a mere 7 of the buggers all this time.
Biometrics are fine until someone manages to replicate your verification data. I'm reasonably good at thinking up new passwords; I'm less good on replacement eyeballs.
Biometrics are fine until someone manages to replicate your verification data.
Or decides your data is worth getting control of the original source - that is, your body. I'd rather have someone get illegitimate access to, say, my bank accounts by defeating a password system than by threatening me with bodily harm. But perhaps that's just me.
In general, the problem with biometrics is that several of the failure modes are tremendously expensive for the authorized user.
Biometrics are fine until someone loses an eye.
Any service that can hand you back a password you stored, will not store hashes - it has to store passwords using a revesible encryption. Thereby if the system is compromised, the attacker will have your passwords, not their hashes....
Thereby if the system is compromised, the attacker will have your passwords, not their hashes
If the key required to decrypt those passwords is not stored by that service, a breach of the service provider's systems need not be immediately catastrophic. A reasonably designed system need not involve any more risk than you might be exposed to if you lost a load of encrypted data. I couldn't tell you whether Lastpass counts as 'reasonably designed' or not, mind you.
You ever seen all these recent articles about malwares hiding in government installations for nearly a decade? The best malware stays silent and hidden, eavesdropping on network activity and then secretly sending off its results. If a malware sneaks onto the LastPass system, they can just listen for the credentials being passed online (and since it's at an endpoint, it's a point where it could avoid encrypted channels and hear a means of obtaining unencrypted credentials—either the user's master password or his master key).
Old Problem - getting fat now
What you see if the explosion. Its happened before. This was how computing islands exploded, and how in fact things like Novell and MS AD came about - computing structures combined under single sign on. There are single sign on entities out there, onelogin for example. As Trevor cites however, never before has such a system inherently been so attackable, or breakable by state forces. In the modern world, I'll pointedly state that as much as Trevor cites the US gov, this by extension today also seems to mean anything the US can do - China and others like to play as well.
So much so, I think that much of this is very wrong. The attractiveness of the cloud is over-riding security to an extent each of us has to have a reality check. Are you willing to write off security in exchange for this? Maybe you are, maybe you are not. You can run tightly controlled closed internal networks. If you pride security, then each of us have choices to make.
The equipment available means your own closed private networks can be done. And they were no so cheap to do.
US DHS has some advantage over China PLA
Although I suppose the PLA _could_extort your private info out of Google and the like by imprisoning Larry and Sergei until they knuckle under, it's a whole lot easier for US entities to do so. All espionage (or crime, or business) is subject to benefit/cost analysis. Unless you are doing something that makes it worthwhile for the malefactor to target you, you don't need to outrun the bear. Some malefactors get great discounts on operations within their own countries. Some give/get "friends and family" discounts too (NZ, UK, USA)
Of course, things could be so much simpler
If all the pointless password protected must log in to use sites realised that, for all practical purposes, a cookie would work just as well.
So many sites require registration that it's practically impossible to remember username/password combinations, and very few of them actually require this for anything other than user tracking.
"...a cookie would work just as well"
Are you suggesting that this would be as secure, or more so, than a password?
Re: "...a cookie would work just as well"
No he isn't. He's suggesting that the data protected by a password on many sites often isn't worth protecting to that level.
Does knowing "I am the same person that viewed your site last Tuesday" merit the creation of a username and password? The presence of a cookie is just as good a discriminator for tracking purposes as requiring a login.
Re: Of course, things could be so much simpler
And what if you log in from a different device or browser?
Re: Of course, things could be so much simpler
How many times does it matter if you log in from a different browser?
If you're moving money around, you need at a minimum a strong password and ideally a two-factor system. But practically every other function where a registration is required to use a service don't actually need one. You need a short-term token to say you're still the same person who started the process, but there's no need for *any* site to store your payment details; hence no need for user-facing security and no need for registration.
I need registration to prove I'm authorised to write this on El Reg, but does it really matter if I have to do it again when I get home and use a different machine? My point is that there are far too many sites which require registration for no good reason.
Re: Of course, things could be so much simpler
Sites require registration because they need to know who you are. This is how they make money and offer you free services.
In reality there's no simple fix to the problem of security and trust. A possible mitigation would be a <shudder>standard</shudder> for password structure. Part of the problem is the large number of different password rules. Most people could probably cope with one complex password. The trouble comes when that doesn't meet the rules for every site.
@ Tom Re: Of course, things could be so much simpler
"And what if you log in from a different device or browser?"
Use a sync service such as Firefox Sync. Not a problem for me.
To say Lastpass stores your password hashes is a bit disingenuous, it stores the result of three separate SHA256 hashing operations.
Lastpass in your BROWSER concatenates your email and your password (PW) together then generates a SHA256 hash this is your encryption key (EK).
The BROWSER plugin takes Your EK and concatenates this with your PW then generates a SHA256 hash and this is your authentication token (AT).
Your browser passes this to Lastpass to authenticate.
Your AT then is concatenated with a UNIQUE 256 bit random number ID (LPID) generated and stored by Lastpass at account creation, this is hashed with SHA256 to produce a unique string (US) which Lastpass compares to the US it stored with your LPID and encrypted password store.
Lastpass do receive the AT during authentication but they never store it only the result of the AT+LPID SHA256 hash is stored.
Re: Lastpass crypto
Whatever the handwaving, the end result is that your passwords are encrypted and stored in the LastPass cloud. When I download the client to a new computer and log in with my LastPass master password I instantly have access to my full database of password on that new computer. I can log in to anything I want.
That means that there is enough information on the LastPass cloud to reconstitute my username and password for every single website I have stored in there. There may be layers to the encryption, but encryption can be - and is - broken. I'm sure you're next going to trot out some obscenely long period of time it takes to brute force whichever set of algorithms were chosen. Let me save you the trouble.
You know and I know that encryption and password hashes both are rarely brute forced anymore. There are about eleventy squillion techniques ranging from the humble dictionary attach to pesudo-brutes using "common patterns" combined with various advanced dictionaries that will solve the overwhelming majority of decryption tasks. Brute forcing is rarely every necessary.
In a lot of ways, LastPass is even more vulnerable than a simple database of hashes because of the vulnerability of that master password. The Master Password has to be something a human can remember in order for the system to work. So even if the encrypted container/hashes/what-have-you on the lastpass side can't be bruted, the master password is highly vulnerable and thus so is everything it protects.
Look, I"m not bashing LastPass here. I wouldn't use it unless it kicked ass. It's probably the best defence we currently have. It is, however, not remotely perfect. If nothing else, it is vulnerable to the feds. They could walk through the LastPass defences like a hot knife through butter if they wanted to and there isn't a damned thing anyone can do about it.
So long as enough information exists in a a cloud service stored on United States soil to reconstitute my passwords enough to log in to online services then those passwords - and everything they are meant to protect - belongs to the United States government as surely as if I had written it all down on a sheet of A4 and left it in my pocket whilst crossing the border.
Re: Lastpass crypto
I know you're not knocking the lastpass service, it's just the information presented on how the service works is incorrect that's all.
I'm also not going to harp on about the n trillion years it takes to brute force a particular algorithm,
as I know the goalposts are always shifting in that respect, and actually I agree the weak point in any protection scheme is always going to be the master password.
If you follow the information I posted on how lastpass works you'd see that there isn't enough information on the lastpass site to reconstruct your master password.
Also the passwords for your websites the lastpass service stores are not hashes they are stored in one monolithic blob using the AES256 symmetric encryption algorithm, the decryption of your password blob is done locally in your browser by the plugin.
This discussion is actually moot as the target webserver (not lastpass) is usually the point of compromise, your password there IS hashed and is frequently hashed with weak sha1 or md5 which are functionally broken.
therefore the feds/goverrment/organised crime are more likely to go after the soft targets first.
Additionally, in the LastPass system, there could be some concept of authorising a new device (similar to Firefox sync). Put a certificate on the device once it is authenticated.
There could be a second password to allow this that wouldn't be needed on a daily basis and therefore could be more secure without becoming unusable.
@trevor and all interested should take a look at yubico's products. They are primarily designed to work with LastPass-alikes, but can be used without relying on a third-party cloud service. They are rather open (implement standards, most of the accompanying software is open source), which, to some degree, can solve the trust issue. I use their token to log into my machines locally, using challenge-response mode and open source PAM module.
I am not affiliated with them, just an enthusiastic user.
Whether anyone likes it or not, ISPs are going to have to start policing their users. It's not like they don't have the capability to perform packet inspection, and identify the ssh brute force attacks, and the site flooding attacks etc, etc.
Instead we live in a world where ISPs sit back claiming they're not responsible for the activities of their users, most of them ignore completely reports of abuse (I'm not even sure why many of them bother having an abuse email address, they certainly don't bother reading emails sent to them), and responsibility for the security of sites (and therefore the users of those sites) which are under constant attacks is left upto the site admins, and users are exposed to multiple risks from miltiple sources targetting them via multiple vectors.
The only long term solution is stopping attacks (as many as possible) at source. Maybe the ITU could piss away their time coming up with regulation to make 'anti-attack policing of users' an ISP responsibility, instead of dicking around with who controls IP addresses. Yeah I know, but it's good to dream....
Re: Policing users
So how do the ISP perform packet policing when their users increasingly use end-to-end encrypted channels like SSL? Or worse, encrypted-by-design networks like ToR, i2p, and freenet? How do you you DPI an encrypted packet?
This bit caught my eye in particular:
"End users buy into marketing campaigns designed to make us feel as though we are somehow suspicious and guilty for worrying about such things."
Yet they lap up dystopian fiction in the form of novels, films and TV series which lay bare all the reasons why they should be worrying about such things. It's almost as though some attempt has been made to infantilise them and stop them thinking about anything much more than entertainment. I wonder if there's anything about this in 'My Documents'.
Re: Interesting article
Re: "It's almost as though some attempt has been made to infantilise them and stop them thinking about anything much more than entertainment."
This is effectively true, but I am honestly not sure why/how. It may be that the majority of the Bell Curve is truly unable to understand the issues. Certainly only a very small percentage have a very deep appreciation of the issues. Also, in my experience, even very intelligent and motivated people have trouble understanding much about PKI, among other things. The tortured X.509 spec would seem to indicate that even the inventors of half this stuff lack a reasonable understanding.
Re: Interesting article
"Yet they lap up dystopian fiction in the form of novels, films and TV series"
exactly. Its just a movie so cant possibly happen. And if you think it can, your a conspiracy nut.
Id never considered this angle before, and ive no idea if its been constructed on purpose. But its quite clever
Deterministic Password Generators
An alternative are deterministic password generators that mean your passwords are never stored, not even their hashes. They are available from as many devices as the author of the tool supports. Still, if you are entering 100 passwords a day, they could be cumbersome.
Re: Deterministic Password Generators
But you'd still need the necessary credentials to pass into the procedural generator in order to reconstitute the password. If that information is smaller than the hash technique, it isn't worth it since they'll just try to retrieve the procedure parameters and then reconstruct the algorithm (likely through disassembly—and the procedure must be in memory for it to work, so there's no guaranteed way to hide it).
A few notes
Good article. The first step to solving a problem is to recognize it exists.
The discussion about hashes gives me the willies. I know there are some places where raw hashes are used to authenticate passwords and to the extent that it is possible to get those hashes, they offer no security at all. In recent times, though, I have not seen unsalted hashes. Salted hashes move the vulnerability back to the random store and that is often not too strong either. However, the need for (and difficulty of obtaining) a good random store is well known in the security community and this is certainly improving.
Security as we know it is likely gone. A concerted attack by a strong adversary is likely to succeed. There are a few things we can do about this. The first and most important is to change legislation such that ill-gotten information cannot be used. A second thing is to reduce what is required to an absolute minimum. When you go for a loan now, they pull credit bureau files with a ton of personal information. If, instead, they were obliged to go to your proxy, the proxy could insist that only the creditworthiness of the entity applying for the loan would be provided and that the proxy would indemnify against any default. In that scenario they only need to know that the credit is a 'go' and where to send the money. In a naive scenario (not even this data would be known in a practical system), you buy a car and the only thing the bank needs to know is the name of the dealer and the fact that the loan is good. They do not even have to know your name.
As of this point in time, most data is being held and transmitted in the clear. This allows attackers to determine which data streams to attack. That needs to change. We need to move to a culture where everything is encrypted such that source and destination and the size and the nature of the transmission cannot be determined by snooping the line (including side-channel attacks), the origin, the source or the nature of the transmission.
True security against a well armed attacker may well be impossible. However, more than reasonable security against most attackers is entirely possible. One of the reasons my paranoid self believes this is true is because the establishment that controls things insists on keeping key sizes down, insists on a woefully insecure network and still is madly attempting to create legislation to force intermediaries like ISPs to reveal 32 bit IP addresses-user pairs, to enforce weak encryption and to outlaw attempts to circumvent their own encryption.
Although I would not get too cocky about it, I expect a system with multi-megabyte key sizes using several different types of PK encryption, conventional encryption, unconventional encryption (i.e. added custom cyphers), nested salts, nested encryption, decoys and steganography, strong pseudo pads, etc would be secure against any direct attack on the encryption. This is not available to non-programmers, but it is certainly available to a significant subset of programmers.
Re: A few notes
A few notes on your notes
Some of your notes went over my head but here's what I got:
Your idea of loan proxies is effectively what a bank does at the moment. I lend my money to the bank (or they buy it on the money markets) they lend it to borrowers. I get a small return, the bank gets a much bigger one. I don't get to know who borrowed my money, but neither do I take the risk of an individual borrower going bust. (And if the all go bust then the Government covers the risk. And if the government goes bust then I have bigger worries than losing a few thousand of what is now a worthless currency)
When you ask a lender for a loan the reason they get all that personal information is they use it to determine how risky they think you are. Each bank has a different idea of what makes someone risky and so algorithm they use is different for every lender. They don't want anyone 'working the system' or copying their (obviously superior) algorithm so it is kept very, very secret. Banks have different risk appetites and like a mixture of different risk levels. If you lend with zero risk then your return is minimal, for this reason banks would would never go for exclusively using a proxy as they couldn't make enough money.
> As of this point in time, most data is being held and transmitted in the clear
Source? Depends what you are talking about I guess. If you mean credit bureau to bank then I don't have personal knowledge but would be very surprised if this was true. If you are talking websites then most I use on a regular basis are https.
> the establishment that controls things insists on keeping key sizes down, insists on a woefully insecure network and still is madly attempting to create legislation to force intermediaries like ISPs to reveal 32 bit IP addresses-user pairs, to enforce weak encryption and to outlaw attempts to circumvent their own encryption.
Who do you mean by the establishment? If you mean the Govt then, here in the UK at least, they seem to take it seriously. Pen testing for externally facing systems, GSI for emails, usb device ban other than encrypted devices. All laptops encrypted. Constant training on how to not leave sensitive info on the train. etc etc
> enforce weak encryption
I haven't heard of anyone trying to do this. Yes, in the UK, a Judge can force you to hand over your encryption keys (and yes the law is broken) but they haven't forced anyone to use crappy encryption.
> outlaw attempts to circumvent their own encryption
Are we talking Govt or private industry here? Yes they have DRM, no I don't like it, but from their point of view the west makes less physical goods and more IP so the IP needs to be protected to keep our economy going (If the IP holders decide to pay tax of course!)
> This is not available to non-programmers, but it is certainly available to a significant subset of programmers.
Then create a project/product. Make it user-friendly and shout to everyone why they need it!
Re: A few notes
Notes on your notes on my notes :)
Re: Your idea of loan proxies is effectively what a bank does at the moment.
No. The bank acts on their own behalf, not mine. Instead, I would like to see the data custodian acting as a fiduciary *on my behalf only* and for every other one of the hundreds of other entities holding data on me to have only that which they absolutely need to deliver the particular service. Unless you are engraving a name plate, you don't need my name.
The promiscuity of data that is more dangerous to individuals than they realize. The fact that anyone even thought to ask for people's facebook passwords as a condition of employment in the United States is cause for alarm. They could not ask for it if it effectively did not exist.
The Government is part of the problem. Governments appear to universally overreach their authority until stopped. They are, in my opinion, way, way, way beyond their legitimate boundaries. Blinding data and storing with a strong supra national proxy agent is an avenue to fixing that problem.
Re: the reason they get all that personal information is they use it to determine how risky they think you are
So they say. However, they do not expunge that data once they have made the determination. If you can give them the determination without the data, then there is not much they can say. An indemnified 'yes' to a loan will be picked up by somebody.
Re: algorithm ... is kept very, very secret"
Maybe, but since I am one of the people who has actually designed and built an engine to replace human adjudicators it is not rocket science (as I am not a rocket scientist).
Re: data is being held and transmitted in the clear
It effectively is. HTTPS is not secure if sites are using self-signed certificates. If they are, then they are open to a man-in-the-middle attack. Websites routinely (really) have self-signed certificates. Control over data is astonishingly lax. It is getting better due to privacy laws, at least here in Canada, but it is still not great. To the extent that they can make money by transmitting or misusing information, they still do to an alarming extent. I remember being in a meeting years ago with one of Canada's largest banks during which they were talking about misusing customer data so badly that we refused to do the project.
I am mostly talking about the U.S. government, which has a huge sway over the rest of us. Last I heard, they still controlled export of encryption stronger than 64 bits. The fact that they are concerned about encryption stronger than 64 bits indicates to me that significantly larger keys may be difficult or impossible for them to defeat.
Re: Judge can force you to hand over your encryption keys
That effectively lowers your encryption to zero bits. Sounds like crappy encryption to me.
Re: IP needs to be protected to keep our economy going
I do not consider feathering the beds of rent seekers as keeping our economy going. The rent seekers *told* you that, but did they offer any real proof that it is true? [Answer: no] If it was really true there would be a very cogent argument involving research data that conclusively proved that the unfortunately named 'IP' was definitely good for us all. Go ahead, see if you can find it among the billions of pages indexed by Google. The sole return from the search for "proof that IP protection is necessary" returns a page were they offer this hearsay assertion: "As proof that IP protection is necessary to the process of technology transfer, IDEA points to the successful dissemination of cell phones". Huh? That is not 'proof' by even the most forgiving of standards. Meantime, a Google search for "how to make an atomic bomb" returns nearly a quarter million hits. Seriously, do the math. An entire industry is behind suing over 'IP'. You can bet that if they actually had any sort of reasonable argument the argument would be front and center. You would surely get more hits than for recipes to make atomic bombs. I have taken a long look at the Sturm und Drang surrounding so called 'IP' and I have never seen a sensible argument in favor of the current Copyright and Patent regimes. The vast majority of creators would give up any right to copyrights or patents in a heartbeat if they understood what the trade meant. Give up a tiny trickle of income and gain access to all the world's art and music, science and literature and remove the 'IP' tax from goods and services -- not just for yourself, but for everybody.
Re: Then create a project/product. Make it user-friendly and shout to everyone why they need it!
I think you might be joking here, but if not: you can't trust me. If you need to depend upon me, then you don't really have that security. I did at one point make a drag and drop interface to encrypt text and may make it available again. However, you are then stuck trusting me (or someone who vouches for me or the code). You already have lots of choices for something like that. My point is, unless you can do it yourself, you cannot be sure it is not compromised.
Re: A few notes
Here are some more:
>I would like to see the data custodian acting as a fiduciary *on my behalf only*
On your behalf as a borrower presumably. If they can't act on their own behalf they they must be a non profit. So you are asking for a non-profit bank, or simply a bank with higher standards of data security?
Alternatively maybe you want these data custodians to be ratings agencies for individuals. However ratings agencies aren't held responsible for their recommendations and risk isn't an exact science so their recommendations are usually crap anyway. If the data custodian is forced to guarantee a loan they will probably only lend to very very safe borrowers and charge a high margin to cover when they get it wrong.
Their ability to rate borrowers is what makes each bank unique and why they offer different interest rates. If they can only offer loans to these indemnified borrowers then it's just a race to the bottom in terms of returns.
>An indemnified 'yes' to a loan will be picked up by somebody.
True, but what happens to people who want a loan but the data custodian refused to indemnify their loan? Is it because the borrower is too risky for a loan, or they are too risky for the data custodian, or the data custodian made a mistake or had a bad risk algorithm?
What if there is a lender who disagrees with the data custodian and is willing to take the risk on this borrower (or would if they knew the details/credit report)? You seem to be suggesting one large data custodian, if effect this is destroying the loans market and would result in increased rates for everyone.
>Unless you are engraving a name plate, you don't need my name.
Well someone needs your name, if this data custodian came into existence then no the bank wouldn't need your name, but the data custodian would.
>However, they do not expunge that data once they have made the determination.
They would need to keep your contact details, but the rest should not be kept. If it is their the data protection watchdog should give them a kicking.
Side note: Have you heard of zopa? Its a 'peer-to-peer' lending scheme here in the UK which appears to do what you are suggesting without the indemnity. They do credit checks on borrowers and split them into risk groups. Lenders then sign up and offer to loan money out to the groups at different rates. Lenders get better rates than at the bank, borrowers get better rates than at the bank. Zopa make a margin. People seem to like it as it identifies banks as a greedy middleman and bypasses them, but if a borrower defaults the lender loses out.
>The fact that anyone even thought to ask for people's facebook passwords as a condition of employment in the United States is cause for alarm.
This is a whole other thread, yes employers asking for facebook passwords is wrong (and if you give them over breaking the TOS). The simple answer is say no and work for a less creepy boss (hey I did say simple answer).
>They could not ask for it if it effectively did not exist.
True, but some people want to use facebook. Just because some dodgy employers are making unacceptable demands does not mean innocent people should have facebook taken away from them.
>I am mostly talking about the U.S. government, which has a huge sway over the rest of us.
>controlled export of encryption stronger than 64 bits
From what I understand this is a handup from old weapon export laws but isn't enforced.
>That effectively lowers your encryption to zero bits. Sounds like crappy encryption to me.
But only on a court order, which one would hope was carefully considered. Unless you are seriously suggesting law enforcement should never have access to any encrypted data. Could you imagine how badly this could be for society. On the other hand if it became too easy for 'them' to get private data it could be equally bad for society. (and I did say this was a broken law)
>The vast majority of creators would give up any right to copyrights or patents in a heartbeat if they understood what the trade meant. Give up a tiny trickle of income and gain access to all the world's art and music, science and literature and remove the 'IP' tax from goods and services -- not just for yourself, but for everybody.
If your sole income came from being a creator; authors, song writers (not necessarily performers), artists and computer programmers are a few examples that come to mind, then I bet you wouldn't agree to this. Lose your income but get other art etc for free, Great but you can't eat art.
Unless you are referring to a utopian vision where physical goods are free then this isn't going to fly.
What about a company that designs advanced computer chips, or any industry that take a huge investment to produce a new good. Are you seriously suggesting that anyone with manufacturing capability should be able to grab their designs and start selling?
Current copyright and patent laws are not perfect (to somewhat understate the situation) but what they are mean to do (protect innovators for a *limited* amount of time so they can turn a profit before their competition gets their innovation for free) is a fine goal.
>Re: Then create a project/product. Make it user-friendly and shout to everyone why they need it!
>I think you might be joking here, but if not: you can't trust me. If you need to depend upon me, then you don't really have that security.
Yes it was half tongue in cheek statement. More a dig at the open source believe that everyone can code and many eyeballs makes for safe code.
On a more serious note: above you were talking about someone acting as a fiduciary and that takes trust. So yes somewhere along the line you need to trust other people. You can't survive without it.
>My point is, unless you can do it yourself, you cannot be sure it is not compromised.
And unless you are the worlds expert on encryption (and cracking of) you can't have reliable security.
How do you write code? Because unless you wrote the compiler yourself...
Re: A few notes
Huh. I will take responsibility for my poor explanation I suppose.
You appear to believe that access to information to data is a zero-sum game of sorts. It is not. You also seem to think it is OK to participate in the 'artificial scarcity economy' as long as you are one of the winners and not one of the losers. You also place more than a little trust in officialdom and the 'party line'.
We fundamentally disagree with respect to the above and it is a disagreement unlikely to be resolved.
Data is valuable. Data about me is worth money. It is bought and sold all the time. A clever geek can do a statistical analysis with data from data mining operations. If there exists a correlation between increased mortality and some data element related to me, that is worth money to an insurance company. They will prosper by selling insurance to me at a higher rate or save money by not selling a bad police. This is good for the miner and good for the insurance company, but it is bad for me. It is my data and any value it has properly resides with me.
A fiduciary that acts exclusively on my behalf can see to it that only the barest information necessary goes from me through them to a third party. A large well funded agent working for me will be able to negotiate better terms than I could on my own. To the extent that they create value, we will share it. For the agent, it will be a profitable business.
Privacy is a security issue. To the extent that banks are attempting to use my data beyond the purpose that put it into their hands, the banks are an attacker. I work with financial institutions and I can assure you that they look to profit from any data they can gather and they do *not* expunge anything unless forced to do so.
To the extent that a single bank might cheat or even accidentally lose custody of my data, they present a finite risk. To the extent that that the number of banks who have my data increases, so does my risk.
My agent has a legal duty to act as a fiduciary, because by definition that is our relationship. In Canada, at least, the banks have fought very hard so they do not legal have legal obligations as fiduciaries. They are under no legal obligation to give you fair and sound advice about their products or your financial planning. If they give advice that improperly enriches them at your expense, it is fair game. I know this for a fact because I have been in that position personally and I was astonished to find it was true when I went to recover my money.
Currently, financial institutions skirt the Criminal Code. If they were allowed to do worse, they would.
Re: Someone needs your name.
Sure, my friends and my family need to call me something. I like having a name. It's tradition! However, a telemarketer only needs my name for his benefit and his benefit comes at a cost to me. I don't want him to have it. The bank does not need a name to transfer money, they need an account. I don't type my name into an ATM machine to withdraw cash. It does not need it. Nowhere, in the software systems I have seen (I have worked with a lot of large financial institutions) is there a routine that requires particular ASCII characters in a name to manipulate accounts.
Re: If it is their the data protection watchdog should give them a kicking.
What should be and what is are not the same thing. In practice, our watchdogs serve them, not us.
Re: does not mean innocent people should have facebook taken away from them
Was not talking about taking facebook away. Was talking about making employer access to it impossible. The simple way would be to broadly make such requests a criminal offense.
Re: old weapon export laws but isn't enforced.
Yea, we have a lot of that going around. It is not OK. Making everyone a 'virtual criminal' allowing selective enforcement is even worse than enforcing the law.
Re: But only on a court order, which one would hope was carefully considered.
I trust the courts more than I do the executive and the legislature, but I do not entirely trust them and do not want to be forced to trust them when it is not necessary.
It may be OK for you trust your security to wishing and hoping. It is not OK for me. Better to make this simply impossible to make sure cheating can't happen. We currently have less to fear from criminals than we do from the State and powerful Corporations. They currently take, by force, under color of 'law', almost everything you earn. Criminals might rip you off for a few percent of your income.
Possible without my permission = too easy.
Re: If your sole income came from being a creator ...
It does. Removing copyrights would have little to no impact on that income and incalculable benefits otherwise. I am paid to create software that people use to automate things they are already doing to create things of value. The one thing that I wrote that is in wide use is open source library code that was funded by government research grants. Everybody wins there. I know lots of creative people and they generally make their bread and butter with an honest days work that the community will continue to fund. This is like arguing that we should not automate stuff because it will put people out of their menial labor jobs. It is a false choice to say that people must either slave away their lives at menial jobs or go hungry. They can (a) move to jobs automating things like me and (b) work less because the automation reduces the labor necessary to produce a given output.
Re: Unless you are referring to a utopian vision where physical goods are free then this isn't going to fly.
The world can be a better place, of that I am sure. Mining and manufacturing to produce goods do not require Copyrights and Patents. Farming not only does not need them, it is negatively impacted by them. Eliminating patents on genes would mean more food and medicine, not less.
Re: Are you seriously suggesting that anyone with manufacturing capability should be able to grab their designs and start selling?
Yep. Aggregate wealth increases when information is free to move and everyone is free to use the best techniques available.
Re: is a fine goal.
Not so sure that creating a lottery race to patent human genes has any value. To the extent that goals are fine, Copyrights and Patents hinder rather than help. You would be appalled if you started to seriously drill into the patent system.
Re: a dig at the open source believe that ... many eyeballs makes for safe code.
Nobody in the know seriously disputes this. Entirely secret security systems cannot be trusted at all.
Re: fiduciary and that takes trust
Trust but verify and only trust what you must. I do not trust a sole fiduciary either. Anything important is always secured by multiple custody. As single combination won't open a bank vault. You have to trust the two parties holding the combinations together, but you do not have to trust each of them separately. In modern encryption systems we can spread custody to an arbitrary 'm' of 'n' custodians such that, for instance, it takes the cooperation of 7 out of 10 key holders to open the vault.
When I say you can't trust me, I am standing as proxy for any party providing encryption.
Re: encryption skills and untrustworthy compilers
I can definitely produce code to encrypt on 1Mbit keys, do 'm' of 'n', PKI, etc. I use a compiler for which I am able to compile the source in most cases. If you have access to the source, you can (albeit with some difficulty) defend against various compiler attack strategies. You do need a certain level of skill, but it is not *that* difficult to get as good as you can off the shelf with the added trust that you compiled the code yourself. The back-doors I worry about are deliberate cryptographic weaknesses in key schedules, key sizes, randomizers and similar design characteristics. There are ways, definitely, for a careful journeyman programmer to improve on out of the box pre-compiled code.
Simple technique to increase cypher strength
I am not sure why I have not seen this before, but it has been a part of my encryption strategy for more than a decade to randomly generate a portion of the encryption key such that even the party with the key has to spend some time guessing the entire key. This allows you to arbitrarily increase the CPU effort required at the other end such that, for instance, 15 years later when computers are generally a thousand times more powerful, the effort remains the same because more of the real key is replaced by random bits.