BenLog - Latest Comments

Re: benadida@square

Casey Oppenheim — Mon, 29 Jul 2013 02:12:42 -0000

Congrats Ben! Square seems like a great company, and they're lucky to have you.

Re: benadida@vacation

Ivan Herman — Sat, 06 Jul 2013 06:09:50 -0000

Bonne chance pour ton prochain voyage:-)

Re: benadida@vacation

Kaitlin Thaney — Wed, 03 Jul 2013 21:03:12 -0000

best of luck, ben! i look forward to more baking. ;)

Re: no user is an island

LUV2SKICO — Thu, 20 Jun 2013 23:56:28 -0000

This snooping has been going on a lot longer than 9/11. The US government has long opposed export of effective technology to keep them from snooping. They placed strong cryptographic technology on the munitions export list regulating it the same as a weapon of war.

I remember the government persecution of privacy advocate Phil Zimmerman in the early '90s. He had the temerity to publish the cryptographic source code for PGP. As source code, it would be hard to force PGP to engineer in back doors like they apparently did with Microsoft (http://www.cnn.com/TECH/com.... Remember, this was all pre-9/11.

Re: no user is an island

Robert O'Callahan — Mon, 17 Jun 2013 05:59:42 -0000

I think Google Calendar and Facebook sharing can be done. Spam filtering's a hard one :-). I'll give it some thought; I don't want to waste any more of your time.

Re: no user is an island

Ben Adida — Thu, 13 Jun 2013 15:45:34 -0000

I guess I don't think it would be nearly that risky. Given how many aggressive viruses are out there on a regular basis, hiding among them is not that terribly hard.

As for services users rely on. Google email filtering. Google Calendar. Facebook sharing. And on and on. None of these can be done without trusting servers.

Re: no user is an island

Robert O'Callahan — Thu, 13 Jun 2013 10:23:14 -0000

I just don't see the possibility of a government like the US government deploying 0days against millions of users. That would be an incredibly risky strategy compared to harvesting data from servers.

When you say "most features users rely on today", what services are you thinking of?

Re: no user is an island

Ben Adida — Thu, 13 Jun 2013 10:02:22 -0000

Sure, they are more detectable. But in practice, I don't think they are sufficiently more detectable to make a big difference. I also don't think they are more preventable. 0days are on the market constantly.

At the core of your argument is the idea that we *can* make this better with technology, and I strongly disagree with it. Most features users rely on today require trusting servers.

Re: no user is an island

Ben Adida — Thu, 13 Jun 2013 09:59:51 -0000

Robert: maybe I didn't make the point clearly enough in that blog post :) It's not that I'm burnt out, it's that key management done by users is simply not a viable solution, in my opinion. PICL will help by giving you a password-derived key, so if you remember your password you're fine. But if you don't, you will lose some data. So we're discussing which data is okay to lose if you both forget your password and lose all your devices. Some data may not be okay to lose, and in that case we would store it in a recoverable way in PICL.

In other words, if we want certain features like recoverability, we have to trust servers.

Re: no user is an island

Robert O'Callahan — Thu, 13 Jun 2013 00:29:35 -0000

Reading your posts on "encryption is not magic gravy", I sense you're a bit burned out by the Sync key management issue (and you're not alone!). But maybe that's because you've been focused on the most challenging part of the problem: provisioning users with truly secret keys (modulo dictionary attacks against passwords), and secure authentication. Once we can rely on PICL and Persona to solve those, it seems to me it's relatively easy to rearchitect a lot of applications to distrust servers, with no additional UX overhead.

Re: no user is an island

Robert O'Callahan — Thu, 13 Jun 2013 00:14:59 -0000

I think it deflates your "naive" point a bit: "If government agencies believe they have the authority to monitor all
Internet traffic, would they hesitate to create viruses that infect and
monitor endpoints? Would they hesitate to force software and hardware
vendors to build secret backdoors into their products?" The answer is yes, they could do those things, but those kinds of attacks are less threatening because they don't scale so easily and are more detectable and preventable.

Re: no user is an island

Ben Adida — Wed, 12 Jun 2013 23:50:15 -0000

That's a fair point, though I'm not sure how much of a difference
that part can make in this particular discussion. Do you think there's a
big win in the surveillance game here? Certainly on the transport
front, yes!

Re: no user is an island

Eddiemaddox — Wed, 12 Jun 2013 23:49:12 -0000

Chess has "rules". If your opponent plays by those rules, great!
If not, then your opponent is not playing chess.

My colon surgeon did not play by the "rules" by not telling me
and getting my written permission before directly and intentionally
incapacitating my memory for approximately one half hour.

My cousin had an allergy testing nurse not play by the "rules"
by not reading my cousins' chart to check for alcohol allergy
before wiping my cousins' arm with an alcohol wipe!

So, "laws" are not much use if the sociological equipment (people)
they "run on" is malfunctioning by not following them.

Thank you,
Eddie Maddox

Re: no user is an island

Ben Adida — Wed, 12 Jun 2013 23:20:49 -0000

Richard: great question.

I do think there is something to solve: users should control their data and, short of transparent due process, that includes protecting it from the government.

I don't think there is a purely technical solution to this problem for lay users. Expert users may be able to defend themselves if they're particularly careful... but I don't think that's relevant to the conversation since I think we need to be thinking about most users.

Re: no user is an island

Robert O'Callahan — Wed, 12 Jun 2013 22:04:58 -0000

Ben's post is on Planet! That's how I found it :-)

Re: no user is an island

Richard — Wed, 12 Jun 2013 20:02:13 -0000

Oh, and I agree that most crypto fantasies fall down hard when faced with the realities of human social structures.

Re: no user is an island

Richard — Wed, 12 Jun 2013 19:59:37 -0000

I'm interested to know your thoughts on a possible next stage of this. Assume that either we fail to produce good law, or can assume that there is a layer circumventing the law that we know about. That is, you have *only* a technical framework within which to solve this problem; you cannot rely on government actors to behave in any way that you want them to. We can call this "the present day", I suppose. Do you think that there's no pure-technical solution, or no tech+education solution? Or do you reject the premise that there's something to 'solve', either due to a certain view on privacy, or a belief that all acceptable solutions have a legal component?

Re: no user is an island

Robert O'Callahan — Wed, 12 Jun 2013 18:52:03 -0000

I think there's a big difference between surveillance methods that leave no trace on the user's system and those that do. For example most governments could get a CA to issue them a certificate to MITM google.com, but that can be detected by endpoints and probably cannot be done at large scale without actually being detected. Similar for backdooring systems. We can improve our ability to detect and prevent such attacks, and they don't scale so easily, so I'm more willing to live with them.

I totally agree that whatever we do has to preserve UX. But it seems to me there's a lot we can do to reduce trust in servers while sticking to that constraint, and it's clearly worth doing.

Re: no user is an island

Doug Belshaw — Wed, 12 Jun 2013 17:21:27 -0000

Ben, that's what we're planning with Firecloud. Take a look and see if you think it looks promising

http://literaci.es/firecloud

I'm doug@ mofo :-)

Re: no user is an island

Monica — Wed, 12 Jun 2013 15:47:31 -0000

Ben, I could not agree more. Why are these not showing up on Planet? Please try to get them on there, there's way too much FUD coming out about Prism, we could use more public stabilizing influences.

Re: no user is an island

Sid — Wed, 12 Jun 2013 06:21:20 -0000

Also https://newsroom.fb.com/Fac... (FB is my employer)

Re: getting web sites to adopt a new identity system

FlightOfFancyBee — Wed, 15 May 2013 20:57:19 -0000

This is not a "login agent". It is a complete replacement for username/password fragile system. In fact I think this is a direct open source competitor to One Id. Have you even tried the demo? http://crossword.thetimes.c... Tell me the experience is the "same" as the facebook connect crap or etc..

Re: so what if torture works?

Andreas Kuckartz — Thu, 02 May 2013 14:21:28 -0000

Re: getting web sites to adopt a new identity system

Ben Adida — Wed, 01 May 2013 15:20:32 -0000

Hi Yehuda,

Interesting, you are the first web developer to suggest this. I think it may be because you know too much about the Web ;)

But seriously, let's dig in and be more precise. Is there a site on which you've considered implementing Persona? What does native Firefox support give you that would push you over the edge? Would you still implement it if you had native Firefox support, but no support on iOS?

Re: getting web sites to adopt a new identity system

Yehuda Katz — Wed, 01 May 2013 13:33:22 -0000

As a web developer, I can say without hesitation that native Firefox support for Persona would make me much more likely to adopt Persona. From my perspective. the primary advantage that Persona has over other identity solutions is the prospect of native Firefox support. Please prioritize this.