Joho the Blog » 2009 » May

May 26, 2009

[berkman] Chris Soghoian on privacy in the cloud

Chris Soghoian is giving a Berkman lunchtime talk called: “Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era,” based on paper he’s just written. In the interest of time, he’s not going to talk about the “miscreants in government” today.

NOTE: Live-blogging. Getting things wrong. Missing points. Omitting key information. Introducing artificial choppiness. Over-emphasizing small matters. Paraphrasing badly. Not running a spellpchecker. Mangling other people’s ideas and words. You are warned, people.

Pew says that “over 69% of Americans use webmail services, store data online, or other use software programs such as word processing applications whose functionality is in the cloud.” Chris’ question: Why have cloud providers failed to provide adequate security for the customers. (“Cloud computing” = users’ data is stored on a company server and the app is delivered through a browser.)

He says that providers are moving to the cloud because they don’t have to worry about privacy. Plus they can lock out troublesome users or countries. It lets them protect patented algorithms. They can do targeted advertising. And they can provide instant updates. Users get cheap/free software, auto revision control, easy collaboration, and worldwide accessibility. Chris refers to “Cloud creep”: the increasing use of cloud computing, its installation on new PCs, etc. Vivek Kundra switched 38,000 DC employees over to Google Docs becore he became Federal CIO. “It’s clear he’s Google-crazy.” Many people may not even know they’ve shifted to the cloud. Many cloud apps now provide offline access as well. HTML 5 (Firefox 3.5) provide offline access without even requiring synchronizers such as Google Gears.

Chris says that using a single browser to access every sort of site — from safe to dangerous — is bad practice. Single-site browsers avoid that. E.g., Mozilla Prism keeps its site in its own space. With Prism, you have an icon on your desktop for, e.g., Google Docs. It opens in a browser that can’t go anywhere else; it doesn’t look like a cloud app. “It’s a really cool technology.” Chris uses it for online banking, etc.

Conclusion of Part 1 of Chris’ talk: Cloud services are being used increasingly, and users don’t always know it.

Part 2

We use encryption routinely. SSl/TLS is used by banks, e-commerce, etc. But the cloud providers don’t use SSL for much other than the login screen. Your documents, your spreadsheets, etc., can easily be packet-sniffed. Your authentication cookies can be intercepted. That lets someone login, modify, delete, or pretend to be you. “This is a big deal.” (The “Cookie Monster” tool lets you hijack authentication cookies. AIMJECT lets you intercept IM sessions; you can even interject your own messages.)

This problem has been wn since August 2007, and all the main cloud providers were notified. It took Google a year to release a fix, and even so it hasn’t been turned on by default. Facebook, Yahoo mail, Microsoft, etc. don’t even offer SSL. Google says it doesn’t turn it on by default because it can slow down your computer, because it has to decrypt your data. But Google does require you to use it for Google Health, because the law requires it. To get SSL for gmail, you have to go 5 levels down to set it.

So, why doesn’t Google provide SSL bu default? Because it takes “vastly more processing power,” and thus is very expensive for Google. SSL isn’t a big deal when done on your computer (the client computer), but for cloud computing, it would all fall on Google’s shoulders. “If 100% of Google’s customers opt to use SSL, it sees no new profits, but higher costs.” “And Google is one of the better ones.” The only better one, in Chris’ view, is Adobe, which turns it on by default for its online image editing service. [Here's a page that tells you how to turn on SSL for a Google Accounts account.]

Chris thinks that cloud computing security may be a type of “shrouded attribute,” i.e. am attribute that isn’t considered when making a buying decision. But, Chris says, defaults matter. E.g., if employees opt employees into a 401K, no one opts out, but if you leave it to employees to opt in, fewer than half do. Facebook, for example, seems to blame the user for not turning privacy features off. “Users should be given safe services by default.”

Part 3: Fixing it

Chris draws analogies to seatbelts and tobacco legislation. He recommends that we go down the cigarette pathway first: Raise publice awareness so that they demand mandatory warnings for insecure apps. E.g., “WARNING: Email messagew that you write can be read, intercepted or stolen. Click here to turn on protection…” [Chris' version was better. Couldn't type fast enough.]

Or, if necessary, we could pass regulations mandating SSL. T he FTC could rule that companies that claim their services are safe are lying.

Q: [me] How much crime does this enable? A: The tools are out there. But there's no data because intercepting packets leaves no traces.

Q: How about OpenID?
A: The issue of authentication cookies is the same.

Q: Should we have a star rating system?
A: Maybe.

Q: The lack of data about the crime is a problem for getting people to act. Maybe you should look at the effect on children: Web sites aimed for children, under 18 year olds using Facebook…
A: Good idea! Although Google’s terms of service don’t allow people under 18 to use any of their services.

Q: People also feel there’s safety in numbers.

Q: How much more processing power would SSL require from Google?
A: Google custom builds its servers. Adding in a new feature would require crypto-co-processor cards. I don’t think they have those. They’d have to deploy them.

Q: There are GreaseMonkey scripts that require FB to use SSL. Worthwhile?
A: FB won’t accept SSL connections.

Q: Google Chrome’s incognito mode? Does it help with anything?
A: It helps with porn. That cleans up your history, but it doesn’t encrypt traffic.

Q: The vast majority of people where I live don’t lock their house doors. And [says someone else] people don’t lock their mailboxes even though they contain confidential docs.
A: Do you walk around with your ATM PIN number on your forehead? Your bank uses SSL because it’s legally responsible for electronic break-ins, whereas Google isn’t.
A: The risk is small if you’re using a wired ethernet connection or a protected wifi connection.

Q: With seatbelts and smoking, your life’s at risk. For Gmail, the risk seems different. There aren’t data, screaming victims, etc. It makes the demand for regulation harder to stimulate.
A: The analogy doesn’t work 100%. But I think the disanalogy works in my favor: It’s hard to have a cigarette that doesn’t harm you, but it’s easy to have a secure SSL connection.

Q: Shouldn’t business care about this?
A: Yes, CIO’s can make that decision and turn on encryption for the entire org. Consumers have to be their own CIOs.

[from the IRC] Maybe the govrnment wants Google to be insecure to enable snooping.
A: Allow me to put on my tin foil hat. Last year the head of DNI said that the gov’t collects vast amounts of traffic. We don’t know how they’re doing it, which networks they’re collecting data from. If Google and AT&T, etc., turned on SSL be default, the gov’t's job would be much harder. Google has other reasons to keep SSL off, but it works out to the gov’t's benefit.

Does Adobe’s online wordprocessor, Buzzword, offer SSL for its docs?
A: Don’t know. [It does] [Tags: ]


May 25, 2009

WolframAlpha and the rush to racism

The article in Gizmodo that says that WolframAlpha is racist is ridiculous. Yes, if you search at WA for “dumb,” you get a graphic “synonym network” of associations that leads to “black,” but can we please apply the most basic rule of sympathetic reading and come up with the much more plausible explanation: The network goes from “dumb” to “dim” to a bunch of words related to “dim,” including “black.” This makes WA as racist as Google’s “wonderwheel” for “dumb” leading directly to “dumb blondes” makes Google sexist.

(BTW, those WA synonym trees are pretty useless, at least in Firefox, at least on my computer; hovering over a node doesn’t reveal which word it represents. Maybe it’s just my furshlugginer configuration.)

[Tags: ]


That cocky red sauce

And here I thought that having an emotional attachment to the red Sriracha hot sauce you find on the counters of Asian and vaguely Asian restaurants was like having a crush on ketchup! But Ethan has validated my feelings, as he so often does, as well as presenting a recipe for Sriracha caramel candies that simply has to be better than it sounds.

[Tags: ]

Be the first to comment »

Google Docs path to competency

I use Google Docs a lot because I frequently want to share my drafts with some set of people and because no-frills writing software keeps me from distracting myself with frills. But, as a writing tool, Google Docs heads us back to somewhere between NotePad and a 1998 wysiwyg HTML editor. For it to catch on for anything more than the occasional shared doc, it needs to add a whole bunch of features that leverage its social usage. Here are the ones that spring to mind. Please add your own mind-springers…

Create groups of users + permissions that can be managed and easily applied to a document.

Apply groups to folders, not just individual docs, so that any doc put in that folder inherits those permissions by default.

Name versions so if you want to remember the draft that tried switching sections one and two, you can find it again

View and delete comments by commenter.

Make the document file browser far more powerful, as if it were a view into a database of docs, which of course it is. E.g., browse by permissions, by project, by workflow status (in progress, published), by “smart” folders, etc.

Create CSS style sheets that can be applied at will. (Yes, you can already hand-create CSS for individual documents.)


I don’t mean to look a gift horse in the mouth, except I entirely do.

[Tags: ]


May 24, 2009 – Symbolic of what’s right with the Obama administration reports that has opened to “mixed reviews.” Puhlease. It’s nowhere near what it will be, but OH MY TOASTY GOD, our government is now committed to making public data available in open formats to anyone who wants it. As if it were normal! As if it were obviously the right thing to do! In open formats, people!

So, sure, let’s keep an eye on it. Let’s make sure the news permeates every government department. But first let’s swoon in delight.

[Tags: ]

1 Comment »

May 23, 2009

Norm Coleman donates a dollar a day to progressive causes

Ok, so the headline is misleading. But the idea is very cool. is asking us to contribute a dollar a day, until they raise $200,000, unless Norman Coleman first concedes that he lost to Al Franken. If Norm doesn’t, then BoldProgressives will donate the money to a progressive cause in Coleman’s name. So, Coleman will know the longer he stays in, the more money he’s raising for progressive causes.

[Tags: ]


Degenerative computing

Here’s a future I fear:

Apple comes out with the iBook, a netbook that’s also perfectly designed as an e-book. It’s a Kindle-killer because it’s an actual computer, as well as being way cool in the way of things Apple.

Apple extends its App Store approach to this seemingly semi-special purpose device: The only apps you can get have to come through Apple.

The Apple iBook becomes a huge success. It is the future of reading the way the iPod is the future (well, the present) of listening.

The iBook replaces many laptops. It becomes the primary computer for many people.

Thus we go from generativity to locked down computers.

[Tags: ]


May 22, 2009

New Chuck Norris jokes

After reading Chuck Norris’ two columns against hate crimes legislation (1 2) —the “Local Law Enforcement Hate Crimes Prevention Act…could not only criminalize opinions (an unconstitutional act) but also provide elevated protection to pedophiles” — and Media Matters’ response, I think it’s time for a new round of Chuck Norris jokes:

Chuck Norris can crush facts with his bare opinions.

Chuck Norris doesn’t have to leap to conclusions. He just sits there and conclusions leap to him.

Chuck Norris thinks homosexuality is a choice, but his oiled, bare chest isn’t so sure.

You think those jokes are lame? Me too. But that’s why Chuck Norris gave us comment sections…

[Tags: ]


May 21, 2009 vs. Wired.mag, out loud

There’s a really interesting discussion going on at BoingBoing gadgets about the relationship between Wired Magazine and Chris Anderson, the editor of the mag, who turned it off its path of Rich Nerd Fetishism, and has made it interesting and important again, is diving in. It’s great to see this sort of discussion done in public.

[Tags: ]


Timegliding the Rosenberg case

The Rosenberg spy case, which was a touchstone for the left and the right — or the pinkos and the McCarthyites, as it’s thought of in the Culture Wars — has been made more understandable by the Cold War International History Project by the creation of a Timeglide time line. It’s useful as a supplement to a narrative and as a way to drill down, although by itself it’s not the optimal way of telling the story, nor is it intended to be. (It may also work better for people with brainage opposite to mine.)

I’m not an expert in the case, so I can’t judge its accuracy or completeness. But it’s got lots of links to sources. And it’s a very nice way of organizing a mass of time-based materials.

[Tags: ]

Be the first to comment »

« Previous Page | Next Page »

Switch to our mobile site