Slashdot Mirror

← Back to Stories (view on slashdot.org)

Can Translucency Save Privacy In the Cloud?

Posted by timothy on from the big-ol'-cumulus-clouds-maybe dept.

MikeatWired writes "Jon Udell writes that when it was recently discovered that some iPhone apps were uploading users' contacts to the cloud, one proposed remedy was to modify iOS to require explicit user approval. But in one typical scenario that's not a choice a user should have to make. A social service that uses contacts to find which of a new user's friends are already members doesn't need cleartext email addresses. If I upload hashes of my contacts, and you upload hashes of yours, the service can match hashes without knowing the email addresses from which they're derived. In the post Hashing for privacy in social apps, Matt Gemmell shows how it can be done." (Read more, below.) "Why wasn't it? Not for nefarious reasons, Gemmell says, but rather because developers simply weren't aware of the option to uses hashes as a proxy for email addresses. A translucent solution encrypts the sensitive data so that it is hidden even from the operator of the service, while enabling the two parties (parents, babysitters) to rendezvous. How many applications can benefit from translucency? We won't know until we start looking. The translucent approach doesn't lie along the path of least resistance, though. It takes creative thinking and hard work to craft applications that don't unnecessarily require users to disclose, or services to store, personal data. But if you can solve a problem in a translucent way, you should. We can all live without more of those headlines and apologies."

16 of 86 comments (clear)

  1. Hash by busyqth · · Score: 4, Funny

    All my contacts upload their hash regularly.
    Well... mostly on the weekends.

  2. Not gonna happen that way. by Jens+Egon · · Score: 4, Insightful

    Hashing is more difficult than not hashing.

    Customers are not going to stay away just because your security is atrocious.

    So only legislation (or serious liabilty) is left to get this off the ground.

    1. Re:Not gonna happen that way. by MoonFog · · Score: 4, Interesting

      Actually, I find that people are starting to care a lot more these days. All the scare mongering with Facebook has ment that people take notice and think about what they do online. A bad security record gets more attention in the media as well so to me it's not so clear cut anymore, people do care and you can't get away with everything.

  3. I'll start a service of my own by gnapster · · Score: 4, Insightful

    Gonna start generating the contact-data rainbow tables right now!

    1. Re:I'll start a service of my own by Cederic · · Score: 2

      need to keep it a shared secret between client and server

      Two issues. One is that it's the server that you're trying to keep the private information safe from.

      The other is that the client is.. a client. Your code is running in an untrusted environment. It is vulnerable. It can be examined and understood. Haven't you heard of reverse engineering?

    2. Re:I'll start a service of my own by Cederic · · Score: 2

      58k years is only around $81m on Amazon's compute cloud, and this is highly parallelisable.

      Get access to a botnet and it's nearly free. Get access to a thousand Nvidia graphics cards and you can process this in a month.

  4. Bullshit, market is taking care of this already by SuperKendall · · Score: 4, Insightful

    So only legislation (or serious liabilty) is left to get this off the ground.

    You would really rely on legislatures to get the wording of such a law correct and not impede what we can do with mobile devices?

    Apple is already changing the system to require user permission when accessing contacts. One of the main apps at fault, Path, has already switched voluntarily to using hashes.

    So why go the trouble of crafting regulation to solve a problem taking care of itself already? All you can do is make things more annoying for people.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Bullshit, market is taking care of this already by martin-boundary · · Score: 4, Interesting

      So why go the trouble of crafting regulation to solve a problem taking care of itself already? All you can do is make things more annoying for people.

      The problem isn't taking care of itself. We are seeing Apple, Google and Facebook doing rearguard actions because they are afraid of regulation and lawsuits. Remove that threat, and they'll stop worrying about privacy. It's much better to have a standardized set of laws that spell out the rights of customers than a mish mash of piecemeal solutions that companies have to invent themselves.

      Moreover, the Europeans are doing it already, so why not copy^H^H^H harmonize with their laws in America? That'll save American companies a lot of work when they realize that their system must be redesigned anyway if they want European customers.

  5. How do you make money? by lorinc · · Score: 2

    How do you make money from free cloud apps, if it's not by selling the private information you extract from your customers files? I thought the cloud efficiency (good service at low cost) came by design from taping into privacy.

    --
    Video of some good progressive thrash music
  6. still no privacy by allo · · Score: 3, Informative

    some things to consider:
    - when you hash a telephone number, a rainbowtable is easily generated
    - even when you have ids, which are real pseudonyms, no option to crack them, then you can correlate "ah, user X knows Y, which is known by Z, too".

    So uploading contact data is exposing private things, even when the nodes are ano(pseudo)nymous and only the edges of the social graph are known.

    1. Re:still no privacy by Anonymous Coward · · Score: 2, Insightful

      ... Which defeats the purpose that is being able to find someone by said hash.

  7. Re:Completely wrong by jgrahn · · Score: 2

    It is time to stop worrying about the 10-20 companies who make their money from violating privacy and selling data to advertisers. Just because Google and Facebook have become popular with this business model during the past decade doesn't mean that we should give up century old principles and that we have to protect this business model in all eternity. [---] It's time to give the power back to real companies, who actually offer real products and who are interested in sustainable business based on making their customers happy.

    If we're going to redistribute power anyway, why not take it back? People instead of corporations, open protocols instead of apps, decentralized instead of centralized solutions?

  8. passwords too by mcelrath · · Score: 3, Interesting

    Why are we not doing this for passwords too? Every site on the internet shouldn't need to store a plaintext password. Does there exist an algorithm by which a site owner could send the salt, the user hashes with his password, and the site owner can tell the password is the same, without actually having the password?

    --
    1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
  9. Bad programmers making novice mistakes by billcopc · · Score: 2

    The root of all these problems is that any idiot with a text editor can call themselves a "web developer" these days. The barrier to entry is extremely low, and the result is a very large group of people who have no forethought about what they're actually doing. They take the most naïve path from start to finish and end up creating all these security and privacy holes real programmers have long since learned to avoid.

    Case in point: people still store passwords and credit card info in plaintext, typically behind sloppy PHP or Ruby scripts that are vulnerable to SQL injection. Feed that stolen data into a simple script that tests the passwords against a handful of popular services like GMail, Facebook, Hotmail, Paypal etc. Within minutes, you have a few dozen accounts ready to be abused all over the web without the user's knowledge - all because of one idiot who didn't know how to protect his users' info.

    All this talk of securing the cloud is futile. It's like putting a dozen deadbolts on your front door, then leaving a spare set of keys under your neighbour's welcome mat.

    --
    -Billco, Fnarg.com
    1. Re:Bad programmers making novice mistakes by darkfeline · · Score: 3, Interesting

      Actually, I think leaving the spare keys under your neighbor's welcome mat is a very good and unorthodox backup method. I'm pretty sure someone trying to break in will check your welcome mat and top of door frame, not your neighbor's. Maybe we can extend this analogy to web security? Have sites store their users password hashed on partner sites, and vice versa. Even better, have sites store the hashing salts on another partner site's servers. Quick, you and me patent this before big name companies start doing it!

  10. Re:Not fear of regulation by psmears · · Score: 2

    The problem isn't taking care of itself. We are seeing Apple, Google and Facebook doing rearguard actions because they are afraid of regulation and lawsuits.

    Lawsuits perhaps, but they are more afraid of CUSTOMERS. They want to serve CUSTOMERS better (and also avoid lawsuits).

    There's one small problem there. Who are Google's customers? Who are Facebook's customers? I'll give you a clue: it's not their users, who (by and large) don't pay them any money at all. Their customers are their advertisers, and serving their customers better is usually in direct conflict with preserving the privacy of users.

    --
    Need to type accents and special characters in Windows? Use FrKeys