Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dropbox and Google Want To Make Open Source Security Tools Easy To Use

Posted by Soulskill on from the bang-your-head-on-the-screen-to-unlock-your-forehead-profile dept.

An anonymous reader writes: Dropbox, Google, and the Open Technology Fund have announced a new organization focused on making open source security tools easier to use. Called Simply Secure, the initiative brings together security researchers with experts in user interaction and design to boost adoption rates for consumer-facing security solutions. The companies point out that various security options already do exist, and are technically effective. Features like two-factor authentication remain useless, however, because users don't adopt them due to inconvenience or technical difficulty.

12 of 24 comments (clear)

  1. First by NotInHere · · Score: 5, Insightful

    Dropbox should open-source its desktop client to prove it does what it is supposed to.

    1. Re:First by mlts · · Score: 1

      How about an open source cloud sync API, that allows machines to sync with the offsite provider, as well as each other. That way, each provider doesn't need to reinvent the wheel with this code.

      Even better, add hooks for encryption, either a symmetric key, or some faculty that uses public/private key encryption to allow files to be stored without a key, but would need the private key for retrieval.

      Best of all would be a way to have a low-cost, low-volume service like Amazon Glacier and an API for that. That way, files can be flagged to be sent to the low-cost storage service every so often.

    2. Re:First by Dagger2 · · Score: 1

      That's the general goal of the Free software movement. There's far, far more software out there than any one entity can produce, so 99% of the time you'll be benefiting from the work of other people.

  2. How about buying PGP? by mlts · · Score: 4, Interesting

    If they are serious, they should buy Symantec Encryption Desktop (formerly PGP Desktop) from Symantec and open source the full version of that. It has a decent UI, works well with Outlook and Thunderbird, and does well on Windows, OS X, and Linux. That would give decent security on the hard disk level, file container, and individual file level. Even directories can be encrypted, CFS/EncFS like.

    1. Re:How about buying PGP? by swillden · · Score: 1

      It has a decent UI

      Really? Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0. Yeah, it was a while ago and some things have improved, but most of the issues remain and I doubt another focus group study would find significantly different results.

      The problem is that designing a UI that makes it easy for people who don't know anything about cryptography or security to achieve useful cryptographic security is really, really hard. Almost as hard as educating everyone about cryptography and security enough that they can achieve useful cryptographic security with PGP.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  3. Pro Tip: by jsepeta · · Score: 1, Flamebait

    When performing maintenance on Sundays, don't turn off passwords for your entire userbase, DROPBOX.

    Bonus tip:
    Hiring Condoleeza Rice told me everything I need to know about you jackasses. If I want to use cloud storage, every other vendor in the world doesn't employ war criminals. So it's easy to choose a vendor who doesn't upset my conscious.

    assmonkeys

    --
    Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
    1. Re:Pro Tip: by bjwest · · Score: 1

      Holy shit! It's now racist to hate one black person, not for being black, but for any reason at all? Or is Condoleeza Rice the member of the Condoleeza Rice race?

      --

      --- Keep the choice with the user..
    2. Re:Pro Tip: by aaaaaaargh! · · Score: 2

      Why is OP modded Flamebait? He's right!

      Dropbox is the last company on earth that should be trusted with anything related to security or encryption. They have proven to be incompetent regarding security (and programming in general, for what it's worth) and there are countless alternatives on the market that are better than Dropbox. And yes, hiring Condoleeza Rice does not make them more trustworthy either. Having her in the board is like appointing Dick Cheney as a human rights adviser.

      People who honestly believe Dropbox can keep their personal documents safe against hackers or, an even more ridiculous idea, against the NSA must be seriously misinformed or deluded.

  4. Re:ping by MightyMartian · · Score: 1

    Reading this post made me feel dirty.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  5. Don't get fooled again by moxsam · · Score: 1

    After the Snowden leaks, every tech company that wants to be taken serious needs to improve on their security, do some crypto on the user backend and generally be more open. Or at least pretend to.

    Remember that Google's goal is not to improve security but to win over more customers, in other words make you choose their service over another company's service, even over a much more secure one. This kind of campaign to improve is what might tip over many potential costumers and choose Google after all, contrary to all rational thinking. It's cheap to do for Google given their internal resources, it's simply necessary in order to keep a foot in the market and so it's nothing unexpected or generous, and therefore it's definitely nothing to get excited about as a potential customer.

    The question is: Is it good enough to keep the spooks from not looking? Answer: Probably not. So move along.

  6. webdav & encfs by MadMaverick9 · · Score: 1

    If dropbox and google would support webdav, then this would be a non-issue.

    Mount WebDAV resources with davfs2 and secure it with encfs:
    http://flux242.blogspot.com/20...

  7. Securing cloud data by Tool+Man · · Score: 2

    What they need to do is implement client-side encryption before it gets uploaded. Sure, we can use something like EncFS to let Dropbox host only files I've already encrypted, but other cloud-storage companies like SpiderOak have written themselves out of access to my file contents.