Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier: Everyone Wants You To Have Security, But Not From Them

Posted by Soulskill on from the you-can-trust-us dept.

An anonymous reader writes: Bruce Schneier has written another insightful piece about the how modern tech companies treat security. He points out that most organizations will tell you to secure your data while at the same time asking to be exempt from that security. Google and Facebook want your data to be safe — on their servers so they can analyze it. The government wants you to encrypt your communications — as long as they have the keys. Schneier says, "... we give lots of companies access to our data because it makes our lives easier. ... The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices. ... We want our data to be secure, but we want someone to be able to recover it all when we forget our password. We'll never solve these security problems as long as we're our own worst enemy.

2 of 114 comments (clear)

  1. Schneier's opinion isn't what it once was by BitZtream · · Score: 1, Interesting

    We want strong security, but we also want companies to have access to our computers, smart devices, and data

    No, we don't actually want them to have that access, they don't give us a choice if we want their services. We can solve these by teaching people that you don't need to put your data online and then voting with our wallets by buying software that doesn't force us to do so.

    We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices

    No, we don't. We want it to not be so ridiculously difficult to do so, but companies have determined that they can use this to their advantage and get us to give them our data to make it easier. Android's SD card behavior is so absolutely shit that its easier for non-geeks to just give Google all their data. Apple phones only let you sync certain things over USB and its kind of convoluted for a non-geeky person, so they use iCloud.

    We don't WANT it this way, but its the only option we have because you've failed to educate people to the fact that theres another way and what is actually wrong with giving Google/Facebook all our data. You lost peoples interest when you started ranting and raving.

    We want our data to be secure, but we want someone to be able to recover it all when we forget our password.

    No, we don't. I too write encryption related software Mr Schneier, but I'm not a paranoid nut job. Important data that I want to protect simply isn't available to the outside world so it doesn't NEED encryption. If you get to the data, then you've probably already bashed my head in. This isn't like a door lock where its possible to overcome them and we can't stop them from being overcome, so we take advantage of locksmiths when we screw up. Locks can not be 100% secure, encrypted data can be effectively 100% secure and thats a different environment.

    What we WANT is for our systems and software to not force us to put shit on the Internet, and being forced to be Internet connected is why we want it encrypted. Even my 65 year old mother in law understands that encryption is effectively unbreakable and she treats it that way, uses it where it needs to be used (yes, she actually uses encryption) and just acts intelligently about where she puts other data.

    People are not as ignorant as you may think, its that you haven't bothered to educate the ones you know beyond being a paranoid nut job about things, which doesn't work well for normal people. Now, I understand why you're paranoid, you have good reason to be, the NSA is fucking ridiculous, but you were pretty fucking stupid for putting shit you don't want people to know on a public network in the first place, and you of ALL PEOPLE should know better, and you have in fact written about this very subject.

    If you bothered trying to educate people properly and nicely without being a jerk about it or flipping out about the way things are, things may actually change.

    Then theres side two of it all ... MOST PEOPLE DON'T GIVE A SHIT ABOUT THE DATA THAT GOOGLE GETS FROM THEM. The ones that do, DON'T GIVE IT TO GOOGLE OR FACEBOOK IN THE FIRST PLACE.

    You're losing your edge, somewhere in your many years of working with security issues you've lost sight of how everyone who isn't in the security or data mining industry behave. This article you've written seriously lowers my opinion of your relevance these days. Not that I'm really relevant either, but I'm certainly not the only one who's losing interest in your opinion.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  2. Re:Like People and Rules by Anonymous Coward · · Score: 3, Interesting

    A great thought, that--especially when set to some fine blues:
            Everybody wants to hear the truth
            But yet, everybody wants to tell a lie
            I say everybody wants to hear the truth
            But still they all want to tell a lie
            Oh everybody wants to go to heaven
            But nobody wants to die
                                                                                                  Albert King