Schneier: Everyone Wants You To Have Security, But Not From Them

← Back to Stories (view on slashdot.org)

Schneier: Everyone Wants You To Have Security, But Not From Them

Posted by Soulskill on Thursday February 26, 2015 @06:30AM from the you-can-trust-us dept.

An anonymous reader writes: Bruce Schneier has written another insightful piece about the how modern tech companies treat security. He points out that most organizations will tell you to secure your data while at the same time asking to be exempt from that security. Google and Facebook want your data to be safe — on their servers so they can analyze it. The government wants you to encrypt your communications — as long as they have the keys. Schneier says, "... we give lots of companies access to our data because it makes our lives easier. ... The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices. ... We want our data to be secure, but we want someone to be able to recover it all when we forget our password. We'll never solve these security problems as long as we're our own worst enemy.

7 of 114 comments (clear)

Min score:

Reason:

Sort:

He's being polite. by some+old+guy · 2015-02-26 06:35 · Score: 5, Insightful

What he means to say is what most of have known in our darkest heart of hearts since the first help ticket: The vast majority of users are technically illiterate idiots, and you can't fix stupid.

--
Scruting the inscrutable for over 50 years.
1. Re:He's being polite. by Anon-Admin · 2015-02-26 07:12 · Score: 3, Insightful
  
  No they are not Techies they are "Power Users"
  They think they are technical because the can navigate a gui, click on a button, and fill in a field. However they have no clue where the data is stored or what is going on under the GUI.
  Hmm, that describes most windows admins. Wonder what they will do when windows goes command line and the GUI is no longer installed by default?
2. Re:He's being polite. by Anon-Admin · 2015-02-26 08:23 · Score: 3, Funny
  
  I originally posted that tongue in cheek. The company I'm at, as well as many I know of, is running some 2003 and most are 2008. They are starting to move to 2012 and the windows admins are having a fit because there is no GUI and they can't just RDP into the system.
  This has lead to "Your the Unix guy, you know command line stuff. Why don't you take over running these windows servers? They're just like Linux."
  lol
Did you read it? by danaris · 2015-02-26 07:13 · Score: 5, Insightful

That's not what he said at all. I mean, I'm not disagreeing with you substantially, but that's completely separate from the actual point of the piece.
It's all about the fact that, in order to do many or most of the things we want to do today, we have no choice but to give someone access to our data—but that almost everyone we could give that access to wants to (ab)use it to make money.
More importantly, that's even true of those who actually want to help keep our data secure from others—even our governments.
The fact that there is really no major entity working to keep our data safe for ourselves and ourselves alone—and that there are so many, even those that theoretically should be trying to do so, working directly against that end—is definitely something we need to be concerned about, far beyond simply bemoaning the stupidity of all the "lusers" who will happily give away their data for free because they just don't know any better.
Dan Aris

--
Fun. Free. Online. RPG. BattleMaster.
Re:Like People and Rules by Anonymous Coward · 2015-02-26 07:20 · Score: 3, Interesting

A great thought, that--especially when set to some fine blues:
Everybody wants to hear the truth
But yet, everybody wants to tell a lie
I say everybody wants to hear the truth
But still they all want to tell a lie
Oh everybody wants to go to heaven
But nobody wants to die
Albert King
There is one major entity - Apple by SuperKendall · 2015-02-26 07:32 · Score: 4, Insightful

The fact that there is really no major entity working to keep our data safe for ourselves and ourselves alone
Apple does this. Look at HealthKit for example, all data is stored locally, Apple doesn't mine it. They allow you to control who has what access to specific parts of the data.
It's not exactly true of all data, but Apple tries to give you specific control of data where it can.
The reason why Apple does this and other companies do not is simple - Apple actually makes money selling hardware. Google and Facebook have no revenue except what they can extract from you data, so they have totally different motivations.

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
1. Re:There is one major entity - Apple by danaris · 2015-02-26 08:10 · Score: 3, Insightful
  
  The fact that there is really no major entity working to keep our data safe for ourselves and ourselves alone
  Apple does this. Look at HealthKit for example, all data is stored locally, Apple doesn't mine it. They allow you to control who has what access to specific parts of the data.
  It's not exactly true of all data, but Apple tries to give you specific control of data where it can.
  The reason why Apple does this and other companies do not is simple - Apple actually makes money selling hardware. Google and Facebook have no revenue except what they can extract from you data, so they have totally different motivations.
  This is true—I tend not to think of Apple as "an entity working to keep our data safe," since I primarily think of them as a hardware/OS vendor. But yes, any data Apple does happen to hold of yours is as safe as they can make it from those who want to monetize it—and they don't care to do so themselves.
  Dan Aris
  
  --
  Fun. Free. Online. RPG. BattleMaster.