Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Problem With Using End-to-End Web Crypto as a Cure-All

Posted by Soulskill on from the nobody-reads-the-not-so-fine-print dept.

fsterman writes: Since the Snowden revelations, end-to-end web encryption has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.

10 of 89 comments (clear)

  1. Technical solution to a people problem... by houstonbofh · · Score: 5, Insightful

    The funny thing is that the technical security of snail mail (a paper envelope) is amazingly poor, but it is generally quite secure due to law and custom. However, law and custom is absolutely no security or privacy on the Internet. There is the problem.

    1. Re:Technical solution to a people problem... by Anonymous Coward · · Score: 5, Insightful

      The problem is nobody gets an opportunity to snoop through hundreds of thousands of pieces of snail mail unobserved and without leaving evidence, and also it's impossible to make a perfect digital copy of snail mail for later perusal. You really can't even make a comparison like this. They're two entirely different things.

  2. nope by Anonymous Coward · · Score: 0, Insightful

    That's not a problem with end-to-end encryption. That's a problem with users. Fix your users.

    1. Re:nope by TWX · · Score: 1, Insightful

      Users cannot be fixed. The best that we have is making our software as close to user-proof as possible. It will never be foolproof.

      --
      Do not look into laser with remaining eye.
    2. Re:nope by TWX · · Score: 3, Insightful

      And pay to bring in a business-grade connection to a place where you have control over the environment, and operate a computer as a mail server in that environment, and work diligently to keep that mail server secure, plus work to ensure that your mail server is accepted to other mail servers somehow getting whitelisted.

      I used to run my own services at home in this fashion. It was a pain in the ass. Most people are not capable of doing this.

      --
      Do not look into laser with remaining eye.
  3. Any solution is better then none at all by jfmiller · · Score: 4, Insightful

    The problem with security researchers is that they declare any usable technology as "completely insecure." and in a sense they are correct. Good security is hard and inconvenient. What we have right now is even worse. There is no privacy what so ever.

    What e-mail needs for most people is an envelope. Enough encryption that the casual observer cannot read the message, and the malicious observer must make a targeted attack. I don't need to stop theNSA I just want to dissuade the PHB form reading over my virtual sholder. In the process the NSA will have to pic and choose who it targets. Yes, these e-mails will remain completely insecure, but there is a much higher cost to read the data, and there is a much higher risk of being discovered doing so.

    Lets not let the perfect become the enemy of the good when it comes to security.

    --
    Strive to make your client happy, not necessarly give them what they ask for
  4. Signed http? by complete+loony · · Score: 4, Insightful

    Using https everywhere does have some downsides, things like Javascript that contains executable code is either cachable or secure from MITM tampering. Why don't we have a way to sign content without encrypting it?

    --
    09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
  5. Flip the data model and all these problems go away by Arthur+Fontaine · · Score: 4, Insightful

    Maybe the meta-problem is that all our different applications/services have different data repositories and thus need separate security solutions. What if we flipped it so that each of us had a private, individually encrypted cloud repository, with identity and communication APIs layered on top? Then simple apps could be written to conform to the new "cloudspace" certificate-based authentication and security model.

    In this way you would no longer need separate services for email, IM, social, file sharing, etc. We'd communicate directly and privately in every mode (with public still an option if appropriate), and cut out the middleman. Starting from that approach you'd basically rewire the Internet while leaving everything else the same. You'd obviate the need for Facebook, Gmail, Twitter, Dropbox, Snapchat, Instagram, Youtube, etc., etc., etc.... Basically, any service that collects user data and orchestrates sharing between people would be an evolutionary dead end. That would be cool right?

    Plus, the only way it could work is to base everything on open source software and devops, so nobody could ever seize control or extract a tariff. It would be what Bruce Schneier refers to when he laments the lack of "public commons" on today's commercially-controlled Internet. Going a step further, once everyone has his/her own private personal cloudspace, we'd each have a place to put all the data from our Fitbits and Nests and Internet of Things, and the other exploding sources of personal data. Wouldn't this be a better way altogether?

    --
    My other /. user ID is 5 digits.
  6. Re:Patriot act makes everything insecure by spauldo · · Score: 3, Insightful

    You know, I hate the patriot act with every fiber of my being, but that argument doesn't quite hold water.

    The NSA doesn't care about your money. They don't need to blackmail you. If they want you, they can come and get you. They don't affect the vast majority of Americans. I don't care for them spying on me, but in reality the vast majority of us (myself included) will never see anything become of it.

    Thieves and fraudsters, on the other hand, have a definite desire to have your money. They will get it by any means necessary. You need protection against them.

    You'll never have a foolproof defense against the NSA. You can make their job harder, but that's about it. They have the resources to get to you if they want to. Ukrainian script kiddies don't. So make technical countermeasures against the thieves, and political ones against the NSA.

    --
    Those who can't do, teach. Those who can't teach either, do tech support.
  7. Re:Patriot act makes everything insecure by spauldo · · Score: 3, Insightful

    No, my argument requires you to realize the difference between the NSA and those who want to commit fraud.

    Thieves will be deterred by technical means. The NSA will not be. Securing yourself against thieves is still preferable to not securing yourself at all.

    I certainly don't expect you to trust the NSA, but from a practical standpoint it doesn't matter for most of us. They're not interested in us.

    If you want to fight the NSA, you have to do it politically. It's their only weak point.

    --
    Those who can't do, teach. Those who can't teach either, do tech support.