The problem isn't that users use the same password on every site. The problem is that users have to create login credentials for every site they use.
That multiplication of logins is extremely inconvenient for users, and it's simply not practical for people to create good, unique credentials for every site and memorize them all. So people who care a lot about security are are willing to put in the effort (read: anal geeks) use encrypted password stores and such. Everyone else (read: 99+%) uses the same password or small set of passwords on all sites.
What's really stupid is that we have already solved this problem, and in a much better way then Jen Andre proposes. The solution is single-sign-on. Delegate account management and authentication to a trusted third party (TTP). Even better, allow many organizations to act in this role. Best of all, allow users to choose which TTP they want to use, or even to act as their own.
We've already built this. It's called OAUTH. Moreover, there are already a bunch of high-profile OAUTH implementors acting as TTPs -- and nearly all Internet users already have an account with at least one of them (e.g. Google, Facebook, Yahoo, Microsoft). For that matter, there are a number of sites already taking advantage of it to provide nearly zero-effort login (for example, stackoverflow is one that many slashdotters may use).
The common security objection to this approach -- that centralizing your authentication in a single account creates a single point of failure for your security -- ignores the fact that your web security already has a single point of failure, even if you use unique, strong passwords for every site you visit. That SPOF is your e-mail account, because essentially all web sites use the ability to receive e-mail as the golden key that bypasses all of their other security mechanisms.
But, with OAUTH you still have the ability to use different providers, and even to set up your own on a server you control if you like. You can choose the tradeoff between centralization and decentralization you like. No relying site will ever see any of your credentials. You can also pick a provider based on the level and type of authentication security they provide. Personally, I'm very happy with Google's two-factor authentication -- but OAUTH imposes no restrictions. Want certificate plus one-time-password plus fingerprint plus retina scan plus 100-word passepic? Fine. Find (or build) a provider that does that. Want nothing at all? You can have that, too.
And whatever you choose, none of the relying sites will ever have any of your credentials. Which means creators of those sites can't screw up storing your credentials.
The only thing that's required to make all of this work, for real, everywhere, is for sites to offer OAUTH authentication. It's easy, it's super convenient for users, it's as secure as the provider.
Some sites might choose to limit the providers they'll accept, on the theory that users can't be trusted to choose a good one. That's annoying and obnoxious, but whatever. Some sites (like banks) might decide that they simply have to do their security themselves because they can't trust anyone else, and They Are A Bank. Okay, fine, though such sites should be a tiny minority (and, frankly, as someone who worked as a banking security consultant for over a decade, and now works for Google doing security, Google -- and, I would expect, the other major Internet properties -- do a far, far better job at online security than virtually any bank).
The solution is to make OAUTH the default, expected login mechanism all over the web. It provides dead-simple, reasonably high security authorization for the masses and allows the paranoid to build/buy whatever they want.
I think the whole idea of the Internet as a transformative technology is overblown.
And it's 20 years old. Seriously, 2013 and we're being treated to a book about how great the Internet is going to be? It happened.
I disagree. The Internet now exists in a fairly full-featured form, true.. Further changes in the technology are going to be incremental, at least in the developed world. But that just means the technology has stabilized, more or less. What comes next is the impact of that technology on the structure of society, and I think we're just beginning to see what that's going to be. Wait until the 30 and 40 year-olds, who make most of the economically and socially-significant decisions, are people who've never known what it's like not to be connected to instantaneous, unlimited information. Then it will have happened.
I've run into that. "If you want the lies told to the customers to be consistent, you must identify which lies you've already told them." Management didn't like my snark, but I received a briefing before future customer meetings.
Heh. I actually worked out a system with one of the sales guys I worked with. When he rubbed his eyebrow in a certain way it meant "I know I'm lying; please don't say anything that might undermine my lie."
In his case I was okay going along with it because he always had some (generally quite reasonable) backup plan that meant my team would never have to actually deliver on his lie. I was still uncomfortable, but he never burned us, and the customer always ended up happy.
Always triple all estimates. That way you always look like a miracle worker.
No, no, no... always multiply your estimates by pi. You get a slightly larger margin for error and look like you're so good you can estimate the effort to any required degree of precision.
No, I was simply mistaken about the default split on Linux
Ah, okay.
And my comment about "can't do that" referred to user-accessible configuration, not building your own kernel...
On Linux building your own kernel is user-accesible configuration:-)
Seriously, on Debian/Ubuntu, it takes a maximum of three commands (including installing all of the required tools), and it may be doable without touching the command line at all. It definitely doesn't require editing any files. It's more time-consuming (due to the time required to download tools and build) but may be easier than finding and modifying boot.ini.
On Windows you can tune the amount of your address space taken by the kernel down
Link? I'm interested to see how that's done.
On Linux, you can't even do that and are stuck with 2GB to start.
Huh? The default 32-bit Linux memory split is 3/1; 3 GiB for userspace, 1 GiB for kernel space. If you compile a custom kernel you can configure this differently.
Did you perhaps swap "Windows" and "Linux" in your comment?
I'm not convinced that we'll ever have facial recognition software that will be able to identify anyone in the USA.
I completely agree.
I do think face recognition tracking of everyone is theoretically feasible, but only because if the software is tracking you all the time it can use information about your last location and knowledge of travel options to narrow the search space, so in any given area it only has to consider a few thousand people. And if you managed to give such a system the slip for a little while, you could probably stay "lost" for quite some time before it managed to figure out who you were.
Current-generation face-recognition systems have a false positive rate of about 1 in 1,000 even when they have excellent images to work with -- high-resolution, well-lit, full-face frontal photos with no obscuring hats, glasses, etc. So even if CCTVs captured excellent images, if you're searching a database of tens of millions you're going to get a lot of matches. In a case like the Boston bombing it's okay if you get a few thousand hits because there is manpower available to sort through and narrow those down to the dozens which the (much more accurate) human eye/brain can't distinguish, and then there's manpower available to chase down each of those leads.
When you reduce the image quality, though, make it grainy, at an angle, poorly lit, and throw in some baseball caps... forget it. You have to reduce the match threshold, and then instead of thousands of candidate matches, you have tens or hundreds of thousands. For that matter, consider the fact that humans can't deal well with those constraints, and we're social animals who devote a significant portion of our enormous brain capacity to exactly this task.
TOR and the idea behind TOR - probably the most important invention in internet and communication methodologies
The most important invention in Internet and communication methodologies? You've got to be kidding. It's neither new (I ran a Mixmaster anonymous remailer for years; same concept, just a higher level in the stack), nor particularly influential.
Schmidt is on the edge of being technical, because he runs technology companies
On the edge? He has a BS in Electrical Engineering from Princeton, and an MS and a PhD in Computer Engineering (EECS) from Berkeley. He also wrote non-trivial amounts of code for several years, including being a coauthor of lex (if you don't know what lex is, turn in your geek card).
He's been primarily a businessman for quite a while now, but he didn't learn what he knows about technology by running technology companies.
I won't even seriously consider them until I can read their books on my tablet and phone. I was an early adopter of eBooks, buying my first Rocket eBook reader back around 1998, so I don't have anything against dedicated devices, but there's no longer any need, and I already carry a phone and a tablet which both work great as eBook readers... and with all three of the eBook reader apps I use I can even bounce back and forth between devices, reading on my tablet when it's handy or on my phone when the tablet isn't nearby.
Does anyone know what changed to allow Debian to add MP3 and other libs? There has never been a technical problem with including them, but Debian has always tried to avoid violating patents by distributing patented (or claimed-to-be-patented) software.
I'm glad they've been able to take this step, just wondering what happened.
Perhaps this is just a difference in semantics, but it appears to me that you completely misunderstand Google's business model. Google does not collect your data and sell it to advertisers. Google allows advertisers to bid on how much they'll pay Google if Google shows you their ad and you click on it. Google doesn't even give advertisers a significant amount of control over who sees their ads. Advertisers can segment their advertising campaigns geographically (to enable local advertising), but that's generally it. Google uses what they know about you to decide which of the available ads you're likely to be interested in, weighted by the advertisers' bids to maximize Google's revenue. Nothing in that process provides advertisers with your information.
That's what Google sells: your eyeball and, more importantly, the service of matching your eyeball to the ad most likely to get you to click.
I believe Google does get a little revenue from selling aggregated data, but that's an insignificant side business.
Also, using certificate-based authentication is that it makes the "something you have" your computer, rather than a separate device. There are threat models in which that's a better solution than having your phone be the second factor device, but there are also models in which it's much worse.
This is a dangerous illusion we've seen explioted ad nauseum (e.g. token cards) If you don't trust your computer then using it anyway is completely nonsensical.
Trust isn't boolean. There are many different ways some portions of your computer might be compromised in a time-limited way.
Well.. what they sell is created/summarized from user data and so it *is* user data. What else could it be?
In most cases, Google actually doesn't sell data at all. I understand there are some minor revenues from selling aggregated data. But selling data isn't really Google's business.
In the EU it is not legal to try and forbid anyone to resell items acquired by any means whatsoever. You buy it, you become the owner, you can do with it what you want: resell it, destroy it, lend it, rent it out, give it away. Google's gonna have a hard time with Euro Commissary iron Nellie ( Neelie Smit-Kroes, who already severely flogged them ).
I wonder if there aren't any exceptions for limited-access preview items. This first generation of Google Glass isn't available for sale to the public, and buyers of the Explorer edition have to agree to some things before they can purchase them.
Also, I don't believe people from outside the United States were eligible to apply for the Explorers program. Perhaps the EU law you mention doesn't include any exceptions allowing Google to impose these restrictions, and that's why it was limited to US residents. Or maybe not. Google tends to do everything in the US first anyway.
I'm sure the devices available for public purchase won't have any resale restrictions, once those arrive.
Actually, slight correction, I believe the Google privacy policy does allow selling of aggregated data. I should have said Google doesn't sell any individual user data.
Also, disclaimer: I work for Google but don't have any inside information about this. My comments are based on the published privacy policy.
Last time I used someone elses computer to login to anything was 10 years ago. I would argue using a "friends" or otherwise untrusted guest computer is insecure and unwise.
I posit that the majority of webmail users have used someone else's machine to check their e-mail within the last year. I know I have. In addition, for me, there's the fact that I have too many machines, and change machines too often. Right now, for example, I authenticate to Google regularly from a MacBook Air, two Ubuntu desktop machines, two Chromebooks, two tablets and a phone. Having to manually propagate a.p12 file to all of these would be enough of a pain that it might deter me using stronger authentication at all. Heck right now I have a new Chromebook that I've had for a week and still haven't gone through the process of installing a certificate needed to allow it on the corporate network. It's a simple process, but it's enough of an obstacle that it deters me.
Also, using certificate-based authentication is that it makes the "something you have" your computer, rather than a separate device. There are threat models in which that's a better solution than having your phone be the second factor device, but there are also models in which it's much worse. I think for most users the phone is a much better tradeoff, better fitting their usage patterns and threat models.
It's certainly the case for me. An OTP generator on my smartphone is a manageable inconvenience and adds considerable security. It's a good tradeoff. I've done client cert-based authentication in the past -- and indeed I use it now extensively on production systems that I build -- but it's a poorer solution for my needs and usage patterns. I'm a big fan of crypto security (it's my day job), but it's not always the best solution.
client certificates are a retarded system for users, they only result in a user not using anything. That is like giving someone a 10 pound sledge hammer to push in a thumbtack.
Why? Import a pk12 file into a browser takes seconds. What is the big deal?
And when you use a different browser, say while at a friend's house?
The problem isn't that users use the same password on every site. The problem is that users have to create login credentials for every site they use.
That multiplication of logins is extremely inconvenient for users, and it's simply not practical for people to create good, unique credentials for every site and memorize them all. So people who care a lot about security are are willing to put in the effort (read: anal geeks) use encrypted password stores and such. Everyone else (read: 99+%) uses the same password or small set of passwords on all sites.
What's really stupid is that we have already solved this problem, and in a much better way then Jen Andre proposes. The solution is single-sign-on. Delegate account management and authentication to a trusted third party (TTP). Even better, allow many organizations to act in this role. Best of all, allow users to choose which TTP they want to use, or even to act as their own.
We've already built this. It's called OAUTH. Moreover, there are already a bunch of high-profile OAUTH implementors acting as TTPs -- and nearly all Internet users already have an account with at least one of them (e.g. Google, Facebook, Yahoo, Microsoft). For that matter, there are a number of sites already taking advantage of it to provide nearly zero-effort login (for example, stackoverflow is one that many slashdotters may use).
The common security objection to this approach -- that centralizing your authentication in a single account creates a single point of failure for your security -- ignores the fact that your web security already has a single point of failure, even if you use unique, strong passwords for every site you visit. That SPOF is your e-mail account, because essentially all web sites use the ability to receive e-mail as the golden key that bypasses all of their other security mechanisms.
But, with OAUTH you still have the ability to use different providers, and even to set up your own on a server you control if you like. You can choose the tradeoff between centralization and decentralization you like. No relying site will ever see any of your credentials. You can also pick a provider based on the level and type of authentication security they provide. Personally, I'm very happy with Google's two-factor authentication -- but OAUTH imposes no restrictions. Want certificate plus one-time-password plus fingerprint plus retina scan plus 100-word passepic? Fine. Find (or build) a provider that does that. Want nothing at all? You can have that, too.
And whatever you choose, none of the relying sites will ever have any of your credentials. Which means creators of those sites can't screw up storing your credentials.
The only thing that's required to make all of this work, for real, everywhere, is for sites to offer OAUTH authentication. It's easy, it's super convenient for users, it's as secure as the provider.
Some sites might choose to limit the providers they'll accept, on the theory that users can't be trusted to choose a good one. That's annoying and obnoxious, but whatever. Some sites (like banks) might decide that they simply have to do their security themselves because they can't trust anyone else, and They Are A Bank. Okay, fine, though such sites should be a tiny minority (and, frankly, as someone who worked as a banking security consultant for over a decade, and now works for Google doing security, Google -- and, I would expect, the other major Internet properties -- do a far, far better job at online security than virtually any bank).
The solution is to make OAUTH the default, expected login mechanism all over the web. It provides dead-simple, reasonably high security authorization for the masses and allows the paranoid to build/buy whatever they want.
The new generation of $200 laptops are fast, high quality displays...and run Android.
The current generation of $200 laptops are fast, have high-quality displays and run ChromeOS. My daughter has one, and loves it.
I think the whole idea of the Internet as a transformative technology is overblown.
And it's 20 years old. Seriously, 2013 and we're being treated to a book about how great the Internet is going to be? It happened.
I disagree. The Internet now exists in a fairly full-featured form, true.. Further changes in the technology are going to be incremental, at least in the developed world. But that just means the technology has stabilized, more or less. What comes next is the impact of that technology on the structure of society, and I think we're just beginning to see what that's going to be. Wait until the 30 and 40 year-olds, who make most of the economically and socially-significant decisions, are people who've never known what it's like not to be connected to instantaneous, unlimited information. Then it will have happened.
I agree: torrent can't really saturate a 10GE
Point-to-point torrents can't saturate a 10GE. Get enough nodes involved and they can.
I've run into that. "If you want the lies told to the customers to be consistent, you must identify which lies you've already told them." Management didn't like my snark, but I received a briefing before future customer meetings.
Heh. I actually worked out a system with one of the sales guys I worked with. When he rubbed his eyebrow in a certain way it meant "I know I'm lying; please don't say anything that might undermine my lie."
In his case I was okay going along with it because he always had some (generally quite reasonable) backup plan that meant my team would never have to actually deliver on his lie. I was still uncomfortable, but he never burned us, and the customer always ended up happy.
Always triple all estimates. That way you always look like a miracle worker.
No, no, no... always multiply your estimates by pi. You get a slightly larger margin for error and look like you're so good you can estimate the effort to any required degree of precision.
No, I was simply mistaken about the default split on Linux
Ah, okay.
And my comment about "can't do that" referred to user-accessible configuration, not building your own kernel...
On Linux building your own kernel is user-accesible configuration :-)
Seriously, on Debian/Ubuntu, it takes a maximum of three commands (including installing all of the required tools), and it may be doable without touching the command line at all. It definitely doesn't require editing any files. It's more time-consuming (due to the time required to download tools and build) but may be easier than finding and modifying boot.ini.
On Windows you can tune the amount of your address space taken by the kernel down
Link? I'm interested to see how that's done.
On Linux, you can't even do that and are stuck with 2GB to start.
Huh? The default 32-bit Linux memory split is 3/1; 3 GiB for userspace, 1 GiB for kernel space. If you compile a custom kernel you can configure this differently.
Did you perhaps swap "Windows" and "Linux" in your comment?
I'm not convinced that we'll ever have facial recognition software that will be able to identify anyone in the USA.
I completely agree.
I do think face recognition tracking of everyone is theoretically feasible, but only because if the software is tracking you all the time it can use information about your last location and knowledge of travel options to narrow the search space, so in any given area it only has to consider a few thousand people. And if you managed to give such a system the slip for a little while, you could probably stay "lost" for quite some time before it managed to figure out who you were.
Current-generation face-recognition systems have a false positive rate of about 1 in 1,000 even when they have excellent images to work with -- high-resolution, well-lit, full-face frontal photos with no obscuring hats, glasses, etc. So even if CCTVs captured excellent images, if you're searching a database of tens of millions you're going to get a lot of matches. In a case like the Boston bombing it's okay if you get a few thousand hits because there is manpower available to sort through and narrow those down to the dozens which the (much more accurate) human eye/brain can't distinguish, and then there's manpower available to chase down each of those leads.
When you reduce the image quality, though, make it grainy, at an angle, poorly lit, and throw in some baseball caps... forget it. You have to reduce the match threshold, and then instead of thousands of candidate matches, you have tens or hundreds of thousands. For that matter, consider the fact that humans can't deal well with those constraints, and we're social animals who devote a significant portion of our enormous brain capacity to exactly this task.
TOR and the idea behind TOR - probably the most important invention in internet and communication methodologies
The most important invention in Internet and communication methodologies? You've got to be kidding. It's neither new (I ran a Mixmaster anonymous remailer for years; same concept, just a higher level in the stack), nor particularly influential.
Schmidt is on the edge of being technical, because he runs technology companies
On the edge? He has a BS in Electrical Engineering from Princeton, and an MS and a PhD in Computer Engineering (EECS) from Berkeley. He also wrote non-trivial amounts of code for several years, including being a coauthor of lex (if you don't know what lex is, turn in your geek card).
He's been primarily a businessman for quite a while now, but he didn't learn what he knows about technology by running technology companies.
Yes, this definitely seems regional, I'm in a country in Europe and I've never seen a lot of advertising on google maps.
I think it's mostly a reading comprehension issue.
Cool. I looked on their site and saw nothing but their own tablets and mention of the iPad.
I think you'll find that it's a matter of degrees of danger rather than "claimed-to-be-patented? yes/no"
Point taken. But it doesn't answer my question. What changed?
I won't even seriously consider them until I can read their books on my tablet and phone. I was an early adopter of eBooks, buying my first Rocket eBook reader back around 1998, so I don't have anything against dedicated devices, but there's no longer any need, and I already carry a phone and a tablet which both work great as eBook readers... and with all three of the eBook reader apps I use I can even bounce back and forth between devices, reading on my tablet when it's handy or on my phone when the tablet isn't nearby.
Does anyone know what changed to allow Debian to add MP3 and other libs? There has never been a technical problem with including them, but Debian has always tried to avoid violating patents by distributing patented (or claimed-to-be-patented) software.
I'm glad they've been able to take this step, just wondering what happened.
Google has nothing except user data to sell.
Google effectively sells eyeballs.
Perhaps this is just a difference in semantics, but it appears to me that you completely misunderstand Google's business model. Google does not collect your data and sell it to advertisers. Google allows advertisers to bid on how much they'll pay Google if Google shows you their ad and you click on it. Google doesn't even give advertisers a significant amount of control over who sees their ads. Advertisers can segment their advertising campaigns geographically (to enable local advertising), but that's generally it. Google uses what they know about you to decide which of the available ads you're likely to be interested in, weighted by the advertisers' bids to maximize Google's revenue. Nothing in that process provides advertisers with your information.
That's what Google sells: your eyeball and, more importantly, the service of matching your eyeball to the ad most likely to get you to click.
I believe Google does get a little revenue from selling aggregated data, but that's an insignificant side business.
Also, using certificate-based authentication is that it makes the "something you have" your computer, rather than a separate device. There are threat models in which that's a better solution than having your phone be the second factor device, but there are also models in which it's much worse.
This is a dangerous illusion we've seen explioted ad nauseum (e.g. token cards) If you don't trust your computer then using it anyway is completely nonsensical.
Trust isn't boolean. There are many different ways some portions of your computer might be compromised in a time-limited way.
Well.. what they sell is created/summarized from user data and so it *is* user data. What else could it be?
In most cases, Google actually doesn't sell data at all. I understand there are some minor revenues from selling aggregated data. But selling data isn't really Google's business.
In the EU it is not legal to try and forbid anyone to resell items acquired by any means whatsoever. You buy it, you become the owner, you can do with it what you want: resell it, destroy it, lend it, rent it out, give it away. Google's gonna have a hard time with Euro Commissary iron Nellie ( Neelie Smit-Kroes, who already severely flogged them ).
I wonder if there aren't any exceptions for limited-access preview items. This first generation of Google Glass isn't available for sale to the public, and buyers of the Explorer edition have to agree to some things before they can purchase them.
Also, I don't believe people from outside the United States were eligible to apply for the Explorers program. Perhaps the EU law you mention doesn't include any exceptions allowing Google to impose these restrictions, and that's why it was limited to US residents. Or maybe not. Google tends to do everything in the US first anyway.
I'm sure the devices available for public purchase won't have any resale restrictions, once those arrive.
Probably selling your movements
Google doesn't sell any user data.
Actually, slight correction, I believe the Google privacy policy does allow selling of aggregated data. I should have said Google doesn't sell any individual user data.
Also, disclaimer: I work for Google but don't have any inside information about this. My comments are based on the published privacy policy.
Probably selling your movements
Google doesn't sell any user data.
Last time I used someone elses computer to login to anything was 10 years ago. I would argue using a "friends" or otherwise untrusted guest computer is insecure and unwise.
I posit that the majority of webmail users have used someone else's machine to check their e-mail within the last year. I know I have. In addition, for me, there's the fact that I have too many machines, and change machines too often. Right now, for example, I authenticate to Google regularly from a MacBook Air, two Ubuntu desktop machines, two Chromebooks, two tablets and a phone. Having to manually propagate a .p12 file to all of these would be enough of a pain that it might deter me using stronger authentication at all. Heck right now I have a new Chromebook that I've had for a week and still haven't gone through the process of installing a certificate needed to allow it on the corporate network. It's a simple process, but it's enough of an obstacle that it deters me.
Also, using certificate-based authentication is that it makes the "something you have" your computer, rather than a separate device. There are threat models in which that's a better solution than having your phone be the second factor device, but there are also models in which it's much worse. I think for most users the phone is a much better tradeoff, better fitting their usage patterns and threat models.
It's certainly the case for me. An OTP generator on my smartphone is a manageable inconvenience and adds considerable security. It's a good tradeoff. I've done client cert-based authentication in the past -- and indeed I use it now extensively on production systems that I build -- but it's a poorer solution for my needs and usage patterns. I'm a big fan of crypto security (it's my day job), but it's not always the best solution.
client certificates are a retarded system for users, they only result in a user not using anything. That is like giving someone a 10 pound sledge hammer to push in a thumbtack.
Why? Import a pk12 file into a browser takes seconds. What is the big deal?
And when you use a different browser, say while at a friend's house?