Rich Freeman on 25 Oct 2014 06:50:14 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Spark Core (corrected)

On Sat, Oct 25, 2014 at 9:20 AM, Paul Walker <> wrote:
> Something I've been thinking about a lot lately, in general terms. It seems
> like handing all of our data over to these giant entities (Apple, Google,
> NSA, etc) is a bad idea.

I buy the first two, not the third.  Nobody "hands" their data to the
NSA - they just take it.  They're going to take it whether you store
your data on the cloud or not.  Having it on the cloud can make it
easier for them, of course, but the Snowden leaks already disclosed
that the NSA roots boxes controlled by sysadmins just to get their ssh
keys.  If they're willing to do that, then why wouldn't they root the
box of anybody who runs a tor relay, etc?

> I would love to see more "cloud"-based platforms that offered the following:
> Default anonymity (data is anonymized on storage and never connected with a
> user's identity)
> Default encryption (data is encrypted from client to server and ever after)

This kind of model would probably require that customers pay for their
services, and most people seem unwilling to do that.  Encryption means
no deduplication as well, which raises costs.  Also, with this kind of
model you run into issues with access control.  If a user forgets
their password there is no way to recover for them, and also no way to
authenticate them even if you wanted to.  That also means that if
somebody hacks into your account they're now the real you, since the
provider has no other way of identifying you.

I was actually wondering if there would be a market for an identity
broker business of some kind.  I could go up to this business and
establish my identity with them to some level of confidence.  I could
then ask them to authenticate me to some service with some level of
confidence.  This could even be done in a way where only the broker
actually knows who I am - I could establish pseudonyms - either
persistent ones I use everywhere or throwaway ones used for a single
transaction or just within a single site.  However, if anything went
seriously wrong a legitimate law enforcement request could be used to
obtain my true identity, with some level of confidences.

Levels of confidence could go all the way from a persistent pseudonym
divorced from any real-world identity, to showed up in our office and
presented n forms of ID, to the company was present at birth and
witnessed the doctor sign the birth certificate while we sampled DNA.
Levels of authentication would go from entered a password, to used a
two-factor credential, to showed up in the office with their
two-factor credential and were compared to the photo, to
representative of the company shows up at the signing of a deal and
takes blood for DNA testing from all parties.  You wouldn't need the
highest levels of assurance to buy something on Amazon, but you might
need a higher level to get a reduced rate on title insurance for your
house, etc.  The identity broker could also associate each level of
assurance with a guarantee, and if a court later rules that a contract
is void because it cannot be proven that the right party was there the
broker pays out an insurance payment.

Basically such a broker would replace having a national ID, which for
whatever reason seems to be politically untenable.  Also, having a
private broker allows competition (sort of - unless you invite 5
companies to witness your kid's birth it is only workable to a
degree), and probably more important accountability.  If you rely on
somebody's drivers license and it turns out to be fake the government
might punish somebody, but they won't do squat for your loss unless
you can find somebody to sue.  On the other hand, if you rely on an
identity broker and you pick the authentication level with a $1M
guarantee, then if the ID turns out to be bad you actually profit on
the deal.  The company of course will be careful to avoid payouts by
doing the job right, and by supporting their customers in court.

> Distributed models (peer based solutions for hosting and storage)

These are actually fairly technically difficult to pull off, due to
the need for locking/etc.  They're not always well-suited for things
like phones.  They do exist though - ceph and the like comes to mind.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --