Its the fragility stupid!
Why Dropbox, Google, Snapchat and SpiderOak alike are not the solution!
Once again privacy and security is on the headlines: the Snapchat photo grab (the … Snapenning?), making every user a victim, Snowden’s latest talk pledging for using encrypted tools and services and getting rid of “Dropbox,” Facebook And Google”.
In the same speech E. Snowden proposed the use of cryptography enabled Cloud storage services such as SpiderOak. However, using Cloud based services, despite their creators best intentions has considerable risks since
Any Cloud based approach creates massive hugely attractive fragile Honeypots
Enormous amounts of user data and profiles are stored there making highly attractive targets for any organization or hackers to compromise and gain access to mountains of user’s data. While, for services like SpiderOak, encryption adds a further wall to that, nevertheless it does not remove the danger of a single mistake on a single platform, system or application to open the doors for enormous data grabs.
A contemporary author has written extensively about the inherent fragility of big super efficient centralized systems. He is Nassim Nicholas Taleb in his magnus opus, Incerto, comprising Antifragile , The Black Swan, Fooled by Randomness, and The Bed of Procrustes books.
NS Taleb points out that the financial crisis of 2008 can be interpreted as developing of a super efficient, highly complex system that eventually collapses due to its own complexity and inherent fragility, i.e. no matter how small the probability of a risk is, if the consequences are large then the danger is enormous!
We humans, are not good at calculating probabilities for events with large consequences. We falsely believe that no zero day exploit will target us, and that our security experts are ahead from the best solo or nation-state level hackers. Or that our nuclear reactor’s tripple cooling system, a discipline where risk management, rigorous testing and serious security is studied (unlike IT!) and enforced for over 50 years, is super resilient, tested and designed and will never ever fail (remember Fuckosima?)!
On other terms these system could be seen as a manifestation of Murphy’s law
Anything that can possibly go wrong, does.
So expect the next [iCloud | GoogleCloud | Facebook| Snapchat |SpiderOak] cloudhack sometime in the future. Be certain that over a platforms’s lifetime, over your lifetime
a zero day exploit sold on the black market, a back door inserted on an app, a hastily written piece of critical software, even an Open Source one, will be found, and if everyone’s data is on a single platform, system or software, consequences will be big!
Thus, making massive, centralized, increasingly complex, single culture, super-efficient systems increases the danger for massive fallout, after a security breach. Because no matter how small the probability of a Cloud infrastructure breach are, the consequences for users, not the operator usually, are large. We don’t have any vested interest as users, to accept this danger!
And since I am writing about massive risks, just as I am writing these lines an application for decrypting the local Snapchat came up:
since all SnapChat photos, in the whole world are encrypted in every device using the SAME key! Speaking about fragility…
So what is the solution: NS Taleb teaches that a system can be designed to be anti-fragile, to not only cope to small amount of stress but also become better and more resilient by it. And while this might be extremely difficult, Taleb also shows that small is truly beautiful thus for our discipline
distributed systems cope better with stress that monolithic mega-systems, from government to air travel.
So instead of designing systems that are centralized and pose a big massive honeypot, its better to design systems where every node is not a risk worth taking. In any case its a better security strategy: diverting the resources of the “enemy”.
This means that centralized Cloud architectures, are creating a massive tempting Honeypot for hackers and should be avoided by all means.
There is no need for data to reside on a Cloud infrastructure servers: pretty good distributed approaches exist. In this case even if some portion of the system gets compromised consequences will be small and local, if users are in control and possession of their data and if the sharing model in only sender initiated. This is built right on top of our protocol stack, and its own of the best design decisions we have made!
We @Momentum have included in our architecture means and principles such as even if the messaging platform is compromised, even if passwords are stolen, you will still be in control of your data and a massive data breach will simply not be possible: the users will know it before we know it.
How this is possible:
- In Momentum we don’t store your data! We don’t create a massive honeypot of user’s data, encrypted, unencrypted or not.
- Your data is on your device and only. Local encryption will also be offered if feel you are needing it!
- Momentum like every other distributed platform (yes even BitCoin & BitTorrent have some kind of directory/bootstrap server or super-peer) needs a kind of directory server, that may form a tempting point of attack. In future versions of Momentum we will not even own the directory server, so dangers and consequences are really distributed: it could be any Jabber service on the Internet, initially we will provide one. But even if the directory service is somehow compromised again, there is no data there for grabbing, unlike every other, encrypted or not Cloud data service.
- In case your password is somehow compromised (2 factor authentication will be offered by Momentum on the stable version), again you will know it first, you will get notified that someone is trying to make a copy of your data from your own device. Clearly you would be able to just stop that, by rejecting the attackers device! Even if the attacker succeeds in compromising the password he cannot have access to your moments unless you … allow it!
So what’s the catch if distributed systems have inherent security advantages and people are still making centralized systems and app? The catch is that distributed systems are harder to code, need more effort and testing to do correctly!
Your support is crucial and the first step would be to register to Momentum in order to test the upcoming alpha version!
Its built on super mature distributed open technologies, its distributed, and we promise that no matter what happens your data will be kept only in your own device, but we need your help!