Kind of a silly tangent, but: it looks like Keith Alexander is wearing a Casio F91W, which is infamous for being the watch of choice of terrorists, particularly Osama bin Laden and numerous Guantanamo detainees. It's also popular with hipsters and hackers. I wonder if it was some kind of dog whistle? Or the same wardrobe people that put him in an EFF shirt to make him appear "relevant" did it.
Kind of a shame that "using cheap, high-quality equipment" is now evidence of criminal activity. As if I wasn't inadvertently on enough government watch lists already :(
(See also: encryption, tor; next up, using any OS that isn't certified NSA-backdoor-compatible?)
"the word “cloud” in “cloud computing” is just a euphemism for “some dark bunker in Idaho or Utah.”"
I always said that and I believe that the "cloud" is just some intermediary paradigm, in some time and hopefully soon, people will host all their data at home and will only upload it encrypted to on line vaults to have them backed up and redundant for accessing.
For now, I am really looking forward for an Evernote / Dropbox hosted outside of USA/UK/etc to start.
I do not think so. Hosting your data at home is significantly more complex than cloud hosting (dropbox, icloud) and will always be - bandwidth is the smallest of all issues. There's absolutely no gain if data is stored on shrink-wrapped boxes that are remotely administered by a provider because then, all data will just be collected at home. So you'd need a trustworthy and extremely simple and robust (open source?) solution that allows every, even the computer-illiterate persons to set up a storage at home. I don't see that coming soon.
I agree with you that today there is absolutely no way, but in the last 5 years the internet changed a lot. Several Europeans countries are subsidizing the optical fiber infrastructure, so the bandwidth will not be problem. To solve the complexity issue, I think the solution could be a of "home server" or "home box", I guess it will could be even provided by your ISP (each day these home boxes come with more capabilities).
I don't think that bandwidth is the problem. Technical knowledge is the problem. See, someone (AAPL) designs a beautiful box that does what you want (call it Time Capsule) and all of a sudden, all that changes is the attack vector: The NSA/BND/... does not require the cloud provider to hand over the data, they just require a data collection interface on the box. Or a sync protocol that leaks or a master key since they're sniffing all internet traffic anyways. All you're doing is playing a game of whack a mole. What's required is a fundamental change in how secret services are monitored and bound by law and that's not something technology can do.
Apple is clearly the wrong choice, then. Go with a vendor that allows people to own their own equipment, and not one that installs a data collection interface on it.
>sync protocol that leaks
Que? The sync protocol had better be open, or it's worthless.
Apple is not the problem. The (horribly proprietary) iCloud is just Apple's solution to the fundamental problem of people collecting data but not being able to manage it.
The article calls out smart devices. I've fantasized about having smart devices of my own, but in my fantasies they answer to me and collect data into my systems. Which means I need to learn a bit of embedded programming and some electrical engineering to build my own, after I've learned how to set up my own servers. I don't see this as viable for normal consumers.
Even I don't manage all of my own information. I switched to Gmail because I just can't keep up with spammers. I have a life.
here's what you do - design a beautiful cube that has a few ports (USB, firewire, whatever). It should also connect to the local wifi network. It'd ship with Dropbox-like software so synching files to it over the home network is dead simple.
Then, you make some sort of lifetime guarantee that you'll keep up with changes in storage and interface technology. Guarantee that the thing will be later upgraded to seamlessly translate people's wedding photos to the next big image format. Guarantee you'll keep it forward and backwards compatible to future OS updates. Guarantee it'll work with future phones and tablets, etc.
Maybe even build in some kind of automated off-site backups in case of fire, theft, flooding.
If you made it simple, and if you earned people's trust that this is really an investment - I think you could really clean up with local home storage.
Exactly the product I had in mind. I think you can get customers by selling the box and also by providing a subscription model to backup/replicate the user data. Ideally this box should use a well documented and open API and code so you can sync it with other "vaults" providers or even with other boxes. I would pay a lot for a service like this.
Syncing over the home network wouldn't be enough; one of the big features of Dropbox is that you can sync devices anywhere. Eg: my phone, my office PC, and my home PC all share the same Dropbox folder.
Since we're not all IPv6 yet, the cube will need to set up a secure tunnel out of the home network to a public endpoint, probably on a server run by your company. All syncing would have to go through that server, preferably with end-to-end encryption so the server can't access the data. (It can still be captured for offline cracking, though.)
I disagree. There are many signs that at least some people are moving in this direction. Think of things like SpaceMonkey, OwnCloud, various plug computers, the 'Raspberry Spring' (small embedded ARM devices) and many others besides.
Sure, these don't fulfil all of your criteria but the fact that they exist at all indicates that we're on the right path.
Sure and In The Beginning, there were only some people on Facebook, some people using email and some people using the cloud (only some people were on this internet thing, back in the day).
It's fair to say that the relative number of people doing something right now may be low but it's completely wrong to extrapolate that to the future the way you're implying. We don't know what will happen.
My post above is attempting to support my view that there is growing interest in solutions like the kind you asked for (e.g SpaceMonkey raised 3x its funding goal on KickStarter). Whether these solutions actually become successful in the long term remains to be seen but I feel we're further along than your comment suggested.
It has big meaning in business where it generally means the organization isn't going to run it's own servers. Or even own them if they aren't requiring a private cloud. Although amusingly, here in the medical sector, the cloud often still has to be in the same state for legal purposes.
“outside the US/UK/etc” means “in a country with weaker constitutional protections against government search and seizure”, for the most part. Be careful what you wish for.
The hardware is small, cheap ($20 - $200, or more if you prefer) and low-power. And the truth is: having _any_ dedicated box means you're getting more hardware allocated to your use and data than most SAAS providers provision on a per-customer basis. With modest amounts of RAM and an SSD performance will top most cloud services.
The software is self-configuring. One thing the Debian team has been working on for nearly two decades is how to take all the pain out of deploying systems, and while it's not perfect, it's really damned good. With a focus on "sane by default", there's no initial package selection.
The "Federated" bit says that your data is replicated on other nodes, either of your specific choosing or based on an arbitrary selection. That can include encryption of non-public data.
And there's a possible business model: set up self-hosted systems for individuals or businesses, or host small numbers of sites (it would take a lot of work for the feds to track down tens of thousands of providers rather than a handful of large players).
Email, webhosting, file storage, email, messaging, social networking, on an open framework.
"It’s probably not a coincidence that LiveJournal, Russia’s favorite platform, suddenly had maintenance issues – and was thus unavailable for general use – at the very same time that a Russian court announced its verdict to the popular blogger-activist Alexei Navalny."
"First of all, many Europeans are finally grasping, to their great dismay, that the word “cloud” in “cloud computing” is just a euphemism for “some dark bunker in Idaho or Utah.”"
I have to say, this whole NSA Snowden revelation has shaken a bunch of us out of our little fantasy bubble, and we have lost all faith in Google and other internet services providers to protect our private information.
But the real catastrophe here is that these U.S. companies have suddenly and irrevocably lost the trust of the rest of the world, as the article rightly points out. Software is one of America's last bastions of competitiveness and our stupid government has managed to undermine even that.
So long, Internet. It was fun while it lasted. I just hope there will still be a few good paying jobs left after the crash, maybe in the field of cryptographic communications; that seems like it's got a lot of potential in our post-privacy era.
Why do you blame companies? If you were the CEO of Google and a government official came to you with a request for a backdoor and a solid promise to make life real hard for you if you refuse to cooperate, what would you do?
I like to think that I would react as did Todd Beamer and the other passengers of Flight 93. Sometimes circumstances call for heroic action at the risk of one's self.
Not that relevant an analogy: Beamer and company knew it was very likely, whatever they did or didn't do, that they were going to die within a few hours. They also knew they could likely save a lot of lives by acting.
It is not immediately clear the stakes are that high, and a counterargument with some validity is that a failure to cooperate will cost a lot of lives from future mass causality terrorist actions. And the penalty is squalid, e.g. see the example of Federal prisoner Joseph Nacchio, former CEO of Qwest. Note the truth behind his conviction doesn't matter a long as there is enough solid suspicion.
I'll tell you what I would do if I was a government official. I'd smile and ask you kindly if you are sure you don't want to cooperate. If you say you are, I'd leave. Then I'd find every piece of evidence I have against you and your company, get public opinion on my side, sue you, destroy your reputation, give hidden subsidies to your competitors, accuse you personally of tax evasion and your company of not acting in the interests of public. It wouldn't destroy your company, but you'll lose plenty of money, the public wouldn't listen to you because you'd have no evidence and because the public opinion is on my side already. No one will ever know of your courageous act. More importantly, by punishing you I'd show other companies what happens to those who misbehave.
And don't be naive. The judges are in my pocket, public opinion is in my pocket, I have power which your money can never buy and you are on your own, as all of your competitors are just waiting for the chance to jump in and destroy you.
I guess I would put up a very public fight over it, take them to court, make it a cause celebre.
Google's reputation is, after all, based on "do no evil", is it not? Hundreds of millions of people all over the world trusted them to ethically handle ads and personal data and all that. Google took a principled stand on Chinese spying and censorship, remember, and it cost them probably billions of dollars in business in mainland China.
30 comments
[ 0.20 ms ] story [ 74.3 ms ] threadhttp://en.wikipedia.org/wiki/Casio_F91W#Claimed_use_in_terro...
(See also: encryption, tor; next up, using any OS that isn't certified NSA-backdoor-compatible?)
I always said that and I believe that the "cloud" is just some intermediary paradigm, in some time and hopefully soon, people will host all their data at home and will only upload it encrypted to on line vaults to have them backed up and redundant for accessing.
For now, I am really looking forward for an Evernote / Dropbox hosted outside of USA/UK/etc to start.
>sync protocol that leaks
Que? The sync protocol had better be open, or it's worthless.
The article calls out smart devices. I've fantasized about having smart devices of my own, but in my fantasies they answer to me and collect data into my systems. Which means I need to learn a bit of embedded programming and some electrical engineering to build my own, after I've learned how to set up my own servers. I don't see this as viable for normal consumers.
Even I don't manage all of my own information. I switched to Gmail because I just can't keep up with spammers. I have a life.
Then, you make some sort of lifetime guarantee that you'll keep up with changes in storage and interface technology. Guarantee that the thing will be later upgraded to seamlessly translate people's wedding photos to the next big image format. Guarantee you'll keep it forward and backwards compatible to future OS updates. Guarantee it'll work with future phones and tablets, etc.
Maybe even build in some kind of automated off-site backups in case of fire, theft, flooding.
If you made it simple, and if you earned people's trust that this is really an investment - I think you could really clean up with local home storage.
Edit: typo.
Since we're not all IPv6 yet, the cube will need to set up a secure tunnel out of the home network to a public endpoint, probably on a server run by your company. All syncing would have to go through that server, preferably with end-to-end encryption so the server can't access the data. (It can still be captured for offline cracking, though.)
I disagree. There are many signs that at least some people are moving in this direction. Think of things like SpaceMonkey, OwnCloud, various plug computers, the 'Raspberry Spring' (small embedded ARM devices) and many others besides.
Sure, these don't fulfil all of your criteria but the fact that they exist at all indicates that we're on the right path.
It's fair to say that the relative number of people doing something right now may be low but it's completely wrong to extrapolate that to the future the way you're implying. We don't know what will happen.
My post above is attempting to support my view that there is growing interest in solutions like the kind you asked for (e.g SpaceMonkey raised 3x its funding goal on KickStarter). Whether these solutions actually become successful in the long term remains to be seen but I feel we're further along than your comment suggested.
The hardware is small, cheap ($20 - $200, or more if you prefer) and low-power. And the truth is: having _any_ dedicated box means you're getting more hardware allocated to your use and data than most SAAS providers provision on a per-customer basis. With modest amounts of RAM and an SSD performance will top most cloud services.
The software is self-configuring. One thing the Debian team has been working on for nearly two decades is how to take all the pain out of deploying systems, and while it's not perfect, it's really damned good. With a focus on "sane by default", there's no initial package selection.
The "Federated" bit says that your data is replicated on other nodes, either of your specific choosing or based on an arbitrary selection. That can include encryption of non-public data.
And there's a possible business model: set up self-hosted systems for individuals or businesses, or host small numbers of sites (it would take a lot of work for the feds to track down tens of thousands of providers rather than a handful of large players).
Email, webhosting, file storage, email, messaging, social networking, on an open framework.
This was news to me.
It is not as though there were no warnings:
https://www.gnu.org/philosophy/who-does-that-server-really-s...
But the real catastrophe here is that these U.S. companies have suddenly and irrevocably lost the trust of the rest of the world, as the article rightly points out. Software is one of America's last bastions of competitiveness and our stupid government has managed to undermine even that.
So long, Internet. It was fun while it lasted. I just hope there will still be a few good paying jobs left after the crash, maybe in the field of cryptographic communications; that seems like it's got a lot of potential in our post-privacy era.
It is not immediately clear the stakes are that high, and a counterargument with some validity is that a failure to cooperate will cost a lot of lives from future mass causality terrorist actions. And the penalty is squalid, e.g. see the example of Federal prisoner Joseph Nacchio, former CEO of Qwest. Note the truth behind his conviction doesn't matter a long as there is enough solid suspicion.
And don't be naive. The judges are in my pocket, public opinion is in my pocket, I have power which your money can never buy and you are on your own, as all of your competitors are just waiting for the chance to jump in and destroy you.
Google's reputation is, after all, based on "do no evil", is it not? Hundreds of millions of people all over the world trusted them to ethically handle ads and personal data and all that. Google took a principled stand on Chinese spying and censorship, remember, and it cost them probably billions of dollars in business in mainland China.
A reputation, once lost, is not easily restored.