The lady-in-the-middle

Condoleezza Rice
Condoleezza Rice and Dropbox. What were they thinking?

Here’s a great idea: spend 5 years building an awesome service where people upload their private documents and trust that you’ll handle them safely. After you’ve done that, undo everything you worked for in one go by hiring one of the people who was part of the team behind the biggest illegal data mining and analysis scandals in human history as a board member.

Seriously? Like, nobody at Dropbox stopped for a second and thought: “hmm, are we sure we’re sending the right message, what with the still-in-the-news revelations of the illegal USA surveillance and all?”

People who know me know I love Dropbox. I blogged about it here back in 2009. I’ve been a paying member for years. I’ve got two accounts. Well, had. I’ve cancelled them both and switched to BitTorrent Sync since this news broke.

What’s BitTorrent Sync? Think free Dropbox without the lady-in-the-middle. Here’s an easy-to-follow guide on how to migrate.

All that, for this.

Interview on NPR with John C. Inglis of the NSA:

While Inglis conceded in his NPR interview that at most one terrorist attack might have been foiled by NSA’s bulk collection of all American phone data – a case in San Diego that involved a money transfer from four men to al-Shabaab in Somalia – he described it as an “insurance policy” against future acts of terrorism.

(Source)

Emphasis mine.

On being secure

With all the recent news about the US government collecting and analyzing everything we do online and in our daily lives, we’ve all been looking for ways to increase our privacy.

Today, an article was posted on Hacker News about Google Analytics not being served over https. After reading this, I remembered that I use it and questioned whether or not I should keep it on this blog. Google Analytics has been installed on this blog for years, but today I found it hard to answer exactly why. It provides no real value to me other than satisfying my curiosity.

In the end, I decided to remove it. Not only because it is not served over https, but because the only real parties it benefits are Google and the NSA. My site is not large or popular, but it’s just one less site on the network being tracked through that channel.

I believe, in life, we should lead by example. I believe the web should be secure by default. I believe web servers should only function when using encryption (Supporting http was a design flaw, https should have been the only option. Even a self-signed certificate is safer than plaintext http.)

To that end, I’ve come up with a short list of simple things us website owners can do in order to hinder attacks or snooping by third parties. I’ll compare my own site against this post and update as I move toward compliance (red means failure):

  1. Serve content only when encrypted by perfect forward secrecy.
  2. Serve content entirely from web hosts and CDNs under your control.
  3. Encourage others to do the same.

It’s amazing how quickly my view on this has changed. If you would have asked me a year ago whether or not it was important to self-host images and scripts used on your site (or whether you should even be hosting your blog yourself versus using a third-party service like Tumblr), I would have answered an emphatic no and provided many reasons why letting a bigger, better player handle that is much better.  As a site operator, I want my site to be as fast as possible. As a web user, I want to be as secure as possible. Which is more important?

With the way things are now, it’s worth being a second or two slower to serve knowing that your stuff is your own.