What I want is an open network file system or file transfer protocol that does round-trip encryption out of the box, but these days that probably makes me a terrorist.
What is primarily needed, before even touching the code (please!), is the trust/security model (or models) to use.
We need models for both hierarchical organizations, multihierarchical ones (where the top boss cannot access some data of other “regional” bosses, e.g. the ones responsible for their assigned areas or fields), and ahierarchical/cellular models.
Without good specifications with well-designed need-to-know relations and trust boundaries, we will end up with something that’s worse than nothing. Avoid binary all-or-nothing thinking, and design the system to degrade gradually under compromise and to fail gracefully (so any one infiltrator in trusted position can do only limited damage, learn from well known intelligence incidents about the power of moles). Expect misplaced trust. Expect infiltrators, turncoats and good old cracking under pressure. Design it into the model.
A lot of work is already done here in the commercial security, military and intelligence fields, free for taking. Possibly recruit a consultant from there, possibly a disaffected retired “Snowden Lite”.
What would [Bruce] Schneier do?
Many of these things exist already
We use a product for offsite backup that transfers the data using our own TLS cert and stores the data on drives encrypted by our key. The tool allows multiple backup operators and can backup from any machine with the app installed. The backups are stored in a central off site location and are accessible by anyone granted permission to do so.
There are dozens of companies doing this securely.
There are others on this list that I won’t bother to deal with.
“Collaborative spreadsheets”
That’s right where I feel asleep.
And their open source code is published where?
Github!
Wow! This stuff really sounds peachy and whiz bang. How about this for a start: A membership list program that works across platforms (mac OSX10.4 to10.?, Xp to win10) is volunteer data entry error friendly, customizable, open source and doesn’t version creep the organization. Oh, BTW, Open Office’s BASE has this little flaw deep in it that keeps one from using it as… If this was 1998 I would whomp something up on Access, but access and OSX… la la la… Oh, right we were talking security here… Back to index cards.
Seriously! Someone write this and every NPO in the world will love you. But it better be free and open source because every payware solution out there is a disappointing time suck heartbreaker.
Anyone care to spout off and say Javascript web-based solution? Bakka Bakka Bakka.Google Docs… Bzzzt wrong fails… Any other armchair quarterbacks?.
But it is just an address book. (which is why nothing that work exists)
Try google, yahoo, or one of the many search engines out there. Here is a link to a project for an entire office suite of collaborative applications and even a server ONLYOFFICE · GitHub Feel free to spend your own time finding others. Or, you know, keep writing pithy replies.
Well, except those don’t do the thing called for in the article, do they?
Keep writing comments that miss, you know, the entire point of the article.
Well, except they don’t.
Let’s see how points many OnlyOffice covers
Multi-user, because teams are more than just two people
Check. Definitely multi user
Multi-device, because people travel and need to swap out or switch between hardware
Check. It can work on desktops and phones.
Decentralized, because leaving a server somewhere is risky, inconvenient, sometimes prohibitively expensive, and can cause latency issues
Check. AWS cloud based system is decentralized and you can even setup your own cloud if you don’t like Amazon.
Client-side end-to-end encrypted, so everything that’s trusted with data is physically with someone trusted
Check. Files stored using 256-bit AES and accessed only via SSL
Offline-friendly, because the Internet isn’t always on and people need to collaborate locally when it isn’t
Check. Documents can be stored locally.
Role-aware, because teams tend have different people doing different things, and software that doesn’t support this doesn’t let them work effectively; design for security means designing for community
Check. Access rights and restrictions are granular on a per user basis.
Secure by design for everything from basic communications architecture and protocol parsing through cryptographic enforcement of roles and permissions, because attackers will exploit policy weaknesses otherwise
Check. AWS is well vetted for security and TLS is well understood.
Metadata-sensitive, because adversaries don’t always need content
Not sure what this is supposed to mean - very vague so if you know, let me know
Multi-organization, because cross-organization collaboration is critical but complicates role structures and authorizations and tools that enforce silos hurt field outcomes
Check. Documents can be shared between organizations.
So, what feature is missing that makes you so sure OnlyOffice doesn’t do what the article says it should and what “entire point of the article” am I missing?
AWS is not a security solution for organization. So
Is crap.
Metadata is all the other data in and about a document that gives people details. I suggest googling “metadata security” and working from there.
So, your favorite new office solution isn’t “secure by design” and saying “Use AWS” doesn’t make it so.
Cute, I never said I even liked it. But the files are stored using AES 256 encryption and all data is transferred using TLS. Here you can learn more about AWS security Cloud Security – Amazon Web Services (AWS)
Tell me again how that is not secure?
I know what metadata is. I do not know what a metadata sensitive application should be. Imagine a spreadsheet - What metadata can been gleaned from a spreadsheet that is stored encrypted and transferred encrypted? The only metadata collection possible really is that IP A connected to IP B and a data link was established.
Did you just decide to poo poo me saying that there are products that fit the design requirements from the article with a pithy question about open source code and then decide to double down when I gave you a link? It sounds like you are having to really stretch the bounds or reasonableness to keep your argument alive.
Sometimes, when we doubt something and are shown that our doubts are unfounded, it’s better to simply accept the truth in front of us.
I had actually expected a reply from you that insisted cloud based systems are not decentralized enough and everything should be pure P2P. At least that would have been a good argument. OnlyOffice is not P2P. You’ll have to use a different product for secure P2P document collaboration. Those exist as well but at least it would have been a good counter on your part had you thought of it.
ha ha
I run a security engineering team. At this moment, without going and looking at the console, my team is running approximately 140 to 180 EC2 instances doing security fuzzing.
In other words, yeah, I know how AWS security works.
AWS isn’t a solution because it is one secret letter from the US Federal government away from a quiet subpeona and cracking of all of your data and the watching of all of your network traffic. Amazon will give the feds root on everything. Any secure solution pretty much does need to be rolling your own cloud or distributed.
What Ella is arguing (and I know her) is more about designing collaboration tools with security from the ground up, not simply this year’s open source replacement for Office.
Good for you. That’s so very exciting and has nothing to do with this discussion.
[quote=“albill, post:14, topic:70661”]
AWS isn’t a solution because it is one secret letter from the US Federal government away from a quiet subpeona and cracking of all of your data and the watching of all of your network traffic. Amazon will give the feds root on everything. Any secure solution pretty much does need to be rolling your own cloud or distributed.
[/quote].
AWS is a cloud platform. The files are stored using AES 256 and transferred via TLS. How will this subpoena bypass that? Additionally, and perhaps you missed it, you can run your own cloud. You don’t have to use AWS. You can use whatever you like. So, it seems to fit your requirement of rolling your own cloud.
Also, there are secure P2P document collaboration tools out there. One was so well made, MS bought it and uses it in their Groove platform. But hey, someone you know wrote an article so you must defend it despite the fact that it is calling for the creation of things which exist and continue to be developed. Any evidence to the contrary cannot possibly be real… right?
And what makes you think this product was not built from the ground up with security in mind? You must have some evidence that it is not since you seem so secure in your position. This is not the only security minded collaboration tool out there either. That you and your friend are unaware of them in no way negates their existence.
A suite of cloud based collaboration tools is not an open source Office replacement. I thought you would know better.
Because Amazon will hand over the root keys to any servers under direction of the government? You really think Amazon has no transparency or override authority on these systems when they want it?
The rest of your wankery is just wankery. Why not go on twitter, reply to @dymaxion, and tell her that her problems are solved with your preferred solution. I’m sure the responses will be amusing.
Again, the product does not require that you use AWS. That’s optional. But let’s look at the idea of handing over root keys. Since Amazon does not have the key I use to encrypt my data on the disk, how are they getting my data again?
Of course it is. Anything you have no answer for must by definition be wankery. How’s the acoustics in that echo chamber?
When you decrypt it with your software since they’ll hand over root access to your box and then the Feds or whomever install tools to look over your shoulder?
You realize how decryption works, right? It has to get into RAM eventually. There is a reason that security conscious people who are dissidents don’t run their stuff on Amazon’s cloud.
Again, I encourage you to go tell Ella that the problems she identifies aren’t really problems and you have a solution to all of them.
Seriously, I think the entire point of her post but if you think it is all a solved problem, go tell her.
It will not be decrypted in RAM unless it is decrypted by a server side process. If the client application decrypts the data, then no… Geeze you are hung up on the AWS thing aren’t you… Perhaps it’s your only remaining point of contention so you’re grasping at it like a lifeline. Who knows? I just know it’s getting kinda creepy in here.
Again, using AWS is an option. You know that word… option… right? There is no requirement to use AWS so if you are concerned about AWS security, then simply don’t use it. Use your own cloud or some competitor. Roll your own. Who cares?
Amazing, I give an example of a product which fits all requirements in the article and advise you that others including P2P secure collaboration are out there if you search for it and instead of going to your friend and saying “Hey, there might be some tools out there you would be interested in” you decide to shoot the messenger.
Seriously, the only thing that you could even point to was the optional use of AWS on that one product and you decide that it’s all some lie. I’m not even sure how to approach someone who sees the world that way.
.
She’s your friend, son. You talk to her. I never said I had a solution to anyones problems. I said many of the solutions she is looking for are out there. Now go be a good friend and help her out by letting her know there are tools she may find useful. Let her evaluate them since you can’t be bothered. I’m not going to sign up for twitter just because you are too proud to admit you may be wrong.
I’m sorry but I have no reason that some office competitor you linked to on github and your AWS magic sauce solve her problems so I’m certainly not going to suggest it to her. If you think it solves the problems, feel free to do so.
