I hate to pre-judge, but it will be very difficult to implement this is a way that is actually secure. If the government wants the contents of your encrypted email box they could order Google/Yahoo to backdoor the system to steal your password. It’s happened before.
But, hey, still better than nothing (I think).
Don’t let perfect be the enemy of better. Of course whoever has the keys to the kingdom gets in, but locking the door is better than leaving it open.
Oh, but it won’t happen this time. This time is different. Trust me.
Is it? There’s something nefarious about a false sense of security.
-
We should push these companies to implement a canary specific to this coalmine.
-
An eyes wide open perspective sees this as a gain against non-state attackers of intermediate sophistication. Which is a meaningful gain for millions of people. Helps me, but not Glenn Greenwald, who is using better tech anyway.
-
This meaningfully changes what can be used in court in cases that aren’t important enough for the NSA or the FBI to be involved. Again, a gain for many, but with crucial omissions.
I’ll take real imperfect security over paranoia (which can be nefarious)
There’s a difference between imperfect security and fake security. Considering what’s come to light from yahoos recent efforts on the security front, I think fake security is all they are capable of.
At least Google possesses the ability to achieve imperfect security - I don’t think Yahoo is likely to even manage that, in which case this will actually be “the worse” rather than the “better”.
#3 is important for people to realize. If like most people your secrets are more likely to get you in trouble with the police than the spooks, you shouldn’t be worried that your local police station is going to wiretap everything without a warrant and waterboard you.
The market motivates yahoo and google to keep secrets (otherwise everyone will store their cloud data in some other country that can keep secrets).
The market can certainly motivate a donkey a donkey to fly like a bird, but that doesn’t mean it will be able to, and I’m certainly not going to ride it off the cliff.
Yahoo is notoriously bad at security - they see themselves and structure themselves as an entertainment and media company, not a technology company, and it shows. If you want to keep something secret, Yahoo isn’t where you should be storing it, no matter what they promise.
It’s not just the CIA who gets your data from Yahoo, after all.
I’m sure both users will feel much more secure.
This topic was automatically closed after 5 days. New replies are no longer allowed.
