[cryptography] LeastAuthority.com announces PRISM-proof storage service

Nikos Fotiou nikosft at gmail.com
Thu Aug 29 08:09:41 EDT 2013


A naive comment.

In his first email Zooko states:

"S4 offers “*verifiable* end-to-end security” because all of the source
code that makes up the Simple Secure Storage Service is published for
everyone to see"

A suspicious user may wonder, how can he be sure that the service
indeed uses the provided source code. IMHO, end-to-end security can be
really verifiable--from the user perspective--if it can be attested by
examining only the source code of the applications running on the user
side.

Best,
Nikos

On Sat, Aug 17, 2013 at 11:52 AM, ianG <iang at iang.org> wrote:
> On 16/08/13 22:11 PM, zooko wrote:
>>
>> On Tue, Aug 13, 2013 at 03:16:33PM -0500, Nico Williams wrote:
>>>
>>>
>>> Nothing really gets anyone past the enormous supply of zero-day vulns in
>>> their complete stacks.  In the end I assume there's no technological PRISM
>>> workarounds.
>>
>>
>> I agree that compromise of the client is relevant. My current belief is
>> that
>> nobody is doing this on a mass scale, pwning entire populations at once,
>> and
>> that if they do, we will find out about it.
>>
>> My goal with the S4 product is not primarily to help people who are being
>> targeted by their enemies, but to increase the cost of indiscriminately
>> surveilling entire populations.
>>
>> Now maybe it was a mistake to label it as "PRISM-Proof" in our press
>> release
>> and media interviews! I said that because to me "PRISM" means mass
>> surveillance
>> of innocents. Perhaps to other people it doesn't mean that. Oops!
>
>
>
> My understanding of PRISM is that it is a voluntary & secret arrangement
> between the supplier and the collector (NSA) to provide direct access to all
> information.
>
> By 'voluntary' I mean that the supplier hands over the access, it isn't
> taken in an espionage or hacker sense, or leaked by an insider.  I include
> in this various techniques of court-inspired voluntarianism as suggested by
> recent FISA theories [0].
>
> I suspect it is fair to say that something is PRISM-proof if:
>
>   a) the system lacks the capability to provide access
>   b) the operator lacks the capacity to enter into the voluntary
> arrangement, or
>   c) the operator lacks the capacity to keep the arrangement (b) secret
>
> The principle here seems to be that if the information is encrypted on the
> server side without the keys being held or accessible by the supplier, then
> (a) is met [1].
>
> Encryption-sans-keys is an approach that is championed by Tahoe-LAFS and
> Silent Circle.  Therefore I think it is reasonable in a marketing sense to
> claim it is PRISM-proof, as long as that claim is explained in more detail
> for those who wish to research.
>
> In this context, one must market ones product, and one must use simple
> labels to achieve this.  Otherwise the product doesn't get out there, and
> nobody is benefited.
>
>
>
> iang
>
>
> [0] E.g., the lavabit supplier can be considered to have not volunteered the
> info, and google can be considered to have not volunteered to the Chinese
> government.
> [1]  In contrast, if an operator is offshore it would meet (b) and if an
> operator was some sort of open source distributed org where everyone saw
> where the traffic headed, it would lack (c).
>
>
>
>
>
>> Regards,
>>
>> Zooko
>>
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography
>>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography


More information about the cryptography mailing list