|
It's funny. This is in some ways the best answer I've seen to the security questions to date from anyone connected to the project. In particular, you're absolutely right that "the key question is: how sensitive is the data?" So long as you're only aggregating stuff that was already public anyway (e.g., public tweet streams), you're not adding additional risk in any obvious way. But on the other hand, to the extent that you're going beyond aggregating and curating public data, you are adding risk. And on both your web site and in other public discussions, you seem to acknowledge that there's something there to talk about (why have a security page otherwise?), but there's been a continual marked reluctance to get into specifics about even the nature of what data you're collecting, let alone how you're managing it. What's more worrisome, this all comes after the assertion that even though the "user functionality" code is slipshod, you're still confident that "anything to do with security is not compromised." Security doesn't work like that. If you're unfortunate enough to have a buffer overflow on the machine running your stuff, it's compromised. Even if that's only in the "user functionality" code. Even if it isn't your code at all, but some other service that you weren't using, but forgot to turn off or firewall away. You might also want to try a bit harder to see things from the point of view of your critics. One of the things they're thinking about is the Haystack anti-censorship project, which attracted enormous hype in the technical and mainstream press, but collapsed after a much-delayed security audit found the code badly wanting. I now find a collection of laments about it[1] as the top result in a Google search for "iran social media security fiasco". That's what your critics are worried about. And I'm not sure it's entirely fair on your part to ask for a more specific run-down of technical risks than that when outsiders haven't yet seen, in specific technical detail, a full run-down from your side of what the system is supposed to do in the first place. [1] The actual page: http://webography.wordpress.com/2010/09/24/recent-resources-... EDIT [in response to [name redacted]]: I understand that you guys are under time constraints, but you and Gausie did find time to write over 1500 words of comments between you on this HN page alone. If you'd written half that much text describing your security model in a concrete, specific, technical way we'd be having a much more productive conversation. |
Thank you, yes we know about haystack and are very aware of the dangers. I also have a heavily annotated copy of The Net Delusion sat on my desk right now. We're not going into this blindly and each of us has a tin foil hat ;)
I do apologise if we're coming over as distracted by this conversation and in a hurry to get back with our work. I fear this risks becoming an "emacs vs vi" thread that ultimately resolves nothing - I've worked close to 100 hours already this week and will be working flat out until well past midnight GMT tonight. To be brutally honest while security is critical participating in this particular conversation cannot be an immediate priority for me and the team even though we do welcome your interest and criticisms.
I asked for patience. I'll repeat that again. We are exhausted and rushed off our feet not least because we have to earn a living when not working on Sukey. Please give us time. By all means if you don't trust us, don't use it and don't sign up now. Wait and see.
We are in a massive crunch to get ready for the TUC demonstration on 26 March. We are supporting the legal, democratic right of peaceful protest within a democratic society. If and when we extend the tool - as we hope to do - so that it could be used in authoritarian regimes then it has to be bullet proof security but right now we want our users to go into it with open eyes - aware of all the criticisms you guys have raised and having read our: http://sukey.org/idiotwarning
I hope that we will have addressed all of your issues and will have got the code up under a licence that makes everybody happy before the 26 March.
I'm really sorry if that answer doesn't satisfy some of you. We are not bad people just very busy and under enormous stress. I apologise if that has made us seem curt or evasive. I do hope that you come to realise that with time.
An email from RMS has to be one of the high points of my life so far: front page, however briefly, on HN comes second :) You are important to us but our priority right now has to be getting the code right and ready and addressing criticisms in the code rather than debating it online.