Hacker News new | ask | show | jobs
by motohagiography 2142 days ago
This is important because tech is pervasive enough that it's just not reasonable to trust other people to manage cleartext data on our behalf anymore. You wouldn't believe the fights I've been in over encrypting databases where the resistance was because it would cut out the unofficial privileged access and impunity the DBAs and their managers had to the business data. The ability to look up someone's personal information in a data lake of millions of people is socially elevating and there are platform companies where snooping isn't a bug it's a perk of the job.

Part of the reality of living in an increasingly lower trust society is that we need new tech to limit the power of strangers who manage our data. While the game changing aspect of this isn't instantaneous, if you aren't using one in 5 years you will likely have to assert why you aren't using a confidentiality system, and ideally within 10 there will be penalties for exploiting it.
2 comments
Metus 2142 days ago
Could you use something like confidential computing to attest over http(s) what software is actually running on the server? This would offer a very interesting trust model together with reproducible builds, where you could have the CPU attest over http(s) that it is indeed the code base published on Github/Gitlab that is actually running on the server and receiving your data.
link
theamk 2142 days ago
You'd have to attest a lot of things to get this to work. Who else has the access to the database? Are there backups -- and how are they protected? Are you sure the server's private SSL key is not shared with other, non-attested servers? Are there any unsafe CDNs that are used?

You can kinda make it work with things like Protonmail which have heavy client-side encryption -- but this approach severely limits available features (for example, in Protonmail, you cannot search in message text).

link
dastbe 2142 days ago
sadly, confidential computing isn’t the answer to your desire.

what they are iterating on here is the trust boundaries between your company and your infrastructure provider as well as your peers sharing the hardware.

link