Dnia środa, 21 sierpnia 2013 00:16:38 Moon Jones pisze:
On 20.08.2013 14:52, rysiek wrote:
Could you expand on «this is very, very bad for us»?
Well, if it's the developer-oriented GCS, not Google Drive, it's just a bit less bad for us.
I have to admit I haven't even noticed what Google service was involved. Still, what's «bad» about it?
Explained it already 2 times, if anybody else asks, I'll be happy to do it for the third time.
Thing is, this encryption scheme (in which, from what I read, Google has access to "master keys" and has the technical ability to decrypt data once it's subpoenad) brings no additional safety to users.
But do they have the legal right not to hold those keys? Or this matter is irrelevant to you?
This matter is very relevant to me. I believe if somebody is saying "we offer encryption", the encryption should be actually, you know, protecting the data. As it stands now, the GCS encryptions doesn't protect the data from government snooping, from a rogue admin that has access to the master key, and probably from several other scenarios. And the Google's rep saying "we do not provide the keys to the government" reeks of PR-speak and deception. Of course they do not provide the keys, they can simply provide the cleartext, de-ciphered first via the master key.
It sounds great ("we support encryption! and we're doing it with several keys! that has to be safe, eh?"), but it does effectively nothing to actually protect users and their data from PRISM and similar programmes.
But that's not what they are saying.
They are saying they use encryption, and with several keys/levels. They are saying that during the whole PRISM debate heating up, a debate mind you that has Google among the NSA cooperators. They are even claiming they are not providing the keys to the government, so as to suggest even more strongly that they have cleaned up their act: "A Google spokeswoman said via email the company does not provide encryption keys to any government and provides user data only in accordance with the law." When in fact -- as far as PRISM-related stuff is concerned -- they have done anything but.
And that means it will be this harder for us to explain why this is a bad scheme ("wait, you're saying encryption is evil? now I am confused!") and why people should use other methods of protecting their privacy and their data.
Isn't it ironic? So Google SHOULD make things easier for you to tell people to use other services?
No. Google SHOULD provide safe, privacy-aware services and encryption that actually truly protects the data, or at least not claim to do so if they have no intention to. Or, using your "let's turn the tables and see where that goes" method: So Google CAN lie and deceive the users by claiming or suggesting to provide a level of service they have no intention of providing?
Sounds like the new anti–gay legislation in Russia: making it easier for priests to preach homofobia.
Nicely done. I see we have a Schopenhauer admirer. "The Art of Being Right" is a great little book indeed: http://en.wikipedia.org/wiki/The_Art_of_Being_Right I'm just not sure if that's #8, #12 or #32. I'd go for #32, I guess. -- Pozdr rysiek