an ominous comment

Stephen D. Williams sdw at lig.net
Sat Jul 18 10:22:38 PDT 2015 

On 7/18/15 8:15 AM, Georgi Guninski wrote:
> On Sat, Jul 18, 2015 at 01:39:45PM +0200, Florian Weimer wrote:
>> Well, for one thing, it removes physical access to machines from
>> insiders on your end, and in many cases, also direct access to data,
>> particularly in its bulk form.
>>
>> With conscious effort and the right resources, you might be able to
>> come with better security controls than the large service providers,
>> but right now, most organizations don't have much of an audit trail
>> for locally run services.  I'm not sure if moving data off premises
>> actually results in a net loss of control over it.  Note be cause the
>> service providers are so good at security, but because various factors
>> conspire to make almost everyone else so bad.
> Well, I don't trust the cloud and don't use it.
> (I don't trust my boxen in a different way).
>
> The cloud owns the CPU and this is enough for me.
>
> You should be aware of the numerous virtualization
> sploits -- Xen, Qemu, possibly others.
>
> Exploiting a virtualization bug is just the fee
> "to be in cloud" and I _suspect_ more efforts
> are needed for my boxen.

Valid concerns in the abstract.  In practice, the economic concerns of big cloud providers means they must provide continually 
upgraded certainty of fundamental security separation.  Part of that is randomness of where your code runs: If there are millions of 
VMs on hundreds of thousands of physical servers, even if there is a VM escape, it is essentially impractical for malware to target 
your instance.  This could be enhanced by VM / container hopping in various senses.  Working within the system is likely to provide 
you a stronger result than something cobbled together locally.

However, we need solutions for that too, with and without cloud technology.  We need people who don't trust the cloud and keep 
developing better alternatives.  I think some of those alternatives involve cloud technology locally, but that's not a big thing.

I have friends who are rabid Google haters / fearmongers, apparently based on the fact that it was the first company they were aware 
of that seemed to have access and responsibility for too much information, or too much of their information, or too strong an allure 
for their information.  I feel perfectly confident that Google is going to protect their billions in income and valuation by being 
very careful with avoiding abusing their data or users in any strong sense.  That might not withstand a court order or national 
security letter or TLA hack monitoring unencrypted links, although big Silicon Valley companies recently have been getting tougher 
there.  But it certainly means they aren't "reading my email" for prurient or invasive purposes that would be embarrassing to me: It 
would become embarrassing to them quickly and cost millions or billions.

sdw

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3433 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20150718/d18ca329/attachment-0002.txt>

More information about the cypherpunks mailing list