Dropbox and Google Want To Make Open Source Security Tools Easy To Use 24
An anonymous reader writes: Dropbox, Google, and the Open Technology Fund have announced a new organization focused on making open source security tools easier to use. Called Simply Secure, the initiative brings together security researchers with experts in user interaction and design to boost adoption rates for consumer-facing security solutions. The companies point out that various security options already do exist, and are technically effective. Features like two-factor authentication remain useless, however, because users don't adopt them due to inconvenience or technical difficulty.
First (Score:5, Insightful)
Dropbox should open-source its desktop client to prove it does what it is supposed to.
Re: (Score:2)
That's the general goal of the Free software movement. There's far, far more software out there than any one entity can produce, so 99% of the time you'll be benefiting from the work of other people.
Re: (Score:2)
How about an open source cloud sync API, that allows machines to sync with the offsite provider, as well as each other. That way, each provider doesn't need to reinvent the wheel with this code.
Even better, add hooks for encryption, either a symmetric key, or some faculty that uses public/private key encryption to allow files to be stored without a key, but would need the private key for retrieval.
Best of all would be a way to have a low-cost, low-volume service like Amazon Glacier and an API for that. Th
How about buying PGP? (Score:5, Interesting)
If they are serious, they should buy Symantec Encryption Desktop (formerly PGP Desktop) from Symantec and open source the full version of that. It has a decent UI, works well with Outlook and Thunderbird, and does well on Windows, OS X, and Linux. That would give decent security on the hard disk level, file container, and individual file level. Even directories can be encrypted, CFS/EncFS like.
Re: (Score:2)
It has a decent UI
Really? Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 [gaudior.net]. Yeah, it was a while ago and some things have improved, but most of the issues remain and I doubt another focus group study would find significantly different results.
The problem is that designing a UI that makes it easy for people who don't know anything about cryptography or security to achieve useful cryptographic security is really, really hard. Almost as hard as educating everyone about cryptography and security enough that they ca
Re: (Score:2)
Reading this post made me feel dirty.
Pro Tip: (Score:2, Flamebait)
When performing maintenance on Sundays, don't turn off passwords for your entire userbase, DROPBOX.
Bonus tip:
Hiring Condoleeza Rice told me everything I need to know about you jackasses. If I want to use cloud storage, every other vendor in the world doesn't employ war criminals. So it's easy to choose a vendor who doesn't upset my conscious.
assmonkeys
Re: (Score:2)
Holy shit! It's now racist to hate one black person, not for being black, but for any reason at all? Or is Condoleeza Rice the member of the Condoleeza Rice race?
Re: (Score:1)
Yup, it's been that way since 2008. Where have you been that you did not get the memo?
Re: (Score:3)
Why is OP modded Flamebait? He's right!
Dropbox is the last company on earth that should be trusted with anything related to security or encryption. They have proven to be incompetent regarding security (and programming in general, for what it's worth) and there are countless alternatives on the market that are better than Dropbox. And yes, hiring Condoleeza Rice does not make them more trustworthy either. Having her in the board is like appointing Dick Cheney as a human rights adviser.
People who honestly
Don't get fooled again (Score:1)
Remember that Google's goal is not to improve security but to win over more customers, in other words make you choose their service over another company's service, even over a much more secure one. This kind of campaign to improve is what might tip over many potential costumers and choose Google after all, cont
webdav & encfs (Score:2)
If dropbox and google would support webdav, then this would be a non-issue.
Mount WebDAV resources with davfs2 and secure it with encfs:
http://flux242.blogspot.com/20... [blogspot.com]
Securing cloud data (Score:3)
What they need to do is implement client-side encryption before it gets uploaded. Sure, we can use something like EncFS to let Dropbox host only files I've already encrypted, but other cloud-storage companies like SpiderOak have written themselves out of access to my file contents.