How do you automatically scan for malware in AES-256 encrypted files?
I am asking because Deutsche Post is offering something they call "E-PostBrief", which is seemingly encrypted but features a mandatory man-in-the-middle attack which is called 'malware scanner'. It's a joke honestly.
Hmm.. that's nice, but I don't care, this NSA/GCHQ nonsense has burnt me for cloud computing, sorry.
What needs to happen is that the market heavily punish, and legal teams sue back into the stone age, those companies that collaborated. Then we need some legal structure in place that is a little more than "we promise we won't screw you".
It doesn't matter that this lot are based in Finland, because unless there is a heavy price for collaboration, the second they get big, the government of [insert jurisdiction here] will pressure them to turn data over and there will be little incentive to push back.
We need cloud-like tools, but we need them to be open source and secure. The question is, can you trust that data stored on an online service is as secure as you're led to believe?
There is a perfectly legal and effective way of punishing NSA-collaborating companies: don't use their products.
I have a server with OwnCloud which I use for file and calendar sharing. Don't pay for the server and don't have my info stored at the NSA. Problem solved.
Now please don't tell me that you want to punish NSA-collaborators... and yet use a Microsoft or Apple box.
F-Secure have been selling locked down rebranded dropbox clones for some time now; it's a little ironic to be all 'we believe in freedom' suddenly.
(For example, a typical custom client would let you 'backup' your content from one device to the the cloud. No sharing, no multi-device sync, can't backup those video files because those might be infringing some kind of copyright).
Disclaimer: F-Secure sponsored HelsinkiJS which I run & I demoed StartHQ cloud search there a month ago - it's nice to have a tight community here in Finland.
PS. It's also nice to see something other than mobile games coming out of here.
Nothing new really, without more details it's really just dropbox/drive/etc but hosted in Finland.
The only file sync that actually looks interesting to me is btsync, mostly because it is on your own devices only and it used the Bittorrent for file transfers, something I know from personal experience is very efficient.
That video is awful. Other than some ballons with the Apple and Android logos on and a very vague voice over it could have been for anything.
They should have gone with the cute little "hand drawn" diagrams/animations that have been quite popular over the past few years. At least that way they can show me what this service does.
Well, not being under US jurisdiction helps a bunch. Finland has no (publicly known) questionable ties to US based or other intelligence services.
The problem, of course, is that the international data cables to/from Finland go through Russia and Sweden. The former probably has no legal obstacles inspecting all web traffic and the latter is a known partner with the US/NSA in data inspection/gathering.
I think there is a huge opportunity for a more secure cloud storage application with stringent design that provides no access to the data to the organization providing the service. Unfortunately F-Secure did not implement this, but instead created a service that provides 'automatic virus inspection for your files'. That is just too close to 'automatic general inspection of your files' for my taste.
Well, their USP (unique selling proposition) is that they are secure and that they respect your privacy.
From a functional/feature point of view, F-Secure's "Dropbox" is probably identical to their competitors'. Can "Fun" be objectively assessed? I doubt it. It's just confusing when you start off with important features such as security & privacy.
Why do I feel they cheapened that proposition by throwing in "Fun"?
My main issue with Dropbox is that they aren't trustworthy.
How Dropbox lost my trust:
1) they flat-out lied in their promotional materials. They falsely claimed that data was kept encrypted and that they couldn't access it. They stopped claiming this only after a third-party revealed that it was a lie.
2) The CTO's reactions to major security flaws made crystal clear that he does not view loss exposures as a problem unless you suffer a loss.
3) The CTO's reactions to major security flaws made crystal clear that Dropbox prefers sweeping problems under the rug to transparency.
This has created a situation where a reasonable person can't ever really trust Dropbox.
Buzz-words and graphic design is like alcohol and barbiturates. Soon, someone will coin the expression "cloud measuring contest" and you'll actually hear people say "My cloud's better than yours".
[+] [-] Touche|12 years ago|reply
[+] [-] carlesfe|12 years ago|reply
[+] [-] unknown|12 years ago|reply
[deleted]
[+] [-] noyesno|12 years ago|reply
1. It's based on a freemium model where you get 5 Gb of space for free and pay for more space/features.
2. The service is hosted in two different cities in Finland.
3. They use 256bit AES encryption
4. Other services include automatic malware scan of content (no clarification if this is done at the client end or at the server).
[1] http://www.iltasanomat.fi/digi/art-1288604696795.html
[+] [-] hengheng|12 years ago|reply
I am asking because Deutsche Post is offering something they call "E-PostBrief", which is seemingly encrypted but features a mandatory man-in-the-middle attack which is called 'malware scanner'. It's a joke honestly.
[+] [-] marcuspovey|12 years ago|reply
What needs to happen is that the market heavily punish, and legal teams sue back into the stone age, those companies that collaborated. Then we need some legal structure in place that is a little more than "we promise we won't screw you".
It doesn't matter that this lot are based in Finland, because unless there is a heavy price for collaboration, the second they get big, the government of [insert jurisdiction here] will pressure them to turn data over and there will be little incentive to push back.
[+] [-] balabaster|12 years ago|reply
[+] [-] icecreampain|12 years ago|reply
I have a server with OwnCloud which I use for file and calendar sharing. Don't pay for the server and don't have my info stored at the NSA. Problem solved.
Now please don't tell me that you want to punish NSA-collaborators... and yet use a Microsoft or Apple box.
[+] [-] shadowmint|12 years ago|reply
(For example, a typical custom client would let you 'backup' your content from one device to the the cloud. No sharing, no multi-device sync, can't backup those video files because those might be infringing some kind of copyright).
[+] [-] nodata|12 years ago|reply
[+] [-] olegp|12 years ago|reply
Disclaimer: F-Secure sponsored HelsinkiJS which I run & I demoed StartHQ cloud search there a month ago - it's nice to have a tight community here in Finland.
PS. It's also nice to see something other than mobile games coming out of here.
[+] [-] gnur|12 years ago|reply
[+] [-] nallerooth|12 years ago|reply
[+] [-] egorpe|12 years ago|reply
[+] [-] junto|12 years ago|reply
However I can't see any information to back the privacy claim:
- Is the data encrypted on the client so that F-Secure (and the NSA / GCHQ / <Insert Orwellian agency here>) cannot access my data?
- Are the servers outside the United States?
- Is the corporation outside the United States?
I'm guessing the answer to all the above questions is 'no'.
[+] [-] skrebbel|12 years ago|reply
> Younited is created and hosted by F-Secure in Finland. We believe in people’s right to privacy. No spying. No backdoors.
[+] [-] mopoke|12 years ago|reply
"Younited is created and hosted by F-Secure in Finland."
[+] [-] InTheSwiss|12 years ago|reply
They should have gone with the cute little "hand drawn" diagrams/animations that have been quite popular over the past few years. At least that way they can show me what this service does.
[+] [-] Jugurtha|12 years ago|reply
Or is the fact they made a dubsteppy video of young people dressed funny performing weird contortions going to make me sign up ?
I fail to see the problem there is to solve here. It also presupposes other services aren't secure (no back-doors, etc...).
[+] [-] pasiaj|12 years ago|reply
The problem, of course, is that the international data cables to/from Finland go through Russia and Sweden. The former probably has no legal obstacles inspecting all web traffic and the latter is a known partner with the US/NSA in data inspection/gathering.
I think there is a huge opportunity for a more secure cloud storage application with stringent design that provides no access to the data to the organization providing the service. Unfortunately F-Secure did not implement this, but instead created a service that provides 'automatic virus inspection for your files'. That is just too close to 'automatic general inspection of your files' for my taste.
[+] [-] ak39|12 years ago|reply
From a functional/feature point of view, F-Secure's "Dropbox" is probably identical to their competitors'. Can "Fun" be objectively assessed? I doubt it. It's just confusing when you start off with important features such as security & privacy.
Why do I feel they cheapened that proposition by throwing in "Fun"?
[+] [-] dbags|12 years ago|reply
How Dropbox lost my trust:
1) they flat-out lied in their promotional materials. They falsely claimed that data was kept encrypted and that they couldn't access it. They stopped claiming this only after a third-party revealed that it was a lie.
2) The CTO's reactions to major security flaws made crystal clear that he does not view loss exposures as a problem unless you suffer a loss.
3) The CTO's reactions to major security flaws made crystal clear that Dropbox prefers sweeping problems under the rug to transparency.
This has created a situation where a reasonable person can't ever really trust Dropbox.
http://www.wired.com/threatlevel/2011/05/dropbox-ftc/ -- nice summary of Dropbox's flagrant lies about encrypted data.
[+] [-] jrs235|12 years ago|reply
Does not having any pricing info turn anyone else away too? Does anyone know what their pricing is like?
[+] [-] Haul4ss|12 years ago|reply
[+] [-] yaddayadda|12 years ago|reply
[+] [-] glennos|12 years ago|reply
Does anyone else loath the overuse/misuse of "cloud" by marketing departments?
[+] [-] Jugurtha|12 years ago|reply
[+] [-] ringmaster|12 years ago|reply
[+] [-] d2s|12 years ago|reply