Linked by Thom Holwerda on Sat 8th Jun 2013 14:57 UTC
Legal And yes, the PRISM scandal is far, far from over. More and more information keeps leaking out, and the more gets out, the worse it gets. The companies involved have sent out official statements - often by mouth of their CEOs - and what's interesting is that not only are these official statements eerily similar to each other, using the same terms clearly designed by lawyers, they also directly contradict new reports from The New York Times. So, who is lying?
Permalink for comment 564185
To read all comments associated with this story, please click here.
RE[6]: Comment by Nelson
by Alfman on Sun 9th Jun 2013 06:08 UTC in reply to "RE[5]: Comment by Nelson"
Alfman
Member since:
2011-01-28

voidlogic,

"That is why I suggested the ad/search indexing be done at receivable time prior to long term (encrypted) storage."


I've worked with similar encryption schemes, but unfortunately there are a lot of technical issues arising from the proposal. Even if it didn't interfere with google's business model (I agree with tylerdurden that it does), it introduces usability problems due to the lack of server side processing & indexing.

For example, an email provider might implement features such as searching, threaded views, sorting, grouping, etc, their code must have access to cleartext data&indexes. For client side fat-apps (ie imap clients) it wouldn't necessarily be a problem to sync with all encrypted server data to build necessary indexes locally, but web-apps are a different story. Consider phone users who have limited ram, limited storage, limited cpu, limited battery, and pay $$ per meg: god forbid they need to regenerate an index or run an adhoc mail search.

Don't get me wrong, I understand where your coming from. Unfortunately though it would still be trivial for a service provider to modify a client side web app to leak your keys back to themselves anyways. Who knows if a court would legally compel them do to so if they knew it was possible. In the end maybe it's better to use your own server if you do not trust your service provider.

Edited 2013-06-09 06:09 UTC

Reply Parent Score: 3