Linked by Thom Holwerda on Fri 21st Mar 2014 16:56 UTC
Internet & Networking

Microsoft has lost customers, including the government of Brazil.

IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government.

And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency’s vast surveillance program.

Right. Because, as we all know, European governments did not fully comply with the US spying programs, nor have they similar programs of their own.

High time some smart company develops a very simple and straightforward 'personal cloud'; a simple, large box with loads of storage that you dump in the basement somewhere, with pre-configured email, internet storage, and so on. Also offer the ability to have multiple of these things tied to the same account for data duplication, so you can, say, dump one of them at a trusted friend's home. Make it platform-agnostic and encrypted, et voila.

Doesn't sound like something that's terribly hard to do.

Permalink for comment 585147
To read all comments associated with this story, please click here.
RE[7]: Personal Cloud
by ricegf on Mon 24th Mar 2014 04:44 UTC in reply to "RE[6]: Personal Cloud"
ricegf
Member since:
2007-04-25

Ah, I see where you lost me. I'm not talking about a read-only SD card, but a read-once SD card.

SD cards contain a microprocessor that can be reprogrammed, given physical access to the card. Read this before continuing:

http://www.zdnet.com/sd-cards-hacked-7000024686/

So, a reasonably competent hacker, for little money, could program the SD card to allow data to be written to the card normally, but to delete data as it is read.

Thus, a one-time pad written to this hacked SD card is destroyed as it is used. If your server is hacked remotely, and the attacker copies the one-time pad, he also destroys the one-time pad - so that compromised keys can't be inadvertently used for communication.

This is similar to quantum encryption, which destroys the payload when read (even by an interloper), except that my approach is technically achievable today by a competent hacker for little incremental cost relative to a common personal server.

As to the advantages of an off-line encryption key generator, I can't explain that more clearly than the many papers on virtual currencies, so I'll just suggest that you read those instead. Bottom line is that encryption keys that you really want to protect should be generated offline, and then the private key zealously protected.

Hope this clears up what I'm suggesting. The use of a read-once SD card in this context is an original idea as far as I know, so I understand why you didn't follow. I should have started with a link to the article on hacking the microprocessor in an SD card - sorry.

Reply Parent Score: 2