Thursday, October 27, 2016

Are you really the one who ownes your data of your facebook account?

The other day I listened to an story of a man who had been sued by facebook and had courage to stand up to the company click-click. In his story he mentioned that most companies in Silicon Valley absolutely love the fact that very few people read terms of use when they sign up at a website. 

Facebook how it's displayed for me in Cambodia

Facebook's terms of use and supposedly terms of use of other Internet giants as well state that the company is the party which owes the user’s data. Not the user. The user is out of luck. This means that after you've signed up at facebook, your private data, pictures, videos and other stuff belong to facebook. Who among users is actually aware of that?

Thursday, October 6, 2016

A zero-knowledge system with encryption on a client can also be insecure.

Client-side encryption is considered more secure than server-side because in the 1st case you rely on your own whereas in the 2nd one you rely on a server. A server might not do encryption a right way, it might even not do encryption at all but claim it does.

Suppose, there's a web site where you can encrypt a message with a password. The encryption process is done on a client by javascript and a password is never sent to the server. The server only stores an encrypted message. Is it more secure compared to a version where you'd send your password to the server, it'd encrypt and save it with a salt in a database? Yes, because we can't know what's going on the server.

However, even so encryption is done on a client by javascript, it's still vulnerable. That is, the server might occasionally and intensionally inject malicious code into the javascript file  which does encryption for some users or slightly modify it. Not for all of the users, not for each request, but once in a while and only for randomly chosen users. The malicious code might send a plain text password to the server. Since a user  has used the website for a long time, he trusts it, therefore he won't bother to inspect each response and the source code of javascript. Furthermore, a user might even not be aware of this thread and thus might end up having his password leaked and a message decrypted by the owner of the website. 

Tuesday, October 4, 2016

Too much technology will have eventually spoilt us.

Hundreds of years back humans were dependent on physical health. Nowadays it no longer matters that much due to technology. And this trend continues. We still take value out of our memory, smartness, creativity, appearance and different kinds of skills. For example, you’re skillful in communication. I envision that sooner or later we’ll have some kind of a flash-stick which you plug in into your head and upload the information you need to learn a certain skill. And Bob’s your uncle – in a few minutes you’re able to communicate as affectively as a person who has been working hard to improve their communication skills for years.

A robot in a mobile-phones shop in Taiwan