I've railed about similar things. Most notably, VPNs are a UX disaster. And that is a shame because the fundamental technology behind VPNs would be a prerequisite to a model that I describe as "PAO" [1] wherein I host my own omnipresent applications and data. The failure of VPNs to deliver a user experience that casual users can manage is one of the many contributors to the rise of the traditional cloud. I contend that regular people would be perfectly fine buying and replacing hard drives in a home disk array if the experience were straight-forward (it's anything but). Similarly, regular people would be fine buying Internet connectivity with high upload speed if this was part of ensuring secure, (nearly) everywhere access to their data. Regular people would be fine joining a federated backup cartel with friends and family if it were easy to set up.
The savvy can do many of these things with today's mediocre UX, but the tremendous amount of money to be made by solving the problem using proprietary centralized servers explains why R&D has been directed toward the cloud as opposed to self-hosted application servers.
Diving into minutia for a moment, in light of this week's news, I also recently ranted that it's a real shame that GPG suffers from one of the worst user experiences across all modern software. PGP from 10 to 15 years ago was a better user experience than GPG in 2013. The Thunderbird+GPG interface is absolutely horrific and even when I know I should encrypt a particular communication, when faced with the reality of getting my recipient configured with GPG, I flinch at the certain pain and suffering. I concede, "well, it's probably not needed anyway--who is likely to be listening?"
PAO sounds like a great idea, but I think at this point in time it places a lot on the user's shoulders that is unfeasible for the vast majority of people. Your writeup is quite long so I haven't read it in its entirety, but have you given any thought to failure states? It seems to me that there is a single, very critical point of failure and/or vulnerable to being compromised - your home Internet connection(and everything that supports it).
Agreed, especially in light of the subject at hand thanks to the OP. UX is a consistent problem with self-managed applications and hardware. But I don't think that an approachable UX is unachievable. In fact, my belief is that if equal R&D were allocated to such an exercise as the R&D currently expended on plain cloud services, we could get there fairly quickly.
Yes, your home Internet connection is a vulnerability, in much the same way as it always has been. Later in my diatribe I mention that federated backup with friends & family would be part of the overall strategy.
On the other hand, a decentralized approach makes for thousands or millions of low-value targets rather than our current condition where every cloud vendor is a relatively hardened (but evidently not impenetrable) high-value target.
The GPG UI is ultimately a relatively minor issue when it comes to mass adoption. There have been several PGP-like products with decent UIs and good mail integration, none has enjoyed mass-market success. Creating another one wrapping an existing crypto library would be no epic undertaking.
The real problem is key management. Any system which depends on users to think about keys, protect their keys, back up their keys, is doomed.
The fix is going to have to involve cheap, idiot-proof hardware. When crypto key management is the same as house key management, people will start to use it, hopefully in a semi-correct manner.
> There have been several PGP-like products with decent UIs and good mail integration, none has enjoyed mass-market success.
iMessage comes to mind. It is the most popular realtime messaging system in the world behind SMS, and is end-to-end encrypted with per-device keys.
Of course, it's centralized, as is the key management, so Apple can subvert it at the behest of the government. Crypto isn't always 100% of the answer.
iMessage is not PGP-like. Its centralized and Apple-device-specific nature is practically PGP's antithesis. It also fails several key feature checks, like the ability to encrypt or sign arbitrary files.
We developers, especially those of us who consider ourselves activists, have been too slow to move this stuff forward. I’m fairly certain that is because most of us are “savvy enough” to use the tools that exist, etc. The movement has been growing to evolve these tools to catch up with the needs (well...) of modern users, but that evolution is really just beginning.
One among many such projects, I am a developer at LEAP ( https://leap.se ). We are working on this very problem. We’re getting ready for public beta of our Encrypted Internet Proxy ( VPN for now, Tor and more features to come) and will be rolling out truly end-to-end secure email, IM, SMS, and voice. Also calendar, contacts, and possibly password management. All client encrypted. All syncing across your devices. All in an Open Source, Trust No One, user friendly way.
There are many tools and services out there already, but the ones that the technology un-savvy can use happily mostly run in a centralized fashion, requiring that you trust your service provider. No different, except in mission statement, than what people use today with big mail or chat providers and social networks. Would it were not so, but we live in an era where that trust is a vulnerability that we are seeing exploited.
Another thing: p2p is totally broken. You can work around it with central servers, but then [ cough skype ] you have a dependence on a big server farm that costs a bunch of money. In the long run, they won't keep you safe.
As an addendum, at least with home connections the technically inclined could badger their routers into allowing incoming connections. Given that computers (that can run long-running background services) and land lines are going to be the exclusive domain of the rich or the programmers in a few years, there is essentially no hope at all of fixing this.
>Given that computers (that can run long-running background services) and land lines are going to be the exclusive domain of the rich or the programmers in a few years, there is essentially no hope at all of fixing this.
Not nessasarilly. I suspect that in home wifi will continue to be common, which means that homes would continue to have a wired connection to the internet. If a company develops and markets a product to be a 'personal cloud', then a typical consumer should be able to use it. The requirements for such a server (for a typicall user) are pretty low, and computers continue to become cheaper, so the price shouldn't be prohibitive for a large market. Even the UI for the server itself seems relativly simple. Essentially all you need is a good package management system, and for the individual p2p 'apps' to have easy to use configuration. Once IPv6 takes off, it would be trivial to these machines globally routable, then it is either a matter of allowing consumers to easilly get a DNS to their server, or creating some easy way to tell devices where to look (this is probably the hardest part).
The main problem in getting this adopted, I suspect, would be that it does not provide enough additional value over the centralized servers for mass adoption. Combine this with the network effects of lock-in, and you would need serious value add for this to work.
> Not nessasarilly. I suspect that in home wifi will continue to be common
Home WiFi has been widespread for at least a decade, and the UX for bypassing NAT is worse than ever. UPnP still comes disabled or broken, if at all.
You could build a better experience, but you will never, ever get Microsoft, Apple, Google, Cisco, or Belkin to cooperate, so we're still DOA- the curious need to learn a shitload of scary tech or buy new equipment.
>Home WiFi has been widespread for at least a decade, and the UX for bypassing NAT is worse than ever. UPnP still comes disabled or broken, if at all.
Hopefully IPv6 will make this a non-issue.
EDIT: Also, a specifically designed 'personal cloud' could also go between the main cable to your house and your router, bypassing any NAT issues with the router.
You could build a fairly universal application for flashing DD-WRT or a similar firmware on an available router, and supply updates for new routers or flashing mechanisms through a web service.
Another concern is standalone routers becoming less and less common as ISPs supply routers.
I have every expectation that they will. My impression was that people were working very hard to port NAT and all of its problems to IPv6. Even if that doesn't happen, somehow, I expect 99% of routers will ship with broken, difficult to use deny-by-default firewalls.
Good article, but I'd like to disagree with the notion that what Google and bing are doing with long-term tracking is necessary to have good search results. blekko has its own crawl and index, doesn't do any per-user tracking, and doesn't even save unconnected and anonymized clicks if you have DNT set. We don't use super-long personal session data to pick whether we show you Fox News or the NYT article on Prism. Our results could certainly be improved, but having a bigger crawl and more unconnected and anonymous clicks is how we'd improve them, not by making a huge database which could easily be used to reconstruct our users' lives going back years.
1. If you are not able to manage your keys, which includes a simple unencrypted key-backup, you are doomed, even with a pretty interface.
2. If you insist on other people to take away the responsibility from you, no service, hard- or software will provide security or privacy for you.
3. You don't need a cloud, when decentralized or local services crater you much better and faster.
4. Sharing data isn't really a problem, it's the lack of transparency of the data collecting entity that creates the problem.
The conclusion is, to protect your security/privacy and to successfully utilize any crypto-toolchain you have to accept that responsibility isn't comfy, and delegation will lead to compromise.
Did you really believe that any government, or parts thereof, in the world would not tap the vast resources that packet-switched networks, centralized services would offer them?
Zacqary knows nothing about security, secure procedures or even cryprography.
If you delegate your private, unsecured communications to an entity for a comfortable user experience, you did not want either security and privacy.
> If you are not able to manage your keys, which includes a simple unencrypted key-backup, you are doomed, even with a pretty interface.
Too many hackers equate "good user experience" with "pretty interface". It's a mistake.
A good user experience really would abstract the complexity out of key management, without compromising security. This is one of the most important outstanding problems you could solve: find a way to leverage people's existing meatspace notions of trust in a concrete way to build a robust PKI.
If you can make the whole process by the side-effect of a game, so much the better.
And give them keys that are physical things -- they know how to protect valuable physical things, and they know who they can trust with a backup copy.
You can host it on your own machine. Even if you host it via an hosting provider, you can export all your data and your apps to any new servers like an home server for example!
and its followup, "Why Johnny Still Can't Encrypt: Evaluating the Usability of Email Encryption Software", Sheng et al http://cups.cs.cmu.edu/soups/2006/posters/sheng-poster_abstr...