Microsoft's NSA 'Transparency' Push Remains Pretty Opaque 90
Nerval's Lobster writes "Microsoft will encrypt consumer data and make its software code more transparent, in a bid to boost consumer confidence in its security. Microsoft claims that it will now encrypt data flowing through Outlook.com, Office 365, SkyDrive, and Windows Azure. That will include data moving between customers' devices and Microsoft servers, as well as data moving between Microsoft data-centers. The increased-transparency part of Microsoft's new initiative is perhaps the most interesting, considering the company's longstanding advocacy of proprietary software. But Microsoft actually isn't planning on throwing its code open for anyone to examine, as much as that might quell fears about government-designed backdoors and other nefarious programming. Instead, according to its general counsel Brad Smith, "transparency" means "building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors." In addition, Microsoft plans on opening a network of "transparency centers" where customers can go to "assure themselves of the integrity of Microsoft's products." That's not exactly the equivalent of volunteers going through TrueCrypt to ensure a lack of NSA backdoors, and it seems questionable whether such moves (vague as they are at this point) on Microsoft's part will assure anyone that it hasn't been compromised by government sources. But with Google and other tech firms making a lot of noise about encrypting their respective services, Microsoft has little choice but to join them in introducing new privacy initiatives."
Re:so what? (Score:5, Interesting)
so they encrypt it, giving people a false sense of security, while they have already given the decryption key to the NSA...
Fixed. [theguardian.com] It's a pretty meaningless promise considering what they already do.
What are people expecting? (Score:4, Interesting)
Short of encrypting data before it hits the server, using a private key that is managed only by the user, there really isn't anything these big companies can do to improve your security.
Protecting data in transport? HTTPS's key management is compromised so that's not going to protect against the NSA. Are they going to overhaul that system?
They still exist? (Score:2, Interesting)
>> it seems questionable whether such moves (vague as they are at this point) on Microsoft's part will assure anyone that it hasn't been compromised by government sources
I'm genuinely surprised that apparently some people still exist that think Microsoft might actually not be providing the government with backdoors and feeds of everything that goes anywhere near their products and/or servers.
Ancient Password Storage Secret (Score:2, Interesting)
I use an 80-year-old monk with a photographic memory to store my password. He does not feel pain. He does not feel greed. He will only quietly unlock what I need unlocked.
Fanboys Say Baaaa! (Score:0, Interesting)
I have been living in the flood of post-Snowden NSA hysteria for a few months now, just like everyone else. Unfortunately, instead of actually forcing change and reining in these subversive and sweeping data pirates, the consumer-humping media at large - and a tragically vast number of Apple fanboys and Google drones - seem content to sensationalize every supposition and rumor in the most slanted excuse for journalism see in years.
Apple does X that is bad (like, oh..say, routing ALL of your data through their own servers now, even to back up your iDevice on your own network target):
"Gee, they have made that SO much more convenient and reliable for all of us. Best thing EV-ER.. well.. ever since the phones that you couldn't hold in your hand AND talk on at the same time - but that wasn't a design flaw, it was fashion. Praise Jobs!"
Google drops 40% of it's previously Free and unbound services over the last five years, sneaks full-time location data monitoring into the latest Android bake, and wants ALL your Base to belong to Them, forcing you to sign into any service they've "acquired" using their One-Login-to-Rule-Them-All:
"But their motto...? They wouldn't do anything bad, would they? It's for our own good and convenience. Google is here to SAVE us!"
Yahoo decides to start encrypting (sometime over the next 2 years) AFTER being around for ever and a day. And apparently not worrying much about the security of their Users' data for a decade or two. Nice google-clone interface and new logo though:
"Yahoo is taking great strides to make sure those NSA baddies are foiled from here on out..er..from whenever we get they encryption implemented.. or something like that. Yay Yahoo!"
Facebook security..
Do I really even need to go there? And yet millions of idiots have compromised what security many other services HAD, just for the convenience of using Facebook Login to access EVERYTHING.
"Yay, so easy! And look - my dead grandpa is in my targeted ad for shoe spray!"
Microsoft issues a press release to say "Hey, we may have been compromised at some point. There's no way to tell, so here's what we're doing about it."
"That Microsoft! They is the devil! Ohhh, if only Jobs were here to save the day!. Evil! Bad Microsoft! And that Gates guy giving away billions is just showing off to cover his tracks! Mnyah!"
Yes: Microsoft admits they may have been tapped at some points in their infrastructure. Considering the fact that it seems Everyone has been - knowingly or unknowingly - it would be dumb to deny it. And I'm NOT being pro-Microsoft (or pro-anything) here when I say that while Apple, Yahoo, Facebook, Twitter, the Google empire, etc are ALL in the same damn boat, yet when THEY admit they hadn't encrypted all their lines they are praised as saviors of the Internet. Why? Because they are NOW beginning the same total encryption process that Microsoft is as well.
Wake up: They are ALL businesses, NONE of them got to where they are without stepping on a few necks, and if the NSA says so they will ALL bend over and smile while they share the keys to your now-encrypted data.
The reason I'm taking the time to vent my spleen on this subject is simply this:
ALL of these companies do great things and rotten things. Always have, always will. None of them will fight the government - outside of peppy soundbites that mean nothing, except to appease the masses.
Take the products and services you like from each, but have no illusions about ANY of them having the moral high ground.
Use your own judgment, prudence, and assume that They are All "in on it" :) Cause they probably are - or not - to whatever extent it facilitates separating You from your cash. End of story.
And it would be nice if, at least SOME of the time, the so-called Tech media would actually report on facts equally, fairly, and unbiased. Wouldn't it be nice if we skipped the yellow digital journalism, the brand-waving sponsored opinions of every self-proclaimed "Gadget Guy Reporter", and simply made informed decisions about what works best for each of us?
Oh wait. That would require effort and thought...