OT: Whats wrong with gmail?

Sat Feb 9 14:43:06 UTC 2008

On Fri, Feb 08, 2008 at 06:12:09PM -0700, Modulok wrote:
> 
> > I just cannot bring myself to trust anyone else for email.  Running your
> > own server on BSD or Linux is so bloody easy, if you're paranoid about
> > email for archival, privacy, or other reasons, just run your own server.
> 
> You have already instilled trust in countless thousands. Is it a
> problem? Maybe. It depends on how important one feels the
> confidentiality of the information is. For Top Secret classified
> documents, I would not use plain text gmail or any other plain-text
> service. For online shopping accounts and participating in mailing
> lists, I do.

I'm not sure what you mean by "online shopping accounts", but if it
involves receiving passwords in email for accounts that can be used to
spend your money, it's probably a bad idea to use unencrypted email.

> 
> If one really wants to get paranoid, they had best throw in the towel
> and crawl under a rock now. "Do not use commercial operating systems,
> they spy on you." Probably. Is open-source software any different?
> Maybe, maybe not. There is no reason why it should be trusted any more
> than its closed-source counterpart. "We can audit the source code."
> Not really. Most people would be incapable of this feat, for even the
> simplest of programs. Even for those who possess the technical prowess
> to accomplish such a feat, do they really have the funding, manpower
> and time to audit every piece of code they come in contact with?
> Obviously not, for if they did, programs would not have bugs.

Open source software doesn't just benefit from an individual ability to
audit source code -- it benefits from a community ability to audit source
code.  If *anyone who wants to* can audit the source code, the chances
that something wrong with it in the sense of intentionally included
spyware will go undetected gets vanishingly small.  This, in turn, means
that the likelihood of people inserting such code into a reasonably
popular open source OS is also vanishingly small.

Meanwhile, with a closed source OS, quite the opposite is the case.
There's no way for customers to really be entirely sure what's in the
source code, generally speaking.  This means not only that the kind of
spyware-like code we're discussing might not be discovered -- it also
means that the vendor can insert such code pretty much with impunity, and
all developers may be subject to nondisclosure agreements with regard to
such code.

> 
> Even if one could audit every program they use, what about the
> libraries on which those programs depend? How about the system calls?
> What about the compiler? If it has been tainted it would be quite
> difficult to detect. What about the assemblers? How about the
> low-level firmware? Once you get all of those bits audited, over the
> course of the remainder of your natural born lifespan, you'll be faced
> with the feat of trying to examining the hardware on which the code
> runs. After all, if the hardware cannot be trusted, all the rest is
> moot.

You seem to be saying "Since some aspects of security are difficult, we
should never worry about any aspects of security at all."

> 
> Security is a very serious business that should not be ignored, but
> too many people get too concerned over all the wrong aspects and miss
> the big picture. Trust is relative and required, despite your tools of
> choice. Even using Linux or BSD, you instill significant trust in a
> great many people, most of whom you do not even know.
> 
> What's wrong with gmail? It depends on who you ask.

I can agree with that.

-- 
CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ]
Kent Beck: "I always knew that one day Smalltalk would replace Java.  I
just didn't know it would be called Ruby."