I'm asking for the lines in the constitution, a law, or some court ruling that gives the President the power to make the Pentagon to do something. That's not turning a blind eye, it's asking for more than bold words and demands for action.
The President is sworn to uphold and protect the Constitution (by law, and upon accepting office). He can do this through whatever means are available to him, including executive orders, and rallying public support for legislation.
BTW, the title is "inflammatory" because the situation justifies it. It's an inflammatory situation, as it should be!
Find whatever excuse you want though for not approving this. Whatever helps you sleep.
I'm trying to find something that will let me take action. A letter to the President politely asking him to make the Pentagon be nice would be filed right next to all the letters asking him to ban Martians.
It's not actionable. I can't do anything with it. I've gone through the wiki on Presidential powers and don't see it.
Everything on your website that in any way addresses "Dropbox's security" should make absolutely clear the extent to which users can expect their data to be "secure".
In Dropbox's case, users can expect the following:
- Data is probably secure from sniffers
It matters little whether "Drew has physical access to our storage servers anymore". Your code obviously has easy access to the keys used to encrypt and decrypt the data. This means all of the following scenarios are possible:
- User's data is obtained via the government (users
aren't necessarily even informed about this)
- User's data is obtained by rouge employee (potentially
leaking to _anyone_ or _anything_)
- User's data is obtained by hacker (again, implies ZERO
assurance of data security).
So don't flash around "AES this or that" without making it absolutely clear to the average user that what you are doing is the equivalent of storing their data in a shed guarded by a lock that can be accessed by anyone who can find (or demand) the key that you've hidden under a rock somewhere.
you're right in that all these things are theoretically possible in a system where the encryption key is not stored client-side. I don't know of many services that advertise every way in which their systems could be compromised. I think you'd be hard pressed to find a company doing this. in the case of google - is there a document explaining all the places your email could end up?
we believe that what we advertise is in our userbase's best interest. in theory, we could generate a lengthy document attempting to explain every possible way dropbox could be compromised. but in practice, discussing these extremely unlikely theoretical vulnerabilities would generate undue fear. as an ironic sidenote: this thread was spawned by an attempt we made to clarify our handling of court orders (see: http://www.businessinsider.com/dropbox-updates-security-term... )
I say "undue fear" for a couple reasons. first and foremost because we are vigilant about making sure that user data is never compromised. our reputation would be permanently damaged if dropbox is compromised. we have a lot of smart, security conscious people making sure data in dropbox is safe.
we're also listening to feedback we've been hearing from the community on things we can do to improve security. a couple concrete examples: we're working on better protecting the authentication token (config.db) so that gaining access to a dropbox account on a compromised machine is much more difficult. similarly we're working on a performant way to transmit file metadata over SSL on the mobile apps.
secondly, we believe that storing data in dropbox is far more safe than the alternatives. we've designed dropbox to protect user data against threats of all kinds, but we've focused the most on helping users avoid the most common threats to their data: not having any backups at all, not having current backups, accidentally deleting files, losing hours of work, leaving files on the wrong computer, losing a USB drive with sensitive info, protecting from curious snoopers on the dorm network, etc.
for all the talk of security issues in the last few weeks, we're not aware of anybody having been affected by these theoretical vulnerabilities. on the flip side, we have (literally) saved thousands of college kids from losing their theses :-).
Arash good security is about mitigating theoretical risks before they become actual.
I am most disappointed in Dropbox because you had made statements like all our data is AES encrypted and our staff do not have access to your data. These are clearly incomplete for the former and are plainly not true for the latter. They are misleading and un-ethical in that they have assisted you in gaining you all these customers. As stated above you should clearly stop using security as selling point and only state you provide security in transit (https) or actually put in place technical measures to make those statements true.
This is a discussion of the consistency of advertised security claims with disclosures about availability of data to government subpoena.
In that context, statements like "we believe that what we advertise is in our userbase's best interest" make my ears prick up. I'm not a crypto expert, but this sort of thing does not seem like a straightforward response to the OP.
The point is that these are the kinds of claims you should be making in the marketing. Users are smart enough to understand "We are vigilant about making sure that user data is never compromised". You shouldn't be trying to bamboozle them with official-sounding acronyms like AES - that when it comes down to it, mean little.
But you are not Google, and I expect you to have higher standards. Don't take Google as the reference data point, it's a fairly low one as far as reference data points go.
On a related note, Dropbox is not the only company that advertises security even though what really is offered is kind-of-security. See Backblaze, for example — yes, the data is (supposedly) encrypted using my private key, which (supposedly) only stays on my machine, but I can't be sure because it isn't auditable, and to do a restore I have to supply my private key to the Backblaze website, instead of using a local decryption tool. Not good.
The NSA isn't a law enforcement agency. Rightly or wrongly, US intelligence agencies seem to have a rather different set of rules these days than the rest of us are following, including most law enforcement. Bottom line is if they're wanting to use it to convict you of a crime they'll need a warrant for it (before most judges, at least).
If you're worried about NSA (llegal) spying in general, presumably the carriers retaining the data only makes it a bit easier for them. Since the info will need to be traveling around the network while you're active, they could easily just intercept that like they intercepted the voice calls.
The Color bashing is amusing, really, but at this point it's quite literally becoming marketing for them (perhaps that was their real genius). The more Yes upvotes it gets to flunk, the less likely that is it seems.
If this app is really so outrageously bad, then it seems odd to devote several of the top stories on HN to it; perhaps leave that to Reddit. ;)
The "no publicity is bad publicity" marketing strategy doesn't actually work if your product is crap. Take Cuil for example: they launched with a disastrous product with massive hype, and became the target of endless jokes. Regaining credibility after that must have been impossible, even if they'd managed to fix their search engine.
It's even worse if your product depends on network effects; poison the well early on, and you reduce the chances of going viral later even if the issues are fixed. It seems a safe bet that whatever chance Google Buzz had died with the initial privacy controversies.
I'm not sure why people are upvoting your comment.
Actually, I do know why. It's a depressing disenchantment with government.
They don't understand that government is not going anywhere, and that government can be as good as it can be bad.
The quote zmblum posted is brilliant, and it is an example of what Good Government is capable of. It is not just for your 5th grade civics class. It's for RIGHT NOW. Read the quote, understand and respect it and its authors, and take action. The government is not just them, it's also you, and sitting on the sidelines being cynical is supporting them.
>The government is not just them, it's also you, and sitting on the sidelines being cynical is supporting them.
One can be cynical without being resigned. Cynicism is recognition of the depth and breadth of corruption and not necessarily equivalent to apathy.
But you're right that the corruption we see in the government is a reflection of our own corruption. The mess we now find ourselves in wouldn't be possible without generations of self-deception, apathy, and twisted values. We let ourselves be conned into building the world that the founding fathers warned us against. We'll likely only wake up when survival itself is at stake.
I think the point is government that is not necessarily led by a single person. Though the president of the US is the 'leader,' he does share power with the Supreme Court and Congress. Just because everyone likes to point to the president when things go wrong doesn't mean there aren't others that share in the blame...
The current problem with the system is that: 1) the Federal government has grown too large, and 2) the US is ruled by only two political parties that are both (at their core) about the status quo and not all that different from each other.
Big government has more chance for corruption because the system ends up growing ever-more complex. Parts the of the system that are useless never get culled, they just keep finding ways to retain minimal amounts of relevance, while attempting to maintain or increase their funding levels.
It's harder to have 'good government' when there are more ways for it to fail.
Ok, so you determine that it isn't working. Then you try to figure out how and why so that you can fix the problem and you find out that it's death by a thousand cuts.
I'm not so delusional to think that there will be some magical shrinking of the government, but you seem to be telling me that it isn't a worthy goal, which I disagree with. You can have the goal of making the government work now while at the same time trying to trim away the useless pieces.
Joe's Good Governance is Bob's Bad Governance. People fundamentally differ on what the government should do; there's no "right answer" that everyone could agree on if only they'd sit down and discuss it reasonably.
True for debates on Governance, but it can't be completely true for specifics and tactical matters. Matter of fact its pretty much the only way you can bring intelligence, experience, vision and ability to bear. True, some things are not clear cut, at which point you can debate.
Besides, even what you said is a sensible start, yet most of America seems far from having a sensible debate about Governance. From outside, every thing that happens is twisted into some sort of attack vector for ... I don't know what.
I think the events in Tunisia and Egypt show just how wrong that perspective is. Twitter and social media in general are in their infancy and yet already are having such a massive impact on social change around the world.
The ability to communicate thoughts, events, instantaneously, as they happen, and from the people actively involved in those events around the world, is unprecedented in human history.
The revolution has been tweeted. It does not depend solely on twitter and the like, but these are not tools to be underestimated.
Just compare the quality of the content you're getting by following people actively engaged in the revolution on twitter, with what you see on CNN. This is revolutionary.
I think the revolutionary effect you are seeing can be better attributed to the fact that these populations have access to the Internet, especially through mobile phone. These people aren't leveraging the unique features of social media (the web of interpersonal relationships) so much as they are leveraging the ability to quickly get text, pictures, and video out of the country and onto servers hosted in countries sympathetic to the protestors. It just happens that Twitter and Facebook are currently the fastest ways to get something published and seen.
I disagree - because the ability to get text pictures and video out of the country reliese on the fact you're putting it onto a network where plenty of people are linked together. Just posting it onto the internet - with no social network apps - it's much less likely to catch and go viral.
The networking capabilities of these appliations is what makes them useful to protesting organisations. Otherwise there woudl be a deluge of emails going out to notify of each individual update - rather than a simple, distributed notification which people can jump on at any point.
Btw, I should add an anecdotal example of what's possible.
Near the start of the uprising, parts of the protest pamphlet were leaked online (http://j.mp/hZf7uY) before the protest was set to take place. The pamphlet explicitly requested secrecy so that the details of the protest would not get into the hands of the government.
I was lying in bed in San Francisco, watching as news of this broke out on my iPhone twitter stream. Many people, myself included, were able to convince the author of the piece to delete his tweet with the link to the post, and while the post itself wasn't taken down, I wasn't able to find it from the publication's front page, and the post itself was edited to include a link to a video submitted by a twitter user of a man being shot and killed by the Egyptian police.
And that's just a small incident I happened to stumble across. I think that illustrates how profoundly the world has changed, where individuals, anywhere on the planet, can influence people and events in ways that can have significant consequences. All that, through a few tweets.