Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Open Source Cloud Google Security Software

Dropbox and Google Want To Make Open Source Security Tools Easy To Use 24

An anonymous reader writes: Dropbox, Google, and the Open Technology Fund have announced a new organization focused on making open source security tools easier to use. Called Simply Secure, the initiative brings together security researchers with experts in user interaction and design to boost adoption rates for consumer-facing security solutions. The companies point out that various security options already do exist, and are technically effective. Features like two-factor authentication remain useless, however, because users don't adopt them due to inconvenience or technical difficulty.
This discussion has been archived. No new comments can be posted.

Dropbox and Google Want To Make Open Source Security Tools Easy To Use

Comments Filter:
  • First (Score:5, Insightful)

    by NotInHere ( 3654617 ) on Friday September 19, 2014 @04:40PM (#47950161)

    Dropbox should open-source its desktop client to prove it does what it is supposed to.

    • by mlts ( 1038732 )

      How about an open source cloud sync API, that allows machines to sync with the offsite provider, as well as each other. That way, each provider doesn't need to reinvent the wheel with this code.

      Even better, add hooks for encryption, either a symmetric key, or some faculty that uses public/private key encryption to allow files to be stored without a key, but would need the private key for retrieval.

      Best of all would be a way to have a low-cost, low-volume service like Amazon Glacier and an API for that. Th

  • by mlts ( 1038732 ) on Friday September 19, 2014 @04:48PM (#47950207)

    If they are serious, they should buy Symantec Encryption Desktop (formerly PGP Desktop) from Symantec and open source the full version of that. It has a decent UI, works well with Outlook and Thunderbird, and does well on Windows, OS X, and Linux. That would give decent security on the hard disk level, file container, and individual file level. Even directories can be encrypted, CFS/EncFS like.

    • It has a decent UI

      Really? Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 [gaudior.net]. Yeah, it was a while ago and some things have improved, but most of the issues remain and I doubt another focus group study would find significantly different results.

      The problem is that designing a UI that makes it easy for people who don't know anything about cryptography or security to achieve useful cryptographic security is really, really hard. Almost as hard as educating everyone about cryptography and security enough that they ca

  • Pro Tip: (Score:2, Flamebait)

    by jsepeta ( 412566 )

    When performing maintenance on Sundays, don't turn off passwords for your entire userbase, DROPBOX.

    Bonus tip:
    Hiring Condoleeza Rice told me everything I need to know about you jackasses. If I want to use cloud storage, every other vendor in the world doesn't employ war criminals. So it's easy to choose a vendor who doesn't upset my conscious.

    assmonkeys

    • Why is OP modded Flamebait? He's right!

      Dropbox is the last company on earth that should be trusted with anything related to security or encryption. They have proven to be incompetent regarding security (and programming in general, for what it's worth) and there are countless alternatives on the market that are better than Dropbox. And yes, hiring Condoleeza Rice does not make them more trustworthy either. Having her in the board is like appointing Dick Cheney as a human rights adviser.

      People who honestly

  • After the Snowden leaks, every tech company that wants to be taken serious needs to improve on their security, do some crypto on the user backend and generally be more open. Or at least pretend to.

    Remember that Google's goal is not to improve security but to win over more customers, in other words make you choose their service over another company's service, even over a much more secure one. This kind of campaign to improve is what might tip over many potential costumers and choose Google after all, cont
  • If dropbox and google would support webdav, then this would be a non-issue.

    Mount WebDAV resources with davfs2 and secure it with encfs:
    http://flux242.blogspot.com/20... [blogspot.com]

  • by Tool Man ( 9826 ) on Saturday September 20, 2014 @12:45AM (#47952231)

    What they need to do is implement client-side encryption before it gets uploaded. Sure, we can use something like EncFS to let Dropbox host only files I've already encrypted, but other cloud-storage companies like SpiderOak have written themselves out of access to my file contents.

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...