[liberationtech] Explaining Different Types of Trust?
Michael Rogers
michael at briarproject.org
Tue Apr 16 02:29:53 PDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Nick,
I think the kind of taxonomy you're talking about would be really
useful, both for educating users and for helping developers to focus
on the right threats. I'm currently reading "Folk Models of Home
Computer Security", which seems like it could provide some useful
landmarks:
http://prisms.cs.umass.edu/cs660sp11/papers/rwash-homesec-soups10-final.pdf
Cheers,
Michael
On 16/04/13 02:25, Nick M. Daly wrote:
> Hi folks,
>
> Apologies for abusing the word "trust" some more, but I don't know
> what other word to use. Feedback would be lovely. Sorry for the
> cross-post.
>
> So, one of the goals folks worked out during FOSDEM was that each
> FreedomBox package should be able to explain to the user in a
> straightforward way (1) who the user is trusting, (2) for what
> purpose, (3) how that trust can be abused, and why such abuse would
> be bad for me (4).
>
> For example, with DNS requests (2), I trust my router, my ISP, my
> DNS host (possibly Google, if I use 4.4.4.4), and (if I'm unlucky)
> anywhere in-between (1). Each of them can view the DNS requests I
> make and tamper with the responses (3), causing me to visit a
> fraudulent bank website, for example (4). They could also record
> these requests permanently (3) allowing them to track (4) and
> advertise (4) relative to my movements. Other harms based on that
> stored data are also imaginable, but perhaps too unlikely, in the
> average case, to be worth mentioning.
>
> Similar profiles can be drawn up for other services, such as
> Jabber, where an attacker can fake my buddy list and my buddies'
> conversations, and so forth.
>
> What are generic attacks that are service independent that would
> be widely useful here? I'm thinking:
>
> - Can Learn (Profile) - Can Influence (Lie)
>
> What others would we need to cover all our (generic) bases? The
> important bit is to list out the attack surfaces and explanations,
> on a per service basis. Would it be possible to include generic
> explanations that can apply between services that cover the same
> purposes? How would we organize this, at a framework level?
>
> I appreciate your thoughts and your time, Nick
>
>
>
> -- Too many emails? Unsubscribe, change to digest, or change
> password by emailing moderator at companys at stanford.edu or changing
> your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRbRoRAAoJEBEET9GfxSfMRF8H/jWD/xrWy1v3bsVTYoZPBt/F
dD145+MDO+H3uF/PCpaFxGZM4IaE/zkehDmxHgs41uybnfqpYOfFUiiNdTdJQLxY
T08lBEMmPwZr80ZJ5jNcrLNQmUNQC8UtFyx6qJeszddZK0AaLBQKGVsKdgY4NP4O
gMnUV47N0JF8MKhQuIEk1FnvfLzS2joolqdUmwSOHfmx9u7SX5y4kM9GW98MlGK7
9HWW1tkuIWvIwe13MDhk48tQiNcMGTsSlDxR7OUctk93lTy3AD2LfWmp/maIbOk4
86TI4JBZdjKBLXNIwbUvNZi/N89Al3BtMB3bbrjtrMI6wG+LaLOjejz75PIDR34=
=2z5D
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list