[liberationtech] Chromebooks for Risky Situations?

Sun Feb 10 09:54:27 PST 2013

Although we could narrow the discussion "is platform x secure enough for
threat model y", the scope is wider than that, and was presented by
Jonathan Zittrain in his "the end of crypto" talk -
https://www.youtube.com/watch?v=3ijjHZHNIbU - I'm sure many of you have
seen it

[ Remark: I know that what he says towards the end of the talk is
embarrassingly misguided (see https://dubiousdod.org/go/TheEndOfCrypto for
my 0.002BTC worth), but the first hour is a must watch if you haven't seen
it yet ]

The question Zittrain asks is "how can we trust end to end crypto if we
don't own the end points"?
Obviously systems are too complex for most people to really figure out
what's exactly running on their computer, and modern systems (from smart
phones to unity) make it harder and harder for users (even "power users")
to peek under the hood.

This is how we've ended up with app stores, "secure boot", and other forms
of authoritarian solutions. This doesn't guarantee anything
(vulnerabilities and malware are not necessarily detected), but at least it
gives a "not my department" kinda peace of mind :)
Someone else has power (and - theoretically - responsibility) over my
private machine, and that power is bound to end up in the hands of power
seekers (and indeed it does).

So what's the alternative? Train every granny to be a security ninja?
Probably not, but instead of the "never jailbreak - or you won't be
protected" meme, I'd rather see solutions that offer jailbreak *and* an
alternative "safety net".
Not an alternative authoritarian "good guy app-store" (because power is
power is power), but something similar to [say] debian's apt - where a user
(or the user's tech support) can add/remove software sources. Not saying
apt is the solution, but being able to choose more than one "store" is what
freedom is all about.

If we could give end users a phone that only installs stuff approved by
[say] "Guardian Project Clearing House", they'd already have a "pretty
secure phone". A smart user could add "Whisper Systems" or "My Ngo" as
sources (would require safeguards like phone-specific password, QR-code
certificate, etc.).

This requires two things that [IMHO] don't exist yet: an OS (based on
android, b2g, linux, etc. or maybe something new) that supports
multi-authority code signing (and effectively prevents rogue code from
running), and then - a few clearing-houses that provide a rich enough "app
bazaar".

This may seem like utopia, but remember that where we are today seemed like
dystopia a decade ago :)

Personally, I believe we [the FLOSS crowd] can do it. Are we not legion? :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130211/5e9e69e1/attachment.html>