Comment by selmnoo
12 years ago
They deserve to have their brands damaged.
They didn't do their due diligence in encrypting data going through leased fibers -- they should have had the foresight to realize what a phenomenally bad thing this was. They didn't, hence why I'll never trust them again.
Do you also blame your car company when a thief breaks into it? Do you never trust banks again if a bank robbery happens? They were working on it, but full-on encryption everywhere within your internal network is expensive, and one tends to not imagine that buried dark fiber is dug up and tapped by one's own government.
Let's say that they encrypted everything, and then you learn the NSA had kidnapped the children of one of their network engineers and forced him to turn over some keys. Again, whose brand deserves to be damaged here, the company, or the immoral nation state with vast military industrial resources at its disposal?
Why do I sometimes get the feeling that people specifically want to hate on these companies when the real outrage should be for the government spooks.
What an unbelievably stupid line of thinking.
Kidnapped their children? Get a hold of yourself here. Google is a tech company, it is a perfectly reasonable expectation that they get the big parts of their security model right. Not encrypting data going through leased (or even their own) fibers? Big, big mistake. NSA and US government aside, Google dropped the ball big-time here.
> Why do I sometimes get the feeling that people specifically want to hate on these companies when the real outrage should be for the government spooks.
Funny you say that. Because I was pretty much a Google fanboy before all of this happened (oh, and their recent changes wrt privacy policies). I am very angry at the government, but that is a separate issue.
Security is based on threat model. The spooks have capabilities that far exceed the threat models most companies assume from private blackhats. You think it is obvious to assume in hindsight that the government would dig up and tap your dark fiber, but you don't think it obvious the government would plant spies to do in-side-the-data-center taps. Now what? Encrypt all data between switches? The Soviets didn't think their undersea cables could be tapped either, and no one can claim they were insufficiently paranoid.
My point is, I don't want Silicon Valley in an arms race with the US government. The government is supposed to protect its citizens and companies, not work to undermine them. Google is working on rolling out better security, just like they eventually rolled out SSL everywhere before most other companies. They are at the forefront on this, but it still takes time and costs money. But even though they are spending time and resources on this, I would still like the US government to cut it out.
6 replies →
> What an unbelievably stupid line of thinking.
Sentences like that have no place on HN.
> Kidnapped their children? Get a hold of yourself here.
It's supposed to be an extreme example. He's trying to probe your boundaries -- if you'd forgive them in the kidnapping example, he could then name a somewhat less extreme example, like if the CIA had broken into a Googler's home to plant a recording device.
But, since you totally dodged the question, the opportunity was missed.
Why would have they treated their own fibers untrustworthy?
1 reply →
> Why do I sometimes get the feeling that people specifically want to hate on these companies
Because they promote themselves as tech-based companies, yet abdicated their professional duty to design secure systems because insecurity makes for easier monetization.
You would very much blame a car manufacturer when it turned out that all of its cars were keyed the same.
There is no such thing as a secure system, there is only conditional security. And what does unencrypted internal network traffic within a company have to do with monetization?
Pretty much all regular door locks on the majority of homes in the US are pickable. Have you installed an unpickable lock on your home?
Supposedly the US government is tapping fiber they own. Would you fault someone for not having security between rooms in their home?
They also gave the NSA and co. front-door access, and probably knew about the back-door access, but couldn't do anything about it.