PRISM and cloud syncing security
Comments
-
@IndigoAgil: Please read the rest of the thread, specifically this post of Jeff's which addresses exactly that: http://discussions.agilebits.com/discussion/comment/72391/#Comment_72391
0 -
I'm another user that would much prefer to host my own passwords. Preferred protocols being SFTP (w/a custom port) and/or WebDAV.
0 -
Someone mentioned SugarSync. That’s what I use for my cloud sync needs (I use a free Dropbox account for minor things and of course to sync 1Password). I actually sync my 1Password folder to SugarSync as well, just in case, but that doesn’t help in terms of the security questions being raised here about using Dropbox with 1Password. All I can say is that any cloud solution could potentially be compromised, and certainly hard drives or SSDs can be compromised as well (Yes, FileVault is pretty secure, but not everyone wants or needs it). That all said, has Agilebits considered SugarSync as another cloud option? Is it necessarily better in terms of security or is it just a matter of its not being on the NSA’s radar?
0 -
9 reasons why there's really no problem with Prism (plus 1 bonus reason for our international amigos)
1. You're safe
Remember those people jumping out of the Twin Towers. That will happen again if you don't let us read your email.
2. You're slow
Prism is not news. This has been going on for years. Don't you ever read the newspapers? I warned everyone on my blog years ago. Move on, no story here.
3. You're guilty
If you haven't done anything wrong, you have nothing to fear. And we will be the best judge of your guilt, or otherwise.
4. You're boring
Nobody is interested in your boring, insignificant life, you pompous, self-aggrandising fantasist. Shut up and let us tap your phone already.
5. You're naive
You're getting all this stuff for free aren't you? There's no such thing as a free lunch. You are the lunch. Assume the position.
6. You're an idiot
You clicked "I agree" when you signed up. You did read the Terms Of Service agreement, didn't you? A contract is a contract. It's too late to back out now, slacker.
7. You're old
"Everyone" is posting details of their lives on Facebook and Twitter. So what's your problem with us reading your email, listening to your phone conversations, knowing where you are and what you're doing? It's just the new way of doing things, you old fart. Obama gets it. But, you just don't get it. And you're probably not getting any either.
8. You're better off
Do you really want to go back to buying stamps and posting letters? This is our internet and we decide the rules. If you want to use email, then expect us to read it. That's just the way it is. Get used to it. Or go live in a cave in Terrorstan.
9. It's a secret
We're complying with the law and we really can't discuss this further. Got to go.
For international users only:
10. You're not American
So you will already know that you're not a US citizen and have no rights under US law. If you don't like it, stop using US companies and storing your data on US soil and apply for the green card lottery like the rest of those dirty foreigners. You should thank us for enriching your lives, you dangerous, whining, miserable losers!
0 -
I agree this PRISM discussion is sometimes exaggerated.
However, and also in view of the new keychain management now integrated in the future iOS and OS X, my humble opinion is that AgileBits should start to focus on their strong points:
1) The overall quality of the product (no one knows how well iCloud keychain will work at first)
2) The multi platform environmentPoint 2 is very important: universality is what will save 1Password, just as much as quality. Given the blog post about WWDC, I think AgileBits people know that very well.
I am guessing abandoning Windows is not planned anyway, but universality also means supporting more sync options. This will make the developer's lives hell...but I think that's the only way to go: people won't be trusting Dropbox or iCloud as much in the future. In fact, notwithstanding the PRISM scandal, many people are starting to worry about clouds. This is the case especially for Europeans, as we know US laws are not as protective of private data anyway. I know AgileBits is Canadian, but until now, the only 2 cloud sync options are US based (Dropbox and iCloud).
I am using Dropbox, I am not paranoid, but still.My point: I hope agile bits will be looking at sync options with private clouds. 2 examples? OwnCloud.org was quoted earlier in the posts. Synology's recent Cloud function for their NAS is also a very user friendly local cloud option.
It's gonna be a lot of work for AgileBits, but I hope they will go this path: guys, diversity is now more than ever your strong point. The Cloud market - young until now - is going to become more and more fragmented, and I think you're gonna have to pick more than 2 winners in the future.Good work on 1Password until now anyway: you know what you are doing, there is no reason for it to stop now. This is just an informed user's opinion.
0 -
@jaydisc, @dtoub, and @PierreBdm, please be sure to read the rest of the thread, specifically this post of Jeff's which addresses other possible sync solutions: http://discussions.agilebits.com/discussion/comment/72391/#Comment_72391
As Jeff mentioned, we're not going to rule out anything or suggest that we are leaning in any particular direction. There are difficulties with all of the options. We're most certainly not trying to list excuses not to pursue any specific option(s). As a rule, we prefer to let our shipping software speak for itself rather than string folks along with promises of future features. It is immensely helpful to know what 1Password users are interested in, though, and since we do absolutely zero tracking of any kind of 1Password users we must rely on direct feedback from you all. We can't thank you enough.
Please keep the feedback coming!
0 -
@khad. I read Jeff's post twice before I posted myself. Thanks.
Regardless of whether Agile had a hard time with edge cases, I still want to privately host my data.
Now, in light of Apple's iOS 7 demonstration, it seems to me that allowing a user to store their own syncing data might be a great way for you guys to differentiate, because as long as Apple's keychain syncs directly to iOS Safari, and yours doesn't, you are going to need a differentiator. Something that would definitely make me consider staying with your product, would be the comfort of knowing every password I've ever created isn't sitting on Apple's (or anyone else's) servers. I'm relatively certain that I am not alone in this opinion either.
0 -
Indeed you aren't alone in that opinion as I believe this thread is a testament to. :)
Thanks again for letting us know that you also are interested in this.
0 -
@khad, please stop asking us to refer to this post from Jeff. I had read it as well, I just wanted to give my opinion anyway ;))
Anyway, @jaydisc, you are correct. I think more users in the future will want to be able to sync 1password with their private cloud. But let's be honest: AgileBits is not in the charity business, and how many is really "many users"? The private cloud solutions are rather limited for now, if not in their stability, at least in their number of users.
I would LOVE for AgileBits to support private clouds, but I know that I am an extreme minority.From the top of my head, I see 4 target groups:
1) People who don't care, use 1234abc as password everywhere.
Largest group, though it may diminish thanks to icloud keychain...but these people will likely remain with the OS X/iOS solution.2) Normal users who care. Potential users of 1password.
Second largest group I would guess. AgileBits' core target. They will jump on icloud keychain (if they use Macs and iOS device), but may start worrying about where their cloud storage is. This is where the opportunity is: Apple will educate the customer base, and will leave some of them half satisfied (no matter how good the solution is).3) Informed or advanced users who care, and are capable of implementing private cloud solutions.
Seriously, how many people is that? 5%? 2%? It will take months or years before really easy and stable private cloud solutions arise, that will appeal to more than your average geek.4) Paranoid users.
Will never save their passwords at the same place anyway. Will never be a target for AgileBits.Again, this is just one isolated opinion from someone who is not in this market. My 2 cents:
AgileBits doesn't have to worry for now. Firstly, this PRISM story will be quickly forgotten. Secondly, the icloud keychain stuff only is a plus for people using iDevices AND Macs. Until Apple gets a larger share of the desktop market, there is nothing to worry about really.
If, and only if, private cloud solutions start getting mainstream. Then people will start going from group 2 to group 3. At which point, yes, AgileBits will need to start worrying about third party cloud support.
I don't think it makes sense for AgileBits to focus on webdav/private clouds sync soon. They might (I would like that personally), but I don't see it making sense economically yet. Loosing a few advanced users such as us won't hurt, as long as they can sell to the enormous majority of people not having Macs, and simply using Dropbox.
Passion for tech and down to earth tech business are 2 different things; again, given what I see from AgileBits in all areas (products, communication, support), I think they know that very well :D0 -
Hi @PierreBDM,
With so many things going on all at once, I hope that you will forgive us for referring people to things we've already said.
I'd like to somewhat loosely take off on a more general point that is becoming clearer through this discussion. There are two ensure data privacy through a synchronization process:
- Never let the data out of your own control.
- Provide end-to-end encryption.
We've been focusing on the latter. The better the encryption within 1Password, the less it matters if attackers gain access to the data.
End-to-end encryption.
End-to-End encryption means that the data simply can't reveal information (other than that it exists) to anyone who intercepts it along its journey. Now I'm an old dude in this business, which means that I remember the "Crypto Wars", when governments were trying to make it illegal -- or at least extremely difficult -- for people to use cryptography that the government couldn't break. The fact that things like 1Password can exist today is the result of how the Crypto Wars ended up. Andy Greenberg has written a history of this called This Machine Kills Secrets.
The virtue of end-to-end is that you don't have to trust anything other than the encryption which you perform on your own machine. The point is that you encrypt your data so that it can be transmitted (and stored) over insecure channels, and its confidentiality (and integrity) remain secure.
1Password encryption is end-to-end
1Password's encryption is end-to-end encryption. You encrypt your data at one end with your Master Password and you decrypt it at the other end with your Master Password. Nobody who captures a copy of your data either at rest (sitting on a server or on your own machine) nor in motion (as it moves across the net if someone can get around the SSL traffic) can perform that decryption.
However, there are still good reasons to not want your 1Password data captured, even though our encryption is end-to-end. First of all is that if someone (or some software) can guess your Master Password, then they gain access. The second is that there still information that people can learn from the 1Password data. The details of what that is depend on the data format in use.
We are going through our second major data format redesign. Our move in 2007 from the OS X Keychain to the Agile Keychain Format was motivated in part by providing better and more encryption. (In the OS X keychain, only passwords were encrypted.) There were other reasons as well, but the move did involve improvements in both the quality (we used PBKDF2 before pretty much anyone else) and in the scope of the data that was protected.
We've tinkered with the Agile Keychain Format over the years. The discovery of Mac malware that collected 1Password data along with other encrypted data helped speed up a couple of changes that were already in the works.
But mostly we've been working toward replacing the Agile Keychain Format with our new 1P4 Cloud Keychain Format. (We really need a better name for that, and should have trademarked Cloud Keychain a months ago.) But it will be time before that is rolled out to every version on every platform.
Using a sync service that does end-to-end encryption.
Something like SugarSync, Wuala, or SpiderOak would add an additional layer of end-to-end encryption. For the reasons mentioned in the earlier post that we keep referring people to (and will continue to refer people to), an answer of "simply uses X instead of Dropbox or iCloud" is really not that simple. The things that these end-to-end systems have to do "at each end" make them not very well suited for the way that 1Password updates and uses its own data files.
Again, I'm not ruling that out. And there are changes both in our technology and simply the speed of modern computers that mean something that was a complete no-go a few years ago, may be something that might be feasible in the not too distant future.
But we need to keep in mind that this would be a layer on top of our own end-to-end encryption, so it might be a substantial complication and effort for what isn't a large additional gain in security.
Keeping the data always under your control
The other family of suggestions that have come up the most is to enable people to run their own local sync services. Typically using WebDAV. I talked about that more extensively in another comment here. So I won't repeat that. Note that WebDAV does not provide its own end-to-end encryption.
The security concerns about this are that we would have people who are not particularly trained in network security running their own servers. If malware gets into some machine on the private network where the service is running it can be attacked. Sure there are ways to defend against that, but it's not something everyone can do.
Despite that concern, this still be a good option for some people. And if our data is well encrypted, we shouldn't have to insist on extreme security of individual's WebDAV (or whatever) server.
We are moving on this
The fact that we have gone through this second redesign of our data format used for synching is part of the process of addressing exactly the kinds of concerns that PRISM raises. It is an ongoing process.
PS
My own role in the Crypto Wars was peripheral. I harangued everyone I could get to listen and tried to teach people to use PGP, but mostly I just bought the t-shirts. Some have survived for more than a decade, and by coincidence, I'm wearing one now. Here are the front and the back designs of it:
Those who were there (or have studied the history) will get all of the various references in those. (There are lots, beside the over-used and probably misattributed Franklin quote.)
0 -
Really interesting post Jeff. I really don't know how to feel about this, partly disgusted, partly resigned, as other have pointed out we have known about the potential for this sort of surveillance for years, just now we know a bit more! And many people simply don't care, my wife who is well educated with a degree in a political subject doesn't get too worked up about it, it's what governments do she says! At best, without withdrawing entirely from the internet, or using something like TOR (which seems to make me a paedophile according to the news, probably a government driven image) then in some ways we have to live with this.
A few random thoughts though, corrections welcome:
1. Why do people think private clouds are more secure? I can run one on my Synology box, but do I trust Synology or Dropbox more to protect me from the wide range of threats (government, hacker, commercial) to my data? Who is to say that the surveillance doesn't extend into hardware firmware also? Unless you have serious admin skills, can fully understand your system logs and are willing to monitor and understand your own network traffic I'm not sure this is any better. The same is true of our own computers and mobile devices OSs - do you understand enough about what is going on in them to be sure that even a local only copy of your data is safe? Maybe some Linux and BSD guys and gals do! I have some basic admin skills and they just make me realise how much I don't know about my own systems! So the question is, where is your data and privacy truly safe?removed, realised Jeff had mentioned Spideroak.
As pointed out above, the URL stored unencryped in your 1Password data can contain personal info. Make sure you edit the URL to the bare minimum in the login.
The Electronic Frontier Foundation are trying to curb some of this and at a minimum inform the public, I've joined up, even though I'm not from the US and their work is primarily US centred.
I run a few privacy plugins in the browser including HTTPS and a VPN, I don't think this makes me invisible, but maybe just a little less visible.
In the furore it is easy to forget there are many benefits to the cloud as well as cons, it really is a double edged sword. To slightly twist Jeffs words about data availability and security, to have data stored and backed up in the cloud (and my own offsite backup system) as well as available on all my devices has many advantages. I guess we need to understand what we want from these services and balance it against the risks.
I'm pretty disgusted in general, I simply don't know what I can practically do to prevent it! I wish I could find some advice in Jeffs crypto T-shirts. Helpful suggestions welcome!
0 -
I will never use a private cloud. For all I know they might work fine and be secure, but rightly or wrongly, I will always trust them less than a much larger, widely-adopted, solution like iCloud or Dropbox. And I don't trust those 2 at all! 2 reasons: 1) nothing is uncrackable, 2) either it is hosted in one of the major western nations, where it will have to hand over data to governments when asked, or it will be hosted in a "pirate nation", in which case I wouldn't trust the owners of the service. i really think 1password is barking up the wrong tree with that one. It is in danger of giving users a false sense of security and it's too fussy and complicated for the majority of home users. Mostly useful I imagine for enterprises who already have their own secure servers.
Although USB syncing is OK as a 3rd way of syncing, it's no replacement for wifi syncing - I'm unlikely to ever use it.
I think Air Drop will be the solution for me. If Apple delivers it with their new Keychain I might use that, but I've had a look inside my Keychain and it seems to have things that are far beyond my ken (like email certificates) which are completely unnecessary in a password app which you use every day.
I also don't like the look of that Apple password generator previewed in the keynote which doesn't show you the password but just inserts it automatically in a webpage and remembers it. Something tells me that's going to cause more problems than it's worth (which is also why I no longer use 1P browser plugins).
So I suggest, a differentiator for 1Password would be their clean design, and 5 ways of syncing: iCloud, Dropbox, Air Drop and their current hobby horses USB syncing and private cloud.
One other huge safety improvement (in addition to encryption of titles and tags which already I've mentioned) would be selective syncing. I only need a maximum of a dozen passwords when I'm away from home. Not 500 pieces of my most valuable data. Bear in mind, at many border crossings you can be forced by law to unlock your phone, laptop and 1password, so it is much safer to leave what is not needed at home.
If neither Apple or 1Password can come up with the goods I think I might just remove 1password from mobile devices, keep it on my mac, let Google deal with web logins and keep two or three really secret passwords on paper like in the good old days.
0 -
Hi @macgabe,
You make a great point when you say
For all I know [other sync services] might work fine and be secure, but rightly or wrongly, I will always trust them less than a much larger, widely-adopted, solution like iCloud or Dropbox. And I don't trust those 2 at all! 2 reasons: 1) nothing is uncrackable,
This is something that people need to keep in mind. If a service can be compelled to hand over data, then it can also be broken into (possibly from the "inside").
2) either it is hosted in one of the major western nations, where it will have to hand over data to governments when asked, or it will be hosted in a "pirate nation", in which case I wouldn't trust the owners of the service.
Again, whether the "attackers" are government, outsiders, or the operators of the synching service, the defense is still the same: End-to-end encryption. It works out well that for so many threat models, the same solution is indicated.
Because we try to provide that end-to-end encryption, our major criteria for a sync service is reliability and ease. It doesn't matter whether personally you are more afraid of governments or of criminals. We have to work on making your 1Password data secure no matter who gets a hold of it.
I'd like to be careful with the term "private cloud". I've been using it to refer to individuals running something at home. I can run a WebDAV server on one of my machines, and if 1Password did WebDAV synching, then I could sync my data using my own personal server running on my own private network.
It appears that you have used the term to refer to public cloud services which offer their end-to-end solution. The point of these is that you don't have to trust the operators of the system to keep your data confidential. They don't have the capacity to decrypt your data.
Let's look at a different example to illustrate this. We at AgileBits can't turn over (or exploit) data about how you use 1Password (either if we were to turn evil or be compelled to or be broken into) for the simple reason that we don't have that information in the first place. We can't abuse or reveal data that we never have. You don't have to trust us to be responsible with your data if we never have it in the first place.
We really can't say much about Apple's forthcoming iCloud Keychain and what's new in Safari 7's built-in password manager without violating the Non-Disclosure Agreement everyone with access to the Developer Preview has signed up to. For our non-answers, please take a look at
Your suggestion about selective syncing is a good one. One practical benefit of such a mechanism (irrespective of security) is with attachments. There are certainly use cases where people may wish to decide which attachments should sync, particularly to mobile devices. As always, we make no promises about future features.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Those are some excellent observations, @MikeMcFarlane. I won't address all of them. I do very much understand the need to just state your feelings and thoughts on these.
Other than to say that yes, we are definitely working hard to get the new keychain format available to everyone, and to emphatically agree with you about the the relative security of self-hosted sync servers. I may trust myself more than I trust the pilot of a plane I'm in to put my interests first, but I certainly want her to be flying the plane instead of me.
I'd like to kind of talk about the politics, but at a sufficiently abstract level that I don't say anything that would be inappropriate for me to say here. I think I understand why a lot of people seem to "not care". I think it's because they are confused about what is going on. People are confusingthe PRISM story with the Verizon story. The interrelate in a very important (but subtle) way, which I'll return to, but we should start out treating them separately.
PRISM is getting all of the attention, but that really isn't news. Other than the specific mechanism, what is going on there is fully consistent with the intent of the laws. Now we may disagree with those laws. And there is another concern that I'll come backing.
It's the slurping of all "telephony data" that is a different matter. And for this, I'm going to be focusing on US citizens and people residing in the US. We care as much about the security of our non-US customers as our US customers, and this US specific story will eventually connect back to the PRISM stuff.
The NSA (via the FBI) is getting all "telephony metadata". That includes who's calling whom, when, how long, and even the locations of the callers. This data collection has been going on in secret since (at least) 2007. They are not (in this case) getting the contents of the calls. This is being done under Section 215 of the PATRIOT Act. (PRISM, in contrasted is under FISA and the FISA Amendment Act, FAA). By law, the NSA is forbidden from spying on US citizens or within the US. So the data is technically being collected by the FBI.
When the PATRIOT Act was being debated, people and organizations like the ACLU and the EFF explicitly objected to section 215 because it could be used for massive data collection without any probable cause that people were connected to a specific, targeted investigation. We were told by supporters of the PATRIOT Act that such a thing would never happen because the people using these powers were good guys, and the (secret) courts would keep an eye on things. Naturally the opponents pointed out that because those courts will operate in secret, there is no pressure built into the system that protects against the expansion of this kind of spying.
The PATRIOT Act passed by overwhelming majorities, and all attempts to open it up for re-examination have been thwarted over the past decade. But what we have learned is that the supporters of the law were absolutely wrong when they said that such broad, untargetted, data collection could never happen. Also note that just a few months ago, the head of the NSA publicly denied that any such broad data collection was happening.
The lesson that I want to draw from this, is that if you grant a surveillance mechanism to the government, and only have it constrained by secret courts, the government will end up using the full power of it.
With that lesson in mind, we should consider what we are now being told. We are told that the data is collected, but any individual's phone records will only be looked at during the course of a targetted investigation which will require approval from a (secret) court. This power won't be abused, we are told, because "we are the good guys". Remember, that is exactly what we were told 12 years ago about even collecting the data.
Now let's bring this back to PRISM. We really know incredibly little about what PRISM actually is, but it appears that the NSA has some automated mechanism which enables them to get the data that they want from the service providers without having to inform the service providers about each individual data request. Given the lesson of the Verizon case, I think it is perfectly reasonable for everyone to worry about PRISM not for what it does today, but for what having such a mechanism in place can do tomorrow.
At any rate, I think that the reason we don't hear more objection and protest in the US is because the public is focused on PRISM instead of the telephone data.
something like TOR (which seems to make me a paedophile according to the news, probably a government driven image)
I've actually had the FBI scare me away from running a TOR exist node. I never wrote up the incident properly (for a number of reasons). But people who use TOR should keep in mind that many (most?) exit nodes are run by the US Navy.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Unfortunately, everyone is writing about the government surveillance program without knowing or understanding what the rules are.
The government (NSA, FBI) does not in a willy-nilly fashion monitor or inspect a person online information or communications. There are standards set by the FISA court and federal law.The most important standard to know is the phone conversation or computer communication must be with an individual who is oversees (foreign) at the time of the communication and who is believe to be involved in terroristic activities. Otherwise, a warrant is needed for communications taking place inside US borders.
So, unless you meet the above requirement the government will not be surveilling you. The law is very clear on that point.
0 -
I don't really care about PRISM. That's just one example in an infinite range of possibilities of how having my data outside of my control could adversely affect me.
I run my own Debian mail server, my own OS X server for Contacts & Calendars, and my own offsite backup because that's how I roll. The last two bits of data that are NOT under my control, are 1Password and MoneyWell. Unfortunately, as far as sensitive data goes, passwords and finances are pretty sensitive.
I understand the purpose and benefit of end-to-end, but my experience dictates, if the wrong person has local access to encrypted data, it's just a matter of time.
I TOTALLY understand I'm a teeny, tiny minority, but part of me also thinks that there's value to 1Password in adopting a more standardized approach to syncing. Hopefully, Dropbox will come and go before 1Password does, and thus portability would be a good thing, and the best portability comes with standards.
0 -
Grunt_at_the_Point
"Otherwise, a warrant is needed for communications taking place inside US borders.
So, unless you meet the above requirement the government will not be surveilling you. The law is very clear on that point.".
The fact that may be very comforting to you. Not all of us live within the US borders. So where does that leave us?
0 -
As to Syncing between devices, since I have been using 1password I have been syncing the keychain along with the rest of my documents over my network using SyncBack. Is that an issue? As it seems to be working fine and avoids the use of the cloud altogether.
0 -
All good points, @jaydisc,
As you correctly note, not everyone is in a position to run their own local servers in a way that will keep them sufficiently secure from attack. They may think it's safe behind a NATing router, but a compromise of one machine on the local net (or just using WEP on the WiFi) removes that sort of protection. You may have a nice script calling apt-get that you call from a cron job to ensure your server is up to date, but not everyone will. You may be paying attention to logs, but not everyone will. You may have a separate subnet for when friends at your house want to join your network. (Note that off the shelf routers that offer dual systems, do not provide a mechanism for restricting the "guest" net from everything else.)
But you are also absolutely right that providing a synching specification so that people can run their own servers would be good not just for people like you, but it would reduce our general dependence on third parties. It would also make the syncing even more transparent to those who want to inspect the system. We try to be as open as we can; and pursuing that approach would certainly be in keeping with that.
As I said in a much earlier post (that I will continue to refer people to), we are not ruling anything out or in. And again, we don't like to promise anything until it is delivered. So I'm trying to not offer clues about which approaches are under the most active exploration.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Hello @Grunt_at_the_Point,
I think that you are correct that people seem to be conflating the Verizon-NSA scandal with PRISM, and so many people are jumping to conclusions that aren't fully justified. But first, I would like to make it clear that we care about all of our customers, irrespective of their citizenship.
I do think that we need to look at PRISM in the light of the Verizon case. PRISM is authorized under section 702 of FISA and its various amendments over the years. It is supposed to only gather data necessary for specific investigations with specific criteria. It appears that it is sticking to that, although some automated process.
Section 215 of the PATRIOT Act is the authority for the Verizon case. But that law also states that data would be collected only when relevant to a specific investigation and would not be broad slurping of everyone's data. It was to be under the supervision of secret courts. And in the past months, we've heard statements public statements that only targeted data collection was occurring.
What we've learned from the Verizon case (or "Operation Hoover" as some have started to call it) is that the oversight failed (as many predicted). Secret courts, ruling in secret with even the existence of their rulings kept in secret, are not sufficient to ensure that data will be collected in the specifically targeted ways we were promised when the law was passed and reauthorized. And we've certainly learned that officials will lie about this to the public and to Congress for eight years. (It started in 2007.) We've also learned that the NSA will collect data on US citizens by having the data collection mediated by the FBI.
When we see such a spectacular failure of the oversight under PATRIOT 215; how confident can anyone be about the same system of oversight with respect to FISA 702? Particularly when an automated data collection mechanism has been put in place.
So sure, people are confused about Operation Hoover (Verizon-NSA) and PRISM, mistakenly thinking the latter has the scope of the former. But what Operation Hoover tells us is that PRISM could easily come to have the same sort of scope.
And returning to focus on 1Password, even if we were to fully trust the government, the fact that the US government can capture this sort of data means that someone else could as well. An insider at Dropbox or iCloud, or some attack on their systems. From a data security point of view I have to consider this an attack. Just because the attack may be lawful, and even if we don't object to the law, it still remains an attack. It means that it is possible for someone other than you to be able to gain access to your 1Password data files.
As I described in an earlier comment one way to defend against such attacks (whether they come from governments, insiders, or outside breaches) is to provide end-to-end encryption. That is what we try to do.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
I want to make a couple of points:
First, for those who've mentioned Apple's iCloud keychain feature coming up, remember that Apple's a member of Prism. Thus, they can be asked to hand over any keychain they have access to, any recovery keys they have access to, etc.
Second, I really don't want any metadata or URLs or categories from my 1Password data left unencrypted. Please clarify for me whether this is still an issue for the current data format... IMHO, all data should be encrypted or coded in some way so as not to reveal the meaning of any metadata. If a gov't agency got access to my 1Password data and it contained URLs for all the sites I use, they could easily go and serve secret subpoenas on those sites.
Third, Dropbox... If all my data is encrypted properly, I have no problem storing a backup on Dropbox. However, with respect to the 1Password web access via Dropbox, there could be serious issues if Dropbox were to join a program like Prism or similar... As bitcoin online wallet users know, it's iffy to rely on a web page to do the encryption completely client side, and it's hard to be sure the page has not been changed somehow since you last used it. Dropbox could easily modify the web pages used for accessing 1Password via Dropbox in order to get your master password and serve it up to government agencies.
So, I think you need to consider (1) encrypting everything in the 1Password database, and (2) providing some reassurance that Dropbox is not going to grab our master password if we access our data via the web. The latter might entail you yourselves providing a portal using dropbox on the back-end, or allowing a user to download the whole encrypted database and access it locally via locally stored and verified web pages offline.
Thanks for considering these issues.
0 -
Sheds new light on my signature...
(oh interesting, signature is gone to forum changes I've not been notified of).Signature said: MAS (flawed by design), Dropbox sync (not considered save)
0 -
What is the opinion on using Cloudfogger to encrypt prior to uploading to Dropbox?
0 -
Hi @shakittogenki,
There are a lot of unknowns about the synching done with the built-in password manager. There are things that we don't know yet and there are things that we can't say due to the NDA. We simply don't know whether Apple will have the capability to decrypt what is in an iCloud Keychain.
I can talk about the OS X Keychain that is used to underly the Safari's (non-synching) password manager in Safari 6 and prior. In the very early versions of 1Password we used the OS X keychain as well, but we moved away from it in 2007. One thing about the OS X Keychain is that it is designed to encrypt very specialized sorts of things, including passwords. But an item in that keychain will have only the password encrypted. All other form data, including the user name, is not.
It is possible put more than just the actual password into the encrypted "password" item in the OS X Keychain, as we did with versions of 1Password prior to version 2.5, but it gets messy and difficult. Using a tool for something that it wasn't designed can produce mixed results. Trying to stuff lots of data in a "password" in a OS X Keychain just wasn't working out for us, and that is one of the reasons why we designed the Agile Keychain Format.
In Safari 6 and prior, Apple doesn't attempt what we had attempted. Instead their built in password manager only encrypts the password.
Now this brings us to your next point:
I really don't want any metadata or URLs or categories from my 1Password data left unencrypted. Please clarify for me whether this is still an issue for the current data format
"Current" is a tricky word. We are in the process of making the transition from the Agile Keychain Format (developed in 2007) and the 1P4 Cloud Keychain Format (which we really need a better name for). And one of the big changes is in the kinds of data that is (or isn't) encrypted.
But at the moment, I'll have to call the Agile Keychain Format the current one. The 1P4 Cloud Keychain Format is currently used only for synching via iCloud, and so is only used for people who are synching data among iOS devices. We will be rolling out the new format for more platforms and synching mechanisms (there is nothing that inherently ties the 1Password 4 Cloud Keychain Format to iCloud, so this will be available on all platforms, including Windows and Android).
Most notably, the Agile Keychain format leave the Title and the URL for items unencrypted. The 1Password 4 Cloud Keychain Format leaves creation time, modify time, type of entry, and sync time unencrypted. As that is another long lived discussion (it's been going on since 2007) but we've done a poor job at consolidating it into one place. However, we are trying so I'd like to point people to that discussion.
http://discussions.agilebits.com/discussion/12237/metadata-is-not-encrypted
Even with the 1Password 4 Cloud Keychain Format, there is some metadata, let me excerpt from http://learn.agilebits.com/1Password4/Security/1P4-security-changes.html
As promised, the Cloud Keychain format encrypts pretty much every bit of information about an item. Exceptions are things like modify time and creation date. We have been moving toward this goal for some time, and we’re delighted that we have found a way to do this while still allowing you to efficiently list and locate items in your 1Password data. This has been achieved while still only fully decrypting a single item at a time as needed.
In each data format redesign we've been able to have more of the data encrypted while still having the ability to sync and to manage items appropriately. Moving from the OS X Keychain to the Agile Keychain in 2007 dramatically improved the amount of data we could encrypt. Moving from the Agile Keychain Format to the 1Password 4 Cloud Keychain Format means that we can also encrypted Title and URL (among a few minor items).
But because we still need a data format that allows efficient syncing and allows us to only decrypt a single item at a time (instead of decrypted a large file with everything, which has numerous security problems), we still have some metadata unencrypted.
For the purposes of this discussion, it is enough to say that although we provide end-to-end encryption, you should still try to keep your 1Password data files out of the hands of attackers.
At the same time, it is important to remember that the overwhelming majority of your 1Password security is in your Master Password. So while we should be concerned about who gets a hold of your data files, we shouldn't forget that the single best and biggest thing you can do to protect yourself is to have a good Master Password.
However, with respect to the 1Password web access [1PasswordAnywhere] via Dropbox, there could be serious issues if Dropbox were to join a program like Prism or similar [...] it's iffy to rely on a web page to do the encryption completely client side, and it's hard to be sure the page has not been changed somehow since you last used it.
Very well spotted!
1PasswordAnywhere is not safe against server side tampering. If an attacker can change the contents of the 1Password.html file, then they can modify the crypto that you will be using. We do not, as yet, have a solution to this. There are a number of approaches, none of them particularly satisfying.
As much as I'd love to continue a discussion about sorts of options, I'm going to have to finish this post before it turns into a book.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
Hi @Migs. Thank you for the suggestion.
Take a look at an earlier comment to see why something like CloudFogger isn't as simple solution it may first appear. Options like CloudFogger fall under item number 2 in that list.
Cheers, -j
0 -
Hi @grumpy,
We haven't tested SyncBack specifically. But if you are syncing among desktops on a local network, then in principle something like that should work for the Agile Keychain Format. We don't support such usage because we can't commit to helping people use and manage such system.
Also that sort of mechanism doesn't help people who need want to sync their data to mobile devices.
Note that that sort of mechanism will probably not work with the 1Password 4 Cloud Keychain Format, which no longer puts each item in a file by itself. But by making this change, we may be relax some of the conditions we've required for the file systems. We've been making the data format less dependent on residing on a fast native filesystem; so this may open the door to some of the other kinds to synching solutions that have been suggested.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0 -
It's interesting to see how this conversation develops. Some great points and facts.
@jpgoldberg thank you for the detailed reply, I'll need to digest the new info. I think part of me is disgusted by this because of the secrecy and lies. We let Google, Facebook and many others build and analyse BigData, so why not our governments? We berate them when they get it wrong by being out of date, so why shouldn't they use the latest tools, and be developing their own? I wonder when I see how open some companies are with security, for example AgileBits, why governments can't be honest about their methods? You don't compromise the security of 1password by documenting and discussing it, so why should a government or government agency be any different? Clearly there are many other factors at play, including power struggles, politics and egos, but I can't see how it would have hurt them to be honest. What have I missed?
I'm also looking forward to the new data format and will be upgrading as soon as it appears, I think the changes are very positive. I would like the option to turn off 1Password Anywhere though. Not necessarily because I distrust it although there are some reasons as discussed above. However I don't use it, ever. Like any service (or port) I don't use I would like to turn it off.
@Grunt_at_the_Point Nice Good points. But it would appear not totally true, unfortunately. Damn, I can't find the link now, but it appears when the NSA couldn't get a warrant in the US, they simply went abroad to another office of the multi-national company and implemented there. If someone can verify or correct me on this it would be good.
0 -
Vote +1 for private data store support as webDav, FTP or "private Cloud sync server"
0 -
Thanks @thomasneumann! Noted.
0 -
Hi,
I'm sorry that it's taken me so long to get back to people. I've retreated to my mountain hide-away with my dogs and some of my family. (The rest of the family joins us in about a weak.) A two day car trip with two dogs (regular readers of The AgileBits Blog will know something about these dogs) along with arriving at the hide-away with no food in the fridge and lots of details to arrange has kept me away from the forum.
Anyway to address (or really just riff on) some comments by @MikeMcFarlane:
it appears when the NSA couldn't get a warrant in the US, they simply went abroad to another office of the multi-national company and implemented there. If someone can verify or correct me on this it would be good.
As always, it's a bit more complicated. Again we need to separate "Hoover" (all US telephone metadata) from PRISM. In the case of Hoover, the data collection is mediated by the FBI. That is the FBI is collecting the data and is having the NSA handle analysis. Whether that stands up to scrutiny in open court (or even reaches open court) remains to be seen. If the past is any guide, Congress will pass a law that retroactively makes that maneuver legal.
With PRISM the information that we have is so fragmentary that we really don't know what is being done. We haven't seen the orders from the FISC courts, but remember that these are the same secret courts that authorized Hoover, so it's not clear to what extent the NSA would have to go abroad; though perhaps they did. We need to distinguish between someone saying "well, this is how they could have done it" from someone saying "Here is evidence that they did it this way."
It should also be noted that as far as we understand, governments will cooperate with "you spy on our citizens and we'll spy on yours, and we'll exchange information".
For the purposes of your 1Password data, PRISM is the most important piece of news. But it is also the least "newsy". We've always known that the NSA is authorized to spy on non-citizens in targeted investigations. We've always known that governments could compel operators of servers to release information, and we've "always" known that they could do so in complete secrecy. (I put scare quotes around that last "always" because the laws that impose a gag order on these sorts of requests are newish.)
The PRSIM leak only hints at how automated that data collection is, but even then it seems to add more confusion than clarity. PRISM, to my inexpert reading, seems to stay largely within what I see as the intent of the enabling legislation, and other than a few hints at a few details tells us nothing that we hadn't already assumed was going on. So from an actual 1Password security perspective, nothing is different now than what how things stood a few weeks ago. The only difference is that people are more aware of the possibility to data capture from Dropbox or iCloud.
Hoover, on the other hand, appears to go well beyond what I see as the intent of the enabling legislation. Although I (and others) knew and worried that the law could be misused this way, until the leak we didn't know that it actually was happening. Indeed, I'd been skeptical of rumors that something like this was going on. (The rumors suggested that all call content was being recorded, which turns out not to be the case. Also I hadn't foreseen the FBI fronting for the NSA in collecting US data.).
Disclaimer: Throughout this discussion, I've been revealing some of my personal political views. We are a diverse group of people with different political views, and my political views only reflect the voices in my head. I'm confident that everyone at AgileBits cares deeply about individuals' data security, but beyond that you shouldn't draw any inference about the political views of AgileBits as a whole nor about any of my colleagues. (And, no. Nobody has asked me to state this.)
If I could have discussed these matters without taking a political stand, I would have. But in discussing this, I think it became necessary for me to give my reasons behind my threat assessment. At the same time, there has been a great deal of confusion about "Hoover" and PRISM. I could not try to clarify that without providing an interpretation of the enabling legislation.
Cheers,
-j
–-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com0