tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
[personal profile] tim
I'm glad to see that more people are using Dreamwidth because of the concerns over LiveJournal's data governance, or lack thereof.

I want to remind people that when evaluating the safety of a particular data storage and/or hosting provider, there's (a) no such thing as absolute safety and (b) how you decide who to trust with what data depends on a lot of factors.

People are concerned about LiveJournal, for example, because data that are physically stored on servers in Russia are vulnerable to inspection by Russian governmental entities, whereas data physically stored on servers in the US are much less likely to be compromised by governmental entities other than the US government.

How much you trust the US government, or Russian government, etc. is a matter of personal opinion, but it's fact that the expectation of privacy you have changes based on what country or countries the server or servers storing your data are physically located in.

When you store your data with either LiveJournal or Dreamwidth, you're trusting everybody who has superuser access -- at either organization -- with your secrets. Maybe you don't have any secrets because all your posts are public and you never comment on non-public posts. Then you have less to lose, but you still don't have zero to lose. Again, who you trust is a matter of opinion. But it's fact that by storing your data with a particular storage provider, you're granting access to it to anybody who has superuser access on their systems.

The same is true when you store your data with, for example, Google. Full disclosure: I work for Google. This post represents my personal opinions. As someone who works at Google and has access to various kinds of personal data, I can tell you with confidence that if I accessed that data without a valid business reason, I would be fired. This doesn't protect you from -- say -- someone who's so determined to violate your privacy that they're willing to sacrifice their job over it, but it does give you protection that you don't have when you store your data with a small company or small organization.

Neither LiveJournal nor Dreamwidth enables HTTPS-by-default. That means: you can go to either https://dreamwidth.org/ or http://dreamwidth.org/ and if you explicitly choose the first one, your connection is encrypted. If you explicitly choose the second one, it's not encrypted. There are some technical and logistical reasons not to enable HTTPS-by-default, but it exposes users to risk. Less technically: it means that anybody with access to any of the intermediate servers that your data passes through on the way from your computer to Dreamwidth's servers can see what you're sending. Because of how the Internet is designed, that means that to be sure your non-public Dreamwidth posts or comments don't get read by someone you don't want reading them, you have to trust people at many different organizations, and neither you nor Dreamwidth controls which organizations they are. Sites can make things safer for their users by automatically turning all accesses to http:// URLs into accesses to https:// URLs, which means that data getting sent back and forth are encrypted and it would be very difficult for an eavesdropper -- even someone with superuser access at one of the intermediate organizations -- to read.

I also see no reason to believe (given the above) that either LiveJournal nor Dreamwidth encrypts data at rest. That is, regardless of whether you put in an https:// or http:// URL when you access Dreamwidth, the data on their servers are stored in plaintext -- somebody who was able to physically get one or more of their storage disks would be able to access any data stored on those disks with no special knowledge. I don't know this for a fact, but I believe so because: (a) neither org has provided any reason to believe otherwise; (b) there isn't much point in encrypting data at rest when you don't encrypt it in motion.

What does this mean for you?

When deciding where to put your data, you have to ask yourself: if I care who reads this, who do I need to trust if I'm going to believe that only the people who I want to read it will get to read it? With respect to Dreamwidth, you need to trust the US government (since law enforcement can access any unencrypted data they want to, and small companies don't have the legal resources to challenge federal government legal threats) as well as everybody who works for Dreamwidth and has superuser access. But because of how they store and transmit data (and again, this is no worse than how LiveJournal does it), you also have to trust anybody who can snoop on connections or get physical access to their servers and disks. This isn't everybody, but it's potentially a lot of people.

The other question you have to ask yourself is: if my trust gets violated, what happens? What are the consequences? This is why, personally, I'm comfortable posting about my sex life in friends-only posts on Dreamwidth. If any of those posts were exposed to a different audience than the one I chose, it would be embarrassing and uncomfortable for me, but I don't feel it would be dangerous for me. On the other hand, if I was the kind of person who was likely to engage in unlawful political action, I would not post about it on Dreamwidth, even in friends-only posts, because the risk is too high.

Each person has to make these decisions for yourself -- what level of risk you're willing to tolerate is a personal decision. While the decision is personal, many of the facts that go into that decision are objective, and in this post I've tried to explain a few of those facts.

Comments disabled; I'm happy to try to answer any questions I have time to answer over email ( tim_dw@youwere.cool ).

Edited to add: HTTPS:// everywhere is a browser extension that automatically changes non-secure requests to secure requests when possible. Like all security tools, it reduces harm; it doesn't eliminate it. Because you install it on your own computer, it only affects browsing that you do on that computer. It doesn't eliminate the threat that arises from one of your friends who doesn't have this browser extension installed accessing your data insecurely.

Edited to add (2): Mary Gardiner's post about LiveJournal's server move is useful reading, especially the point she makes about how LiveJournal forces secure connections to be insecure (Dreamwidth does not do this).


tim: Tim with short hair, smiling, wearing a black jacket over a white T-shirt (Default)
Tim Chevalier

October 2017

8910 11121314
15 161718192021

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags