Open Source Conference Albania

Tactical Technology Collective10 May 2015

PASSWORDS FOR THE CLOUD

Password

YOU DATA

A BRIEF (PRE)HISTORY OF THE PASSWORD AND THE INTERFACES IT UNLOCKED

https://spchumanities.files.wordpress.com/2012/11/05-12_aahqwsw0.jpg

Fernando Corbató MIT CTSSTime-sharing computerMid-1960s

http://www.wired.com/2012/01/computer-password/

Storage

Bryan Pearson, Storage Garage 5Elliott Brown - Exercise Machines - Coventry

Usevs

Zarko Drincic - Master Key

Linus Bohman - Keys.

Mike - Key

Richard G. - Keys

Keys

vs

Words

TANGENTIAL PSA: NEVER STORE PLAINTEXT PASSWORDS

PASSWORD RECOVERY : CASE STUDIES

And the failure thereof x 1…

And the failure thereof x 2…

SO: exploits are going to happen.

What can you DO as a user?

What should you DEMAND as a user?

Elias Bizannes - Authenticity Required. Password?

Do: PICK A GOOD PASSWORD

:( :( :( :(

Visual cuesAcrosticsPassphrases

!CuwmnW@uB1? - 12 charsAreYouAlive?ITouchYou. - 22 chars

1C0v3rY0uW!thMyN3t - 18 charsWh@t@r3Y0uB@nd3d1? - 18 chars

Or make a password “MEMORY PALACE”

Do:Use different passwords for different “types” of accounts...

Do:Use a password manager

Do:Activate Two-Factor Auth when possible

SECURINGTHE CLOUD

MUD PUDDLE TEST OF SECURITY

Josh Sullivan - Mud Puddle

MTSOFan - Cell Phone Shots

Do: Encrypt your sensitive files prior to uploading

MOST IMPORTANTLY:

DO educate yourself

What is the cloud?

What is encryption?

-> ALLOWS YOU TO DECIDE:

What is important for YOU re security, privacy

But wait!

This is NOT all on the user.

Try this:

DEMAND to know what files are being automatically uploaded to cloud servers.

DEMAND correct password storage (hashes, salts, peppers (!))

REFUSE to naturalize remote cloud storage as the “logical”

end of owning or

generating data

(and while you’re at it, refuse the same thing for every internet service)

A brief history of remote “cloud” storage

Antony Antony - 20090728-142038-1103

WHAT IS THE FUTURE -> NOT OF THE CLOUD AS WE KNOW IT <-BUT OF STORAGE?

Uwe Hermann - Organized

CASE STUDY 1: TAHOE-LAFS

**SECURE DISTRIBUTED STORAGE**

Tahoe-LAFS is a Free and Open decentralized cloud storage system. It distributes your data across multiple servers. Even if some of the servers fail or are taken over by an attacker, the entire file store continues to function correctly, preserving your privacy and security.

https://tahoe-lafs.org/trac/tahoe-lafs

Case Study 2: Freedom Box

What is FreedomBox?

● Email and telecommunications that protects privacy and resists eavesdropping

● A publishing platform that resists oppression and censorship.

● An organizing tool for democratic activists in hostile regimes.

● An emergency communication network in times of crisis.

●

http://freedomboxfoundation.org/learn/

Case Study 3: Occupy Here

Each Occupy.here router is a LAN island in an archipelago of affiliated

websites.

Anyone within range of an Occupy.here wifi router, with a web-capable smartphone or laptop, can join the

network “OCCUPY.HERE,” load the locally-hosted website http://occupy.here, and use the message board to

connect with other users nearby. The open source forum software offers a simple, mobile-friendly

interface where users can share messages and files.

http://occupyhere.org/

Case Study 4: Guifi.net

guifi.net is a telecommunications network, is open, free and neutral because is built through a peer to peer agreement where everyone can join the network by providing his connection, and therefore, extending the network and gaining connectivity to all.

https://guifi.net/en

Case Study 5: Saravá & Espiv

- Political tech group working in Brasil & Greece- Run autonomous servers in universities, teaches students and academics how to write projects that require -- and sometimes even getfunding to pay for -- autonomous servers

https://wiki.sarava.org/Estudos/Estudos?from=Main.HomePage

https://espiv.net/

Case Study 6: Riseup and

Autistici/Inventati

Collectives providing email and VPN services to activists.

Models do not involve remote storage due to server limitations, but in the future this is an arrangement that could be imagined.

https://help.riseup.net/

http://www.autistici.org/en/index.html

CASE STUDY 7 : URBITThe user of the future will fly her own computer. She will own and control her own identity and

her own data. She will even host her own apps. She will not be part of someone else's Big Data.

She will be her own Little Data. Unless she's a really severe geek, she will pay some service to

store and execute her Urbit ship - but she can move it anywhere else, anytime, for the cost of

the bandwidth.

A user can't manage a general-purpose computer unless she basically understands what it's doing.

She may not be a programmer, but she needs at least a rough mental model of her computer's

state.

A personal computer has to be a *simple* computer. This is why we built a new system software

stack from scratch, with the goal of bringing it in under 10,000 lines of code. Urbit is about

50% over this complexity budget, but nobody's perfect.

http://doc.urbit.org/

Natalie Schmid - Into the Future

Questions?