Profile cover photo
Profile photo
Ben Bader
90 followers
90 followers
About
Ben's posts

Post has attachment

Post has shared content
Some slightly longer form thoughts on Optimistic Encryption.

I used to often find myself in the position of advocating that a business or service enable TLS for its users.  That was a surprisingly hard case to make many times.   Consider a purely hypothetical example of a service for making reservations to play chess.  If I can do a Firesheep-style demo on this service and show how easy it is to attack their users passwords, sessions and rankings, that can be a powerful motivator.  

But if those kind of easy demos stop working because of optimistic encryption, in the bourgeois free countries where this company makes nearly all of its money, it's easy for them to convince themselves that OE is more than good enough to safeguard that relatively innocuous data.  

Except that service also has users in Syria, where being known to play chess with the wrong people can be an extrajudicial death sentence, or now in Uganda, result in imprisonment within the system of law if you happen to play chess with a known homosexual.  And the government is never merely a passive listener in those and many other countries.  

Those users don't show up on most companies' bottom lines.  It's hard to make the case to upgrade from OE to real TLS just for their sake.  

These are the real kinds of ways that OE fails, and the real decision processes that unfortunately happen.  If the choice is TLS or make all your customers vulnerable, TLS might get chosen.  If there is also the option to go with "free'" OE and leave only 0.1% are vulnerable, those users won't get protected.

Pretend encryption will tend to protect the powerful and the mainstream, but everyone deserves real encryption, and sometimes you have to make the vulnerability of the powerful easily apparent in order to protect the weak in the bargain.

Post has attachment
The Exhaustive Guide to Deploying to Clojars, or how to avoid four hours of headache getting your #clojure  library published.

Post has attachment
Animated Photo

Post has shared content
Congrats to my wonderful teammates - we did it!

Post has shared content
My UK audience will love this.
Photo

Post has shared content

Post has attachment
If ever there were something that could get me through a sluggish afternoon like this, a Blue Bottle espresso would be it.
Photo

Post has attachment
This has to be the coolest digital art project I've heard about in a long time! The notion of a video game as a holy artifact makes me happy in ways that I can't even explain.

Post has attachment
Improptu swing dancing at Davies Hall before the Symphony
Photo
Wait while more posts are being loaded