About personal data security

[this is a repost of my answer to someone who wondered about security of personal data on Ulteo forums]

Let me explain my way of thinking about this issue.

At first, let’s assume that data integrity and confidentiality are the two needed requirements:

  • we want to be able to retrieve data, as long as we need it, whatever happens on the earth (bombs, earthquakes…)
  • we want to ensure that no one but authorized people can read the data, use it or modify it


Now there are different cases. Let’s take these two cases to simplify:

  1. your personal data : most of time they are stored on your computer. As a result, they are totally unsafe for several reasons: someone can break into your computer and steal your data, or you can be stolen your harddrive (laptop), or your house can go into fire etc. A slightly different case is your online data. For instance, Gmail, Yahoo! mail etc. They won’t guarantee anything but “doing the best” to secure the data. It means that it’s likely that they have advanced security systems (but who knows), that they have redundant servers around the planet etc. So, it’s more likely that your data get more secured if they are stored online in this case. Anyway, they are not really confidential: Gmail reads your emails to generate ads for instance. Additionally, it happens that they close accounts, for any reason. I know people who got their Yahoo! mail account closed because the Terms of Services weren’t respected (without any further detail). Later, they were unable to get in touch with someone at Yahoo! to get it back and lost all emails. Maybe in some cases that’s a bug. Worse: laws permit that your data can get accessed by government agencies anytime for any “good reason” (as far as I know that’s the case for Google in the USA and Blackberry in the UK). So there is still a risk to have your data vanish in the air, even if they are stored online on a big service.
  2. data within a corporation (ie “sensitive data”). Here, everything depends on the corporate’s policy about data security. Most of the time, I think there is a good level of integrity for the data, assumed that there are mechanisms to get the data replicated to other geographical places for instance. Confidentiality is certainly worse because security cannot be perfect, and also because many people within corporates use Gmail, Blackberry and other services intensively, apparently even for sensitive transactions/discussions. This is a real (known) issue for strategic corporations that need a high level of confidentiality.

Now, what I think, is that the key answer to data integrity and confidentiality is:

  • redundancy to address the integrity problem
  • heavy encryption to address confidentiality


For instance, with tools such as GPG and Thunderbird Enigmail (which are provided and installed by default on Ulteo), you can encrypt your sensitive emails very easily. The only constraint is that you first need to import your receiver public key first, but that needs to be done only once. Then, all you need to do is to select “encrypt message” when writing your email. With a 2048 or 4096 bits encryption key, this even removes the need to have any security or encryption “on the line” (TLS, SSL…).

In this case you can even add a personal gmail account in CC: as a safe backup! You won’t be able to read the email content within Gmail, but if you happen to need it, you can retrieve the email and decrypt it locally. And Gmail won’t be able to read the content of these archives in any way.

In the same spirit, Ulteo also integrates the Kopete “Silc” plugin that provides a totally secured IRC chat.

Now, there is the question of data that are stored at Ulteo. Right now, I can’t tell you more that “we’re doing our best to secure your data”. This means security measures on servers, and replication. But I agree that it’s not an ultimate solution.

We plan to provide an encryption feature that would permit us (and you) to store *only* encrypted data, that could be used/decrypted only by the owner of the data, using his credentials.

In this case, you would have a local secured directory where you could put all your sensitive data, and this would be the same on Ulteo online services. So in the bad case where you would be stolen your harddrive, or in the case Ulteo servers would be cracked, nobody but you couldn’t read your secured data.

Gaël.

Two coffees with Ladislav

ladislavbodnar.jpgToday, I’ve spent some time meeting with Ladislav Bodnar. Ladislav is the (nice) guy behind distrowatch.com!, a reference Linux website, one of the biggest and certainly one of the nicest ones. Ladislav was coming from Tapei, Taiwan for two days in Paris. I didn’t dare tasting his nice present yet, a kind of litchy-candies under a plastic film, because everything is written in (traditionnal) Chinese and I’m so blind about Asian languages. But tomorrow I will do, for sure. Will keep you updated.

What a rush!!

The Ulteo main web server is experiencing a big, big, rush. It’s been under an heavy load for two days, and of course, page loading is sometimes slower than expected… We have performed urgency tasks, such as moving static stuff to other servers, but the rush is really too big. That’s the Slashdot effect, which is not turning into a too bad situation because our servers have a good connectivity and still answers… Of course we’re planning to switch to bigger servers, with some redundancy, but this will of course take a few days. So, be patient, register and come back later if you don’t succeed to launch a session or don’t want to wait… Apologizes for that situation, but we didn’t expect a so big and explosive rush…

Gaël.

P S and we are also reading all your warm emails! It seems that you like it, and we are going to make it still better, with some stuff that you do not even expect…

Today is the day. For a premiere

Last days have been extremely busy with the finalization of a partnership of Ulteo with  a major Open Source organization. Their software can soon be accessed through the Ulteo Online Desktop in one click, without any download or installation. Finally some publicly available stuff 😉 Stay tuned! And I can’t wait the release of the V2 of this stuff which has been under heavy development internally for several months.

iPhone SIM unlock, done

I thought I would wait for a couple of weeks more, but when I read this unlocking tutorial, I really couldn’t resist any longer! It took me about 30 minutes to unlock, but that was very easy because all the software is provided and the procedure is very clear. The unlocking tools that have been released are really awesome, in particular iBrick and the installer are very convenient and impressive. For those who are going to do it and had already unlocked it (just unlock, no SIM-unlocked), I’d recommend to:

  • uninstall iTunes
  • reinstall iTunes (from old version 7.3)

Then, remove the AT&T SIM, and start by restoring the iPhone from iTunes (follow the tutorial). Beware that during the restore process, you are going to lose all your pics, and other configuration stuff stored on your iPhone.

Just before you can really SIM-unlock it, you’ll have the thrill to ssh into your iPhone:

[gael@spoon]$ ssh root@iphone
root@iphone’s password:
Last login: Sat Sep 15 13:28:49 2007 from spoon

# ls
Library Media
# ls /
Applications Library System bin cores dev etc mach private sbin tmp usr var

Ain’t it cool? Then on your iPhone, you can easily install some great software, including a VT100 emulator which is very convenient to connect to your PCs through the net, and many others. First time I can put a real PC in my pocket 🙂 SIM-unlock went flawlessly (Tele2/Orange SIM) and I can use SMS without any issue. I had to sync my old Nokia’s contact book to Outlook Express, and then exported them to the iPhone through iTunes.

A few pics…

iphone1.jpg

This shows that the iPhone handles the GSM carrier, and all the available apps.

iphone2.jpg

This shows the software manager within the unlocked iPhone.

iphone3.jpg

You can easily use common cmd-line tools (ping, ssh, grep…) from a VT emulator.

Udate / Sept 17th, 2007: I also can use EDGE very easily, but be very careful with this option if you don’t have a special data-option! By default with Tele2 carrier, for maybe 15 minutes of cumulated use , I got 8.5MB transferred for a total cost of… 130 euros! That’s a shame, so I wouldn’t recommend use EDGE with a regular cell subscription service. Check with your carrier!

More hardware supported under Linux than under Vista

According to some experience we have had with Vista it really seems that Linux is currently supporting more hardware than Vista does. For instance, we have a motherboard that officially supports Vista but that doesn’t have any driver available for its onboard network card, which means that you cannot access Internet with Vista on this machine (not a problem under Ulteo!). Another example is a USB Wifi key that is not supported under Vista…

Ulteo Online desktop close to beta!

Good news: we have entered a pre-beta stage for the Ulteo online desktop. This means that a few hundreds people have already been granted access to the early beta version. Then we will progressively add more users, and this will lead to a publicly open Online Desktop soon! Of course this is only the first part of the whole Ulteo architecture, but believe me, the rest is also very exciting 🙂 Stay tuned…

iPhone again

Apple iPhoneAs many of you have certainly already noticed, the iPhone makes a lot of buzz. Last news is that since yesterday, they cut the price by 33%! Not a joke, not an April fool, not even a September 5th fool. They (Jobs and his crew) want it to be a more attractive phone choice for the masses. There is a long way to go for sure 🙂 Anyway, I’m really enjoying the iPhone. Even for getting me awaken on the morning, I enjoy the bells or harp sounds, and it’s very convenient to be able to set several alarm clocks profiles, since I’ve got two typical kinds of weeks as for waking up time. Recent news about the iPhone also include that now you can use it with any SIM in the world but you have to crack it either by using an expensive SIM flashing method, or use soldering. In both cases, I’m happy enough with Wifi use for now with the iPhone. _one or two_ things I dislike in the iPhone though… First of all the Wifi is not that stable. It eventually loses the carrier, which forces you to restart it (not completely though). What else… ah yes, a _very_ Appleish annoying thing (besides the AT&T joke): I’ve not found any way (but jail-break + ssh) to save some MP3s within the iPhone! No other official way of doing that but iTunes. You can’t save email attachments, you can’t save web files locally. You will only be able to play it for the latter. This is quite an idiot behaviour. Same for pictures. The iPhone is great, but could be better, for sure.

Anwiki, best multilingual Wiki/CMS ever

When I started the first Mandrake Linux website in 1998, it became multilingual very quickly, because many people liked to contribute their own language. For sure, not everybody can read and speak English! Just before it disapeared, in 2005, mandrakelinux.com was supporting fully 15 different languages, helped by a great team of contributing translators. Anyway, that was difficult to maintain because we had not the right tool, and maintaining a website with several languages is very different from localizing software, because content is constantly changing. During the time mandriva.com was revamped (was not looking “professionnal enough”), I had the chance to meet a really promising and friendly guy, Antoine Walter, who joined later to help on Ulteo web development. He eventually told me that he was working on a new multilingual wiki-CMS called AnWiki. When he showed me the first demos, I was very impressed and I asked him if we could use  AnWiki for ulteo.com: many people were asking to get localized content and we couldn’t do it easily because no tool was powerful enough for that. After one year of hard work and discussions about features, Antoine has finally released a first beta engine for the Ulteo.com website and we’re using it in production now. Antoine will decide when he’s going to release the AnWiki to the world, but stay tune with this project: it has awesome features, awesome ways to edit translations. That’s something nobody has never seen before and I’m very confident it’s going to have a brilliant future. Thanks to Antoine for this great achievement, and long-life to AnWiki!