|
>> Nevermind, I'll just use a vendor extension. Goodbye. That’s a very practical concern. If standard solutions are too hard to develop, then products will use proprietary solutions instead, and we will not have won
much defense against pervasive monitoring. I personally agree with the general idea that new developments should consider PM as part of the threat model. But Elliot makes a good point. In practice, the
good reviews don’t stop at negative advice, “don’t do this because the spooks will snoop.” The better reviews go on with “do this instead, it is almost as easy to use and it provides much better privacy.” It would be interesting to list the specific patterns that are most likely to trigger the “bad because of PM” comments, and to develop secure alternatives.
From what I see, there seems to be two big offenders, logs and configuration. So maybe we should develop a simple way to anonymize logs, and a secure way to get configuration data… -- Christian Huitema |