Home > Archive >  2008 >  January >  1


It's a security issue, folks

Tuesday, January 01, 2008 by Dave Winer.

A picture named tramp.jpgIn 1980, I signed a deal with a company to market a product I was developing. The contract required me to turn over the source code, which I did. One day I went to a meeting at the office of the company, and there on the product manager's desk, next to a door that opened to the outside, was a floppy labeled "Dave Winer's source code" in big letters.  Permalink to this paragraph

If you own a Mac you may soon find out what that felt like. Permalink to this paragraph

It's amazing to me that the tech blogosphere doesn't treat Apple's policy re broken hard disks as the huge gaping security hole that it is.  Permalink to this paragraph

Think about it. We worry about bad people getting their hands on little pieces of data that, when added together, give them the power to be us in banking and credit transactions.  Permalink to this paragraph

Think about what you would do if your laptop was stolen. Permalink to this paragraph

Well, if you own a Mac and its hard disk goes bad, and you make the mistake of bringing it to Apple for service, you will turn over all that data to Apple. Not "may" or "might" but "will." What Apple in turn does with that data is none of your affair. They don't sign anything or offer any guarantees that they won't sell the disk to a data miner. Think it can't happen or that it's unlikely? I don't gain much comfort from your feeling of security. Permalink to this paragraph

I've been writing about this issue since December 22. Usually when I write something critical of Apple, the results are mixed. Some people are supportive, but far more people attack. This time the ratio is very different. Almost everyone who has commented gets that there's a huge problem here.  Permalink to this paragraph

Some say that other vendors do this too. That gives me less comfort, not more. That means there's no escaping this crazy way of treating user's confidentiality. Ultimately it hurts the vendors because people can't use their computers for things the manufacturers say we can.  Permalink to this paragraph

Further, it's got to be an issue for the banks, brokerage firms, credit agencies. If you are a newspaper and you employ reporters and they use a computer, how exactly are you guarding the confidentiality of your sources? If you're a confidential source, don't you have an interest when the reporter gives their computer manufacturer all their data to do with as they please? Permalink to this paragraph

Imagine what you would do if it turned out there was a bug in a Netgear or Linksys router that allowed, under special circumstances, a mailicous person to gain access to the full content of your hard disk at any time. Would you have a problem with that? Permalink to this paragraph

This is worse than Microsoft's neglect of malware that got me to stop using their computers. In that case it was Microsoft being neglegent. This time Apple itself is the source of the problem. It's as if they planted a virus in their operating system that entitled them, under special circumstances, completely out of your control, to gain access to everything on your disk, with as much time as they want, with no way for you to prevent or even detect the intrusion.  Permalink to this paragraph

See also: My letter to Steve JobsPermalink to this paragraph

Re yesterday's post, Apple does not have a store in Shanghai. I assume the customer is sincere, he thought he was at an Apple-owned store. Here's a picture of the place he probably went to. BTW, I'm 100-percent sure that the store in Emeryville is owned by Apple. You can find it on Apple's store website.  Permalink to this paragraph

Cole: "Apple sent me my new hard drive and instructions stating that I had to send the old one back within 10 days to avoid being charged $250." Permalink to this paragraph

Chuck Shotton says that Apple used to return failed drives with sensitive data for an additional cost. Permalink to this paragraph




     

Recent stories:


A picture named dave.jpgDave Winer, 53, pioneered the development of weblogs, syndication (RSS), podcasting, outlining, and web content management software; former contributing editor at Wired Magazine, research fellow at Harvard Law School, entrepreneur, and investor in web media companies. A native New Yorker, he received a Master's in Computer Science from the University of Wisconsin, a Bachelor's in Mathematics from Tulane University and currently lives in Berkeley, California.

"The protoblogger." - NY Times.

"The father of modern-day content distribution." - PC World.

One of BusinessWeek's 25 Most Influential People on the Web.

"Helped popularize blogging, podcasting and RSS." - Time.

"The father of blogging and RSS." - BBC.

"RSS was born in 1997 out of the confluence of Dave Winer's 'Really Simple Syndication' technology, used to push out blog updates, and Netscape's 'Rich Site Summary', which allowed users to create custom Netscape home pages with regularly updated data flows." - Tim O'Reilly.

Dave Winer Mailto icon


My most recent trivia on Twitter.

I'm a California voter for Obama.



© Copyright 1994-2008 Dave Winer Mailto icon.

Last update: 10/20/2008; 8:22:33 AM Pacific. "It's even worse than it appears."

Click here to view blogs commenting on  RSS 2.0 feed.