This document discusses password security and remote cloud storage options. It begins with a brief history of passwords and how they unlock interfaces. It then provides tips for choosing strong passwords and using password managers. The document also discusses demanding encryption and knowing what data companies store from users. Several open source cloud storage case studies are presented as alternatives to corporate cloud services, such as Tahoe-LAFS, Freedom Box, Occupy Here, Guifi.net, and Urbit. The future of storage is discussed as moving away from remote cloud models towards more distributed and user-controlled options.

1. Open Source Conference Albania
Tactical Technology Collective
10 May 2015

2. PASSWORDS FOR THE CLOUD

3. Password
YOU DATA

4. A BRIEF (PRE)HISTORY OF THE PASSWORD AND THE
INTERFACES IT UNLOCKED
https://spchumanities.files.wordpress.com/2012/11/05-12_aahqwsw0.jpg

5. Fernando Corbató
MIT CTSS
Time-sharing computer
Mid-1960s
http://www.wired.com/2012/01/computer-password/

6. Storage
Bryan Pearson, Storage Garage 5
Elliott Brown - Exercise Machines - Coventry
Use
vs

7. Zarko Drincic - Master Key
Linus Bohman - Keys.
Mike - Key
Richard G. - Keys
Keys
vs
Words

8. TANGENTIAL PSA:
NEVER STORE PLAINTEXT PASSWORDS

9. PASSWORD RECOVERY :
CASE STUDIES

10. And the failure thereof x 1…

11. And the failure thereof x 2…

12. SO: exploits are going to happen.
What can you DO as a user?
What should you DEMAND as a
user?

13. Do: PICK A GOOD PASSWORD

14. :( :( :( :(

15. Visual cues
Acrostics
Passphrases
!CuwmnW@uB1? - 12 chars
AreYouAlive?ITouchYou. - 22 chars
1C0v3rY0uW!thMyN3t - 18 chars
Wh@t@r3Y0uB@nd3d1? - 18 chars
Or make a password “MEMORY PALACE”

16. Do:
Use different passwords for different “types” of
accounts...

17. Do:
Use a password manager

18. Do:
Activate Two-Factor Auth when
possible

19. SECURING
THE
CLOUD

20. MUD PUDDLE TEST OF SECURITY
Josh Sullivan - Mud Puddle
MTSOFan - Cell Phone Shots

21. Do:
Encrypt your sensitive
files prior to
uploading

22. MOST IMPORTANTLY:
DO educate yourself
What is the cloud?
What is encryption?
-> ALLOWS YOU TO DECIDE:
What is important for YOU re security,
privacy

23. But wait!
This is NOT all on the
user.

24. Try this:
DEMAND to know what files are being
automatically uploaded to cloud
servers.

25. DEMAND correct password storage (hashes,
salts, peppers (!))

26. REFUSE to naturalize remote
cloud storage as the “logical”
end of owning or
generating data
(and while you’re at it, refuse the same thing for every
internet service)

27. A brief history of remote
“cloud” storage

28. WHAT IS THE FUTURE
-> NOT OF THE CLOUD AS
WE KNOW IT <-
BUT OF STORAGE?

29. CASE STUDY 1: TAHOE-LAFS
**SECURE DISTRIBUTED STORAGE**
Tahoe-LAFS is a Free and Open decentralized
cloud storage system. It distributes your data
across multiple servers. Even if some of the
servers fail or are taken over by an attacker,
the entire file store continues to function
correctly, preserving your privacy and security.
https://tahoe-lafs.org/trac/tahoe-lafs

30. Case Study 2: Freedom Box
What is FreedomBox?
● Email and telecommunications that protects privacy and resists eavesdropping
● A publishing platform that resists oppression and censorship.
● An organizing tool for democratic activists in hostile regimes.
● An emergency communication network in times of crisis.
●
http://freedomboxfoundation.org/learn/

31. Case Study 3: Occupy Here
Each Occupy.here router is a LAN island in an archipelago of affiliated
websites.
Anyone within range of an Occupy.here wifi router, with a web-capable smartphone or laptop, can join the
network “OCCUPY.HERE,” load the locally-hosted website http://occupy.here, and use the message board to
connect with other users nearby. The open source forum software offers a simple, mobile-friendly
interface where users can share messages and files.
http://occupyhere.org/

32. Case Study 4: Guifi.net
guifi.net is a telecommunications network, is open, free and
neutral because is built through a peer to peer agreement where
everyone can join the network by providing his connection, and
therefore, extending the network and gaining connectivity to
all.
https://guifi.net/en

33. Case Study 5: Saravá & Espiv
- Political tech group working in Brasil &
Greece
- Run autonomous servers in universities,
teaches students and academics how to write
projects that require -- and sometimes even get
funding to pay for -- autonomous servers
https://wiki.sarava.org/Estudos/Estudos?from=Main.HomePage
https://espiv.net/

34. Case Study 6: Riseup and
Autistici/Inventati
Collectives providing email and VPN services to activists.
Models do not involve remote storage due to server limitations,
but in the future this is an arrangement that could be imagined.
https://help.riseup.net/
http://www.autistici.org/en/index.html

35. CASE STUDY 7 : URBIT
The user of the future will fly her own computer. She will own and control her own identity and
her own data. She will even host her own apps. She will not be part of someone else's Big Data.
She will be her own Little Data. Unless she's a really severe geek, she will pay some service to
store and execute her Urbit ship - but she can move it anywhere else, anytime, for the cost of
the bandwidth.
A user can't manage a general-purpose computer unless she basically understands what it's doing.
She may not be a programmer, but she needs at least a rough mental model of her computer's
state.
A personal computer has to be a *simple* computer. This is why we built a new system software
stack from scratch, with the goal of bringing it in under 10,000 lines of code. Urbit is about
50% over this complexity budget, but nobody's perfect.
http://doc.urbit.org/

36. Questions?