[erlang-questions] Twoorl: an open source Twitter clone

[Darren New]

Joe Armstrong wrote:
 >> Yes and no - security against legal attacks depends on the 
information being
 >> deleted (irrecoverable) after a certain point.
 >
 > If the man in the middle took all your data then deleting the data is
 > irrelevant - anyway most attacks
 > are illegal

For MITM to work, the man has to be in the middle when the message is 
sent. If you save things forever on your server, you present years worth 
of potential value to anyone who breaks into your server.

This is exactly why your credit card has those three or four extra 
printed digits on it. Merchants are contractually disallowed from 
storing those longer than it takes to process the transaction, so anyone 
who breaks into the server afterwards will be unable to use those cards 
without the company doing additional checking.

This is why sshd changes its keys every few hours - old streams recorded 
by attackers become unbreakable even if they manage to break into the 
server.

I believe a "legal" attack was meant to imply a subpoena. Mr Gates, for 
example, was quite brutalized by email messages he had written years 
earlier that would not have been available to his detractors had he a 
policy of purging any emails more than a few months old.

Encrypting the data only helps if the court is unable to compel you to 
decrypt the data. And if the system is processing it, it must be 
decrypted, so a hacker is going to be able to see it anyway.

-- 
   Darren New / San Diego, CA, USA (PST)
     "That's pretty. Where's that?"
          "It's the Age of Channelwood."
     "We should go there on vacation some time."