Overlapping/conflicting badges? #80

New Issue

Open

opened 2023-04-09 22:20:03 +00:00 by samsapti · 1 comment

samsapti commented

2023-04-09 22:20:03 +00:00

Owner

The badges encrypted_storage and zero_knowledge seem to overlap. For encrypted_storage, I can't really think of any service where data is encrypted in a way where sysadmins can decrypt the data, so it's essentially just zero-knowledge if data is encrypted (as is the case for Passit and PrivateBin).

However, it WOULD be the case if fx. we enabled server-side encryption in Nextcloud, but then the encryption/decryption key is stored on the server as well, so a cyberattack/data breach would leak the key too. Other than that, I can't think of anything where the badge, as it's currently described, applies. We do have plenty of services where zero_knowledge applies however.

What do you think?

CC: @benjaoming @decibyte @halfd @reynir @valberg

The badges `encrypted_storage` and `zero_knowledge` seem to overlap. For `encrypted_storage`, I can't really think of any service where data is encrypted in a way where sysadmins can decrypt the data, so it's essentially just zero-knowledge if data is encrypted (as is the case for Passit and PrivateBin). However, it WOULD be the case if fx. we enabled server-side encryption in Nextcloud, but then the encryption/decryption key is stored on the server as well, so a cyberattack/data breach would leak the key too. Other than that, I can't think of anything where the badge, as it's currently described, applies. We do have plenty of services where `zero_knowledge` applies however. What do you think? CC: @benjaoming @decibyte @halfd @reynir @valberg

samsapti added the

new-website

label 2023-04-09 22:20:03 +00:00

samsapti added a new dependency 2023-04-09 22:22:54 +00:00

#79 Update badge descriptions (Danish)

samsapti referenced this issue

2023-04-09 22:23:12 +00:00

Update badge descriptions (Danish) #79

samsapti added reference new

2023-04-09 22:23:31 +00:00

benjaoming referenced this issue

2023-04-10 10:16:24 +00:00

Update badge descriptions (Danish) #79

samsapti removed a dependency 2023-04-10 15:10:32 +00:00

#79 Update badge descriptions (Danish)

benjaoming commented

2023-04-15 21:31:16 +00:00

Owner

In order to educate and advance knowledge of how services work, I think it's nice to be able to articulate both:

You may be able to use an encrypted service that doesn't fall into the hands of cyber attackers, unless the sysadmins/hardware are also compromised.
You may be able to run an even MORE encrypted service at the cost of being 100% responsible for the encryption yourself.

Does the distinction make sense? I think your example of Nextcloud is good.

In order to educate and advance knowledge of how services work, I think it's nice to be able to articulate both: - You may be able to use an encrypted service that doesn't fall into the hands of cyber attackers, unless the sysadmins/hardware are also compromised. - You may be able to run an even MORE encrypted service at the cost of being 100% responsible for the encryption yourself. Does the distinction make sense? I think your example of Nextcloud is good.

benjaoming removed the

new-website

label 2023-06-04 21:46:55 +00:00

No Label

new-website

No Milestone

No Assignees

2 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: data.coop/website#80

No description provided.