Home > All, Security Issues > There are no absolutes in security

There are no absolutes in security

I’ve had a comment on my latest Dropbox post (Is it safe to carry on using Dropbox (post Prism)? Yes and No: Part III) that I have rejected. This is a very heavily moderated blog, but I thought I’d explain why I rejected this one.

The comment started by saying, “As Dropbox stands today on its own, yes, completely agree that there is the *possibility* of your data being “looked in on” by people without your knowledge or permission.” It then added, “However, there are 3rd party services out there like xyznnn (www.xyznnn.com) that are completely tapproof, i.e. YOU hold the keys, not Dropbox or the 3rd party vendor. Meaning that your data cannot be accessed without you knowing about it. Read more in this blog post: xyznnn.”

It was, naturally, submitted by a member of the marketing department of the xyznnn company; so it is absolutely an attempt at advertising to the readers of this blog. That, in itself, is not enough for me to reject it. If such a comment adds value to the subject or will genuinely help the reader, I will still generally allow it.

But this one is flatly wrong. First of all, never trust anyone who says or implies that any security is unbreakable. In fact, if anyone says that, you can begin to distrust their understanding of security. So, rather than helping the readers, I consider claims such as “completely tapproof” and “your data cannot be accessed” to be misleading and potentially dangerous.

I will not knowingly help promote products that make what I consider to be statements verging on hyperbole and are fundamentally inaccurate — there are simply no absolutes in security. And that is why this particular comment was rejected.

Categories: All, Security Issues
  1. August 20, 2013 at 2:14 pm

    Should you not have edited the comment (removing the link), approved it and then shamed said ‘marketer’ with a head-on response in the comment thread?

    Also interested to know how would you define the concept of security?



    • August 20, 2013 at 2:54 pm

      I don’t think so. What you suggest I do is more or less what I’ve done here. But the issue – using third-party blogs to get free advertising for your products – has nothing to do with the Dropbox article, so should be kept separate. Hence this separate post.

      I don’t think I could shame the company concerned without naming it – and that would be providing the free advertising it was seeking. And for what it is worth, I do not blame the marketer for attempting to do his (or her) job; just as I hope he (or she) doesn’t blame me for doing mine.

      Finally, security is basically the maintenance of the availability, integrity and confidentiality of data; and all things associated with achieving this. But if you disagree, I’m not going to argue.


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s