There are no absolutes in security
I’ve had a comment on my latest Dropbox post (Is it safe to carry on using Dropbox (post Prism)? Yes and No: Part III) that I have rejected. This is a very heavily moderated blog, but I thought I’d explain why I rejected this one.
The comment started by saying, “As Dropbox stands today on its own, yes, completely agree that there is the *possibility* of your data being “looked in on” by people without your knowledge or permission.” It then added, “However, there are 3rd party services out there like xyznnn (www.xyznnn.com) that are completely tapproof, i.e. YOU hold the keys, not Dropbox or the 3rd party vendor. Meaning that your data cannot be accessed without you knowing about it. Read more in this blog post: xyznnn.”
It was, naturally, submitted by a member of the marketing department of the xyznnn company; so it is absolutely an attempt at advertising to the readers of this blog. That, in itself, is not enough for me to reject it. If such a comment adds value to the subject or will genuinely help the reader, I will still generally allow it.
But this one is flatly wrong. First of all, never trust anyone who says or implies that any security is unbreakable. In fact, if anyone says that, you can begin to distrust their understanding of security. So, rather than helping the readers, I consider claims such as “completely tapproof” and “your data cannot be accessed” to be misleading and potentially dangerous.
I will not knowingly help promote products that make what I consider to be statements verging on hyperbole and are fundamentally inaccurate — there are simply no absolutes in security. And that is why this particular comment was rejected.