Wednesday, August 10, 2011

Trust is not easy

How do I convince people to trust resumendation.com?

I need to convince individuals that we can be trusted with their identity, and that we will respect their anonymity. I need to convince professors who write confidential recommendations that we can be trusted to keep the recommendations confidential. And finally, I need to convince academic institutions to trust our confidential recommendations.

That is a whole lot of trust that needs to be generated.

The first one, trusting resumendation.com to respect your anonymity is relatively easy. We decided to rely on the basic principle of "You can't compromise what you don't have." We are not asking to trust our programmers, or administrators. We are not even asking to trust our data security procedures or our infrastructure. We simply do not know who the anonymous individuals are, therefore we cannot compromise their anonymity.

So the logical argument is solid, but will it be enough? I do not believe trust is created via logic. Trust is deeply personal and it happens in our guts. Creating trust was one of the reasons why I decided to write this blog. I hope that me being completely truthful and transparent will add to our website's trustworthiness. I guess that we will need to be patient and see how it goes.

Convincing professors that our confidential recommendations are indeed confidential is a whole different issue. We have the recommendation, so we can no longer rely on "You can't compromise what you don't have." Here we need to rely on identity management and solid security practices. I have many years of experience with data security, encryption and authentication. I created encryption algorithms and key generators. My technical track record is fairly impressive when it comes to data security. So, my decision to not even try to create a secure system was surprising to my colleagues. Let me try to explain. Security is tricky. How do you create a lock that cannot be picked? And when you create one, how can you be sure? Do you trust a lock that was never successfully picked in ten years? It really depends on who was trying to pick it. If your "secure" lock was never seriously attacked then it may not really be secure even after fifty years of successful use.

As a programmer, I love creating stuff from scratch. Most of my programmer friends are like that too. It is so much fun to make things your way, just as you like it, exactly the way you believe it should be done. However, when it comes to data security, making things your way is usually not a good idea. I have met programmers who believe in security through obscurity. The jury is in on that one - it does not work. When it comes to data security - stick to peer reviewed algorithms and well tested implementations.

I decided to stick with Microsoft .NET infrastructure for handling user authentication and session management. This way I know that it was hacked millions of times, all over the world, by some of the best (worst?) hackers and a rather large team is constantly working to improve it. May be it is the best possible solution available and may it it is not. But it is a constantly improving solution and that makes it better than anything I would have created myself. There is just no way that my solution would be tempered with as much as one created by Microsoft, or any other major vendor, and used by millions.

No comments:

Post a Comment