Thursday, August 20, 2015

Ashley Madison, Venmo, and the Reality of Encryption

Of course your information is safe...

I can't help but get frustrated with friends and acquaintances who refuse to download the mobile payment app Venmo. It's been out for a few years now, it's owned by PayPal (a trusted online payment Source) and it makes transferring money between friends unbelievably easy. One could say I'm a bit of a Venmo evangelist, rolling my eyes at people who don't have it yet and grabbing their phones out of their hands so I can log on to the App Store and install it on their phone. I've even gone as far as to accuse people of being sketchy for not wanting to download and use the app. I know that sounds horrible, but I used to jump to conclusions:

"Is there something I don't know about this person? Why wouldn't they want to make their life easier? They really don't want to attach a bank account? Is that because they only deal in cash? And if they do, are they involved in something illegal? Everything is done online, why don't you trust this massive payment conglomerate? Sign away you life!!!"

Apparently I'm obsessed with technology (and willing to put my bank account in harms way). I spend a lot of my free time browsing Product Hunt for the latest and greatest products, that 99% of the time, have been enhanced with software (or they're pure SaaS, web apps etc). I plan on spending many early morning and late evenings writing about the companies I discover on Product Hunt. I think it's one of the best websites in the world and everyone should take some time to download the Panda 4 Chrome extension so they can be tapped into Product Hunt every time they open a new tab (and the many other sources that Panda 4 makes available).

So why won't my friends use Venmo? 

The lasted privacy breach that's effected Ashley Madison and its users reminds us that none of us are safe. Even when the entire business model of a company we are entrusting is based on privacy and secrecy.

This seems to happen every few months now. And even though the tweet from Business Insider Tech above callously reminds us that this breach is one of the smaller ones, the graph lacks context. The context is: How many people in America are even married anymore? The world? And of those, some ~30 million are cheating?! I digress, this is an entirely other conversation all in of itself, so let's move on (stop cheating, just break up).

I was still curious about how a business that sells anonymity could let such a horrible thing happen to it's customers. And could something like this happen to me? Could my Venmo account be just as easily hacked? This lead me to ask the smartest computer programmer I know about privacy, security, and encryption.

What he had to say might surprise you. Maybe not.

Ashley Madison Logo

Everything is hackable. Encryption is essential an extremely complex mathematical equation that can be cracked over time. The idea is that the equations are so complex and advanced, that they would take other computers more than a human lifetime to break. But of course, this does not account for Moore's Law. The layers of security that a system has will determine how well something is protected, but he told me that ultimately the final layers are really just warning systems that notify the business someone is hacking in and it's time to pull the plug. 

"It's safe to assume that anything connected to a network can be exploited."

Interesting side note: He told me how terrorist would use email accounts as digital drop boxes, logging in and writing emails but never sending them, saving them as drafts instead and passing along the login info so others could sign in from different locations and read the messages. Apparently this worked for a while...and when you think about it, might be a better way to cheat on your significant other than using Ashley Madison.

So, maybe, the reality is just that Ashley Madison was never protected enough in the first place. A reminder to those considering entering the tech space that security is only becoming more important. Make sure you hire a good security dev. And for those that are looking for new ventures, cyber security is HOT right now. Government contracts, big seed rounds, if you can develop a user friendly way to distribute online identity verification in a new and relevant way you might be able to make a LOT of money. I know from experience during my time at, an online marketplace connecting shoppers with local business owners, identity verification was always something we struggled with. People will go to insane lengths to try and "hack" the system.

But I'm not a cheater...

I'm not worried about getting caught on Ashley Madison, I'm not even married. But my bank account? That's an entirely different situation all together. 

I did some research and went over to Venmo's website to check out what they had to say about their security. To be honest, it was the same type of verbage I seem to see everywhere: 

"Venmo uses bank grade security systems and data encryption to protect you and guard against any unauthorized transactions and access to your personal or financial information. If you suspect that there has been any unauthorized activity on your account, please contact us immediately at—we’re here to help."
Okay, so #1, what are "bank grade security systems" and why are they so much better than whatever Ashley Madison had? #2, notice that last part of the statement? "If you suspect that there has been any unauthorized activity on your account..." So you're telling me Venmo could get hacked?

Now I realize I'm playing devil's advocate, I trust Venmo and our bank grade security systems enough to use them. But these 'alleged' hacks from China who have apparently stolen government information coupled with the string of breaches to private companies are making me rethink my laissez-faire attitude when it comes to the storage of my digital coin.

I'm going to do more research and dig into some videos that I'll share with you later, but in the meantime, I'll just go ahead and leave this here:

Laws of Physics Say Quantum Cryptography Is Unhackable. It’s Not

What are your thoughts/feelings about using services like Venmo? Do you feel like your information is safe? Or have you just given up and given in? Assuming that eventually all of your information will be public anyways...

Interested to hear others thoughts :)

No comments:

Post a Comment