Truly secure online outliners

Posted by 22111
Dec 15, 2014 at 01:52 PM

Kudos and thank you to both participants, it’s so refreshing to learn something new here!

Upon Dan’s description of full-text search just by hashes, I had been highly sceptical, and Neville’s reply confirmed my disbelief; on the other hand, Dan gave a highly-convincing description WHY cloud is so important nowadays, even for big corporations (cf. SAP and other providers trying to “give it to them”, in spite of their original concepts being quite different and even quite irreconcilable).

Just a note: Neville’s “big corporations” should of course be read, “any corporation which has some data in their hand that could cause real harm to them if it got divulged into (specific) third parties’ hands” (and this includes the NSA nowadays which to commercial spying upon European corporations, big and small, in order to transfer European know-how to (selected?) U.S. corporations), and I’m sure Neville meant “corporations who have got something worthwile in their hands”, and not only really big corporations (his own business currently being the perfect example of small players also doing non-standard things).

Now who’s right, then? Well, I see two factors:

Dan speaks of full text search, but the examples he gives have quite another resonance with me: I suppose most (or all?) of the data that is processed / available in the systems he describes would be db stuff, i.e. more or less standardized db records content, and for processing / searching means, that’s obviously not identical, not even similar ; I suppose Dan might be partially mistaken, either about those availability issues, which might be different, or then, much more probable, the softwares in question simply treat “standardized” data on higher levels of security (because there, my assumption, more secure treatment is possible, see below), whilst some “full text” parts have been decided to be treated with less security demands (a (presumed) decision which would of course highly facilitate the respective treatment that specific data gets), all the less so since the analysts having decided this way (again, all my speculations only), might have judged that (less secure) full text / details data, by their repartition the data into specific, standardized fields mainly, the full text “details” will not be “attributable” to the specific person in question, will hence be “worthless”, technically “orphaned” - of course, that would be subject, in some cases, to additional information some authorized person would include in these fields (additionally), instead of (just) entering that “identification-giving-way” info just into the designated fields; of course, it would be envisionable to have some monitoring, i.e. subroutines checking during input for the name of the person, their date of birth, and other “sensitive” / potentielly “dangerous” data, and which could minimize the risk of creating “self-contained risk perpetrators” within those “full text” fields; it goes without saying that such risk minimization for such less-secured info is also highly dependent of the matter in question, both bank and medical data being obviously quite suited to such differential treatment, whilst technical secrets, e.g. (i.e. before the publication, i.e. the patents) are very worthwhile to spy on even without knowing the (future) patent holder; also, to mention the technical level again, I could imagine longer passwords, of which just some part could be “communicated” to the (specialized) cloud server provider, and by which they would do the encryption for those “full text search” parts of the data, whilst the “core” part of the encryption key would remain unknown to them.

And finally, the second factor I see is, Dan speaks of “industries” where there is plenty of money, and thus plenty of know-how and man-power both for devising and for researching things, and they will certainly not share their respective findings with the rest of us - which means they might have found solutions, here and elsewhere, and running them, we do not even think of.

Go on, please, I’m eagerly listening, for once!