France's new data retention law requires online service providers to retain databases of their users' addresses, real names and passwords, and to supply these to police on demand. Leaving aside the risk of retaining all this personal information (identity thieves, stalkers, etc -- that which isn't stored can't be stolen and leaked), there's the risk of requiring providers to store unhashed passwords, as Bruce Schneier points out.
Well-designed systems don't store passwords; rather, they take the password you supply and run it through a cryptographic hashing algorithm that turns it into another string (in theory, this string can't be turned back into the password). When you re-visit the website and supply your password, it is run through the algorithm again, and then the result is compared to the stored version. That way, no one -- not even the provider -- knows your password (except you). Again, that which isn't stored can't be leaked. Requiring French online services to keep a record of unhashed passwords is a reversal of decades of best practices in security.
The law obliges a range of e-commerce sites, video and music services and webmail providers to keep a host of data on customers.
Net giants challenge French data law
This includes users' full names, postal addresses, telephone numbers and passwords. The data must be handed over to the authorities if demanded.
Police, the fraud office, customs, tax and social security bodies will all have the right of access.
MIT Tech Review's Antonio Regalado rounds up the year's stupidest, worst moments in tech, from the guy who created his own CRISPR-based gene therapy to beef up his muscles and injected it to Donald Trump's Twitter feed to the FCC's Net Neutrality catastrophe. Of course, Juicero rates a mention.
Pundits suggest the “Weinstein moment” — a broader, deeper awareness of abusive conduct, sexual harassment and criminal sexuality — is already fading without significant change. Few of the offenders face consequences worse than losing a gig, and yesterday we learned The New York Times isn’t even up to that, letting its celebrity groper keep his […]
Webflow’s history of the web is a Bayeaux Tapestry of obsolete virtues and current vices, a superimposition of new and old bad things. It’s a clever and very 2017 way to market a web design app that lets normal people keep making worthwhile mistakes on the web — a gateway to free expression — as […]
Trains may not be the most popular means of conveyance nowadays, but chances are you grew up playing with toy trains or building a model set to wrap around the Christmas tree. In either case, it’s safe to say that locomotives have long carried a unique sense of awe and scale, especially when they’re hundreds […]
When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]
For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]