France's new data retention law requires online service providers to retain databases of their users' addresses, real names and passwords, and to supply these to police on demand. Leaving aside the risk of retaining all this personal information (identity thieves, stalkers, etc -- that which isn't stored can't be stolen and leaked), there's the risk of requiring providers to store unhashed passwords, as Bruce Schneier points out.
Well-designed systems don't store passwords; rather, they take the password you supply and run it through a cryptographic hashing algorithm that turns it into another string (in theory, this string can't be turned back into the password). When you re-visit the website and supply your password, it is run through the algorithm again, and then the result is compared to the stored version. That way, no one -- not even the provider -- knows your password (except you). Again, that which isn't stored can't be leaked. Requiring French online services to keep a record of unhashed passwords is a reversal of decades of best practices in security.
The law obliges a range of e-commerce sites, video and music services and webmail providers to keep a host of data on customers.
This includes users' full names, postal addresses, telephone numbers and passwords. The data must be handed over to the authorities if demanded.
Police, the fraud office, customs, tax and social security bodies will all have the right of access.
Net giants challenge French data law
Most Facebook users have no idea how the company tracks and profiles everything they do to target ads, a new Pew Research study confirms.
China’s Huawei is the subject of a U.S. criminal investigation in which federal prosecutors say the Chinese tech company stole trade secrets from U.S. business partners including technology behind a robotic device T-Mobile used to test smartphones, called “Tappy.”
Following up on our earlier story about Roku re-platforming Alex Jones and Infowars, it looks like Roku got so much criticism from users, they’ve reversed course and will remove the Infowars app.
Want a career in web design? It’s true that these days, most anyone can throw up a page or two. But for true workhorse web design, you’ll sometimes need to match the platform to the project. Enter the Complete Front-End Developer Bundle, an educational grand tour around the best tools for the web. For beginners, […]
Things move fast in the world of social media, and they don’t slow down for marketers looking to make an impact. Whether you’re grabbing eyeballs for a major company or a local business, you’ll need to adjust your strategy for every platform. Don’t have a strategy to begin with? That’s where the Social Media Marketing […]
It’s a rude awakening for that rookie vacationer abroad when they try to plug in their gear for the night. Veteran jet-setters know that outlet shapes can vary wildly from country to country, which necessitates that most boring must-have for any world-traveler: A sackful of clunky power adapters. Awkward problem, elegant solution: The Twist Plus […]