Prof. Eugene Spafford in his latest post talks about MyBlackBook, an unusual web service whose mission is “to provide people with a place to store their sexual history, partners, and experiences in a safe, secure and confidential place”. This New York based venture moved from the assumption that “one out of three people have some kind of sex log” mostly kept on paper. A solution that is hard to maintain and troublesome to protect from prying eyes.
MyBlackBook is not a dating site, it does not have any “social” feature, it’s a very personal service. I think this is quite remarkable since in today online environment all intimate and confidential aspects of human existence are neglected. The focus is mostly on sharing and connecting while our innermost and private processes don’t get any support from web technologies.
However in his post Prof. Spafford makes some sound criticism of MyBlackBook.
My first thought is “Wow! What a way to datamine information on potential hot dates!”. That quickly led to the realization that this is an incredible tool for collecting blackmail information. Even if the people operating it are legit (and I have no reason to doubt that they are anything but honest), this site will be a prime target for criminals.
Prof. Spafford is basically right, but only because the guys at MyBlackBook did everything they could to undermine the security of the sensitive information they are entrusted with. Here is a partial list of their “oversights”.
- To sign up, MyBlackBook require a valid email address that is used to send a confirmation email where the username and password are fully displayed in clear! I think that a service of this sort should be as anonymous as it could and shouldn’t require any unnecessary personal information, especially email addresses.
- Users data, or in MyBlackBook jargon their “entries” and “sessions”, are SSL encrypted during transmission, but no further information is provided about how they are stored on MyBlackBook’s servers. One could reasonably suspect they are “in clear”.
Then they say “All passwords are stored in our database as a non-reversible MD5 hash, which means if you forget your password we cannot retrieve it, and you would need to create a new password using our ‘Change Password’ form.”
- First of all, plain-vanilla hashing is not enough to protect passwords, salting and stretching would be also advisable.
- Second MD5 is very badly flawed and shouldn’t be used at all.
- A good thing is that they avoided the curse of the secret question, but if a user forget his/her password, and still remember the username, he/she can simply fill the form and a new password will be emailed in clear to him/her.
- To date if you try to delete your MyBlackBook account an error message is generated. Furthermore I did not find any further information about account deletion, nor it is mentioned in their Terms of Service document. Not nice …
MyBlackBook is a very smart and fun project, but with lots of open issues on the security front. I hope John Ianuale, president of Resorb Networks and lead developer of MyBlackBook, could fix them, but I’m afraid it will require a complete redesign of the underlying software architecture. I would be more than happy to discuss with John the approach used by Clipperz online password manager to the creation of really secure digital vaults where users can get the service without trusting the service provider. Maybe we could even try to change prof. Spafford opinion and lower his distrust toward online storage services.
My bottom line: don’t store things remotely online, even in “secure” storage, unless you wouldn’t mind that they get published in a blog somewhere — or worse. Of course, storing online locally with poor security is not really that much better…