Thanks Jed for the detail in your reply. Much appreciated.
Comments added. Jed Carty wrote: > The security model for something like tiddlywiki is completely different > than a large online service. > > Two factor authentication for something like tiddlywiki doesn't do much to > improve security. Two factor authentication is mainly helpful in situations > where there are large centralised stores of login information that may be > compromised.... > Noted. A tiddlywiki would normally not be stored on this type of system so the > same system has the login info and the data. So if someone were to breech > the system and get the login info they are already where they need to be to > get your data and a two factor authentication system can actually be > counter productive... > Noted. > It is distressingly easy, at least in the US, to hijack a cellphone signal > using a man-in-the-middle attack and intercept an sms if that is your > second channel in your two factor setup. > IMO a normal user has no idea how vulnerable they are. A simple single file wiki that you encrypt and put on a usb drive and carry > around with you is far more secure than any online system. > Excellent to know. > As things stand right now the setup I have for ooktech.xyz is about as > secure as anything online. I don't control the physical hardware and it may > be slightly more secure to store the tiddlers in an encrypted database > instead of as normal files, but that is debatable because any > authentication system is on the same physical system so it loses a lot of > the benefits of the secure database that way. > > ... You seem to be talking about secure access to a remote system which > isn't really a tiddlywiki question. It is a matter of what remote system > you are using, how do you intend for the participants in the conversation > to connect to it and how much interest do people have in what you are doing. > Not quite. It IS Tiddlywiki in that I want secure TiddlyWiki. The reason is that TW does things others don't. But, right, in the sense that the security enfolding does not have to be TW specifically. Just its reliably secure. > The question of 'is remote access from one computer to another possible' > is yes, Tox manages it using p2p methods that I have been working on > replicating with Dodo and they may be able to be applied to Tiddlywiki. > Noted. And as a note about threat and security models, if I wanted to hack into a > big cloud system I wouldn't bother with anything technologically > sophisticated. The weakness of facebook is that they employ people who have > access to the systems and not all of them are paid well. As the people > selling access to the Aadhar database showed, there are plenty of people > who will give you access if you find the right person to give some money to. > Spot on I think. That is what the big breaches look like. Insiders. So the question isn't about if you can make tiddlywiki secure, that is > easy: yes. > The question is, what are the circumstances around what you are doing with > it and is they secure. You can have the best lock and strongest doors in > existence but it doesn't help if you leave your windows open. > I want no one in my room but the one who has the key. J. -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To post to this group, send email to tiddlywiki@googlegroups.com. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/23499d93-0ca7-4fad-9c8c-5c34a67f70dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
