Wednesday, November 09, 2005

Does PopG break the Groove security model?

An anonymous person has commented at http://popg.blogspot.com/2005/11/oh-woe-thrice-woe-i-just-downloaded.html#113150670188932986 that PopG breaks Groove's security model. This is a great point to make and debate to have. And it is both true and untrue.

It is undoubtedly true that adding PopG into the mix changes the security model. The two biggest changes are that data going to and from PopG is encrypted at 128bit rather than Groove's 192bit. Also those who use PopG have to trust PopG to look after their data. But...

Firstly anyone who assumes that ANY data that traverses the Internet, whether it be over Groove, PopG or whatever is secure - needs their head looking at. Any data that leaves your computer, or indeed brain is essentially compromised. The only question is the matter of a risk assessment of one solution over another and choosing one that most closely suits your needs.

Groove's security model is great, but it has its weaknesses. Some of these are discussed on our support forums and on Groove's own forums. PopG's security model is great but it too has its weaknesses. So where is Groove weaker, and stronger with and without PopG?

Groove exposes data held in Groove Folder Sharing spaces whereas PopG does not expose these. So in this instance PopG is more secure. Add optional and chargeable encryption on PopG folders where GFS spaces are stored and even PopG admin staff would not have access.

PopG is another company that you must trust. Initially that may be considered weaker, but any Groove space that is properly protected with Groove's passphrase is as inaccessible to any PopG person (even with full system administrator rights) as it is to any person who steals your laptop. So a question you should ask is if your laptop running Groove is stolen - then how safe is your data? If you consider it safe, then adding PopG to the mix does not change that security model.

Also as alluded to above PopG can enhance its security model to suit customer needs, right up to a dedicated bunkered service.

posted by andyswarbs at 5:25 pm | 3 comments