Trust

Earlier today an update went out for 10Cv5 that will allow a server to monitor its public IP addresses and, if different from before, update the CloudFlare DNS records using that previous IP for the new one automatically. The mechanism is smart enough to scan through all domains associated with an account, identify the A and AAAA records that match a previously used IP address, and update one or both where required. Given that I use CloudFlare quite a bit, this will save me some time when the ISP resets my “static” IP every four to six weeks. At the moment the feature is enabled just for my CloudFlare site, but I wonder if this feature is something that others would want to consider using. In order for this to be an automatic process, my 10Cv5 server would need to know another person’s CloudFlare API key, as well as the email address they have registered with the service. With those two pieces of data, it’s possible to do some interesting things like automatically create a subdomain record with an HTTPS certificate when a person requests a new site on 10C. It’s also very easy to do something malicious like delete or redirect traffic to a server of my choosing, which is scarier for people who have a personalized email address given that MX records could be modified. This sort of feature would require a great deal of trust in order to be used.

Trust is something that I demand from the services I use, and hopefully people demand it from 10C as well. The service is supposed to reflect the better ideals of the Internet and that means it needs to be something worthy of confidence and trust. Being an information silo to preserve and present people’s words on demand is relatively benign, but once people share credentials to other services, I get nervous. Is the API secure enough? Is the encryption too easy to crack? Will this be the bridge too far that pushes people away? All of these questions run through my head a hundred times a day whenever I make features like this possible.

Back when 10C was still known as Noteworthy, the system would let people connect their Evernote accounts as a way to publish blog posts. Anything that was in a notebook (or notebooks) that you chose would appear on the website. This meant holding onto authentication tokens that could be used to secretly scrape every note from a person’s Evernote account. Given that I used to use Evernote as a repository for scanned bills, student notes, passport information, medical histories, and a dozen other things, other people might also put personal or private information onto that service. Losing the authentication tokens would put a lot of people at risk. As a result, I monitored the logs like a hawk to make sure that nothing suspicious was happening that could affect people’s privacy or ruin any trust that was formed. The same is done now to protect the authentication tokens people have provided for Twitter and other third party services.

CloudFlare tokens strike me as being more sensitive than any OAuth tokens for another social network, though. A compromised CloudFlare account can result in lost revenues, leaked data, or other lawsuit-ready situations if handled carelessly.

Would people trust the service enough to share their API access keys? Possibly. Should they? My goal is to make sure that people understand what they’re signing up for when sharing sensitive data so that they can make an informed decision. Trust must be earned.

Ultimately this is an exciting feature that should make it possible for people using the future, self-hosted version of 10C to more easily maintain a presence online when their server is in their house. If this is also part of the shared service that I provide, then it’s imperative that more-than-adequate security measures are in place to protect people.