Skip to content

Forced Trust

The concept of trust is a foundational one in InfoSec. You give a user access, you expect that access to be used in the designated way. You give an accountant trust to dispense money in accordance with, and only for, the business need. You give your kids the car keys or let them stay home alone, trusting to get the car back in one piece and the house clean of party remnants. If a user misuses the system, the accountant embezzles money, or the kids damage the car or house, privileges (or jobs) can be revoked.

Thus the concept of forced trust. You want a job with the Federal government? You are filling out very detailed forms, and you have no choice but to turn over that data. Your employer has to have your W-2 information for payroll. You want to stay connected with your family? That may mean you need a Facebook account. Even with all the privacy settings, the data gets slurped, in ways you may realize, but most don't.

To be a part of the world, in so many ways you are forced to trust entities that have already, maybe even repeatedly, proved they aren't worthy of that trust.




Every major hotel chain (Marriott 2018, Hilton 2017, Hyatt 2015, Starwood 2015).

Online retailers.

Brick and mortar retailers.


Sure there's a fix. Never submit identifying information. Only use cash. Drive older cars. Only use prepaid cellular, and only turn it on and call from the same place.

How practical is any of that? Even monks in monasteries are online. So what can you or anyone do?

Humble Bundle prompted this. The good news is only those with a humble subscription, not regular users, are affected. And the reports show the adversaries got e-mail addresses and that those e-mails were tied to subscriptions. These can be leveraged for phishing attacks, or spam from other game services.

I purchase the monthly bundle on occasion. My protections for this and other online retail is somewhat simple. Anything that isn't primary to my life is tied to a secondary e-mail account, and a secondary account for my money. I move money in to pay, and I'll happily take the monthly account fee to not have a minimum balance. A low balance credit card fits this bill nicely. Any compromise will send spam and phishing to the secondary e-mail account. If something goes horribly wrong, it's easy to burn that account and spin up a new one. Password managers prevent reuse attacks. And if something slips through the e-mail provider's BS detector, I know not to click the link and just login at the site directly. Any reputable service will have alert notices clearly visible right after login. I know people who use more unusual browsers (e.g. Opera) for transactions on banking and healthcare sites, knowing they are less likely to be targeted for exploitation on those sites. Obscurity is not security, but obscurity can augment security.

We live in a world where forced trust is constantly betrayed. Even if Facebook is broken in half, other services will fill the void. They too will betray you (whether or not members of their board Lean In). The best anyone can do is understand their personal threat model: what do they have that would hurt when lost, and how can they reduce the risk of that loss, or in the modern world prepare to continue on when that loss happens. We are in the Matrix, there's no more getting out. There is simply dealing with the world as it is.

"You lost today, kid. That doesn't mean you have to like it."

-Man who gave Indiana Jones his hat.



Leave a Reply

Your email address will not be published. Required fields are marked *