Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

Another reminder that it's not as easy to get rid of information as you think

The tech-business amusement going around the blogosphere today is that Facebook's long-secret company valuation got accidentally revealed. (Thanks to TechCrunch.) The actual valuation isn't all that surprising ($3.7 billion, which is in line with most good guesses), but how it came out was a good illustration of tech-risk.

You see, they've been engaged in a lawsuit for years now, over who actually created the technology. As part of that, the court unsealed some proceedings recently, with broad sections redacted, and published that as a PDF. (The article above links to it.) But if you simply copy the redacted sections (which show as blank white in the PDF) into, say, Notepad, you get to read the original contents.

In other words, *somebody* applied physical-world thinking to the technology: they essentially covered over the secret bits with white-out. (In practice, I suspect they changed the color of the relevant text to the same white as the background.) Which kinda makes sense if you think this is a piece of paper, but none at all if you understand what's going on here -- it's just tweaking a flag about the information. But the old information is still there: even if the copy-and-paste trick didn't work, it would be fairly easy to just read the source of the PDF to find the "hidden" information.

(A number of people are apparently jumping up and down, claiming that this is a bug in the PDF format, but I suspect that's nonsense: the PDF is probably doing exactly what it was told to do, which is to print this text in white.)

Moral of the story is, if you really care about keeping secrets online, it is important to understand what the heck you're doing. Solutions that work in the real world can be comic failures in electronic media...
Tags: technology
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 5 comments