From reading the site and URB's comments on this page, LogDog appears to be a host intrusion detection (HID) package that works first in "learning mode" to establish a baseline set of acceptable or normal behaviours for any given user then eventually moves into notification mode in which it signals to the user that unusual activity has taken place.
Unusual, in this context, means anything outside the thresholds established during learning mode. Presumably, learning mode continues over time and the system becomes more refined.
So far, so good.
What's not so good:
1. The basic premise is "trust us, we know what to look for, but won't tell you because we don't want the bad guys to know". This is security through obscurity and I'm afraid I can characterize this only as "charmingly naive". A) The bad guys already know, guaranteed. B) Unless you are truly expert in this area (see below), you don't and are only guessing. I don't want to harsh anyone's mellow, but you need to be able to back up your claims - especially when you claim your product will make someone's life more secure. We will consider believing your claims after we have read the research papers you are going to publish, the papers that provide enough information for thems of us who know this area to guess at your bona fides but not so much as to reveal all your secrets.
2. All data sent to servers is anonymized. So you say. I will take you at your word. But it means nothing, unless you have done the extremely hard work necessary to show that the data you maintain cannot in any way be used to establish identity after the fact, whether it be by patterns of behaviour or other means. This is an area of active security research and active attacks, and is not for the faint of heart. I invite you to research super cookies, click profiling, etc., etc.
3. Re #2: Your servers are now known to attackers who want that juicy high value data that they can probably do more with than you - unless you are as large and as well funded (they are both). Please describe, at least at a high level, how you are protecting this high value asset you have created. If you cannot, we cannot expect our data to be safe. Regardless of claims of anonymization. Convince us you understand defense in depth, prevent-detect-respond-recover, etc.
4. No offense, but this is a security product from someone with no documented (as far as we can tell) expertise or experience in this area. Everyone who has ever developed a security product from scratch has gotten the first release wrong. Every single time. This stuff is complex and complicated, it takes tremendous experience in the field to design a tool properly, let alone implement one, experience gained either from starting from scratch and surviving to release 4 or 5 or from working on other products developed by experts/survivors.
URB, you may find comments herein and on this page to be assertive, even aggressive. None of us will apologize for this. You are making BOLD claims and providing no reasons for anyone to believe you know what you are doing. You need to do that work before the security community will accept this product.
Try to get hold of Bruce Schneier or another well-known, respected commenter in the field. If you can convince a few such people by giving them a privileged, behind the scenes view (they won't sign your NDA, there is nothing for them in that), that will a) provide real marketing bumpf and b) go a long way to silencing many critics.
But note that you still need to address 2 and 3, even if you convince the best of the best of 1 and 4. Good luck, those are hard problems to solve.
This is my theory on why santoshi released bitcoin anonymously. ad hominem attacks like this are way too common in security. Often there's some justifications, but i'd prefer if conversations were about the content alone.
True, there may well be outliers who, with little to no previous experience in a field, are able to master and advance it - but they are outliers.
As to specific comparison with Santoshi and Bitcoin, it doesn't stand, due to the relatively poor history and documentation for LogDog and the relatively greater history and documentation for Bitcoin: There is the 2008 research paper that built upon well-known and well-examined previous work on electronic cash, anonymous payments, etc., etc., and there is the subsequent open source client. No one ever said "trust us, this is cool". Instead, they wrote detailed papers and code and released those to the world - and we made up our own minds.
LogDog is, by comparison, sui generis, a thing of itself, that has sprung into being with neither preamble nor publicized foundations.
URB may be the outlier. Or not. Given the lack of documentation, the lack of openness, and the apparent lack of expertise, we are but wise to raise the questions.
So far, URB seems responsive and engaged, and not particulary evasive. Those are good things for that particular hominid.
Asking for the credentials (and the research) of someone claiming to have a new security product is a shortcut to knowing how well acquainted they are with this difficult field. Yes, it's a shortcut, but it's also warranted. It doesn't mean they won't be heard, just that they will be heard with healthy skepticism.
Thank you for your comprehensive and insightful comments. We have a great team at LogDog and a product that can really help people. I agree that this is a complicated field and that the "bad guys" are really really smart. But you must agree with me that that is no reason not to push forward with ideas and technologies that can help people better protect themselves.
In the short time since we launched, our system has already made several confirmed catches - where we were able to warn users of unauthorized access to their accounts.
We put tremendous effort into securing the privacy of our users' data. We have undergone an external security audit and will continue to do so periodically.
We look forward to a fruitful discussion with the security community and to providing a service that we know to be both necessary and important.
My two greatest concerns reflect this: Without sufficient forethought, planning, and implementation, 1) your servers will be compromised and that anonymized data stolen and misused, and 2) users will have a false sense of security, especially the naive who have no reason to doubt the bold claims.
Think of the recent attacks on CurrentC systems after participating retailers disabled NFC to prevent use of Apple Pay: That brought them a lot of attention and that attention revealed that they were not ready for prime time, they simply did not grasp the enormity of the threat environment in which they hope to operate.
If you have the DevOps experience for defense-in-depth and PDRR, excellent! Hats off to you for attacking an interesting problem in an interesting manner.
Such a tool would also be useful to prevent* "local hacking" - where your credentials have been hacked by someone in your trust circle. Sad, but it happens. However, luckily for the victims, such people aren't usually aware of the hints they may be leaving after they came.
I agree with your other points.
* Or, rather, retaliate after the deed has been done, but it's a good start.
I also use that SMS service for PayPal.
Does nobody else?
For a while, I was trying to encourage adoption by expounding on its benefits, but then one of our users (without two-factor auth) had her account hacked, and I was able to employ the panic around the office to justify making it mandatory for everyone. This caused some pain for a little while (when two-factor auth enforcement is enabled for a Google Apps domain, users without two-factor auth enabled must use a temporary code, which can only be retrieved by a domain admin), and I wouldn't recommend this approach for more than a dozen users or so.
With Google, the list of massive passwords they provide for logging in via POP3 is a useful thing to print off and have secreted at your house somewhere in case your phone gets pinched.
And periodically/regularly tidying up old emails from your inbox (archiving them offline somewhere) is a way to keep the email account a bit safer, as there isn't any info in the mailbox.
I think there should be a 3rd option of just having a second password. Better yet, add a few other options as well.
I think that's a point you should be a bit more transparent about because I'm not sure there are a lot of people who want to risk their google account being locked because of your app. We are all aware of the customer support horror stories dealing with getting your accounts re-enabled after they've been flagged.
Hundreds of parameters are used to identify unauthorized access to your accounts.
Seriously, no sarcasm here, I'm actually curious about those hundreds of parameters.
That isn't obvious at all. Quite contrary, I'd say a refusal to go into detail puts the whole thing under a pretty dark cloud, making the entire thing sound entirely scammy.
Even if we assume that you have all of the data you need (as an external service, with the limited information the various services provide) to create such a usage profile, there is no credible reason why you can't detail the mechanisms.
From what I can tell this service does absolutely nothing to protect you from being hacked.
It's more like a "you might've been hacked" notification.
The notification could allow you to fix the problem once it has happened but any hacker with reasonable sophistication can download data and change passwords in an automated fashion long before you can finish reading the notification.
(Obviously she will, because she's your wife, but the question is if people aren't proactive to keep their accounts safe, will they be proactive enough to use your service?)
I ask because I receive warning emails on occasion from Gmail ever since I started routing all of my data through a rotating-server VPN. I imagine LogDog might send similar emails, which is not necessarily a bad thing--I'm just curious exactly what else you're monitoring other than suspicious IP/geolocation.
Do you have software running on google's servers so that it knows what IP addresses are accessing gmail/evernote/one of the other services and can geolocate? (Obviously not). So how is this supposed to work?
Do you know how battery/network heavy logdog is?
What if my LogDog is hacked? What kind of thing will the attacker be able to do with whatever LogDog has about my accounts everywhere?
According to Wikipedia "The frequently repeated story that eBay was founded to help Omidyar's fiancée trade Pez candy dispensers was fabricated by a public relations manager in 1997 to interest the media. This was revealed in Adam Cohen's 2002 book,[14] and confirmed by eBay." http://en.wikipedia.org/wiki/Pierre_Omidyar
This info is kind of important if you are posting on HN!
I've got hundreds of online accounts and so far none have been hacked. Where you getting this number from?
I think for you to be successful in this venture you're going to have to be very transparent in how everything works, based on comments so far that's not the case.
Session information (about other sessions) from for example Facebook can be obtained through https://www.facebook.com/ajax/settings/security/sessions.php
2. What if , my account gets hacked due to logdog ? You approach is not too convincing since you even did not answer other users question on what parameters you are monitoring. Sophisticated hackers might take advantage of your service and hack into my account. Do you assume liability and loss that would occur because of your service ? I don't want to sound rude but putting cheesy story in headline might get you temporary attention but this service is no better than saying "we will watch out who will rob your bank and then directly or indirectly responsible for lost money"
> "loosing all your data"