Two Slashes

So, I was trolling around the ThinkGeek site a few minutes ago, bored out of my wits and wondering what a crazed geek like myself might want for Christmas, when the TG site proudly offered me a large advertisement for this.

What you’re looking at folks, is the IronKey, a thumb drive so secure, it shouldn’t exist for the simple fear of you not being able to get your information back.

Seriously, here’s an excerpt of the description of the blasted thing:

Passwords can be hacked, but not the IronKey. It’s built to withstand attacks both virtual and physical. 10 incorrect password attempts, and the encryption chip self-destructs, making the contents of the flash drive totally unreadable. The contents of the drive are filled with epoxy, so if a hacker tries to physically access the chips, he’d more likely damage them instead. Even if he did get access to the memory chips, they’d be worthless without the encryption chip. Electron-shielded, even a scanning electron microscope can’t get inside.

While 10 invalid password attempts might be good enough for some people who don’t think anybody’s ever going to be touching the drive (in which case, why not settle for something that isn’t a nuclear option like this), I see it as more problematic, especially if you’ve got a problem typing croretcly correctly (Yes, that little typo was actually on purpose…).  If you come back to find someone screwing with your drive (or, perhaps more believably, you’ve forgotten the password, but remember what you think it might be), only to find that they’ve (you’ve) burned through all your password attempts and the drive’s gone and self-destructed, you’re screwed.

It’s almost as if the designers put this thing together intentionally to teach people a valuable lesson:  backups need to be as secure as the originals.  Why do I say this?  They specifically mention that restoring to an IronKey takes minutes, as calmly and caringly as though it happens that people need to replace them all the time.  I don’t think encrypted backups on a DVD (or any other medium) are going to self-destruct after a few failed password attempts, and it’s pretty damn easy to just image the disc and walk away to deal with it on my own time in my own lab.  And I won’t even go near the fact that it’s filled with epoxy…while useful for security, epoxy isn’t all it’s cracked up to be…though on the bright side it will be guaranteeing that you won’t be getting a refurbished drive off Woot anytime soon. (Where’d I put that heat gun?)

And the idea of a Tor-based “secure” web browser built in is fitting, it’s also laughable.  Not only has Tor been found to have several vulnerabilities (despite them, it’s still a great service if you want to try to be anonymous in your surfing) .  The exact same experience is delivered by simply using something along the lines of Torpark; while you still end up having to trust other people you’ve never met, you also don’t have to trust the traffic to be monitored by the people manufacturing the device.

So, with all that in mind:  Why do people bask in the illusion of security, thinking that just because a product claims it’s safe, it’s the best product for them?  It’s my question posed to you for the moment.  What makes people feel that their information is inherently secure in such a device, but they don’t realize that not only are they securing it from the outside world, but from themselves as well?