Good Security Analogies

I tend to like good security analogies. The one below was originally posted by at Security, privacy & accessibility. Thoughts?


The latest DDOS of LiveJournal has once again brought out cries of “Fix the security of the site!!!” I’ve made this analogy a few times, in a few different ways, and I think I finally have it nailed down.

Imagine LJ as a whole is an apartment building. Each person has an apartment (your journal) and the building has common areas like lobbies, meeting rooms and the gym (communities) & infrastructure like elevators, central heating, and plumbing (FAQs, the login system, various directories, etc…)

Now, this isn’t a perfect analogy because you do want your friends to be able to access your journal to see friends-only posts, and you want people, even anonymous people, to be able to read your public posts, but it’s good enough.

So a security breach would be like the superintendent leaving the front door to your apartment unlocked, or even worse, wide open. Anyone would be able to walk in, rifle through your stuff, take things, and even trash the place. In terms of LJ, this would be something like password failures, or someone breaking into the server directly instead of through the website.

A privacy breach would be like if the superintendent left your bedroom curtains open while he was fixing something. Anyone in the right place could look into your apartment, but they can’t steal or damage anything. In LJ terms this would be like the privacy failure of October 2011, where LJ briefly showed cached pages to people who shouldn’t have seen them.

A DDOS would be like if someone changed all the streetsigns in the city to direct every tourist to your building. They can’t get into the building because the doorman is keeping them out, but unfortunately you can’t get into the building either because the huge crowds are keeping you away from the door as well.