The House of Representatives Is Blocking All Apps Using Google's Appspot.com

New reader calewithac writes: In an attempt to stop ransomware attacks, the House's security team has banned all apps hosted on appspot.com from being used on its servers. This means that all appspot hosted apps are inaccessible inside Congress. According to Ted Henderson, the founder of the Cloakroom -- an anonymous messaging app for Capitol Hill staffers -- all of his apps are effectively not available to their target audience.

Re:

[Ol Olsoc]

Do people still say 'asshat'?

Only asshats do that now.

Sounds Like A Feature.

[zenlessyank]

Or a Congressional Easter Egg.

This sounds weird.

[stephanruby]

I would think Cloakroom was the one thing being targeted, because the House or Representatives doesn't want anonymous leaks.

Re:

[Anonymous Coward]

They want leaks that they can control, not actual leaks.
Try and bring a camera phone into a gop fundraiser these days and see what that gets you

Re:

[allquixotic]

Actually, they probably already have a forced MITM proxy (requiring you to trust a self-signed root CA from the gateway) that decrypts all traffic going across the wire.

If they have such a MITM -- and I can't imagine that they don't, since I know this is an extremely common thing in Federal IT -- then they would actually gain enormous insight into *who* is leaking, simply by allowing people to connect to these sites like Cloakroom and observing the traffic.

I will concede, however, the argument that if you p

Re:

[SNRatio]

Cloakroom -- an anonymous messaging app for Capitol Hill staffers

I would think if someone made an app specifically for such a small user base the whole intent was to spy on their messages. After all, capital hill staffers are allowed to participate in insider trading, so the developer could turn a HUGE profit without ever leaking any of the content he intercepted.

Re:

[CloakroomTed]

Interesting idea. So what you're saying is if I can get our users to talk stocks, it wouldn't be considered insider trading for me to use the data as long as they've published it on Cloakroom?!

Re:

[SNRatio]

I think it would still be insider information, it's just that Congress considers itself and its staff immune to prosecution for insider trading. (after passing a law saying the opposite). https://theintercept.com/2015/... [theintercept.com]

Ransom Congress

[Anonymous Coward]

How would ransomware work on a country with a gazillion dollars in debt load? Could they give the debt to the ransomers?

Re:

[just another AC]

Simple, they tell everyday Americans to pay up or they will let the politicians go back to messing up the country

dirty app source; block it

[dltaylor]

Seems reasonable.

If the app server cannot be relied upon to provide clean (no spyware, trojans, ...) apps, then it is entirely reasonable to block it, and any communications with it.

'Course, since many of the Apple apps have those same "features", spyware, in particular, they should be blocked, also.

GPS tracking, for example, can be used to follow aides from one office to another, or from the floor to an office, making it more difficult to have some of the delicate negotiations often required to make a gove

Re:

[Anonymous Coward]

By design everything and anything from Google is spyware. That is how they make money.

By blocking anything Google you automatically block about 90% of the web spyware.

Re:

[SumterLiving]

By design, automobiles are dangerous. There is no way around that fact. By blocking the use of automobiles, you automatically reduce dangerous behavior by 90%. I now have a new outlook on life thanks to my new skill to make up facts, stats and scary stuff to post on the internet.

Re:

[AK Marc]

GPS tracking, for example, can be used to follow aides from one office to another, or from the floor to an office, making it more difficult to have some of the delicate negotiations often required to make a government work

The negotiations would be done without phones present anyway. If you are worried about it, hand your phone to another aide. Let them wander around like they are doing the regular things. Nobody will ever know that you were sitting somewhere else. Or just leave it in your desk. It'll be obvious you don't have your phone on you, but it won't point to anything in particular.

Perfection

[Anonymous Coward]

... banned all apps hosted ...

Tell me again how perfect the cloud is: I forget. When you give up security and archiving duties to someone else, some form of auditing is needed. Otherwise you're not getting the efficiency you paid for, and you don't have any way to detect that.

well duh.

[Gravis Zero]

According to Ted Henderson, the founder of the Cloakroom -- an anonymous messaging app for Capitol Hill staffers -- all of his apps are effectively not available to their target audience.

which means the blocking is working as intended.

Re: Hypocrisy

[DaHat]

How do we know these apps are secure? How do we know the information isn't being leaked to opposing campaigns, to potentially unethical lobbyists, or even to foreign entities?

Because these apps aren't used for classified information? Most anytime a congress critter gets briefed on something classified, it happens in a SCIF (https://en.m.wikipedia.org/wiki/Sensitive_Compartmented_Information_Facility), a place where unrestricted internet access doesn't really exist.

Wrong target, House

[Sir Holo]

How about banning DropBox. The CEO as openly stated they they index every file that crosses their servers.

Oh, now I see. Republicans won't ban DropBox because Condi Rice is on its Board of Directors.

My own (huge) institution has banned Dropbox entirely. Instead, a subscription to Box Sync was purchased for everyone. Box Sync encrypts before upload/sync, and then decrypts locally. They literally cannot peer into your files—This is by Design.

Re:

[Sir Holo]

your institution didn't "ban" dropbox, they just inked a deal for full scale deployment of a competitor, that is all.

No. They did. A 6-month warning was given that access to DropBox domains will soon be blocked from any institutional network connection. Yes, you could proxy around that. Yes, you could use it at home. But why?

I only use Box Sync to share project files with colleagues within the same institution. For real collaborators around the world, especially if the data is sensitive (i.e., patentable), I make them sftp to MY OWN SERVER. I'm working on WebDAV, so they will quit bitching about having to see a co

Re:

[BitZtream]

Instead, a subscription to Box Sync was purchased for everyone.

Ah yes, because you certified the source was actually using the full chain of requirements to ensure encryption doesn't accidentally leak info, right?

hey, heres a novel idea ... run your own fucking file servers and stop putting shit in the cloud then you won't have to even wonder whats going on with it.

They literally cannot peer into your files—This is by Design.

Thats cute, you totally have no idea how easy it is to get information out of copious amounts of encrypted information.

Re:

[sumdumass]

Thats cute, you totally have no idea how easy it is to get information out of copious amounts of encrypted information.

Especially considering that without the source code of the client software and a lot of man hours auditing it, there is no guarantee that the client software is not making the encryption keys available is an obscure part of the encrypted files specifically for access by parties you didn't intend to view/use them.

Box for Linux

[tepples]

My own (huge) institution has banned Dropbox entirely. Instead, a subscription to Box Sync was purchased for everyone.

Dropbox has a client for GNU/Linux OS; Box appears not to [box.com] because of low demand [box.com]. Did the price of this "subscription to Box Sync" include a subscription to Windows for Linux users to run in a VM? Or how well does the Box client for Windows work in Wine? Or are you using an unofficial client [github.com]?

Re:

[allquixotic]

Any time your data is being stored in an unencrypted format (or encrypted with keyword indexing, whatever, same difference) on a server you don't control, you should bring with you the *expectation* that the company hosting your data, and/or potential political or corporate adversaries, can and WILL access that data.

If you're OK with that, then more power to you. I doubt NSA or a corporate competitor cares about your pictures of playing fetch with your dog. They might care a bit about a copy of a secret agr

Blocking something??

[Neuronwelder]

Gee.. that's something new for them. sarchasm

Re:

[Anonymous Coward]

Is a sarchasm a giant hole you fall into if you misinterpret's someone's use of irony?

So you can't do random shit on a gov network?

[BitZtream]

Thats really all this is about? Fuck off

According to Ted Henderson, the founder of the Cloakroom -- an anonymous messaging app for Capitol Hill staffers -- all of his apps are effectively not available to their target audience.

Go fuck yourself Ted and Cloakroom. They can pull out their personal phone and visit your shitty site that no one cares about if they want to.

They can go home and send you posts.

What you're really pissed off about is that they can't easily leak shit to you, and you're crying about how they aren't paying their employees and resources to give you shit you want to then stab them in the back with.

You're a complete and total douche for whining about this.

I'm all for leak

Re:

[CloakroomTed]

Lol. Hundreds of elected Members of Congress use our app every day for legislative updates and thousands of staffers use Cloakroom as a venue for bipartisan policy debates, which don't happen anywhere else. We host policy experts from every part of the political spectrum and use it to share legislative ideas.

What does this mean?

[Anonymous Coward]

Can somebody explain, what is appspot.com, what is an "app" in this context, and what does it mean for them to be "banned from the House's servers"?

The summary (and TFA) doesn't make any sense to me:

- what does it mean for an "app" to be "hosted on appspot.com" but "used on the House's servers"?

- in what way do restrictions on the House's servers affect what software is or is not "accessible inside Congress", or what software is "available to" Capitol Hill staffers?

- who and what are they trying to protect

Re:

[Sir Lurkalot]

Wish I had Mod points...

Re:

[CloakroomTed]

Apps hosted on Google AppSpot are being blindly banned. That's what it means. The result on this ban is a stifling of free speech among public servants in Congress.