Slashdot Mirror
How Developers Can Rebuild Trust On the Internet
snydeq writes: Public keys, trusted hardware, block chains — InfoWorld's Peter Wayner discusses tech tools developers should be investigating to help secure the Internet for all. 'The Internet is a pit of epistemological chaos. As Peter Steiner posited — and millions of chuckles peer-reviewed — in his famous New Yorker cartoon, there's no way to know if you're swapping packets with a dog or the bank that claims to safeguard your money,' Wayner writes. 'We may not be able to wave a wand and make the Internet perfect, but we can certainly add features to improve trust on the Internet. To that end, we offer the following nine ideas for bolstering a stronger sense of assurance that our data, privacy, and communications are secure.'
As long as "easy" takes precedence, the internet will never be secure. It is absolutely impossible to have security between 2 parties when a 3rd is involved (CA's). It was done that way because it allows people who don't know anything to have SOME trust. But if there are people involved trust will be broken. 2 party authentication is the only way to solve the problems. If people don't know how to get secure credentials between themselves and another party then maybe they need the internet that still has training wheels and padded helmets.
Digital is, by definition, imperfect. Analog is the way to go.
Sorry, we're too busy training our replacements. Perhaps they can help you....
The way the economy is going, I agree that we need to create more jobs. But if those jobs blow, nobody will want them.
Get free satoshi (Bitcoin) and Dogecoins
Our current methods of using encryption are so broken than when encryption break, it breaks all the underlying layers too. Heartbleed for example.
Well, actually, it's the old thing. SSL is broken. You're supposed to be using TLS.
As much as Google, Microsoft, Apple, Facebook and everyone using the word "cloud" would like to convince you otherwise, you're handing over your data to third parties who you really got no control over how they'll use or secure your data. Or if they in turn have been compromised by hackers or the NSA or whatever. While there's certainly a few issues with direct communication too like how do you exchange keys safely they're much more limited in scope. But my impression is it's not about "How can we secure data?" it's "How can we still make you put all your data online in a post-Snowden world?" because that's how they make money...
Live today, because you never know what tomorrow brings
I'm becoming more and more disappointed with my techie breathren for things like this. No part of life is anywhere near as safe, or secure, as the current internet already is.
And yet, we trust all of it, every day, with things far more precious than our communication and finances.
We even trust these things despite countless and routine and frequent demonstrations of catastrophic failures.
We have political systems that squander money on a global level. And yet, we still elect leaders through campaigns of obvious horse-shit. Alex ran for student-body president 20 years ago on the basis of getting rid of homework.
We also have roads. We have highways where anyone from across the planet can show up, 'accidentally' drop sand and ball bearings and tire spikes and chunks of metal.
There is NOTHING that stops my car from flying off the highway at 140kph and falling 2'000 feet off the mountain.
But good news! There is something stopping my car from slamming into an on-coming car -- at an impart speed of 280 kph, by the way -- there's a two-inch strip of yellow paint; sometimes two.
And, as discussed earlier, every single day there're another many traffic collisions. And every single day, multiple people die in those collisions. It's so continuous, that the city actually pays for tow-trucks to sit at the edge of the highway in order to clear away accidents that much faster.
So, my e-mails to my grandmother, and to my clients, my banking transactions and my phone bills, while all important, pale in comparison to the vitality of the many other things in my life.
Oh yeah, and my front door, to my house, where I keep virtually all of my stuff, every one of my posessions, and many of my loved-ones -- some not able to protect themselves from a flood, let alone an intruder -- is protected by a very-easy-to-pick lock. Which wouldn't benefit from sophistimication because next to the door, is a big glass window.
Oh yeah, and the alarm wouldn't cause police to show for about 10 minutes anyway. Oh yeah, and the house is mostly wood.
Oh yeah, and my beautiful grass lawn, can be totally destroyed by anyone casually dropping a handful of dandilion seeds.
Nothing we do is secured for trust. That's what the word trust actually means, by the way -- if things were proven secure, you wouldn't be trusting them.
The internet is good enough as-is. Try focusing on the roads please. How about we trust hospitals to not screw up during surgery. How about we work on having enough water next year, or food during droughts, or maybe we could work on not killing people with military super-powers.
These techies are stuck in the wrong rut. They (we) were supposed to be using technology -- like the internet -- as tools to solve real-life problems. This article discusses uses tools to solve problems with other tools. That doesn't help anything.
Scratch that. Improving the security of tools does do one very significant thing. It's called one-upmanship, and it creates better criminals.
Solve the global food problem. Not because people far away from me are starving -- I'm not responsible for them, I've got my own problems. Solve the global food problem so that I don't need to have my yummy cooking show show me a gorgeous sizzling steak, and then break to commercial to see starving children in africa, who've been starving for fifty years now. It does nothing more than to put me off my dinner, and ruin the cooking show..
Publish a list of all developers who worked on a project, those who signed off on its security, and those who refused to sign off on its security. Also the names of anyone who has authority over the developers.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Here are "the nine ideas [for securing] our data, privacy, and communications"
(for those of us too lazy to RTFA)
Details on what each of those thing actually MEAN are in TFA, of course
With all the "Think of the terrorists" and "Think of the children" crap we keep reading about, how about launching "Think of the terrorist children"? That'll throw a wrench into their insane ideas.
Get free satoshi (Bitcoin) and Dogecoins
So, you want open source software everywhere...
But a lot of open source projects don't "belong" to any company.
Get free satoshi (Bitcoin) and Dogecoins
there's no way to know if you're swapping packets with a dog or the bank that claims to safeguard your money
Those are my choices? I'm going with the dog.
Give me, your customer, a unique, self-signed cert.
Let me, your customer, give you a unique, self-signed cert.
Let us both agree not to trust any party claiming to represent either of us without first encrypting communication with those respective certificates.
Let us both agree to a secure method for updating certificates that doesn't rely on any 3rd party or the internet. Perhaps we could meet in person at some sort of structure designed for the officiating of such business.
DONE.
Certs work if you cut out the governments and "trusted" root authorities by SELF-SIGNING, and NEVER perform initial certificate exchange over the very channel you cannot trust. Everything is encrypted and no one can fuck with it without compromising BOTH keys or breaking the encryption algorithm altogether.
Yes, this is less convenient. Yes, you have to maintain unique certs for every account. Yes, it's worth it.