Web Security CEO Warns About Control Of Internet Falling Into Few Hands

The idea behind the internet was to make a massive, decentralized system that wasn't under control of anyone, but that is increasingly changing, according to Matthew Prince, CEO of web security company CloudFlare. His statements come at a time when Google and Facebook and other companies are increasingly building new products and services and locking in users to their respective walled gardens. From a CNBC report: "More and more of the internet is sitting behind fewer and fewer players, and there are benefits of that, but there are also real risks," said Matthew Prince, chief executive officer of web security company CloudFlare, in an interview with CNBC. His comments came at CloudFlare's Internet Summit -- a conference featuring tech executives and government security experts -- on Tuesday in San Francisco. "If everything sits behind Facebook and you can't publish pictures like that, is the world a better place? Probably not," said Prince. "Before you know it, you could wake up and find more of the internet sits behind a small number of gate-keepers," said Prince. Putting that sort of power in the hands of a small number of people and companies "might not be the best thing," he said. Still, the wave of consolidation among the major internet companies is likely to continue, at least for now, he said.

A good thing.

[BarbaraHudson]

They use Facebook as an example. If we can get all Facebook users to voluntarily wall themselves off from the rest of the Internet, it's a win-win situation. They're happy, we're happy.

Re:A good thing.

[networkBoy]

Facebook reminds me of early AOL...
Just waiting for someone to link FB Messenger with IRC O_o

Re:A good thing.

[kheldan]

It's more likely that we'll wake up one day to a world where you have to have a Facebook account, with your real name and all your real, personal information, or you won't be allowed to use the Internet anymore. The Internet is already largely one big data-collection and surveillance network, and even not using your real name anywhere is trivial for someone with the right level of access to information to circumvent and discover who and where you are. The next step if this 'consolidation' continues will be to make sure there is no anonymity allowed for anyone; you'll have to log in to everything using a Facebook account, or something similar, so all your activity can be thoroughly tracked and logged by the 'proper agencies' -- for your own protection, of course.

Or so they'd like it to be. I'd sooner not even have the Internet anymore, and go back to using libraries for information, receiving paper bills for money I owe, and mailing paper checks to pay them. We all survived and thrived just fine before the Internet, and we'd all survive and thrive just fine without it. It'd be a pain at first but we'd get used to it. The more people that realize all that, the better. If people start leaving the Internet in droves then either it'd have to change or die.

Re:A good thing.

[mlts]

I remember a few years back, having a FB account was pretty much a job requirement, where I got told to bugger off because I didn't tell the world how many coils I dropped in the commode that morning. It has gotten better, but for a while, I eventually just wound up making a dummy account on there, Twitter, and other places just to make the HR people happy.

It isn't just Facebook. I'm seeing companies put all their eggs in the AWS basket. My fear is that cloud providers overtake having servers in-house, and we are back to the mainframe era. Cloud places have their use, but there is always the security question, and there is always the grave concern about data sitting on a remote site where you have zero physical control over it. If there is a security breach and the data is local, you can physically yank the network cable. If there is a breach at a cloud provider, trying to staunch the bleeding is a lot tougher, especially if one of the cloud accounts got hacked, and the rogue admin has just as much power as you do.

Re:A good thing.

[ShaunC]

Cloud places have their use, but there is always the security question, and there is always the grave concern about data sitting on a remote site where you have zero physical control over it.

There's also the outage question. Microsoft's Azure has had two significant outages in the last 10 days. Companies using Google's Apps For Work suffered a 7+ hour outage of Gmail this week during (US) business hours. When your enterprise is built on one of these services, what do you do when it goes down? You wait. That's all you can do, sit there and wait and hope the services come back up soon. Sure, you'll get a credit against your SLA after the fact, but that doesn't offset the fact that your ability to conduct business was down for hours on end and there was absolutely nothing you could do about it.

At least when you're running services on premise, you have some control over the situation. You can investigate and resolve the problem yourself. Getting your company's service restored is the #1 priority, not priority #1852 among 5,000 other companies all suffering through the cloud outage.

Too late

[ColdWetDog]

We've already lost that fight in terms of a truly decentralized Internet. The various governments and large corporations already are fighting to stake out various levels of control. The companies that operate the core infrastructure also have an outsized level of control.

I think the idea of a communication system that relied on numerous small autonomous nodes was a great one, but unless we can make some sort of giant mesh network, it will never happen. Even a big mesh is likely to get controlled by governments in one way or another.

Not really a problem, IMHO.

[Qbertino]

Google and Co. are basically what Compuserve, AOL and T-Online were back then.

All that needs to happen is that a few FOSS developers finally get fed up and finally redo all protocols that have gone bad or broken and replace DNS with some Blockchain based namecoin thingie, replacing email and perhaps even web on top of that with some new, fully network abstracted and end-to-end encrypted data exchange layer sans anoying ads and Facebook is history.

Until then we're simply a two class internet, with ordinaries on Facebook and experts on encrypted Jabber and maybe diaspora.

Facebook, Snapcrap, WhatsCrap and the liked are basically todays mass media channels. But unlike the unwieldy and expensive radiostations of yesteryear they can be replaced by the next teenager with a laptop, some extra time and the next fad up his sleve.

I really don't see much of a problem here. Not yet that is.

The retards are the issue

[HBI]

I mean the *cough* common users. The Internet worked fine when you required some skill to get on it. As soon as it became easy - and even hooking up to AOL was not painless, in retrospect - that's when the commercialization and ultimately the regulation and surveillance followed.

We've been talking about a 'second net' for many years now, one with no lusers. Perhaps Tor is it?

Re:Into a few hands, like cloudflare?

[Rosco+P.+Coltrane]

Yeah, I was thinking the same thing: that's rich coming from Cloudflare - the company that single-handedly decides you can't access vast swathes of the internet if you're connecting from a TOR exit node.

That company does more than all the others put together to make my internet browsing experience completely miserable...

Standards

[nine-times]

I think the root of the problem here is that, in the past several years, there has been no focus on developing common open standards.

I think the easiest example to give is the difference between messaging apps and email. If I use Gmail and I want to send an email to someone whose email is on Office 365, AOL, Yahoo, a private email server, or any email server at all, there's not really any difficulty. I can connect to my server either by using Google's website or by using a standard protocol (SMTP), the email gets transferred to the recipient's mail server through a standard protocol (again SMTP), and then the recipient can probably download it using a standard protocol (e.g. IMAP). SMTP and IMAP aren't without their shortcomings, and the openness of this system has had problems because of its openness (e.g. spam), but overall it works wonderfully. However, things would not work this way if they were designed today.

In contrast, several companies (including Facebook, Apple, Google, and Microsoft) have developed messaging applications, which are to some degree aimed at replacing SMS, IM, and/or email. These applications each use proprietary protocols for sending and receiving messages, and there is no compatibility between them. While I can use Thunderbird to send and receive my email on my Gmail account, there isn't a 3rd-party open source Hangouts app, because (at least as far as I know) the protocols for it are not open. From my Gmail account, I can send email to users with "facebook.com" email addresses, but I can't use hangouts to message with Facebook Messenger users. I need a Facebook account in order to do that.

This is just an easy and obvious example. I chose to compare email to messaging because I think it makes for an easy comparison, and it's clearly a bit stupid. There isn't really anything so complex about text messaging that Facebook, Apple, Google, WhatsUp, and all other messaging apps couldn't simply message each other. However, I don't think this a fluke, but instead the easiest-to-understand example of how the internet is moving more and more toward walled gardens. Nobody is developing open standards, or at least, nobody is really agreeing to use them.

To give another example, many sites let you log in with your Facebook account or your Google account-- I think some let you use a Twitter or LinkedIn account. This is great, since it diminishes the number of login credentials that you need to know, memorize, or secure. However, each of these companies are basically offering their own separate incompatible authentication service. The site developer has to decide to actively support Google Authentication, and if they do, it doesn't allow me to authenticate on their site against my Facebook credentials (for example). They must support each method of authentication individually, rather than having one framework that allows authentication against whichever identity provider the user wishes to use.

And although some people will think I'm a crackpot, I think this is a very widespread problem that includes Silicon Valley's obsession with "apps". Instead of developing a photo-hosting service, you have to have a photography app that's tied to a service. They make it so you can't use the app with a different service, and you can't use the service with a different app. Then a couple of companies (e.g. Google, Microsoft, Facebook, Apple) buy all these different apps, and make it so the apps and the services only interact well with their other apps and services. It's not hard to see how this quickly turns into a set of walled gardens.

In my view this all goes back to the issue of standards. If these apps and services used standard protocols and standard APIs, then they could all interact with each other.

what i think is really going on

[FudRucker]

the governments around the world (including the US Govt) they dont like the peasants & peons having so much access to free speech and unauthorized news and media that the powers that be control, so the big TV Networks, MPAA & RIAA and other old school mass media dont like the internet because it gives the peasants too much freedom, they can not corral the peasants in to their monopolized narrative of news and information and revenue generating movies & music, the freedom of the internet has become a thorn in their side

Correct, but..

[s.petry]

We have customers demanding that we host their data in the cloud. Making matters worse, our executives all see it as a great way to cut costs. In other words, people worried about security are ignore when people above them can get fat bonus checks for cost cutting. Given the lack of punishment those people receive from all levels, that won't be changing any time soon.