Slashdot Mirror
'The Internet Needs More Friction' (vice.com)
Justin Kosslyn, who leads product management at Jigsaw, a unit within Alphabet that builds technology to address global security challenges, writes: The Internet's lack of friction made it great, but now our devotion to minimizing friction is perhaps the internet's weakest link for security. Friction -- delays and hurdles to speed and growth -- can be a win-win-win for users, companies, and security. It is time to abandon our groupthink bias against friction as a design principle. Highways have speed limits and drugs require prescriptions -- rules that limit how fast you can drive a vehicle or access a controlled substance -- yet digital information moves limitlessly. The same design philosophy that accelerated the flow of correspondence, news, and commerce also accelerates the flow of phishing, ransomware, and disinformation.
In the old days, it took time and work to steal secrets, blackmail people, and meddle across borders. Then came the internet. From the beginning, it was designed as a frictionless communication platform across countries, companies, and computers. Reducing friction is generally considered a good thing: it saves time and effort, and in many genuine ways makes our world smaller. There are also often financial incentives: more engagement, more ads, more dollars. But the internet's lack of friction has been a boon to the dark side, too. Now, in a matter of hours a "bad actor" can steal corporate secrets or use ransomware to blackmail thousands of people. Governments can influence foreign populations remotely and at relatively low cost. Whether the threat is malware, phishing, or disinformation, they all exploit high-velocity networks of computers and people.
In the old days, it took time and work to steal secrets, blackmail people, and meddle across borders. Then came the internet. From the beginning, it was designed as a frictionless communication platform across countries, companies, and computers. Reducing friction is generally considered a good thing: it saves time and effort, and in many genuine ways makes our world smaller. There are also often financial incentives: more engagement, more ads, more dollars. But the internet's lack of friction has been a boon to the dark side, too. Now, in a matter of hours a "bad actor" can steal corporate secrets or use ransomware to blackmail thousands of people. Governments can influence foreign populations remotely and at relatively low cost. Whether the threat is malware, phishing, or disinformation, they all exploit high-velocity networks of computers and people.
just no
I thought porn provided enough "friction" already
The true sign /. has jumped the shark when it starts pushing this kind of authoritarian bullshit.
deny everything & blame the semi-innocent.. just don't call it genuine intelligence?
They really aren't the sharpest tools in the shed, never have been. Sounds like yet another way for them to shirk responsibility, to me. Naturally, Schmidt's solution is to use the power he made up with his two sociopathic brain cells to attempt to control and manipulate. I think it's all they are capable of coming up with.
How are you going to introduce artificial delays onto the internet? No matter how slow your internet is, even if you're stuck on a 56k modem, it's still faster than any other method if you want to commit fraud. There is no magical "fix the internet" button. Rather than delaying suspicious shit, simply quarantine it, put a big fat notification on it "THIS CONTENT IS SUSPICIOUS, THE USER IS ADVISED NOT TO OPEN IT" There's no need to delay the content or scan it. If the person is a tech idiot, that big notification telling them HEY DON'T OPEN THIS will do the trick. For smarter people, they will KNOW whether it's actually dangerous or not.
That Slashdot has gone so much downhill as to post stuff like this.
It's not the speed of the internet that is the problem- it's humans adapting to it.
Whether it's behavior or security practices it is all about adaptation. Adding "friction" is corporate weasel terminology for "I'm an MBA and can't understand this".
There's nothing like getting a blank stare from an MBA, who is your boss, who either refuses, or cannot, understand technology or it's social consequences.
Another consultant who stuck it out.
"We are the Priests, of the Temples of Syrinx..."
"For example, a piece of software should not be able to penetrate more than 10 percent of a corporate intranet without its growth being paused and an IT admin explicitly approving any additional installations." How is this going to work? All installations of software need to be actively approved by someone. Unless you are talking about allowing end users install their own software. Then I don't know how you would control it to 10 percent. Anyway, I don't know how that would help stop anything.
so things start getting slightly difficult, and oooh help me nanny state, we need to revert to out dated methodologies because we have no imagination....
Fast communication is the enemy of thought control. Filter ALL the things!
The sans culottes are printing pamphlets!
no more facecrime - only goodthink allowed
Lets NOW get regulations put it, while WE have a lot of say and clout and while we have a lot of politicians we can buy off to help make sure that regulations benefit US more AND in a way that hurts other startups.
This business is as wrote as history. When you are small, you hate regs because they cause you pain... when you are BIG, you like regs because you can buy a few of them that help keep your business either directly or at least quasi blessed by one or more of the government agencies. And what is wrong with having the ear of government? And like the TARP bailouts... getting to big to fail is an insurance policy all its own! Government will happily put businesses on welfare too!
I can't tell if the author is a raging dumb-ass or very, very snarky.
Bullshit. After google has used that lack of friction to get into everything from deliver ing traffic to redefine how internet works with all the new protocols it is utter Bullshit for them to call for friction so their future competitors and non-incumbent innovation will be inhibited.
..they want us to revert back from fiber to Bell-202 ?!?
So google is whining that the market is too free? They want âoefrictionâ to cement their position in the market and prevent anyone from ever displacing their stranglehold on our data.
Fuck you, Googlers. You are doing the devilâ(TM)s work.
Google has a parallel internet twice as fast as the regular Internet. They can move everything they own across the world than we plebs can move stuff through the Internet. They built it using leased optic fibre lines around the world that they bought at a bargain when the dot com bubble burst. Now they are preaching to us that the Internet need to be slower.
Heroes die once, cowards live longer.
Like Google. That's what the Internet needs.
DARPA even let a contract to learn how to do it better: https://phys.org/news/2011-10-...
In 2011 - note which head of the uniparty was running things at that time. They then passed the NDAA which made outright telling the public lies a legal act - along with other horrible totalitarian enablers.
I think it partially explains the current frenzy. Horrible powers of overreach were handed the executive with no thought who might wield them next. And now, in some people's opinion, the wrong guy has those powers. Not that he's used then anything like the previous war and surveillance and monger and enricher of the MiC.
Posting unpopular/uncomfortable facts anon...Lack of friction can be useful.
Who the fuck is ahfabet? Never heard of them. They a big company like GOOGLE?
Everyone with a technical mind here will think that "adding friction" is about inserting delays in transfer protocols, which is a stupid idea.
But the article is not about technical bandwidth, but about social conventions. It *is* a good idea to reduce the amount of exposure to bad actors, as every security specialist can tell you. Spam filters, white lists and ad blockers add friction to transmission, and we all consider those a good thing, even if sometimes you need to recover false positives from within the filters.
Similarly, closed group-based social networks like Whatsapp are less prone than Twitter to focusing noise onto a single spot. Twitter is known for destroying the life of people in a few hours, and it happens because of the speed with which information on a topic can propagate through the network and concentrate the discussion of the whole internet on the timeline of a single person or reduced group. If the topic needs to propagate slowly through several closed groups, it is less prone to produce the same burning effect.
Pursuing those objectives - isolating one from bad content, reducing speed of propagation, distributing replicated info through several smaller channels - is a good use for social friction in the net.
Singularity: a belief in the "God" idea with the "demiurge" relation inverted.
Of locking in their monopoly and power now. All good crony corporatists do this.
Also the speed limit analogy is so stupid - they went up after interstates were built. And allowed even more "frictionless" trade between parts of the US.
Maybe he penned it during last week's walk-out?
How to use the internet safely? https://www.susthesurfer.com/h...
That the author is employed is a testament to his ability to sell bull shit.
That this fluff piece got published is a testament to no one reviews articles before they are published.
If we take a our way back machine, we would learn that security was an after thought to software design. Largely because computers were non-networked, single user (as opposed to multi-user) machines. Then computers started to be multi user machines, more than one person working on the the same machine and then they started talking to each other, i.e., networked.
During this evolution from single user to multi-user and to networked, people started looking at security. How to prevent people in a multi user environment from seeing each others information and how to prevent people from their computers accessing someone else's computer on the same network.
This was all BEFORE 1994 and the WORLD WIDE WEB. The internet existed long before 1994 but when you say "internet" you are referring to the WORLD WIDE WEB.
So no the internet did not change anything. As multi user environments became the norm and networking evolved, security became an issue and a concern.
What you jackasses like Google did was continue the long history of software makers ignoring security concerns. But you did it AFTER people where focusing on security. You did it AFTER lessons learned. You COULD HAVE backed in security into your products and services but CHOSE not to.
So please fuck off.
People having access right in their hands is why things are so 'open', not because there is limitations on how information travels. Putting limits on access gives power to those who control that access or those lanes (e.g. the great firewall of China).
"Content that might contain phishing or malware could be extra-delayed to algorithmically look for patterns in suspicious links or attachments."
Gee, I wonder where we might get some service to scan, parse, examine, study and commercialize our digital correspondence?
Hopefully a friction-less computer can do it so I can hurry up and wait for my communications to be approved!
What an absurd idea to introduce artificial friction.
This person is pushing towards totalitarianism like they have in China. Someone (or something) checking what you are doing every step of the way.
This is great for the powerful, bad for the people. Good for the copyright holders, bad for spreading culture. Good for dictators and spies (ie. hacking team), bad for Wikileaks.
The hackability and "lack of friction" is a feature, it gives the people a fighting chance. Good days when the engineers of the internet had good ideology on their code.
"I suck at my job and i want governments to do it for me by slowing down the internet"
He isnt wrong but he is going the wrong way about explaining the solution to better security on the internet.
This guy is product management at a company that develops technology to address global security challenges and he is saying that his solution is to slow things down? sounds like someone bad at his job. Any security is going to slow down transaction times on the internet, that is a given, adding encryption layers adds processing time and there is just no way around it. This guy is either asking other people to do his job and slow down the internet or he is doing a bad job of explaining that more security comes with the cost of more processing time and thus slower connections. Either way, he really shouldn't be saying anything, he should be working on products that increase security while minimizing the processing time that will be required.
Just another douche who let his ego control him. if take a look at the article he is just spewing bullshit that will result in gamification. comments like:
"First, only urgent content should be fast. Most content is not urgent; not only does it not need a push notification, it could often be delayed and bundled with other similar content. Content that might contain phishing or malware could be extra-delayed to algorithmically look for patterns in suspicious links or attachments."
devious people will just make their bad traffic look like good traffic. but i guess when you only have a hammer (algorithms) everything looks like a nail.
"Highways have speed limits and drugs require prescriptions"
Both are just suggestions that you can ignore whenever you want or need it.
There are better ways to stop disinformation and fake news,ie. just make a feature in each and every browser where each user can report a possible disinfo or propaganda campaign and fake news. That data can be stored by mozilla or google and warn the reader of a possible fake news being viewed.
There are better ways to stop ransomware too, trace the c&c server then shut them down or imprison the guy or people who opened the domain.
I have never driven an automatic, always stick, so i an accustomed to use a friction clutch. Where is the problem? I know that those lazy Americans have some problems to drive a five-speed manual, but we in Europe are accustomed.
I once have driven a car with a broken clutch for 20 km to reack the nearest car mechanic and was a bit tricky to drive witout friction, especially stating
In the old days communication was slow, and when the man on the horse was killed by the other tribe due to a lack of understanding and communication they just marched over and killed everyone or all got killed.
I understand the time people need to learn new things, but think of what people are calling work these days and how much they are getting paid for it.
If there's one thing I've learned from the internet, it's that friction is bad and lube is essential.
My immediate reaction is that the article is nonsense, but I'm willing to withhold judgement unless there's some concrete proposals. For example, it's not uncommon for people to greylist email or have a timeout after a number of failed login attempts. Both of those could be considered "friction" of the sort the author is talking about, and I don't have a problem with those.
But I think we should also be thinking about the opposite: What happens if everything is open and virtually frictionless? What if computers get so fast that we can't trust encryption anymore?
We send around encrypted traffic all the time with the idea that it's safe, and then we hear stories about how some encryption scheme had a flaw and can be cracked (or will soon be able to be cracked). So consider what would happen if someone were to have intercepted and stored your encrypted email or HTTPS traffic, and in 5 years it becomes trivial to crack. Are you going to be fine with all of that information to be out in the open? Scarier still, what happens if a suitable replacement isn't created in time, and we can't adequately encrypt things. How will we keep the world operating if we can no longer secure our transactions? Is there another model of operation that can exist in a transparent world without secrets?
I'm not saying it will happen, or even that it's likely to happen, but I think we should be considering what we want to do if it does happen.
So the morons who wanted to move fast and break things suddenly realize they broke everything. No shit. You broke democracy through one social network that is a spying platform and another that has never made a dime.
Be kind, for everyone you meet is fighting a difficult battle. - Plato
Adding "sleep" statements to my code right away!
Some settling may occur during posting.
So this privileged male of European decent (Justin Kosslyn) thinks he or people just like him, should be allowed to take control over tax-payer built internet (Throttle speed) and discriminate based on income, ethnicity, gender, or what ever. So he can feel safer, like In the old days. Maybe like when we had "Jim Crow Laws" those good old days? I mean when you consider context clues like the history of our country. I can't be sure but this sound familiar. as for internet throttling my view is (If it ain't broke, don't fix it)
We should ban all advertisements on the internet, they are the enabler that allows anyone to afford putting up useless content. Without advertisements we wouldn't have the social media sites that are basically the epitome of your claimed 'problems'. Look in the mirror pal.
Convenience instead of security, that's why there are so many security issues in, e.g., IoT devices. The goal of the IoT vendors appears to be to make it as easy as possible to get the device online so that data collection can commence. Until that goal changes, security will continue to suffer.
Retrograde forces have been trying to reassert their supremacy for years. Gumming up the works is one way to do that.
First, this does not even identify the right problem: The problem is in the end-points, not the network. Second, "friction" will not solve it. It is the wrong idea in the wrong place. Third, does this person even know how the technology works he is talking about? Apparently not. Next: Even adding minutes of "friction" to software (malware) distribution, that would not help. I did some research in this area about 2 decades ago, you still can saturate the whole net and reach all vulnerable targets with significant delays. Analysis of malware takes days, so unless you propose to slow it down that much, this is just a very bad idea that stems from lack of understanding.
The actual issue is bad endpoint security and, if you want to blame the network, global direct reachability.
Google really seems to be in decline, if that is the level of insight they have to offer there.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Just come and propose that BSD adopt systemd on Slashdot and you'll see just how much friction the internet can generate.
By abolishing net neutrality?
By abolishing net neutrality?
It's called ads. And also your general confusion over the content you are drowning in.
but close enough... https://xkcd.com/669/
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
The internet is full of bad stuff. Fake news, lies, ads, identity thieves, scam artists. But I worry when someone else gets to decide what is 'BAD' and what is 'GOOD' and try and eliminate or handicap everything they don't personally agree with. There is plenty of 'friction', but it is in my brain where I prefer it to be. I don't fall for everything that gets posted on social media, or even in mainstream news outlets. I am skeptical of almost everything I see today. You are a fool if you believe a significant portion of the BS being pushed on the internet.
Anyone screaming for regulation just thinks they'll be the ones doing the regulating.
Especially if you are already big yourself and don't want to face any competition.
hitnet. You can't load a single page without spending half an hour cliking images or entering numbers from an image anymore. It's a pathetic joke.
Is this an argument for returning to good old fashioned crime, breaking the internet, or both?
The same design philosophy that accelerated the flow of correspondence, news, and commerce also accelerates the flow of phishing, ransomware, and disinformation.
Well, yes. These are called "tradeoffs".
I don't see anything in the summary (and the stupid hurts, I am not reading the article) about what we would lose with "more friction".
Anyway, there's plenty of friction on the internet, where it matters. Have to login to any site that matters, have to prove identity to things like tax services and (at least initially) banks, etc.
What Facebook and Google have proved lately is that the kind of "friction" they want is against people and ideas that they don't like. #%^ that.
"Slow the internet down so it takes longer for people to steal my stuff on it" Ya or just don't put your stuff on the internet...The internet wasn't created as a platform for you share your stuff. It was created as a platform for EVERYONE to share their stuff. The internet isn't owned by corporations. That is what this article is about. It's about corporations trying to take over control of the internet, so they can use it to their advantage. Sorry, but the internet isn't for sale. We will keep it just how it is, thanks.
Could a "bad actor" be somebody you don't agree with?
Maybe that person's views could cause sociality harm, or make you feel that you're not safe.
For example: maybe somebody could insist that there are only two genders.
[With a 5-minute delay on payment cards,] Paying a toll booth or a bus ticket or any number of on-the-spot purchases becomes impractical.
Not if the cardholder asked the issuing bank to authorize a particular (merchant, maximum amount) pair more than 5 minutes in advance.
Artificial delays will kill things like media streaming
Unless it's a live stream of a sporting event or whatever, I don't see how a 5-minute delay to buffer up the start of a stream would hurt.
gaming
Video games can be downloaded to a suitable computer in advance of play. Multiplayer video games can run on a split* screen or over a local area network (LAN).
and VOIP
Even if a low-latency channel can provide only 2400 bps each way, Codec 2 squeezes usable voice into such a channel.
* Or otherwise shared, as seen in Konami's Bomberman and Nintendo's Super Smash Bros.
Anything using 10/8, 172.16/12, or 192.168/16 is a "private internet" according to RFC 1918 - Address Allocation for Private Internets (1996).
Dear Vice,
Go away.
Thank you.
This guy is applying this to just the Internet, whereas I apply it to everything: our technology, in general, has evolved orders of magnitude faster than our species has evolved physiologically, especially our brains. If you use as objective an eye as possible you can see where the comparatively fast development of technology has created problems. In some ways, we, as an overall species, would have benefitted from many technologies developing slower, allowing us time to adapt better. Not that it matters now, of course; it would take a total collapse of our global civilization, to the point where nobody knows how most of our current technologies work anymore, to bring us back down to a level commensurate with our level of evolution; essentially nobody is going to give up what they already have. But we could slow things down overall a bit rather than overloading everyone with more, more, more.
This is the kind of overreaction porn I come to slashdot for.
Is this an overreaction though? You could make exactly the same claim about the postal service. It sped up the interaction between people and allowed for mail-order scams etc. too. However, that same service was also used by law enforcement to transmit information about crooks rapidly e.g by sending fingerprints, crime reports and arrest warrants between jurisdictions. The same applied when the telephone came along.
In all these cases the solution has always been that you use that same reduction in friction to speed up the police e.g. now police can get arrest warrants, photographs, files etc. sent directly to them on the street. It is far better to force everyone to speed up rather than try and make everyone slow down to the speed of some authoritarian, bureaucratic department of government. Indeed if one country did this it would likely find itself left behind by those which don't have such impediments.
You try that approaching a toll booth on an unfamiliar road at night. Tell me how it goes.
When you obtain directions through TomTom, Google Maps, or another navigation application, you could have the app notify the banks to authorize payment for tolls along your route. Apps lack this feature now but are likely to add it should banks introduce friction measures against unauthorized use of payment credentials.
Live stream is one.
Attending ball games in person rather than watching some out-of-market game through IPTV would fulfill "Third, favor local content" in Kosslyn's editorial.
Short videos a la Youtube is another. Can't stream hop when it takes awhile to start a new stream.
A counterpart to YouTube on a high-latency network would buffer multiple videos in a playlist. Allow human beings to curate these playlists, and the algorithm won't kick viewers onto an endless loop of "Finger Family", "Surprise Egg", and "Peter Parker and Elsa Agnarrsdaughter Are Roommates" videos.
Video games can be downloaded to a suitable computer in advance of play. Multiplayer video games can run on a split* screen or over a local area network (LAN).
Thus totally killing remote play. Most FPS and MMORPGs are worthless if everyone has to be in the same room or building.
Prior to Xbox Live, split-screen or LAN play was the norm, particularly with iconic shooters such as MIDI Maze, Doom (1993), GoldenEye 007, and the first Halo. Switching the dominant mode of multiplayer from online play back to split-screen or LAN play would fulfill "Third, favor local content" in Kosslyn's editorial.
Latency is exactly the problem with artificial delay. Bandwidth isn't an issue.
Perhaps I wasn't clear about it, in turn because Kosslyn's editorial wasn't clear about what constitutes "urgent content". Perhaps adding QoS would reserve a small fraction of bandwidth for low-latency use and the remainder for high-latency use.
Want to slow down the internet? Let AT&T handle it. Pay to play. Pay more to play faster. Pay even more to make your competition play slower (not a real option yet). Damn. I love a free market.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
Instant frictionless communication system.... Aka entangled photon streaming https://twitter.com/TheEinarkist/status/1063338168768958464?s=19 and Alphabet and Google cant even sniff out the traffic :p
Comparing the internet to highway speed limits or pharmaceuticals makes no sense. Sometimes a prescription requirement is there for the sole purpose of lining the pockets of drug manufacturers. This is why different countries have different cutoffs for over-the-counter vs prescription only. Comparing drug restrictions to the internet amounts to making restrictions deliberately to make Zuckerfuck even richer. Likewise I am probably one of the few /. members who remember when the federal government capped the speed limit at 55mph. Whereas speed limits are SUPPOSED to represent a safe driving speed for a, very much, lesser skilled driver.
Maybe instead of artificial barriers that only serve to enrich the gatekeepers, mandate a de-centralization of all data so that one security breech does not buy the entire farm.
If I had blackjack and hookers, I wouldn't need the Internet at all
So instead of solving your malware and similar issues, lets instead force everyone else to change how they act. Nope, that's not a successful strategy. All the things they listed can be countered if they take the time to learn and implement what they've learned. But instead they want to force everyone else to act differently. I don't understand this mindset. The solution is in your grasp but you choose to ignore it and go after an unobtainable one.
Honestly, filtering these comments by score is a form of friction, and I find it to be a great feature because the comments section is a bit much sometimes... ;)
The preferred term is "Googledouche".