A somewhat frightening BBC story from my link archives:
It turns out that if you’re clever with a webpage, you can pretend to be a visitor’s PC for the purpose of finding out the ID number of their router.
Well, that doesn’t sound so bad. A little technical, perhaps, but not so bad.
Umm… unless Google happened to drive down everyone’s street and take notes on exactly where everyone’s router was. And made that information available as a service. So if you *really* want to stalk someone (well, stalk their router, which is often good enough) now you can! Just get them to visit your tricky website and you know where they live!
Whenever a big accident of some kind happens, like a plane crash or an oil spill or something like that, people usually get frustrated because the cause takes a long time to figure out.
The truth is, there are almost always multiple causes, multiple failures which allowed the catastrophe to occur. The pilot was tired and the ground crew slipped up. And the weather was rocky. And, and, and… Generally security for these things is so layered that multiple failures have to occur before a major disaster happens.
The problem is, that’s an accident. Unintentional.
Security is harder than accident prevention, because in security, there is an intelligent, malicious attacker who is actively trying to combine systems in the worst possible way.
The offshoot of this is that even if one system is arguably secure, it can still participate in catastrophic failure if one of the systems it interacts with is compromised. You cannot make it secure – you have to make all the possible combinations of systems secure.
Which is why producing systems of jaw-dropping power is a bad idea, unless you can show jaw-droppingly proportionate benefit.
I guess I just wish that someone at Google had stopped saying, “This is so cool” long enough to ask, “Is this really a good idea?”
6 Responses to "Something completely different"
Not enough to make me ditch my oh-so-useful internet connection.
But it does make me want to keep my footprint there relatively light.
A stronger dose of “Is this a really a good idea?” alongside “This is so cool!” would be nice in quite a few applications I can think of.
@Janet
Examples?
The internet world hasn’t yet fully come to grips with the idea that there are some things which are possible yet should be disallowed.
The initial selling point of the internet was freedom: freedom to be anonymous, freedom to share, freedom to talk to anyone across the world, freedom to say what you liked, freedom to buy and sell things without being taxed…
What you wanted to do was pretty much left up to your imagination, and the predictable result was that there was a massive amount of innovation on the web. We now have everything from 4chan and chatroulette to Ebay, Wikipedia, and Wolfram Alpha.
But it’s a massive bubble that only exists because the evolution of law is necessarily slow. (It’s slow because getting laws wrong can be a very painful experience).
From the earliest thrill of “Wow, we can do whatever we like” to “Why am I getting so much spam?” (Hint, someone *else* can do whatever *they* like) we’re rediscovering that the rule of law is, in some cases, a good thing.
Facebook’s greatest asset, for example, is that anonymity is not allowed. This makes combating unwelcome elements (spammers, con artists, etc) so much easier. It’s a great tradeoff, in my opinion.
There’s a process from young to old that happens with people in society on the web just like it happens to individual people. Yes, cookies are good, no, it’s not a good idea to eat three boxes for supper.
Great post!
@”The Internet world hasn’t yet fully come to grips with the idea that there are some things which are possible yet should be disallowed.”
T’ain’t just the internet world — nuclear weapons, cigarettes, collateralized debt obligations . . . the list is long.
Seems to me that this should categorized in thehumancondition
Good point! But people tend to have fairytale expectations about the internet, while history has us all jaded about most everything else.
Categorization duly rearranged.
Cell phones and Nintendo DS’s all round for the little ones, plastic lined consumer lives, World of Warcraft .. the list IS long