Re: Trust and Security
Replying to all of the above in this little sub-thread, but to this one specifically to keep it in "thread order". Thanks for jumping in on this strand of the discussion.
Isn't it interesting that almost immediately two - almost - seperate discussions started from the same article? One "insisting" that personal-security can be shoe-horned into the Internet and the other suggesting - for all but the most skilled - the system itself makes that impossible (and btrower has discussed how shoe-horning might work, in this mini-thread; bringing the two discussions together).
I wrote the bit above - and thank Don for clarifying with a better written piece - because I wanted to raise the question of whether the "privacy" offered by the Internet (to an unskilled "user" - with just the basic software/hardware) is, and/or will ever be, sufficient for them to use in the manner in which they do?
I guess a retitle for the article might be, "Was Internet Banking ever a clever idea?"
I'm fine with unsecured cat videos - Always have been - Cat videos are why TBL invented It in the first place (though I think if you ask him, he'll say it was academic papers; that's just embarassment, though). It's all this other stuff, from eCommerce to Internet Banking, that concerns me.
I should make clear - I have always considered it extremely likely that governments would snoop on the traffic within It. And I do not readily see how that will ever change. We pay them to worry about us, so they do. Sending a message in a form they cannot understand - encrypted - is only a reason for them to be even more interested in you.
So, this isn't written from the - perfectly legimate - angle of protecting the people who do have something to hide but from what it means for the people who genuinely don't ... but do need to get to their bank-branch, before it closes at 4pm this afternoon.
People have been encouraged to do unsafe things with It. In the name of profit for those doing the encouraging. Business jumped on It the moment Jeff shipped that first book from his garage. And has just hung on for the ride ever since.
Back in 1994/5, when I was first shown It; my initial reaction was how cool It could be, but how far It would have to go to change the planet. There was no way people would be purchasing their new car over It, in the state It was in. But twenty years later, with hardly a Change Request actioned (or even ... requested), here we are. It has Its own currencies, banks have almost no real-world branches and book shops on the high street are rarer than Apple stores (the kind that don't sell fruit).
Isn't it time someone important stood up and rang the bell that stops the bus? Even if we don't all get off, but just sit wondering about It, while the bus driver tries to figure out who is getting the $50 fine?
As I think the overall reaction to the original article shows, security is possibly possible. But any methodolgies used to achieve that are so far outside the knowledge of the mainstream internet user - and me! - as to make them unuseable.
And I do not see how that can change - Neither by "idiot proofing" the technology (though that can always get better) nor educating the average mainstream user?
So, time for the controverial question: Is It "good enough"?
If It will never be perfect; is the "progress" It has helped bring about (e.g. know your bank balance in seconds), worth the loss of security that no longer having to have that face-to-face meeting with your bank manager, offered?
To put it another way - and come over all superior, sadly - Is it so beneficial to society that the Shanes and Sharons (sorry, if you are reading, Shane/Sharon) get exposed to all manner of crime - both government-backed and everyday - in the name of doing things faster, better, cheaper?
I'm not suggested it can be uninvented. That genie is going no where near it's former jail-cell. I am suggesting - maybe asking is a better way to put it - whether maybe the people supposed to be looking out for Shane and Sharon, hadn't better just pause for thought?
The fine for ringing the bell is only $50; it's got to be worth someone agreeing to cop for it, while everyone takes a breather. Hasn't it?
Biting the hand that feeds IT
