ASk HN: Did Internet evolution kill all the security models?
When you design with security in mind, you assume things are going to get compromised.
As such, one of the unix-like systems strategies, is to limit the available resources for compromised "elements" (users, processes, hosts, subnets, etc).
Back in the day, we did "download markup to render rich text".
That is relatively acceptable, even if it implies some trust levels (the server software, the client software, the content processed, the scenario, etc...).
But hey, we're 2013. The browser access to many layers of abstraction and functionalities, the smartphone is not better...
Quality of default configurations of many elements has "evolved" across the years... to the point of demand your work exponentially if you want to follow some minimal security best practices.
Once upon a time, the data was in your computer, and you used e-mail to communicate, and did access to content following html links. But nowadays any security model is broken by default for the average use that people does of internet.
Share everything, locally, remotely, between devices, reuse credentials between providers, crappy software validation processes, code which you cannot audit but your data uses, etc etc etc
Did the internet evolution kill our computers security ?
6 comments
[ 7.9 ms ] story [ 23.0 ms ] threadEven in the next step in evolution to meshnet's, from following forums like this[1], security still remains an after-thought (or not up for thought yet it appears in this case)…
[0]https://en.wikipedia.org/wiki/History_of_the_Internet#From_A...
[1] http://forum.chicagomeshnet.com/
Now if there were something that we all would equate to being the internet that wasn't built upon those assumptions and failed to provide adequate security for the masses… that would be a different problem.
But what I'm referring is more to the evolution of internet (lets say since the arrival of colors, images, js, flash, java, ajax, "social", "cloud", ...)
I.E. I don't pay to anybody in my city to save my physical photos, neither I put my photos in the middle of the city so everybody can look at them. But that is what the average internet user has being doing in the last years.
Personally, I think that the avg internet user has yet to grapple with the terms of the capabilities of technology that renders some of their "protections" on social constructs obsolete from a technical standpoint. In an economic sense, I would call it informational asymmetry.
But more than any point in history (or maybe not if one abstracts enough away), the avg internet user has the capabilities to understand, but for the most part, chooses not to… and how can one insure another's security, when the other chooses not to be actively concerned and mitigate such concerns like some of us do?
And not liking the technical answers which come to my mind to your question, because they're against the nature and evolution of internet.
So upvoted, and thanks for your thoughts.