Information (in)security

The internet is a cesspool of fraud and abuse. A broken system designed for a fantasy world that will never exist. It cannot be secured. All the value it touches will inevitably be stolen.

I've made little effort to hide the fact that I'm fed up with this technology. For years now it has been Google this, Apple that and Facebook for the other thing. Someday everyone will own a "smart phone." Low cost software is eating the earth. Network effects are creating unbreakable monopoly scale moat around the future of interpersonal communications.

The problem is, its all nonsense.

The age of the smartphone is ending. Iphone version 13 will have seven cameras because, why? Wall Street isn't stupid enough to believe even the most ardent fan will keep shelling out ever larger portions of their income for these features. Very soon now the numbers will fail to meet expectations and the stock premiums will decline.

Innovation in the space has stopped. 5G isn't going to change anything. The faster speeds it promises are still a decade away for dense urban areas, and will likely never materialize for the worlds vast rural population.

Ohh, the tech giants will make many profits in years ahead. One or more may even still be operating at centuries end. But the high flying days of infinite possibility for these firms is over.

The world is about to change in ways that few can appreciate. Standard oil was not permitted to control the auto industry. Microsoft was not allowed to control the web interface. And none of this present crop of tech empires will be permitted to control what comes next.

There are fundamental flaws in the infrastructure of the internet. The TCP/IP stack of protocols that handle the switching and routing of information packets that IS the internet was designed to be resilient. If the connection between New York and Chicago is broken, the network can reroute information via another connection through Virginia, or whatever. It was not designed to be secure. It was built on TRUST. Security was added after the fact. Like, decades later! Well into the era of commercialization.

Even to this day it is impossible to secure a website on the public internet without giving Verisign or some other private for-profit firm the complete master keys to the SSL encryption system. With the keys in hand it is trivially easy to decrypt the entire data stream. Client lists. Email communications. Cloud storage data. All of it. Don't need your permission. Don't need to care about you at all.

If anyone asks why thousands of people need access to the most important digital keys? Preventing kiddy porn. Case closed.

The reason the world is a dumpster fire of daily data hacks and ransomware hit jobs is that critical network services are fundamentally broken.

For example, the domain name service (DNS) that converts high value brand laden website addresses like www.whatever.com to network routable IP addresses is exploitable in numerous ways. It is one of the reasons we have tech giants. The nature of DNS means companies like Apple and Google can run their own private versions of the public internet. Every Android phone on earth uses the Google DNS servers and if Google dislikes you it can, with no permission from anyone, make your entire domain vanish from Android phones. Apple can do this as well. Other flaws in the protocol mean that China and others can do it to them. And this isn't even the biggest problem with the system.

Look at the electronic mail system (e-mail). Agents for Google's Gmail and Microsoft Outlook are fond of pointing out how effectively their now ubiquitous systems filter the SPAM messages that their users would prefer not to see.

SPAM is a sham that monopolists use to tarnish any communication that wasn't propertly taxed. You think that picture of your lunch isn't a sales pitch? The distinction is economic and it leads to only one dark dead end.

It is seemingly impossible to crack the tech hegemony because it is impossible to convey a message that they dislike.

This is a clown show.

It is time for change.

There are many ways to solve the network problems but it requires a commitment by those who control the network to implement change.

As best I can tell the technical work is complete on several important protocol upgrades. For example, there was an Internet Engineering Task Force working group started in 2014 that developed working solutions for windows and linux systems to encrypt the TCP data stream by default. That data is currently not encryptable and is relentlessly exploited. The project looks abandoned. It or something similar should be live on the network by now. For more on the subject click here.

Many of the problems with DNS were solved with DNSSEC years ago. It creates a blockchain like tree of DNS record authenticity that can provide validation for every network packet. A tiny fraction of DNS traffic is compliant because domain registrars are charging premium fees to access this and other basic security solutions.

More importantly, given the importance of DNS in the system it really should be institutionalized. Back in 2000 it made sense to have several registrars creating jobs and competing to develop the best solution. Now it is a gateway to countless exploitation opportunities.

Most important of all; E-mail should be institutionalized. Governments generally have a postal service tasked with delivering the nations mail. For some reason, modern governments have collectively delegated the job to Microsoft, Google, Facebook, and Apple. Why?

I believe the debate about Section 230 is a red herring. If Americans - indeed everyone globally - could talk directly with each other via a secure, constitutionally protected public utility, social media firms liability wouldn’t matter.

To appreciate how broken the system is, imagine a world were online voting and electronic service of process are legal.

You cannot get there without solving these and the other flaws.

You also cannot have what comes next.

It is important to remember that the world is as it is for good reason.

Think about the alternative you propose. What are the consequences?

What do you mean by institutionalize?

Sources suggest that GoDaddy Inc (NYSE: GDDY) is displeased with the original poster's characterization of their business.