
How I’d Fix the Internet - chrisherd
https://medium.com/@walterisaacson/the-internet-is-broken-heres-how-i-d-fix-it-19d0b2503aee?source=linkShare-da7b665f3cc7-1482674563
======
tptacek
This is every bad idea about "how to fix the Internet" of the last 15 years,
restated.

In fact, we don't have to change anything about TCP/IP to create fully
authenticated Internet services. Without any changes to Internet hardware or
programming languages, we can use public key cryptography to allow people to
prove their identity to a third party and use that identity to access other
services. In places where anonymity is problematic, those services can simply
disallow unauthenticated users.

The reason we don't have services like this isn't technological, has little to
do with money, and nothing to do with privacy concerns. The problem is that
not enough people want this service. If they did, it would exist already.

Meanwhile, the idea that fundamental changes to Internet protocols would
alleviate security problems is as old as IPSEC: it was literally the pitch
Robert Stratton gave to assembled hackers at Summercon in 1995. The problem
with the pitch is that Internet protocols and hardware have practically
nothing to do with security; rather, the core security problem is that all
programs have bugs, and bugs can be assembled into levers for unexpected
behavior. Take it up with Edsgar Djikstra, not Vint Cerf.

~~~
dom0
> the core security problem is that all programs have bugs, and bugs can be
> assembled into levers for unexpected behavior.

the core security problem enabling that is all kinds of widely used computers
being fail-open by default down to the lowest levels.

------
drcode
"Let's fix the internet by putting in place an all-powerful central party to
enforce new rules, which under best circumstances will be merely a horrible
rent-seeking entity, and under worst circumstances will slowly turn the world
into a totalitarian dystopia"

~~~
samlevine
Plato needs warning labels.

~~~
gavinlynch
I feel this is a great time to point out that Plato disliked a lot of
democracy.

------
KaiserPro
The author confuses consequences with anonymity.

The reason why I don't run up and call random people cunts is the risk that I
might get punched.

ID is only one part of that. However bulletproof ID does not yield security.
What it does do is allow people/governments to persecute people with much
better precision.

The problem of anonymous information sources has been around for millenia.
There is a reason you don't trust the shit the drunk bloke spouts at the pub:
its mostly bollocks.

The main problem is that normal people, right up to the news producers have
suspended their critical faculties.(for different reasons)

"a website I've never seen before, has lots of adverts for escorts and MILFs
said that something happened" its not happened.

"a rumour on twitter said..." its a fucking rumour. Find the source and it
might become fact. Until then, its the same as hearing it in the fucking
playground.

Now, if you're a news producer, I know you want to beat your main rival. But
each time you don't bother to fact check, the value of your news drops.

~~~
jstimpfle
Only slightly related, there is no clearly defined concept of IDs
("identity"). It's not a technical issue.

Identification is a tricky issue, influenced by human, social, and political
decisions. It's also very easy to trick identification routines.

A very practical example is email addresses for groups or organizations. It's
not clear what's identified by such an administrative email address. The
people who read it and send in its name? Some more abstract concept? Depends
on the situation. I'm too tired to find a better example, but you get the
idea...

So the best thing is to say, email addresses identify, well, themselves, and
also where to route emails to these adresses.

You can't build technology without clear concepts. Or with too many,
incompatible, concepts for that matter. I don't see a better way than layering
(i.e separation of concerns).

------
ben0x539
This sounds like the same, completely failed argument for mandatory "real
names" on google+ and facebook...

~~~
Nomentatus
What's needed is real, verified ID TO Google etc, not ON Google etc. If I
troll, give up my ID to the police. Meanwhile, give me anonymity. So,
consequences for bad behavior, yes; a permanent record of all my intellectual
fails and exposure to rw retaliation from all comers for my political
opinions; no. For this, verified credit cards have to exist (non-burners) and
Google has to charge them 3 cents to verify they're good. (There are many
excellent extant engineering solutions to social problems. Locks are. So are
clothes, and baths.)

------
kabes
The author confuses the web with the Internet. Lots of those ideas, especially
regarding two-way links, security and automatic micropayments, have already
been proposed and failed by Project Xanadu. One of the Web precessors. The web
succeeded over 'better' alternatives, because on a system where the whole
world has to agree on a standard, the unix philosophy of 'worse is better'
always wins.

------
titzer
Just your normal pile of terrible ideas asserted with extreme confidence.
Sorry Walter, it's not anonymity which kills the internet. You want to assign
provenance to every IP packet? That'd just exponentiate the danger of a
tyrannical intelligence agency.

No thanks.

------
Animats
Here's what I'd change at the low levels:

\- All new mobile devices must use IPv6 only. (No more NAT at the ISP level.)

\- All IPv6 devices should be able to reach each other if they want to,
without going through a server. (End to end voice, video, and messaging
without the need for a server.)

\- Anything with a big packet buffer must use fair queuing. This includes home
routers, interfaces with big buffers, and cable DOCSIS nodes, but not backbone
routers. ("Bufferbloat" fix)

\- Better ingress filtering at ISPs, to limit bogus source IP addresses to
addresses which can legitimately come in via a path. (Single-packet DDOS
reduction)

\- DNSSEC everywhere (DNS spoofing fix)

\- Get rid of the delayed ACK timer in TCP. ("Nagle algorithm" fix)

~~~
AndyMcConachie
My 'fix the Internet' gripe is to finally stop assuming that 1500 bytes is a
large MTU. It's not 1990 anymore. We can send much larger packets if only
PMTUD worked. But NAT, but 1280 bytes in IPv6 land, but ...

------
adpoe
Could there reasonably be multiple competing "internets" \-- with different
protocols, different 'rules', design and so on?

I don't pretend to know how to 'fix' anything (much less something as complex
as the internet), but I do feel like it would be beneficial to have some
competition in this space, to whatever degree it's possible.

When there's only _one_ option, a variety of problems associated with
monolithic systems and monopolies will inevitably arise--as we've seen with
the current system.

~~~
hexscrews
In some ways, there are. If you consider china's Great Firewall, Tor, I2P,
various encrypted spaces. They aren't the "internet" so much as a layer over
the internet.

------
zedadex
> But those of us who choose, at times, not to be anonymous and not to deal
> with people who are anonymous should have that right as well. That’s the way
> it works in the real world.

It's like I tell mugging victims - you should have stayed on the ID-only
sidewalks

------
roesel
With every idea mentioned (some good, some worse), there is between 1 and 5
flags going off, already imagining the possible misuse of all of the
"updates".

Yes, much could be improved about the internet/web. But if we can see misuse
in the ideas offered right after reading, the proposed new system would
probably be worse than what we have now after some time. It at least took a
while to exploit what we have, not 30 seconds.

------
angry-hacker
And why does everything need to be on medium now? What happened with blogs?
What happens when medium closes down with all that content?

Does writing on medium.com make you more sophisticated? I don't understand
this craziness.

~~~
Buge
Blogs close down too. I would guess the median medium article will last longer
than the median blog article.

~~~
loup-vaillant
No they don't —unless their author let it. My blog won't shut down even if my
provider does. I'll just move it somewhere else.

Of course, if you're posting on blogpost or such, it is _not_ your blog —it's
Alphabet's. If it were your personal blog, you wouldn't have put this "signal
inappropriate content" button, would you?

~~~
Buge
I mean that domain names expire. I just had some of mine expire (which I am
sure I had set to auto renew).

If an author is willing to move their content if their provider shuts down,
that is not much different than migrating their content if medium shuts down.

~~~
loup-vaillant
Well, domain name expiration is a problem. If you pay attention though, no
domain name will ever expire —under current DNS rules at least.

My own domain name is in .fr, and if it expires I have a chance to renew it
before someone else is allowed to take it. There's a few weeks of delay, but
truly losing a .fr name requires the owner to be _really_ negligent. I believe
.com names are more easily lost, though.

------
0x0
Sounds like a suggestion to build a single-source closed vendor-lockin online
system, much like early for-pay bbs systems or similar like compuserve. If the
internet was built to this suggestion, it probably wouldn't even exist anymore
by now as it would have flopped. Or at least limited to a particular country
and for especially interested technical users. Terrible :(

------
Upvoter33
It's true, lots of the internet is broken, and in very fundamental ways.
Unfortunately, we need a group of technical people a lot more knowledgeable
than W.I. (well intended though he may be) to do the fixing.

------
rokosbasilisk
Just a wishlist of ideas with no real technical solutions.

It was strange seeing the mixing of trolls, and bank security concerns.They
are pretty different in nature. Im also surprised there was no mention of ip
addresses.

I think internet is broken, but more at a technical level, its too easy to
have isp accidently break large portions.

ex. Pakistan bringing youtube down accidently in 2008.

~~~
prashnts
Agreed, it reads like a bunch of troll and self absorbed points. My ISP in
India throttles every Public DNS servers except theirs (which I don't trust,
is randomly censored) so browsing doesn't work at times. I am forced to keep a
`dnscrypt-proxy` with `pdnsd` cache on a Raspberry Pi running to mitigate
this.

Yes, the Internet is broken -- both accidentally and deliberately.

~~~
witty_username
If I may ask, which ISP? Do ISPs care that much about following govt orders
about censorship?

~~~
prashnts
Hathway Cable in NCR.

I dunno if they care about govt. orders but if you query their dns for a
"blocked" website it answers with an invalid IP:

    
    
        dig @202.88.149.25 thepiratebay.org
    
        ;; ANSWER SECTION:
        thepiratebay.org.	65346	IN	A	0.0.0.0
    

And Google DNS at `8.8.8.8` just times out. :/

------
jacobwg
Reminds me of the fictional TruYou product from the book _The Circle_. Which
is a fascinating read that explores how "good" intentions like this can end in
undesirable results.

~~~
ghaff
On the one hand, I have some trouble recommending _The Circle_ because it's so
heavy-handed and overwrought. I nearly put it down. But, if you read it as a
deliberately over-the-top "if this goes on" cautionary tale, it's a lot easier
to appreciate it IMO.

~~~
jacobwg
True - I liked that it had some points to think about and a few insights, but
it is fairly heavy-handed.

Just finished _Cumulus_ as a similar recommendation to the Circle and hated
it. It made the Circle look wonderfully nuanced in comparison. Characters
frequently recapped previous chapters, every implication and inference was
enumerated explicitly in great detail, etc. essentially no thinking required.

------
dhuwivvrud
There are few distinctions to be made. First, authonticity of a user and a
machine, in order to validate an email, you need to know which person sent it.
I'm not sure how to enable it technically without having an "all knowing"
central entity.

Breaching the security of applications is a very deep problem which is
unrelated to the internet. The current computing architecture is exposed to
vulns. Both local and remote in a very similar manner.

Regarding the democratic process that have been tampered with, thia is done
way before the internet, and will probably go on forever[1]

[1]
[http://www.huppi.com/kangaroo/CIAtimeline.html](http://www.huppi.com/kangaroo/CIAtimeline.html)

------
UhUhUhUh
This problem started with the first technique that allowed the content of a
communication to be physically separated from its source: printing. The real
problem is not the internet, or printing, but that communicating has become
the dominant form of action, providing us with the illusion of having full
control over the reality of our lives.

------
krick
> Now the problem is nobody can tell if you’re a troll. Or a hacker. Or a bot.

Indeed. I have some trouble deciding if the author is a troll or a bot.

------
omash
Don't fix what isn't broken.

------
Animats
Short version: Micropayments and signed emails.

------
creaghpatr
Walter Isaacson was outed by Wikileaks as colluding directly with the Clinton
campaign so you can see why he would want to 'fix' the Internet.

Edit: source [https://wikileaks.org/podesta-
emails/emailid/6056](https://wikileaks.org/podesta-emails/emailid/6056)

~~~
chasing
You're spinning things in the most negative light possible ("outed,"
"colluding") -- but you're right! He apparently interacted with the Clinton
campaign. Quelle horreur!

Given the damaging nature of all of the fake news and trolling flying around
during the campaign -- including the metric buttload of mountains-made-from-
molehills relating to Hillary's e-mails -- I can absolutely understand how
someone might think the internet needs some fixing.

I don't agree with the ideas he presents in the article, but I also don't
think having a connection to Hillary Clinton's campaign reveals any nefarious
intent.

~~~
a_imho
Nefarious not, but it is clearly stated in the article where he is coming
from.

"Its inherent lack of security has allowed Russian actors to screw with our
democratic process."

Well, he maybe cares deeply about cyberbullying, to me his arguments feel a
bit - dishonest?

~~~
chasing
He clearly stated in the article where he's coming from... but that makes him
seem dishonest to you?

I'm not really sure what you're expecting. He's seen something that he felt
when horribly awry and he's made some proposals he thinks could improve
things.

~~~
a_imho
Exactly, to me it reads he wants to regulate the internet because of political
reasons, but he is mixing in a lot of other things that makes it more opaque.

I agree with the parent, it reads like a political piece to me too that has
little to do with technology and such it is nice to have a disclaimer about
his affiliation*

*disclaimer: I'm not American nor living in the US

