

ASk HN: Did Internet evolution kill all the security models? - txutxu

I was doing some researching to improve the security on a system right now, and this did come to my mind.<p>When you design with security in mind, you assume things are going to get compromised.<p>As such, one of the unix-like systems strategies, is to limit the available resources for compromised &quot;elements&quot; (users, processes, hosts, subnets, etc).<p>Back in the day, we did &quot;download markup to render rich text&quot;.<p>That is relatively acceptable, even if it implies some trust levels (the server software, the client software, the content processed, the scenario, etc...).<p>But hey, we&#x27;re 2013. The browser access to many layers of abstraction and functionalities, the smartphone is not better...<p>Quality of default configurations of many elements has &quot;evolved&quot; across the years... to the point of demand your work exponentially if you want to follow some minimal security best practices.<p>Once upon a time, the data was in your computer, and you used e-mail to communicate, and did access to content following html links. But nowadays any security model is broken by default for the <i>average</i> use that people does of internet.<p>Share everything, locally, remotely, between devices, reuse credentials between providers, crappy software validation processes, code which you cannot audit but your data uses, etc etc etc<p>Did the internet evolution kill our computers security ?
======
cinquemb
Considering that the "internet" was developed with the original purpose to
make it easier to transmit information between _trusted_ nodes (researchers),
security seems like it was an after-thought[0]…

Even in the next step in evolution to meshnet's, from following forums like
this[1], security still remains an after-thought (or not up for thought yet it
appears in this case)…

[0][https://en.wikipedia.org/wiki/History_of_the_Internet#From_A...](https://en.wikipedia.org/wiki/History_of_the_Internet#From_ARPANET_to_NSFNET)

[1] [http://forum.chicagomeshnet.com/](http://forum.chicagomeshnet.com/)

~~~
txutxu
Lot of people, I myself lot of times, by technical ignorance, don't follow
balanced practices, comparing what we do on the computer, with what we do in
real life.

~~~
cinquemb
Agreed, but what I'm saying is that there were no balanced practices to begin
with… systems were _assumed_ to be "secure". What people equate to the
internet today, was built upon those assumptions. If one were to look back at
it and say that the internet killed computer security would be like trying to
fit square pegs in round holes…

Now if there were something that we all would equate to being the internet
that wasn't built upon those assumptions and failed to provide adequate
security for the masses… that would be a different problem.

~~~
txutxu
Well I see your point. Internet is just part of the history of computers as
other technologies are too.

But what I'm referring is more to the _evolution_ of internet (lets say since
the arrival of colors, images, js, flash, java, ajax, "social", "cloud", ...)

I.E. I don't pay to anybody in my city to save my physical photos, neither I
put my photos in the middle of the city so everybody can look at them. But
that is what the average internet user has being doing in the last years.

~~~
cinquemb
_But that is what the average internet user has being doing in the last
years._

Personally, I think that the avg internet user has yet to grapple with the
terms of the capabilities of technology that renders some of their
"protections" on social constructs obsolete from a technical standpoint. In an
economic sense, I would call it informational asymmetry.

But more than any point in history (or maybe not if one abstracts enough
away), the avg internet user has the capabilities to understand, but for the
most part, chooses not to… and how can one insure another's security, when the
other chooses not to be actively concerned and mitigate such concerns like
some of us do?

~~~
txutxu
Loving your definition "informational asymmetry". Two words which define
perfectly a complex concept.

And not liking the technical answers which come to my mind to your question,
because they're against the nature and evolution of internet.

So upvoted, and thanks for your thoughts.

