

Ask YC:  Why not show internet traffic in a user friendly way to alleviate security fears? - amichail

There are probably a huge number of people who are terrified to be online due to security risks.<p>So why not show incoming and outgoing internet traffic in a friendly way (e.g., using program names, highlighting sensitive data, etc.)?
======
tptacek
Because:

(1) doing that would pose its own security risks

(2) much of the most sensitive information you send out is unintelligible to
laypeople

(3) it's just as likely that calling attention to the risk will increase fear
as decrease it

(4) many common security threats are adept at covering their tracks in system
APIs.

~~~
amichail
For (2), you could make it so that it is the responsibility of the app
developer to make sure that any data transfered is done in a highly readable
form. If there's encryption, then that could be done using the tool so it
would see the unencrypted data.

Of course, it's possible to hide data (e.g., using spaces say). So maybe one
would require that the protocol be validated by security experts.

~~~
tptacek
Good luck handling Google Mail cookies.

------
thaumaturgy
I've thought about this before, and it's on my table-o-things-to-develop. The
way to do it is with an inexpensive external piece of hardware that users will
insert into their internet connection. It would have two ethernet interfaces,
a clearly-labeled "in" and "out".

With OpenBSD and pf, you can set it up to act as a "bump in the wire", a
bridging firewall that can't be hit from the outside but can still do traffic
filtering.

Then, you set up a light http server that's only accessible from the local
net, and patch in a variety of shell and python scripts to make the glue
between pf and the http server.

The user can open a webpage and get a nice little graph of traffic with some
simplified explanations, and can shape or filter traffic with a bit of
clicking around.

I've built a couple of OpenBSD firewalls for a couple of local businesses (one
of them is an ISP), as well as some of the sorts of shell scripts that would
be needed. I've got a few other ideas for it that would make it an even more
killer device, but don't wanna give away everything. :-)

The nice thing is, the hardware doesn't have to be very powerful at all. You
could hit a pretty modest price point on the things and still be able to kick
a fair bit of money back to the OpenBSD project. Everyone would be happy.

------
mixmax
Good idea. It'll be pretty tricky to get the graphics just right, so that they
both show the right information and are not intrusive.

Sounds like a good weekend barinstorming session though :-)

------
immad
I don't understand why showing internet traffic would alleviate security
fears.

Is the idea that since a lot of people are using a website it can't be that
secure?

~~~
thaumaturgy
No, the idea is that it's easy these days for a program to be resident on your
computer, doing something behind your back that you don't know about.

It would be nice to have a foolproof way to see network traffic clearly.

~~~
immad
I see! I knew I was missing something. That makes sense

