

More on Feudal Security - onosendai
https://www.schneier.com/blog/archives/2013/06/more_on_feudal.html

======
Aqueous
This is why you're going to start to see a shift away from centralized cloud
applications like Facebook towards more federated models. The federated model
is the only workable compromise between the security afforded by completely
peer-to-peer solutions and the enormous convenience of completely centralized
solutions. That's why every single protocol still in wide use after many years
of existence is either a federated protocol or a variation on federation
(SMTP, XMPP, IRC, DNS, and to some extent, HTTP). The internet by its nature
is a federated system.

People will be more inclined to trust institutions with which they associate
in real life with their data. I don't mind if my company, of which I am a part
owner, houses my social data, and federates with other co-equal organizations
to generate a public social graph. I do mind that a company in which I have no
stake and over which I have no control houses that same data (i.e. Facebook).

I think someone will come along, Diaspora or someone else, and create a viable
Facebook competitor that is federated and it will take off for this very
reason. It has to be as good as, or better than, Facebook _as a platform_ for
it to succeed, but it is not impossible.

~~~
TillE
Anything that replaces Facebook will have to be _significantly_ better in at
least one major way that matters to people, and not just nerds. But that's
definitely an achievable goal.

In the meantime, I'd really like to see a greater focus on encryption of data.
For example, think of the possibilities if we had full PKI support built into
the browser, such that private messages could actually be private.

~~~
onan_barbarian
Correct. The "significantly better", for better or worse, is likely to be
"allows you to share content with your friends that you aren't really allowed
to by law".

This is probably the only single thing that a federated network can offer that
would appeal to non-geeks, at least at first. One might hope that people might
"come for the piracy/porn, stay for the free speech".

~~~
b1daly
The problem is that Facebook, like the www, succeeds because it is not a
private platform, it is mostly public, and it has arrived near ubiquity. This
is a feature, not a bug, as they say. It seems to me that encryption is
totally incompatible with these two aspects. Unless I'm missing something...

------
davidw
I think looking at the economics of things is likely to give you a clearer
picture, rather than feudal society.

~~~
john_b
In a way, I think he is looking at the economics via this analogy.

In Feudal Europe, the greatest economic resource was land. If you controlled
lots of land, you had lots of power. But land was expensive to maintain and
make productive. There was a lot of overhead, so merely owning it wouldn't
make you rich. The feudal arrangement was that lords contracted the land out
to vassals, who then employed serfs to work it. Protection and convenience
flowed down, and in return wealth flowed up.

Now the greatest economic resource is information, and controlling it gives
you power. But producing information in a top-down manner is ineffective, so
in return for protection and convenience, the serf-users of the internet age
produce a wealth of information for their lords. The main difference in the
power relationship seems to be that modern serf-users are free to choose their
lords, leading to greater competition among rival lords, whereas feudal serfs
were born into the service of a single vassal, who in turn served a single
lord.

~~~
troels
You can't choose though. There is no viable alternative to Facebook, so it's
either that or nothing. Not much of a choise really.

~~~
davidw
The importance of Facebook to modern life is _probably_ not the same as land
for a medieval peasant.

------
cromwellian
I get his point, but he lazily lumps in Chromebooks and Android phones with
Apple. Google specifically permits user control over their devices, down to
including a switch on the ChromeBook to disable boot-locking. It encourages
hacking and sells unlocked devices (Nexus) Android devices can install apps
from third party non-Play stores, etc.

Also, what does dropping support for Reader have to do with privacy? I mean,
must Reader be dragged into every conversation, even when it isn't relevant?

------
cafard
Many many years ago, when minicomputers were going away, a fellow who wrote
the sysadmin column for the DG users group magazine compared the disappearing
environments to semi-benevolent dictatorships: if DEC got too oppressive, you
could flee across the border to DG or Prime, and so on. He pointed out that
you were much more on your own in the anarchic client-server world.

------
bluedino
> We now use our vendor-controlled computing devices to go places. All of
> these places are owned by someone.

What's so different about that, compared to 20 years ago? We used AOL or
Compuserve. Internet sites were almost all owned by universities or a small
number of companies.

> I can't delete cookies on my iPad or ensure that files are securely erased.
> Updates on my Kindle happen automatically, without my knowledge or consent.

Again - you couldn't erase your history on Prodigy or MSN. If you didn't
update your dialer/client you were eventually locked out.

~~~
phaer
Most people do a lot more stuff "in the cloud", 20 years ago desktop software
was used a lot more.

------
curlyquote
>And, finally, don't be extreme in any way: politically, socially, culturally.

I strongly disagree with this, not just on principle, but also practically.
There is always an extreme.

~~~
npongratz
Not only that, but "extreme" is a moving target. "Normal" in today's
environment might well be considered "extreme" by whoever holds power ten
years from today.

------
e3pi
Mrrdyn Embrys(sp? Welsh?) Merlin, and owl Archimedes, deep and unknown in the
Nottingham forest, a linux wizard, magically has an empty satchel filled with
new glorious bitcoin! Leaving the stymied corrupt well armed sheriff
disconcertingly pissed and helpless.

~~~
e3pi
"The great thing about a constant, is you can break other things, and see how
they tick! Hoot! Hoot!"

-Archimedes(the Owl)

