You are here

30 years into the web, Sir Tim vents on scams, hacks and hate

public://webform/writeforus/profile-pictures/richi-2016-480.jpg
Richi Jennings, Industry analyst and editor, RJAssociates

Sir Tim Berners-Lee has been painting a slightly depressing picture of the web’s problems. But his recent open letter also celebrates the web’s extraordinary achievements.

So happy birthday, World Wide Web. It was 30 years ago when Sir Tim formally proposed Mesh, or Mine, or what we now know as the web.

As he super-tweeted in the 2012 Olympic Games, this is for everyone. But not everyone is on board the TBL-fanboi bus. In this week’s Security Blogwatch, we spin sticky silk.

Your humble blogwatcher curated these bloggy bits for your entertainment (in raw HTML, I’ll have you know). Not to mention: Pi Day cast.

[ Effective SecOps requires staying one step ahead. Get up to speed with this upcoming Webinar covering UEBA and MITRE ATT&CK ]

TBL: FTW or Dark Knight?

What’s the craic? Rob Picheta Berners-Lee calls for 'fight' against hacking and abuse:

The inventor of the world wide web has called for global efforts to tackle state-sponsored hacking, criminal behavior and abusive language on the internet.

Berners-Lee identified three major "sources of dysfunction" affecting the web: deliberate malicious intent, system design and unintended negative consequences of benevolent design. … The first, he said, resulted from issues like state-sponsored hacking and criminal behavior.

And the other two? Alex Hern interviews TBL—Three decades later, its founder reflects on his creation:

Thirty years on, and Berners-Lee’s invention has more than justified [his] lofty goals. … But with that scale has come a host of troubles, [which] he could never have predicted when he was building a system for sharing data about physics experiments.

“Every time I hear that somebody has managed to acquire the [domain] name of their new enterprise for $50,000 … instead of $500, I sigh, and feel that money’s not going to a good cause,” Berners-Lee tells me. … “You wanted a name for your website, you’d go and ask … Jon Postel, you know, back in the day, and he would give you a name.”

While criminal intentions may be the scariest for many, they aren’t new to the web. … More concerning are the other two sources of dysfunction affecting the web. The second is when a system built on top … introduces “perverse incentives” that encourage others to sacrifice users’ interests. … And the third is more diffuse still: those systems and services that, thoughtfully and benevolently created, still result in negative outcomes.

Berners-Lee’s solution is radical: a sort of refoundation of the web, creating a fresh set of rules, both legal and technical. … Calling it the “contract for the web”, he first suggested it last November. … This is a push for legislation, yes. … But it is equally important, he says, for companies to join in and for the big tech firms to do more to ensure their pursuit of short-term profit is not at the expense of human rights, democracy, scientific fact or public safety.

Do not go gently into that good Knight. Sir Tim Berners-Lee asks, what’s next #ForTheWeb?

30 years on from my original proposal for an information management system, half the world is online. … The web has become a public square, a library, a doctor’s office, a shop, a school, a design studio, an office, a cinema, a bank, and so much more.

While the web has created opportunity, given marginalised groups a voice, and made our daily lives easier, it has also created opportunity for scammers, given a voice to those who spread hatred, and made all kinds of crime easier to commit. [But] it would be defeatist and unimaginative to assume that the web as we know it can’t be changed for the better.

Simplistic narratives risk exhausting our energy as we chase the symptoms … instead of focusing on their root causes. … No one group should do this alone, and all input will be appreciated. Governments, companies and citizens are all contributing.

The fight for the web is one of the most important causes of our time. … The Contract for the Web must not be a list of quick fixes but a process that signals a shift in how we understand our relationship with our online community.

What about a historical perspective? Steven J. Vaughan-Nichols asks, Dream or nightmare?

In March 1989, Tim Berners-Lee submitted a proposal … to his boss. [The] reply? "Vague, but exciting." We know it today as the web.

The idea of a universal … knowledge system wasn't new. … You can trace it back to Vannevar Bush … in July 1945. Personally, I think Ted Nelson's 1960 Xanadu hypertext vision had even more influence.

I wrote the first review of the Web in April 1993 [in which] I concluded … "WEB is the informational wave of the future." Boy, did I ever underestimate it.

If you wanted a book, you went to a bookstore. If you wanted to listen to music, you went to a record store.

The web has become as essential for modern life as electricity. … "What could go wrong?" … Fake news; the loss of privacy; personal data abuse; and a 1984-like world where people can be profiled and manipulated. The freedom of the internet is being subverted into tyranny.

The state of the web makes zipzap324 sad:

How many MIT/Berkeley/CMU/Stanford/etc. grads are wasting their … talent tweaking news feed, advertising and recommendation algorithms. It's truly sad.

And techntoke pipes up:

Part of the problem is aside from IPFS, little work has been put into decentralization and standardization of content. Dynamic content is based around JavaScript which has and will continue to become a spy tool for marketers.

I don't see the Internet improving until there is other options for standardizing dynamic content other than JavaScript, and making it easy to host your content without needing to rely on a centralized cloud platform.

Ah yes, the fabled InterPlanetary File System. bb01100100 agrees:

I see ActivityPub and IPFS as interesting developments; I'd love to know what other tools we could string together to help create other (presumably connected but distributed / federated?) spaces that aren't backed by a monetization engine.

It would be neat to see a "distro" that stood up a node with long and short-form content, chat, news and "groups" capabilities. Something a keen but inexperienced individual could spin up on AWS / GCP / DO / Azure, etc.

Am I crazy?

But Shotgun fires both barrels

Power brokers and the "learned scholars" seem to always think the system is broken when normal people … don't bend to their will. Maybe the solution you envision from your ivory tower … isn't the world we want to live in.

And lazyjones’s perspective is “fascinatingly different” from TBL’s:

The biggest issues of the near-dysfunctional web:

1. registration popups … and paywalls.

2. cookie banners, popups, interstitials that pointlessly require additional actions everywhere.

3. stuff that is broken because obscure JS / new non-standard browser feature doesn't work, possibly because of ad/tracker blocking.

4. legal obstacles and uncertainties for publishers (e.g. GDPR) that drive smaller … publishers away from the web, so users become easy victims of multinational corporations with predatory business practices.

What do "polarised discussions" even have to do with the web? We have them in every pub. The fact that they're prevalent on the web is a sign that something works, not the opposite.

John Minter draws this historical parallel:

We … have to continually remind ourselves that there are people with disruptive agendas – both individuals and … nation states that have an agenda. … Jurisdictional issues make it hard for law enforcement agencies to track them down.

The situation reminds me of the caricature of the American West in the 1800s … a free-for-all. To be forewarned is to be forearmed. We need to take security seriously.

Meanwhile, what ever happened to the decentralized, gatekeeper-free ethos of the web? cobbzilla sees the irony:

I’m a huge fan of TBL but the solution will not come from governments and corporations. … We the people must solve this ourselves, with a solution that cannot be controlled by any one party.

We’ll get there faster the more we stop looking up to hierarchical authorities for solutions, and looking around at their fellow netizens.

The moral of the story?

How far we’ve come in 30 years. The web is a wild place, but beware of unnecessary appeals to authority.

[ Get up to speed fast on today's tools with TechBeacon's Application Security Buyer's Guide 2019 ]

And finally

Pi Day livestream


You have been reading Security Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or sbw@richi.uk. Ask your doctor before reading. Your mileage may vary. E&OE.

Image source: Nick Webb (cc:by)

[ Data privacy regs GDPR and CCPA are the new norm. Learn best practices from top organizations for staying on the right side of the law. ]