In defense of HTTPS Everywhere

Today Doc Searls reposted Dave Winer’s three part post challenging the need for HTTPS Everywhere.  Dave writes:

There’s no doubt it will serve to crush the independent web, to the extent that it still exists. It will only serve to drive bloggers into the silos.

Some pretty strong claims from Dave and his posts are worth a read.  They come, in my opinion, to an entirely wrong conclusion despite some valid points and a “sky is falling” delivery.  Why wrong?  Consider how you might prioritize security in a software development project.  This is something I tell my consulting clients but I’m going to give it to you for free:

[Read more…]

Today for the first time, a web site I visited directed me to  The site is supposed to be a service for webmasters who need an easy and accurate way to tell site visitors how to enable Javascript in the browser.  Though at first glance that may seem like a great idea and a useful service, it is just the opposite.

This is bad on so many levels.

  • The site makes no mention of any of the many good reasons why you would want Javascript disabled.
  • It doesn’t ask the user to consider how or why Javascript  came to be disabled in their browser in the first place and the implications of reversing that action.
  • It fails to consider the possibility that Javascript is enabled but that it is being blocked by a plug-in or add-on, in which case the instructions will be useless.
  • It offers no information on any of the tools that allow you to enable Javascript on a site-by-site basis

The only function of the site is to tell visitors how to enable Javascript globally for a variety of browsers, as if that were universally a Good Thing.  There is no attempt whatsoever to explain the issues with sufficient depth to allow the visitor to make an informed decision about enabling Javascript.  Considering that Javascript generally has to be manually disabled, who is the target audience?  People who used to know why they wanted scripts disabled but have since forgotten?

And who are the target audience among webmasters?  If the site is usable without script, visitors have no reason to enable script, therefore no reason to visit  Presumably, this service is targeted to webmasters whose sites fail to provide content with script disabled.  The webmaster who links to this site is saying to their visitors “My content is so valuable that it is worth the risk to you of turning on Javascript for all sites on the Internet, including those that host active malware such as phishing sites and malvertising networks.”

Or, more likely, it is aimed at webmasters whose advertising fails to render with scripts disabled. In that case the webmaster who links to this site is saying to their visitors “My content is so valuable to me that it is worth imposing the risk to you of turning on Javascript for all sites on the Internet, including those that host active malware such as phishing sites and malvertising networks.”

Who is the more naive one in this exchange?  The visitor who follows the link and enables Javascript globally?  Or the webmaster who genuinely thinks this is a good idea and implements it?

I use some script on my web sites but my approach is to not collect personal data so there’s nothing for me to lose, and to not monetize traffic with dynamic ad networks known to carry malvertising.  I want people to feel comfortable white-listing my site if they want it to be responsive and mobile-friendly, to see the slider on the home page, or to use the social media functions.  I will happily point them to NoScript, Ghostery, Privacy Badger, and more.  But the content doesn’t rely on scripts.  (Possibly The Odd is Silent does since WordPress hosts it, but I try to minimize the impact, including paying them to remove their ads.)

I would never ask you to enable scripts globally to view my content.  And I can’t help but wonder about anyone who would.

Vendor entitlement run amok

My main issue with vendors turning us into instrumented data sources isn’t the data so much as the lack of consent. My Fitbit knows a lot about me but it’s an add-on that I self-selected and it provides value to me. The tracking in my browser is not something I can easily avoid since the browser is now an integral part of my life. Between those extremes there are lots of IoT devices that you can currently choose a private version but where that choice is rapidly disappearing. You can still buy a dumb light switch but not a dumb car, for example. Your shiny new GT phones home.

Among the vendors who seem to feel an entitlement to our data is Microsoft, whose Windows 10 is basically a box of spyware disguised as a user-productivity-gaming-and-cat-video-watching platform. I’ve already written about the issues there, how to mitigate them, and the disheartening number of those “features” that can’t be disabled. Yet as bad as all that is, this latest revelation still managed to surprise me across several metrics: the lack of consent, the extent of the invasion, the degree of exposure, the fact that it’s already been exploited to infect user devices, the fact that the entity who exploited it is a “legitimate” vendor, and the fact that said “legitimate” vendor egregiously exposed the exploit to the Internet. [Read more…]

Forget back doors, the NSA wants to mandate a front door

In their never-ending quest to eavesdrop on you, the NSA now wants to mandate that all encrypted communications must allow them access.  As Joel Hruska explains in an article in Extreme Tech, there are many reasons why this will not work.  The two big ones are that it isn’t possible to guarantee only authorized government agents will use the access, and because we currently have no effective means of oversight and accountability.

Dean Landsman recently posed the question “how does one go about preventing/protecting or just enabling security against such intrusion?”  The only answer is to do so in the legislature and in the various international bodies.  If the NSA proposals and others of its ilk become law, products like Blackphone and Qredo will become illegal.  However, this will not stop criminals from using crypto that the government cannot break and which is readily available.  It is true in the most literal sense that when unbreakable crypto is outlawed, only outlaws will have unbreakable crypto.

Considering the triviality of obtaining unbreakable crypto, only law-abiding citizens will use the NSA-accessbile stuff.  Combine that with the power imbalance inherent in such a scheme and the inevitable conclusion is this:

Of all possible uses to which such a law can be put, the only ones we can predict with 100% confidence to be implemented are those that abuse the privacy of law-abiding citizens.

The corollary to this is that the higher value a criminal target, the more likely they are to use readily available unbreakable crypto.  That means the people the government most wants to catch are those least likely to be vulnerable to eavesdropping if the proposed legislation is enacted.  Such a law would be unfit for its stated purpose.  It would be broken at birth, defective by design.

There are a few possible technological controls that can be imposed.  For example, when using blinded tokens it is possible to design them in such a way that they can be un-blinded but doing so is detectable.  It is doubtful any government would agree to using that technology though, since their investigation would revealed immediately upon the unblinding of the token.

However, even if enforceable accountability were implemented as a compromise, the government’s strategy could be to simply unblind everything.  Sort of a mass Denial-of-Privacy attack.  Or perhaps a Denial-of-Privacy-Enhancement (DOPE) attack if you want the acronym to accurately describe the people who would do such a thing.

This also illustrates one of the primary weapons brought to bear against personal liberty around the world: fatigue.  All that is necessary to pass such laws is to keep submitting them to the legislature.  The people impacted will object the first time.  A few less of them the second time.  When it comes down to just the die-hard activists, the legislature can be confident they are one bill away from victory.

Thomas Jefferson once said “The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.”  That was before digital communications were invented.  Can we perhaps try to refresh the tree of liberty with a call or FAX to our representative before we go off and start killing people?

Surprising security issue at Host Gator

I recently signed up for – and promptly dumped – Host Gator.  The QOS (Quotient of Suckage) was off the chart but in this post I’ll focus on a surprising security exposure that was revealed in the process.

[Read more…]

What is your definition of personal?

Over at the Cloud Ramblings blog, John Mathon provides his list of Breakout MegaTrends that will explode in 2015.  There’s an entry in there about Personal Cloud rising to prominence.  Yay!  John and I often see eye to eye on our visions of the near future of computing and Personal Cloud is definitely huge in that future.  But it seems that once you get past the name “Personal Cloud,” our visions begin to diverge.  I’d like to explain how they diverge, why my vision is better, and beseech John and all the other pundits, analysts and trade journalists out there to adopt a slightly stricter interpretation of what, exactly, constitutes “personal.”

[Read more…]

What the Dark Web going mainstream means for you

Need some hacking done? Penetration testing for your web site? Change your college grades? Hack your ex’s email and social media accounts? Now you too can hire a hacker because marketplaces for freelance hackers are no longer the province of the dark web. Today they operate openly alongside the likes of other freelance sites offering more traditional work like graphic design, web site building, or fixing that shutter that’s about to fall off the house. In fact, there are now enough freelance hacker sites that at least one meta site, Hacker For Hire Review, has sprung up to review and rate them. Whether your company operates the legacy or the VRM model, there are a few takeaways here.

[Read more…]

Guest spot on The Allan Handelman Show

Yesterday I was a guest on The Allan Handelman Show for an hour, then stuck around a bit to talk with Steve Weisman of

Here are links from the show segments:

You can listen to my segments of the show on Soundcloud:

Online advertising is the new digital cancer

cancer cellMany news reports of late have described malware being delivered through advertising networks. But that leaves the impression that the AdTech itself is benign and being hijacked for nefarious purposes. While it may have started out that way, that is definitely not the case today. Kaspersky Labs mention several times in their latest report that the adware has become so aggressive, intrusive, and exhibits such bad behavior that they are now classifying the adware code itself as malicious.

According to AdWeek, global advertising revenues have reached $512B and they forecast declines in revenue growth for 2015.  Meanwhile, cybercrime is estimated to cost the global economy $445B annually and that cost is increasing steadily due to advances in technology and in part because victims pay the price over many years so the victim pool grows relentlessly year over year.

Online advertising has escaped its digital Hayflick limits and is spreading out of control. Online advertising is the new digital cancer.

[Read more…]

Identity as a weapon

Writing about the recent phenomenon that is #Gamergate, Kirk Hamilton makes some interesting points about identity:

It makes sense that doxxing—sharing someone’s address and other personal information against their will—is one of the primary instruments wielded in this battle. Doxxers use identity as a weapon, and so much of this conflict is, at its core, about identity. There’s the stated claim that the gamer identity is under attack, and also the pervading sense that this “war” is less about journalistic ethics and more about the murk of entrenched identity politics. Video games have hugely informed our generation’s cultural identity, and so cultural criticism of games feels somehow personal, like we’re the ones being criticized. I get it. I do.

He’s describing a tectonic shift in gamer culture as gaming goes from being largely white, male and young, to being increasingly diverse of race, gender and age. The cultural realignment of broadly defined identity can be expected to set off aftershocks that ripple through adjacent populations and disciplines. In this case, there was an identity quake of about 6 on the Richter scale in the gamer subculture that is rippling through journalism, hardware manufacturing, marketing, law enforcement, and on down to individual people. Among the results is a much wider public perception of the danger one’s personal details represents when in the hands of people you don’t trust.

Gaming is a very geeky subculture. It is assumed by many that the Gamergaters would have no trouble getting anyone’s personal information. Another result then is a social laboratory environment in which we get to see how that assumption affects behavior. Certainly Felicia Day held this belief when she wrote:

I haven’t been able to stomach the risk of being afraid to get out of my car in my own driveway because I’ve expressed an opinion that someone on the internet didn’t agree with.


I have allowed a handful of anonymous people censor me. They have forced me, out of fear, into seeing myself a potential victim.

And that makes me loathe not THEM, but MYSELF.

Within moments of posting this, someone tweeted Felicia’s address.

From its beginnings, the Internet was designed and built functionality first, with security and privacy a very distant second, if at all.  SSL was an afterthought.  DNSSEC was an afterthought.  The original Internet anticipated how functions would work, not how they could be exploited.

Then we built Internet commerce on that shaky foundation and following the same template.  There is a strong parallel between the architecture of the commercial web and toxic waste dumping of the late 20th century.  Both involved the externalization of costs extracted from a manufacturing process.  The manufacturing of things based on atoms resulted in escrowing those costs as time capsules of toxic waste that would become the problem of some future people in return for larger profits today.   In the case of bits, widespread failure to implement even basic security to protect personal data generates larger profits today but also creates a situation in which the incremental cost of retrofitting security into large established systems is cost prohibitive.  Since that personal data can be used as easily to harm people as to help them, large databases of personal information which lack adequate security are akin to undiscovered pools of toxic waste – cheaper to build today, someone else’s future problem if it is abused.

We are now in the stage where the toxicity of bad security is leaking into the digital groundwater.  Those regular reports of massive breaches on high-profile web sites are today’s digital version of yesterday’s cancer clusters.  They are the early warning signs that a Security Cleanup Superfund is needed.  Except that the maps we draw will have corporate names like Hannaford, Sony, Target and Lowe’s instead of geographic names like Love Canal and Lemon Lane.

We ramping up quickly to build the Internet of Things according to the same old template.  We hear about a new “smart” version of an ordinary device just about every day.  Just as rapidly we hear about these same devices being hacked, or that the security is so bad that no hacking is required.  Since the prevailing model is that the devices are modern Trojan Horses, built first as a portal to your most intimate data and second with the functionality for which you bought it, they represent simultaneously our greatest opportunity and our greatest threat on the network to date.

So when I write about false parallels between the worlds of atoms and bits, or the need to build privacy-protecting or privacy-enhancing architectures, I feel a sense of urgency.  I am very aware that the work underway at IIW, NSTIC, OIX and elsewhere in the Identity world potentially powers the world of tomorrow.  As Dave Birch says, identity is the new money.

But I’m also keenly aware that identity can be turned into a weapon.  I’m generally lonely in that view but the Gamergaters have demonstrated how effective even a small amount of identity information can be as a weapon.  People are taking notice.  If we embark to build Personal Clouds using the same template we’ve always used, if we assume that privacy and security are legal and policy rather than technical problems, if the individual does not have sovereign ownership of their personal data, then we might as well be honest about what it is we are building.  Research into personal data technologies without design goals of privacy, sovereignty and agency, and lacking state of the art security controls would be a digital Manhattan Project.  The commercially successful implementation of such a security-free Personal Cloud would be Cyberspace’s atomic bomb, capable of devastating millions of lives at one shot.

So, yeah, identity is the new money.  We definitely need to figure out the functionality of identity and the benefits it will bring to the digital world.  But the systems must be designed first for security, privacy, and personal sovereignty because it is from these attributes that functionality arises, not the other way around.