Is it Time to Dump the Internet and Start Again?

Mike Halsey MVP
Feb 22, 2012
Security
|
24

This week, Google was found out to have been bypassing privacy settings in both Microsoft's Internet Explorer and Apple's Safari web browsers, as Martin reported here.  In a statement on their blog, the Corporate Vice-President of IE blogged "IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent."

Microsoft are now also looking into reports that Facebook does the same and there are apparently many websites guilt of doing this.  It does raise some interesting questions though, the biggest of which is should be dump the Internet as currently exists and start again from scratch?

This has been the subject of some considerable debate with Internet professionals in the last year with many arguing that, with malware and fraud as prevalent as they are, we simply cannot control crime and unprofessional behaviour and protect the privacy and rights of netizens without a radical change.  They're not wrong either as online crimes such as identity theft and credit card fraud are at an all-time-high, the use of the Internet as a weapon, both against governments but also companies and even individuals as a means of blackmail is rampant, and we also have privacy concerns from the likes of Facebook and Google (which when set next to the other problems seem trivial).

So could we actually do it?  One of the biggest reasons for not abandoning the current infrastructure and, crucially, the methods used to communicate and distribute data over the Internet is the sheer scale of the problem.  The Internet is everywhere and a wholesale upgrade would require millions of web and email servers needing new software, none of which currently exists or has been properly field tested.  The cost to the world's economy would run well into billions of dollars and the roll-out would take many years.  For an example of this just look at how long it has taken to get IPv6 off the ground!

Then companies have to be convinced to update their websites and email services to the new standards.  This would be even harder as companies worldwide are notoriously bad at putting their hands in their pockets to replace IT systems that currently "work", and compounded by the fact that it would take to very long to upgrade the worldwide software and hardware infrastructure, that both old and new Internet's would have to coincide for years, maybe even two decades.

On the plus side, software is software and the underlying hardware wouldn't change.  It would therefore no doubt be possible to engineer web browsers to allow both systems to run side by side so as far as end users know there would be no change or difference, and existing web languages could no doubt be ported to any new system.

The advantages of a new Internet are that security would be much tighter.  All traffic would be identifiable which would make it extremely difficult for criminals and malware writers to operate, as the authorities would be able to find them much more easily.  On the down side, not only would this have privacy campaigners up in arms, but all those people who live in, shall we say, less democratic countries where Internet freedoms are curtailed, would be equally traceable if they even looked at any material that stood against the state.  This at its most extreme could endanger lives, and nobody wants that.

So here we have a problem.  We either have to make do with the Internet that we have, and probably stop complaining and grumbling about it, or accept years of painful and difficult change at the end of which we will forego much, if not all, of our anonymity.  At the end of the process there too would not be any guarantee that criminals and malware writers wouldn't find ways to circumvent the traffic logging systems anyway and the billions would have effectively been spent for nothing.

What do you think about the future of the Internet?  Do we need a new system or is it simply too late for that?  How do you compare protecting your anonymity to tracking and deterring criminals?  Why not let us know in the comments below.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. Tobey said on February 27, 2012 at 9:12 pm
    Reply

    Most lame user’s PCs are probably already bots & zombies anyway.

    Speaking of a new internet, how does a completely independent mesh / p2p network with strong mandatory data encryption sound?
    Dangerous to governments and beneficial to crime scene, perhaps. But hey, who cares about government’s take and crime has always been there anyway.

    Reset the internet? Let it evolve, just as it has.

  2. Frank said on February 23, 2012 at 4:07 pm
    Reply

    Build a new internet and someone will just find a way to exploit that. Makes no difference…..

  3. Alastair Breingan said on February 22, 2012 at 11:39 pm
    Reply

    The simple answer is that we want both privacy and traceability; If each person could set their own privacy and traceability settings for each sort of transaction (both high for internet banking – high and none for messages to wiki leaks) then we have a system that works. It does rely on clever and independent browsers and operating systems (so Firefox not Chrome) and for the businesses to carefully differentiate their services. So a privacy standard that would allow experts to publish recommended settings and users to adopt and amend them as they wish.

  4. Robert Palmar said on February 22, 2012 at 9:24 pm
    Reply

    The stated purpose of surrendering privacy and
    allowing surveillance for helping law enforcement
    is just the latest approach of Hollywood in their zeal
    to fight piracy inducing a new bill by the author of SOPA:

    http://www.ibtimes.com/articles/301371/20120220/hr-1981-sopa-lamar-smith-internet-surveillance.htm

    1. Robert Palmar said on February 22, 2012 at 9:25 pm
      Reply

      “including” not “inducing”

  5. Zero said on February 22, 2012 at 9:04 pm
    Reply

    Chrome sucks! Google will indefinitely track you all over the place. I say shut down google they’re the biggest evil corporation that’s out there!

    DOWN WITH GOOGLE!!!!!

    CHROME SUCKS!!! It’s practically spyware!

  6. Morely the IT Guy said on February 22, 2012 at 8:12 pm
    Reply

    @DAtkins “In my opinion we need a method of positively identifying a person on the internet through some government agency (like a drivers licence works now).”

    Then, of course, the next step is to make the undesirables wear a yellow Star of David on their clothing.

    You were born too late. Try Germany, ca. 1939-1945, you’d fit right in there.

  7. Morely the IT Guy said on February 22, 2012 at 7:28 pm
    Reply

    “IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent.”

    So Microsoft failed to implement the most basic if security measures for P3P policy enforcement (i.e., checking to see if the P3P policy actually meets the expressed requirements), and this is somehow Google’s fault?

    Mr. Pot, meet Mr. Kettle.

    Microsoft has historically failed to grasp the concept of “test your software to make sure it does what you claim it will do before you release it.” This incident merely confirms what everyone has know for decades: Microsoft does not do security, nor privacy. If you want those, use a different OS, or at least a non-Microsoft browser. May I suggest Google Chrome? 8^)

  8. Anon said on February 22, 2012 at 6:52 pm
    Reply

    I’d rather fix it than allowing a new and properly “regulated” internet. Emphasis on “regulated”. At least the current one comes from a time where 1984 was a mere fiction novel.

  9. DAtkins said on February 22, 2012 at 6:42 pm
    Reply

    In my opinion we need a method of positively identifying a person on the internet through some government agency (like a drivers licence works now). For most internet usage you don’t need it – but when you need to log into your bank (or when we eventually add internet based voting) you can whip our your internet ID and are good to go.

    Then each person can decide how they want to interact with people anonymously. Just like in real life, when selling a pack of gum no one cares who you are, but when you’re renting an apartment suddenly they care very much.

    There was an article in the Economist recently (http://www.economist.com/node/21542763) about India’s recent decision to create a biometric database of it’s people to reduce fraud and increase access to financial services. Basically it says that when you cannot prove who you are, you are severely limited in the services you can receive. Who wants to loan money to a guy when you don’t know who he is? With the new database you can prove you are who you say you are, whenever you need to, and these basic services suddenly become available.

    The same needs to occur for the internet. When you can tie a login to a verified person, you increase the level of services that are accessible and increase security. Then the only real question becomes, does this site REALLY need to know who I am? Most don’t need to know that – but for those that do there would be a real benefit.

    Perhaps more pertinent to this discussion, this should work the other way around. Firefox doesn’t need to know who I am, but if I can validate that X download came from Mozilla with the same method, then security improves dramatically.

    I only suggest a government agency because they 1) ave a legitimate need to identify you, 2) can pass laws requiring the acceptance of said validation. Not because they have any experience or a good track record …

  10. TomF said on February 22, 2012 at 6:10 pm
    Reply

    If you want a secure network than anyone can set up a net within the internet using the current protocols. The internet is just the pipeline. You don’t have to access the Web of the Wild West. You can just check email and whatever else.

  11. Matias said on February 22, 2012 at 5:56 pm
    Reply

    I also think that what must change is the user, not the internet. An educated used will be much less prone to fall into scams techniques, and that´s not valid just for the virtual world: If there is people who willingly give out personal information to whatever person calls on the telephone, there is no technology in the world that will secure us from that. As Mike said, there will always be ways to bypass any security system, sooner or later, so why don´t we just improve what we have, instead of burning billions of dollars on a new Y2K hype?

  12. kalmly said on February 22, 2012 at 5:10 pm
    Reply

    Hmmmm. So – tell me again, please. Why does everybody want to switch to cloud computing and move all their files to the (dangerous) web?

    We are being conditioned to accept lack of privacy – and eventually, government control. You are helping.

  13. Jim said on February 22, 2012 at 4:00 pm
    Reply

    Here’s a truism to consider: You can’t fix “stupid”. I don’t care how advanced and sophisticated your system is, it can be defeated by a loose screw on the keyboard. If we spent all that time and money to implement a new Internet I suspect we would be right back here a few years later discussing another set of similar problems. And besides, we really don’t need the Internet enabling the all the world’s governments to become police states. That’s not a world I want my kids growing up in.

  14. Howard Pearce said on February 22, 2012 at 3:42 pm
    Reply

    For me the question comes down to how.

    The internet has developed amazingly well with basically a spontaneous order. My fear is that those wanting the a design change will turn to the state/government to mandate the change and set up the regulations supposedly needed.

    This would be a very big mistake and would no doubt end the internet as we now know it.

  15. pd said on February 22, 2012 at 2:27 pm
    Reply

    Give people a meaningful reason to change and they will, eventually. This is demonstrated by the eventual retirement of old web browsers. It’s not likely possible to stop the internet and start again, it is an entity in itself and whilst strictly speaking it could be shut down country by country, region by region, for upgrades to change it’s infrastructure en masse, it’s just not practical. The last time we tried to do something on this enormous scale in IT it did actually work though: Y2K. Then morons cried that all the worrying – which was required before people would do anything – was a waste because nothing mega-dramatic actually happened! That’s human societies for ya: exponentially more dysfunctional for every person added!

    So we solved Y2K but not through a complete shutdown of all IT systems and besides, Y2K was as much an issue for non-connected machines as for networked machines. The internet is all about networking so the task would require a lot of cooperation between various dysfunctional human societies.

    On the whole though, are we really that screwed? Has the internet really created new issues for society or just exploded the scale of all existing faults in the world? Can we actually build anything better if essentially the reasons the internet is broken are not mechanical or technical but reflections of the ills that pervade society? Why was the internet so hopelessly insecure in the first place? It was built initially by the military FFS! It should have been secure from day one.

    The only way that humans have removed ourselves somewhat from ultimate chaos and anarchy is through constructs never before built on the scale of the internet. Most nation states are broken into manageable sizes and despite the UN and various trading blocs, we still can’t tackle global issues like climate change effectively.

    Arguably the way to fix the internet is better regulation and better technology. So far the regulation of the internet has been almost completely separate from any regulation enforced by laws. Thus the W3C can drag it’s arse searching for consensus whilst browser developers are not held responsible for security leaks in their software. Nor are they required to take reasonable measures to ensure user privacy is not abused. Thankfully they do these things anyway but they do them poorly. If they were under the threat of regulation, would this produce tighter code? It’s worth a try.

    DNSsec
    SPDY
    IPv6

    All of those will help but until regulation requires that all mail servers reject unauthenticated mail, will we ever see an end to spam? Probably not.

  16. Yoav said on February 22, 2012 at 12:47 pm
    Reply

    There is no easy cure for stupidity, gullibility, or criminal behavior. This is the world, whether online or offline, so not much new here.

    Perhaps the only thing that is really new is that the potential for freedom is much larger than before, and that is a good thing. We should cherish this, and nurture this, not regulate it out of the system in the name of copyright, dictatorship, or “protecting” the population.

    I think we’ll manage just fine without “protection”, thank you very much…

  17. Roman ShaRP said on February 22, 2012 at 12:20 pm
    Reply

    ilev,
    if you are talking about something like ‘driving license’ – would you like to forbid drunk people using the computer too? :) Should we have police searching homes and randomly testing Internet users for alcohol and drugs? :)

    I think that your proposal is not real, because it’s invasion in personal space (should I check my family’s license before letting them online?). And more to it, people don’t have to pass license exams for hygiene and human virus control – when the danger of dying from human virus is far higher than from a computer virus.

    1. ilev said on February 22, 2012 at 8:15 pm
      Reply

      According to Microsoft the danger of computer viruses is the same as from health viruses. Microsoft wants to disconnect from the Internet any device with a virus and quarantine whole countries too when epidemic computer viruses break.

      Yes, you need a license fro using a computer/phone… just like a driving license or a gun license.

      1. Roman ShaRP said on February 22, 2012 at 9:33 pm
        Reply

        Recently I read a good article by Tim O’Reilly. It was called “Before Solving a Problem, Make Sure You’ve Got the Right Problem”.

        Hey, guys, remember 2008? What was the cause of the biggest financial burst since Great Depression, lasting and lasting? Was it lack of identity? I would say – no. Millions lost money, jobs, homes… Were guilty found? Were the guilty prosecuted?

        Next season. Sovereign debt crisis. And again – millions losing money, jobs, homes… All are identified. Nobody is to blame, nobody found guilty, nobody prosecuted.

        Did you hear about UBS rogue trader case? One guy, identified guy, made loss of over 2 billion dollars.

        Did you hear about Olympus board fraud? They gave false numbers for many years. All identified, and they even had audits by famous auditors, identified too.

        Read another fine article, “The Global Economy’s Corporate Crime Wave”
        by Jeffrey D. Sachs

        “Hardly a day passes without a new story of malfeasance. Every Wall Street firm has paid significant fines during the past decade for phony accounting, insider trading, securities fraud, Ponzi schemes, or outright embezzlement by CEOs. A massive insider-trading ring is currently on trial in New York, and has implicated some leading financial-industry figures. And it follows a series of fines paid by America’s biggest investment banks to settle charges of various securities violations.”

        Didn’t they have identities? They did.

        And what are the largest identity thefts? Those by officials losing their devices (or selling the databases in corrupt contries), those by corporations, failing to protect their databases.

        And what are the biggest treats of botnets? Those from millions of PCs with insecure Microsoft OSes.

        And after all that those funny gentlemen says that the inability to strictly identify us is so serious problem that we should throw bloody money on rebuilding of the Internet?

        Let’s have a good laugh.

        And then let’s make them a proposal: first please they fix the losses and crimes in financial and corporate spheres, where they have all the identities they wish, and only after that, when nobody will suffer for corporate greed and recklessness, we may want to hear their talks about how identification helped them waste less money.

  18. Roman ShaRP said on February 22, 2012 at 12:12 pm
    Reply

    They say that they want identify users for some years , but people clearly don’t want it.

    Let’s face it: in the Pirate Bay, Megaupload and other similar cases much more netizens sided with *pirates*, than with corporations and law enforcement, looking to stop filesharing *crime*.

    Mandatory identifying can be imposed on users only top-down way, there will be protests, because world with mandatory identifying is some sort of dystopia, total control world. And many people will start to design measures to circumvent that identifying.

    Openness, copying, filesharing and pirating were the things allowed and helped Internet to spread and go. And people want to do what they want – not just obey the rules and help to stop everything that corporations and authorities consider a crime.

    So, I think that people pushing mandatory identifying won’t get much support.

  19. ilev said on February 22, 2012 at 10:35 am
    Reply

    There is no need to dump the Internet, but there is a need to dump the users. No one should use a computer/smartphone/tablet.. without a license, which means, users have to pass a test in fundamental usage, basics of security,…..

  20. jazzyjeph said on February 22, 2012 at 10:33 am
    Reply

    I couldn’t find the bit where you explain that Microsoft’s own products act in the same way.

  21. Olly said on February 22, 2012 at 10:20 am
    Reply

    I don’t think the problem is the infrastructure. It’s ignorance.

    If you answer the phone and willingly let scamers control your PC because they say it has a virus, then go on to hand over credit card details with no proof of who your giving them to, well… Need I say more.

    This kind of thing does happen.

    If someone cannot tell the difference between a malicious web page that says you have to scan your pc (as opposed to your real anti-virus app informing you a piece of ad-ware was stopped in it’s tracks) and then willing install software from an unknown source, well….

    The solution is in awareness and education. Simple-as.

    Don’t just give grandma new first laptop and a 3g Internet dongle for Christmas and assume all will be well…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.