[Cryptography] defaults, black boxes, APIs, and other engineering thoughts

ianG iang at iang.org
Sun Jan 12 02:54:51 EST 2014 

On 12/01/14 02:35 AM, Bear wrote:
> On Sun, 2014-01-05 at 12:25 -0800, Jonathan Thornburg wrote:
>
>> But this raises some genuine questions:
>> * Is there a secure web browser?  My trust level in any of the biggies
>>    (Microsoft, Apple, Google, Mozilla) is low...
>
> My problem with the entire category is that they are the products of
> people whose whole business model is to sell information about their
> customers.  I daresay if any of these things don't share every bit
> of information they can get about you with the software companies who
> provide the browser and those who subscribe to their information
> services, some engineer somewhere will be getting fired for failing
> to do the assigned job.


Web browsers are a huge product, which requires a huge company to 
deliver it.  Which means a huge revenue stream and a lot of paid 
engineers.  Which means loyalty to the brand and the business.  Which 
means stagnation of difficult areas, and advancement of customer 
exploitation ideas.  Web 2.0.

Even open source projects suffer more or less the same syndrome once 
they reach a certain size;  they are cohorts of many many engineers, of 
whom many are paid for their product, by businesses shipping it.  When 
the businesses decide things, that's what gets done.

Guess what they decide?  Generally, in favour of status quo -- ship more 
product, don't change anything.

Bitcoin is the bleeding edge of cryptography at the moment, because 
that's where the crypto and the money is.  Curiously, there, you can be 
your own business and ship your own product.  But I can easily see a 
time where the development team loses its mojo and succumbs to the big 
businesses.  Then what?


> Security actively flies in the face of the "web 2.0" business model
> which is *BUILT ON* surveillence of as many people as possible.


It's tough to work on big systems.   One can be an honest security geek, 
a good security geek, or a loyal security geek.  Pick any two.



iang

More information about the cryptography mailing list