[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
ianG
iang at iang.org
Sun Jan 12 02:54:51 EST 2014
On 12/01/14 02:35 AM, Bear wrote:
> On Sun, 2014-01-05 at 12:25 -0800, Jonathan Thornburg wrote:
>
>> But this raises some genuine questions:
>> * Is there a secure web browser? My trust level in any of the biggies
>> (Microsoft, Apple, Google, Mozilla) is low...
>
> My problem with the entire category is that they are the products of
> people whose whole business model is to sell information about their
> customers. I daresay if any of these things don't share every bit
> of information they can get about you with the software companies who
> provide the browser and those who subscribe to their information
> services, some engineer somewhere will be getting fired for failing
> to do the assigned job.
Web browsers are a huge product, which requires a huge company to
deliver it. Which means a huge revenue stream and a lot of paid
engineers. Which means loyalty to the brand and the business. Which
means stagnation of difficult areas, and advancement of customer
exploitation ideas. Web 2.0.
Even open source projects suffer more or less the same syndrome once
they reach a certain size; they are cohorts of many many engineers, of
whom many are paid for their product, by businesses shipping it. When
the businesses decide things, that's what gets done.
Guess what they decide? Generally, in favour of status quo -- ship more
product, don't change anything.
Bitcoin is the bleeding edge of cryptography at the moment, because
that's where the crypto and the money is. Curiously, there, you can be
your own business and ship your own product. But I can easily see a
time where the development team loses its mojo and succumbs to the big
businesses. Then what?
> Security actively flies in the face of the "web 2.0" business model
> which is *BUILT ON* surveillence of as many people as possible.
It's tough to work on big systems. One can be an honest security geek,
a good security geek, or a loyal security geek. Pick any two.
iang
More information about the cryptography
mailing list