#security on software development security and web security, security best practices and discussions, break-ins and countermeasures. Everything you ever wanted to know about software security but were afraid to ask, for fear of not understanding the answer!
The last week’s meeting of the IETF discussed security of the Internet and the recent revelations that the NSA turned the Internet into a giant surveillance machine. While the sentiment was clear that the Internet should not allow itself to such abuse, there is little evidence that anything at all could be done about it.
The problem is not that it is technically impossible to introduce more encryption and build better protocols. The problem is that it is not in the current interest of the companies to do so. The Internet was conceived for use in academia, so it was not a commercial thing from the start. The principles on which it is built are idealistic. But it is commercial from the hardware to the applications, through and through now. And it is not in any company’s commercial interest to introduce better security. It is quite the opposite, in fact: most companies are interested in less security even if they claim otherwise.
Me and you, as people, as independent human beings, can introduce better security because it is in our interest. I would not rely on companies to do so.