Sunday, February 13, 2022

Let's choose a better timeline

 I believe in this causal chain,

  • Computers are insecure
  • Which many bad actors find profit in exploiting
  • Which makes new web sites a risk
  • Which makes users prefer their known "safe" spaces
  • Which leads to walled gardens
  • Which then sell the "users" for profit to advertisers
  • Which incentivizes dark behavior of those walled gardens
  • Which then attract the rentier class
  • Which then leverage control for more power

I believe this causal chain can be broken by fixing computer security. The necessary research was done in the 1970s. The Bell-Lapadula model [1] in 1973 was one of the significant results.

The Principle of Least Privilege [2] was adopted in the Unix system in a weak form. The superuser (root) account was a special privilege, which administrators and code was supposed to use as little as possible.

There were (are???) implementations of a multi-level secure systems, which saw limited application in the military, and briefly elsewhere. However, for general use, the root/user separation was widely seen as good enough.

There are now efforts to fully extend operating systems so that they can provide tools so that the users can also use the Principle of Least Privilege. I believe that eventually it will be as easy to use these as more conventional systems.

In these systems, no default permissions are given when running a program, the allowed resources, also known as capabilities, must be specified. This is similar to deciding which bank notes you are going to hand to a cashier, instead of handing over your wallet. It is up to US to demand that it be as easy for any user to do so, in a transparent way.

It is my hope, that should this model be accepted, a new causal chain will arise

  • Computers will be made secure
  • Which users will grow to trust
  • Which will allow experimentation
  • Which allows new ways of communicating
  • Which don't require corporate sponsorship
  • Which doesn't require the rentier class
  • Which helps innovation
  • Which helps society

1 -  https://web.archive.org/web/20060618092351/http://www.albany.edu/acc/courses/ia/classics/belllapadula1.pdf

2 - https://en.wikipedia.org/wiki/Principle_of_least_privilege

No comments: