Hacker News new | past | comments | ask | show | jobs | submit login
Security in 2020 (schneier.com)
111 points by CrazedGeek on Dec 16, 2010 | hide | past | favorite | 25 comments



I think we need a better name for his decentralization concept because what he's describing is actually centralization: you're storing your data elsewhere which makes it accessible everywhere (the nearest screen as he calls it). That elsewhere is a central place.

We will have specialized services for this centralization(e.g GMail for email, picassa for photos) and also services that span multiple types of data. Thinking in these terms makes Facebook look a lot more interesting: it is a central place that hosts multiple types of your data in one place, and they are working on making it available to more screens - some of which are not yours!

He makes the argument that we (the consumers) are the product that Google and Bing sell, and argument already made for TV watchers. By the same token, a Facebook user is much more valuable than a search engine user because FB knows so much more about them.


You're right that the word is slightly misleading, because it could be seen both ways, but it is also clearly decentralisation.

In the previous model, all your data, email, media, etc is on your computer, your hard drive, a single point that you are in control of. In the new model, your photos are on Facebook, your emails are on Gmail, your tweets are on Twitter, your bookmarks are on Delicious, your data is on Dropbox, your music is on Spotify, your movies are on Netflix, etc... It's not centralised to one location, it's split up from one location (your computer) into potentially hundreds of locations owned by a variety of paymasters with different agendas. So, it is decentralised.

From the point of view of the collective, it's centralisation (data goes from many entities into a single entity) but from the point of view of the individual, it's decentralisation (data goes from a single entity to many entities).


Recently I wrote "...user data is scattered among many web properties..." In essence it is "data scatter" Decentralization, in my mind, implies some sort of planning on where to put data (say to prevent failure or enhance efficiency...) but I don't think users plan.


I don't partically like the terminology "the cloud," but it is becoming ubiquitous. So, "cloudification" might work.


>...decentralization...

Let's call it de-specification. Utilizing cloud services, you can no longer specify where that data resides, apart from the tag we use to identify the provider; 'Gmail', 'AWS', etc.

You can specify the provider of the container for your data, but you cannot specify or define the container in which that data resides.

--

This article is great, I have been following these trends for some time. Starting with the CyberPunk RPG game, which interestingly is based in 2020 which we played in the late 80's-early 90s..

The premise is that in CyberPunk the world is run by global corporations and technology is an integral filiment in the fabric of life, if not life itself. Machines and technology and information operate outside of and on top of humanity and increasingly requires less and less of human individuality to exist and profit.

M2M communication is something I wrote about while at Lockheed - where the premise was that RFID based communications was a layer of data that had yet to reach maturity. We were talking about the capabilties of autonomous sensor networks that monitor and report on all aspects of their nodes, with respect to military hardware you have weapons which are IDd and tracked for location. They are in containers which are monitored for environmental conditions and security. If a container with a certain type of munition has too much Gshock the munition arms itself - thus the location, environment and events are all monitored and reported on with alert thresholds being set to escalate alerts to appropriate parties. Inventories are gathered and stored on tags for lookup - and a complete view of all resources is accessible.


Wow. Excellent article. Visionary, even.

So, clearly, about 90% of the population of this message board will be parasites by this new definition.

This suggests one thing to me: if we're disorganised parasites, we will get squashed.


Funny that the same demographic will likely be the ones implementing the tech that necessitates such parasitic behavior.


Do not underestimate the ability of human beings to act individually against their collective best interest. Or to act in accordance with whatever authority tells them is their best interest, without pausing for analysis.


Agreed. This opening was excellent, something I hadn't thought of before:

" We used to think of a network as a fortress, with the good guys on the inside and the bad guys on the outside, and walls and gates and guards to ensure that only the good guys got inside. Modern networks are more like cities, dynamic and complex entities with many different boundaries within them."

But then the rest of it really blew my mind.


Become self-replicating.


It was a really nice article.

Coincidence? Today I've switched my default search engine to DuckDuckGo instead of Google. I'll give it a one week try.

I am a coFounder for an electric smart grid company. A major long term problem for us is to find a way to provide our customer the complete propriety of their data.

How could we manage data without knowing much about it? Is there any simple way of encrypting some data and be able to make some transformation to them?

Something like:

    F(enc(x)) = enc(F(x)) ?
We are managing mostly consumption values, it would be nice to provide functions like the mean, max, FFT? I don't know.

Thanks for any idea.


You're looking for this: http://en.wikipedia.org/wiki/Homomorphic_encryption#Fully_ho...

Practicality right now is minimal. My intuition says it is going to stay that way, but who knows.


It's not totally impractical. Paillier, for example, has nice applications in electronic voting (since you can sum votes without reading who those votes were for).

http://en.wikipedia.org/wiki/Paillier_cryptosystem

But yeah, anything more than that is currently not all that practical.


I don't think there are any practical homomorphic encryption schemes at this point. Most only support very simple operations.

http://en.wikipedia.org/wiki/Homomorphic_encryption


I'm still not really convinced a huge ecosystem can be built solely on advertising. Under this view of the future, the problem is advertising supply shoots through the roof, and even before we consider advertising-specific issues like saturation, we're already looking at a quickly-dropping price. Consider the fact that someone getting constantly beamed advertising isn't really getting anything out of it and the prices drop even further. You can't count on making money that way. Even today it's already not a panacea and you can tell from HN comments that it's generally considered a weak business plan today to count on advertising to fund your startup. There's still a "step 2" missing here for me before you can really build a long-term platform out of it pervasively.


I think it's important to note that huge ecosystems have already been built solely on advertising. Forget google and go back 50 years to look at radio and broadcast television. I think those are the huge ecosystems you are looking for, not a startup.


Not in the sense I mean. Notice how I talked about supply and demand. In a mass media world, supply of advertising is actually very sharply constrained; a 30-second spot on the Superbowl is in short supply. Banner ads are not in short supply, and the idea that I can use ad-supported hardware to access ad-supported internet to use an ad-supported service like YouTube in which ads will be embedded into the video, and that all of these ads will somehow be profitable and something you can build your business on, is quite different from a world in which there's ten minutes of ad time an hour on three major networks to buy, and a finite amount of newspaper space, etc.


I think you're forgetting that not all websites/youtube videos are equal. Having a banner ad on some random webcomic is not the same as having one on penny arcade, just as having an ad on some youtube video is not the same as having one on smosh's video, just as having an ad on channel 738 is not the same as having one on basic cable. Furthermore, doesn't a website have these same constraints? I only look at each page for a finite amount of time, each youtube video is only a finite amount of length, each website only gets a certain amount of viewers.

I think the web in general still has the same constraints as more traditional media, they just aren't as obvious. A website getting x unique visitors could show x unique ads, a different ad for every visitor. But maybe that isn't very effective, so the website reduces the number of ads they show in order to have each ad by seen by more visitors, thus reducing the supply of available ad slots. These constraints aren't as obvious as they are for television or radio, but I think they still exist.

I think you're right that J. Startup can't depend on banner advertisements as a form of revenue, but J. Startup is probably using google as the middleman. However, in this situation, J. wouldn't be building an advertising ecosystem, but depending on google's already huge ecosystem. I don't think it will be farfetched in the future to see free hardware given away in order to earn advertising dollars. I bet if televisions were cheaper, broadcasting companies would have given away free hardware, and perhaps in the future hulu will give wifi devices to get people to watch hulu whenever they have a free moment.


So adblock users are parasites?


Google for "webmasters complain ad-blocker" or "fighting ad-blockers" to gather some opinions out there ...


The weird part is that clicking an ad you have no interest in is frowned upon ("click fraud"), but downloading (not necessarily even rendering!) an ad you have no interest in is considered by some to be something bordering on a moral imperative.


Nothing weird here. It's the advertisers who don't want you to click an ad without interest. It's the publishers who want you to generate ad revenue for their site.

Two different parties, two different motivations, two different stances.


The key is being nice to your users without trusting them at all (since they could be bad guys). A neat trick if you can manage it. The airports are doing spectacularly badly at it.


I think there are some visionary things here but he misses the 'consent' part. By using free services we do give consent and if we don't like the privacy policies of Facebook et al then nobody forces us to use them. Yes providers should be honest about their policies and some do play dirty tricks. We learn which ones are not really honest so if we keep using them, we can’t really claim surprise or lack of consent.

Free stuff costs. Not money but there are costs. In the future world he is imagining there will be some who want to pay for their own machines and control the software that runs on them.

Being a parasite means riding a host and giving up some critical decisions about where and how the host lives.

[Edit for grammer]


By "consent", he meant "informed consent". That requires reading the terms of service and understand their implications. Few people actually do that. The rest of us merely click our way to something that "just works".

For instance few Gmail users are actually aware that Google is routinely doing semantic analysis of their e-mail. When I tell them, they're invariably mildly shocked. (I insist on "semantic" even if their methods are statistical, because Markov chains are highly correlated to meaning.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: