Adding Some Positivity to the Internet

Beneath Old Grandfather
(Beneath Old Grandfather by Christopher Parsons)

Over the past two years or so the parts of the Internet that I inhabit have tended to become less pleasant. Messages that I see on a regular basis are just short, rude, and often mean. And the messages that are directed to people who have an online professional presence, such those who write and speak professionally, are increasingly abusive.

I’m one of those writers and speakers, and this year I decided to do something that isn’t particularly normal: when I come across a good piece of writing, or analysis of an issue, or just generally appreciate one of my colleagues’ work, I’ve been letting them know. The messages don’t tend to be long and usually focus on specific things I appreciated (to show that I’m familiar with the work in question) and thanking them for their contributions.

This might sound like a small thing. However, from experience I know that it’s surprisingly uncommon to receive much positive praise for the work that writers or speakers engage in. The times that I’ve received such positive feedback are pretty rare, but each time it’s made my day.

There are any number of policy proposals for ‘correcting’ online behaviour, many of which I have deep and severe concerns about. Simply saying ‘thanks’ in specific ways isn’t going to cure the ills of an increasingly cantankerous and abusive (and dangerous) Internet culture. But communicating our appreciation for one another can at least remind us that the Internet is filled with denizens who do appreciate the work that creators are undertaking day after day to inform, education, delight, and entertain us. That’s not nothing and can help to fuel the work that we all want to see produced for our benefit.


The information superhighway is being promoted as a powerful means to even out disparities and inequalities that afflict people inside the United States and throughout the world economy … a privately owned and managed information superhighway will be turned toward the interest and needs and income of the most advantaged sectors of the society. Significant modification of this systemic tendency requires the pressure of a strong political movement.

Herbert I. Schiller. (1995). “The Global Information Highways: Project for an ungovernable world.”

What Schiller wrote in 1995 could as easily be written, today, as it pertains to the new technologies which are regularly promoted as evening out disparities and inequities. It remains unclear to me that there has been any significant change in the systemic tendencies that are baked into the contemporary internet, nor that there is sufficient contemporary political pressure to reform existing inequalities let alone ensure that next-generation technologies will not reproduce them.


Finding a Foreign Policy for the Internet

Justin Sherman and Trey Herr have an outstanding essay that clarifies the need for Washington and its allies to build a cohesive foreign policy for the Internet instead of simply opposing the strategies presented by competitors such as China.1 Poignantly, they write:

Washington needs a foreign policy for the internet that advances a vision for the internet that speaks to the language of trust and embraces the need to focus on the role of individuals, grasps the utility of iterating small changes instead of grand bargains, and embraces the reality that the clock cannot be turned back. This strategic product must do more than reject the sovereign and controlled authoritarian internet model, based on principles of tight state control over internet data routing, tight state control over data storage, and limited content freedom. A foreign policy for the internet must build on not just U.S. government agencies but allies and partners overseas, and leverage the influence that the American tech industry has over internet infrastructure. It must realistically address the shortfalls and risks of a free and open internet but seek to maximize and revitalize that internet’s benefits—across everything from speech to commerce. A foreign policy for the internet should rest on three assumptions; there are myriad others but these three are systemically significant.

These strategies absolutely must be developed and cohere given the importance of the Internet for day-to-day life; the Internet underlies everything from trade coordination, military engagements, and is increasingly lifeblood for civic life or organizing. It is time for the West to make clear what it is for, and how it plans to navigate the challenges that the Internet has wrought, without succumbing to fear or abandoning the democratic principles which have undergirded the Internet and its composition for the last several decades.

  1. Should you doubt that China has a cohesive strategy for the Internet, I’d recommend reading about the prospect of a splinternet forming as a result of China and its allies building out competing standards that prioritize placing control in centralized and obedient-to-government hands. ↩︎

VPN and Security Friction

Troy Hunt spent some time over the weekend writing on the relative insecurity of the Internet and how VPNs reduce threats without obviating those threats entirely. The kicker is:

To be clear, using a VPN doesn’t magically solve all these issues, it mitigates them. For example, if a site lacks sufficient HTTPS then there’s still the network segment between the VPN exit node and the site in question to contend with. It’s arguably the least risky segment of the network, but it’s still there. The effectiveness of black-holing DNS queries to known bad domains depends on the domain first being known to be bad. CyberSec is still going to do a much better job of that than your ISP, but it won’t be perfect. And privacy wise, a VPN doesn’t remove DNS or the ability to inspect SNI traffic, it simply removes that ability from your ISP and grants it to NordVPN instead. But then again, I’ve always said I’d much rather trust a reputable VPN to keep my traffic secure, private and not logged, especially one that’s been independently audited to that effect.

Something that security professionals are still not great at communicating—because we’re not asked to and because it’s harder for regular users to use the information—is that security is about adding friction that prevents adversaries from successfully exploiting whomever or whatever they’re targeting. Any such friction, however, can be overcome in the face of a sufficiently well-resourced attacker. But when you read most articles that talk about any given threat mitigation tool what is apparent is that the problems that are faced are systemic; while individuals can undertake some efforts to increase friction the crux of the problem is that individuals are operating in an almost inherently insecure environment.

Security is a community good and, as such, individuals can only do so much to protect themselves. But what’s more is that their individual efforts functionally represent a failing of the security community, and reveals the need for group efforts to reduce the threats faced by individuals everyday when they use the Internet or Internet-connected systems. Sure, some VPNs are a good thing to help individuals but, ideally, these are technologies to be discarded in some distant future after groups of actors successfully have worked to mitigate the threats that lurk all around us. Until then, though, adopting a trusted VPN can be a very good idea if you can afford the costs linked to them.


This dark concept of total distrust was mostly spread via the Internet because it was what the Internet was built for—sharing ideas. Although the Internet is the most democratic means of communicating, it can be also be misused by governments and other groups.

Does this mean we should accept the concept that the Internet carries more threats than benefits?

The creators of the Internet supported the opposite concept. Unlike Putin, they believed in people and built the global network under the assumption that it would be used for sharing something good. They may look naïve these days, but we have our modern linked-up technological world thanks to their concepts, not Putin’s. These days, we all speak the language of suspicion and threats posed by the Internet. In a way, in means we are speaking Kremlin’s language. Do we really need to?


Intro to Mitigating Contemporary DDOS Attacks

From Cloudflare:

As the capacity of networks like Cloudflare continue to grow, attackers move from attempting DDoS attacks at the network layer to performing DDoS attacks targeted at applications themselves.

For applications to be resilient to DDoS attacks, it is no longer enough to use a large network. A large network must be complemented with tooling that is able to filter malicious Application Layer attack traffic, even when attackers are able to make such attacks look near-legitimate.

The pace of change in how DDOS attacks are being conducted, and efforts to use best and worst security practices alike to threaten Internet-connected resources, is a serious and generally under appreciated problem.


US-CERT: Stop using your remotely exploitable Netgear routers

From Network World:

In case you are wondering, that firmware for the R7000 – Nighthawk AC1900 smart router – is the newest firmware available by Netgear. Here are Netgear’s links to the R8000 – Nighthawk AC3200 tri-band gigabit router and the R6400. Hopefully those – and any other vulnerable models – will soon be updated with less insecure firmware.

Hopefully less insecure firmware will be provided to turn a burning dumpster fire into a merely-smouldering-mess. Hurray for (possible, but don’t bet on it) progress.


Why DDoS attacks matter for journalists

Two reasons that journalists should be concerned about DDoS attacks:

First, while the use of common household devices to execute the attacks against Krebs and Dyn was novel, the hackers got control of those devices using one of the oldest and easiest methods out there: bad passwords, a vulnerability most journalists share.

The second reason journalists should attend to these attacks is that strategic use of both DDoS attacks (for example, recent attacks on Newsweek and the BBC) and DNS manipulation are common tools for censorship. This is in part because they are cheap, easy (the software credited with Friday’s attack was posted openly just a few weeks ago), and highly effective in preventing some or all internet users from accessing the content they target.

We’re at the edge of a particularly bad security chasm we’re just about to fall into (if we haven’t already!). The question is whether we can actually avoid the fall or whether the best we can do right now is lessen the hurt on the way down.


The cyberpunk dystopia we were warned about is already here – Versions

The cyberpunk dystopia we were warned about is already here:

It seems that what companies like Cisco and app developers and startups seem to forget is that people can tell the difference between transformative innovation and shopping. Bogost adds: “It’s time to admit that the Internet of Things is really just the colonization of formerly non-computational devices for no other reason than to bring them into the fold of computation. […] Operational benefit is deemphasized in favor of computational grandstanding, data collection, and centralization.”

The best definition of the Internet of Things I’ve come across in a while.