when computing first became a real thing, they were mainly geared toward big business, education, government, and science. networks were groups of trusted entities, there was less need for security or future-proofing, because nobody had anticipated that this technology would become for personal use in the future. early computing and programming pioneers were passionate about their work; software and hardware were built durably because it was still only a niche market, and everyone in the market cared deeply about quality.
now, the tide has shifted and with the advent of personal computers and mobile/IoT technologies, both sides of the equation have weakened: the target market has adopted a consumer approach to technology, and the developers have followed suit. there is no push for developers to cater to quality; there is high demand for cheap labour in these fields. small businesses remain insecure, large businesses can get away with opaque policies and planned obsolescence, and decent software and ideas become overlooked for a few reasons: the creators of good software normally work under the mantra of FOSS, they normally work as a hobby in their own free time, and they do not attract much of a following for one big reason: choice.
give a user a choice between security and ease of use: they'll choose ease of use. give them elegant code or elegant UI, they'll choose UI. it is therefore the developer's responsibility to give users the easy UI/UX they desire as well as the security and elegance they need. some big players like Google understand the value of security (others such as Equifax, maybe not so much, sadly) but they still cut corners with regard to privacy and quality in an effort to take the easy route. because the fact still stands, users have a mentality that "anything bad won't happen to me" or "I have no information that anyone cares to utilise, therefore I must be safe" -- they will not do any more than is required to access their services and move on with their life. because of this, it is the developer's responsibility to set a precedence and to give users only one choice.
I believe that all big businesses can invest enough to improve hardware and software quality; to improve security practices; to approach newer, saner standards that match the growing demands of the twenty-first century. it is a shame that thousand-dollar smartphones are not physically worth a thousand dollars, aside from the brand esteem these products have developed. it is sad that phones are not able to last as long as most cars or computers, or to last half as long as houses; they are seen as disposable technologies that are not built to last. it is sad that people cut corners for safety even though basic security practices are easy and cheap to implement these days; and more-advanced security would cost a short-term investment but set a future-proof standard for this type of thing.
a lot of things could be implemented today that would be a bit of a speed bump for companies, but it would be a net improvement both for security and for ease of use. some things I want to see implemented:
public/private key authentication for online services rather than passwords. I have touched on this previously and I will say it again because I believe in it so much. users would not have to remember passwords; their software could automatically generate the necessary keys and provide a simple "log in" button (or fingerprint TFA, something that requires an extra step of authentication but is easy to use), and the software could tell the user to periodically back up these account databases to a flash drive or some other medium.
client-side encryption. we're already increasingly seeing this in some messaging platforms. Google Chrome and Chromium do this for browser setting synchronisation. MEGA.nz does this for file uploads and downloads. it needs to be extended to cloud file storage: your files are tied to your account login, only you (or friends, or people with the link, if you configure filesharing as such) may decrypt and access the files, and the server only sees an encrypted copy of anything, making passive and active file analysis impossible. I wish to see E-mail headed toward the same direction.
the return of user-serviceable appliances. we invented removable parts ages ago for a reason: it allows for reliable, repairable, inexpensive products and cuts down on wastefulness, since a user will not need to throw away the entire appliance if one part is broken.
user education. people and businesses need to know the consequences of inadequate technology. privacy and security are important to protect against identity theft and money fraud. if you are not using secure and reliable technology, you are putting not only yourself but also your friends at risk.
it's a shame that not everyone is passionate about technology and that most people just want things to work without exploring them, but that's a fact of life. what we don't need is for this attitude to leak into developers' attitudes. security and quality can be easy, maybe with some additional short-term costs, but it's for the better.
0 comments:
Post a Comment