Trust Yourself

January 26, 2017


Since my last update, the Constantina engine that powers Codaworry has grown by 600 lines, though closer to 1000 lines of code have seen serious refactoring. Until recently, very little appeared to change, but under the hood I was fixing the card distribution and randomness functions, refactoring complex objects into simpler smaller ones, tidying the backing file stores, fully rewriting how input is validated, and squashing a subtle off-by-one error that quietly hid every 10th news post. You may notice the most recent change though, where each page refresh randomly chooses from three different site themes. This visible feature wouldn’t have been possible without all the invisible ones supporting it.

I’m within a month of releasing Constantina publicly, as a blog-engine with emphasis on responsive layout and randomly distributed static content. But my motivations for Constantina finally becoming release-quality had little to do with altruism, and more to do with trust.

The Slow Mail Movement

Coming online and of-age in the mid 1990s, the Internet was three wonderful things at the same time. Firstly, it was rounds of deathmatch Quake or Worms against total strangers. Secondly, it was a wealth of information that felt as well-researched as books from the library, but much quicker to use. Finally, it was a way to socialize and share with people at the speed of writing, possibly the only type of socializing I’m categorically comfortable with. I love the idea of discovering truth slowly and conversationally, with ample time to consider details and sand-down the rough logic of instantaneous thought.

The Internet now connects us right down to our handsets, and the medium of text-image-video communications have been thoroughly explored, such that futurism compels you to imagine a world of deviceless telepathy and telepresence. An Internet user from 1997 would be enthralled with today’s Internet, though the Facebook-style socializing would definitely be confusing at first. Over time, as the reality of having an online social life and reputation sets in, perhaps they’d marvel at how completely the utopian fantasies of Internet pioneers have evaporated. The closer society moved to the Internet, the more the Internet reflected everyone’s base desires, needs, struggles, and weaknesses — consequentially, the Internet is a place where trust is earned, never assumed.

The early days of ISPs, trust and PKI, networks and services, have a sepia-tinged innocence to them now. Network surveillance would bother our transplant-from-time no less than us, and the variety of techniques for compromising software is clever beyond the wildest fantasies of 20th-centry science fiction. Network security problems were a distant shadow at the edges of my wasted hours on Perl WWWBoards — today they are unavoidable facets of our networks and our software engineering. Having social media accounts, making calls or using maps on a cellphone, or relying on a free email provider, equate to consenting being watchable and trackable indefinitely. Social pressure and convenience put nearly everyone in the same bucket of mutually-assured disclosure.

Don’t get hurt, bird!
You’re the bird, and the hand provides your social network.
(Not pictured: long-term trust, security)

In computer security, it’s impossible to account for all threats or compromises in a system. Your goal as a system designer is to make it as expensive for your adversary as possible. In the corporate world, this amounts to hiring a computer security team and keeping a watchful eye. If you run an Internet service, it means you do regular pentests and code reviews, and design protections in line with the value of your data. As someone with a seed of 1997’s Internet still inside, I find myself thinking about the categorical version of this security problem: on a global untrusted network, how do you make it expensive to steal the private data of the network’s users?

While Facebook and friends have some incentive to protect the data exhaust you share with them, it’s a standard principal-agent problem — there will never be a mechanism to compel Facebook to value your data the same way you do. I believe the only way to categorically protect data on the Internet is for people to own and manage it themselves. This is the direction I’m taking Constantina, beyond a blog platform and into the realm of managing a small community of peers that write, share, plan, and grow with each other, in relative privacy.