If you read the kinds of news feeds and websites I do, you can’t help but have come away with the breathless, panicky sense that the cyber world is collapsing in on itself as the result of what has been, so far, three unrelated technical glitches involving United Airlines, the New York Stock Exchange, and the Wall Street Journal.
While it may yet prove that some or all of these were attacks and that those attacks may have somehow been linked, it’s important to remember that nearly all of the rest of the unimaginable amalgam we call the internet is still working just fine. Attempts to label the glitches that have occurred miss the point that, even with the most widespread attacks that have so far occurred, most of the internet kept right on as it always had.
That’s not to say we shouldn’t all be vigilant, because we should, or that we should accept the explanations the various victims have put out that these aren’t attacks, because half the time they don’t even know they’ve been attacked until someone else points out they have, but rather to say that attacks on the internet are more like two armies trying to play capture the flag in a dismal swamp than cyber-themed nuclear holocaust.
It may yet turn out these were attacks, and the attacks may yet get worse, but more than likely, even if they do, it won’t be the end of things, and if it turns out to be, there will be no doubt it is.
There are those who will see the latest LastPass hack as a vindication of their view that online password managers are a disaster waiting to happen. Frankly, despite some of the hyperbolic headlines, I believe the concept is still sound.
First, it’s nearly impossible for any particular user to manage his internet presence without a password manager simply because reusing usernames and passwords becomes more inevitable if you’re generating them any other way than a manager, and reuse of easily remembered passwords is a far greater vulnerability. LastPass has a good reputation for fixing its mistakes and continuing to work hard to safeguard user data, so in the rub, a service like LastPass is still the way to go.
Second, the way LastPass protects the most important asset we entrust to them–usernames and passwords to other sites–is still fundamentally sound. Even if hackers manage to break the encryption on any individual set of user data, that likely does not give them access to everyone’s data.
Third, like most reputable web services, LastPass allows for additional safeguards like multifactor authentication to help further increase security. Using LastPass at the highest security setting is still the safest bet over the same username and password over and over.
Granted, the damage could still be more severe that LastPass currently knows, but my view right now is that it is not and the service is still safe. If it proves to be otherwise, we’ll have to dig into alternatives.
I recently took the bait and started the 30-day trial of Amazon’s Kindle Unlimited. I can sum up my initial opinion in one word: disappointed.
The specs for the service look impressive at first blush: 600,000 ebook titles available for $10 a month on any Kindle enabled device you use. The problem is that 595,000 of those titles are books most people will never read for a variety of reasons.
I grant that fact is little different from a library. Most of us pay for libraries whether or not we use them, and many of us haven’t set foot in a library in years. The difference is that Kindle Unlimited is a voluntary library filled with books I don’t want. Why would I pay for that.
My disappointment stems from the fact that I’ve looked for dozens of books I want to read, but none of them are available under Unlimited. I don’t blame the publishers or authors for that fact. They deserve to get paid for their work. Rather, I blame Amazon for rushing the service before it had enough deals to make the service more universally worth it.
Don’t get me wrong. Kindle Unlimited has promise. It could very easily develop into the very kind of “Netflix for books” Amazon has tried to sell it as. Unfortunately, right now, it’s more like a used video store filled with second-tier titles nobody wants to watch a second time. If Amazon wants to make money off this premise, it’s going to have to try a lot harder.
There has been a lot of chatter in recent days since the Obama administration announced it plans to transition the control of ICANN away from US control, and most of it has been highly predictable.
I’m not sure I believe that the US stewardship of control over the web has been good enough to lament its passing, nor am I convinced that some other control of it will somehow herald the end of the web as we know it.
However, I am convinced of something related: handing off control of the web to someone other than the US government will inevitably force the web itself to evolve.
To me, that outcome is the best and most exciting thing to come along since the web itself. Since the first time I browsed to a web page in the summer of 1992, my main complaint is that the web, as currently construed, has settled into a constant rehashing of what has already been done. I think a lot of that rehashing is the result of how the web has been managed and controlled.
Now, I don’t think for a moment that this evolution will be clean or pretty, but just like the telco deregulation of the 8os, this deregulation is necessary for the technology and its uses to continue to develop and grow.
I have to hand it to the people at Google. They managed to create a lot of buzz about their latest project, getting millions of people to start using it in less than a month. Unfortunately for Google, my first reaction to Google+ is, “So what?”
It’s not that Google+ is a bad product. It’s more that it’s a product that does not yet have a need. It’s a superficial clone of all the other social media experiments going on out there that doesn’t add a whole lot new to what people are already doing.
That’s not to say it couldn’t. Google has the potential to weave together its impressive array of products using Google+ in a way that could revolutionize the way people use computers and the internet. But, so far that hasn’t happened. Instead, Google+ is a sophisticated chat board.
So, what would I like to see in Google+ that would get me excited? Here are a few things:
- I already use a battery of different services to maintain an online presence. Having to migrate all of that information to Google+ by hand is the single biggest detriment to me using it. If Google wants its product to be amazing, figure out a way to let me import information from places like Facebook and LinkedIn so I don’t have to reproduce it.
- Create a way to support groups. Facebook may have botched the attempt, but it had a good idea in introducing the concept.
- Tie Blogger, Google Docs, Sites, and other Google based web presence applications into Google+. For me, my Facebook pages, especially for my businesses, are valuable enough to deal with the annoyance of the rest of Google.
- Figure out a way to tell me my streams have updated in some sort of unobtrusive way.
I think the biggest thing Google could do is develop Google+ with business applications in mind. Make Google+ a clearinghouse for small businesses trying to get the word out about who they are and what they do, and I think people would join in droves.
More than any other thing, what surprises me about the Sony hack is how unprepared anyone seemed to be for something like this to happen. To me, it seems like it was almost inevitable, yet Sony has taken down its network for days and does not seem to have any remedy for the problems that happened in the first place. Meanwhile, users whose information has been compromised seem to be as paralyzed as Sony itself.
Beneath all of this lies a simple fact: individual user data has value to criminals and, because of that value, is going to be pursued with diligence by criminals capable of exploiting it. Companies offering online services, especially ones that involve financial or private, personally identifiable information, must commit themselves to making the protection of that information their highest priority, even ahead of profit. Unless companies make security their priority, they won’t have to worry about profit.
Consumers, on the other hand, cannot simply sit back and expect companies to protect their information. Every individual who has that kind of information online must assume that it is going to be stolen and must do due diligence in protecting themselves from theft. If the consumers do not, then the damage done by such theft is as much their responsibility as it is the companies whose systems are compromised.
Finally, consumers, companies, credit providers, and banks alike must all work toward establishing more sophisticated ways of securing individual data. Simple firewall and encryption methods no longer suffice and need to be replaced with methods that more closely tie online data to its owners.
For the time being, there are simple steps anyone can take to ensure they are protecting themselves:
- Only use credit cards or proxy money services (like PayPal) online. Never, ever use your debit card (I know this from firsthand experience), and monitor your bank accounts regularly for unfamiliar transactions.
- Monitor credit card accounts for unfamiliar transactions and dispute such transactions through the credit card’s fraud protection service as soon as they appear.
- Monitor your credit using the free credit report service authorized required under federal law. Be familiar with your outstanding credit and be vigilant for new credit lines you did not open.
- If you know your identity has been compromised, consider using a credit monitoring service and consider freezing your credit.
I like a lot of things about Google, especially the company’s constant attempts to push the envelope and change how we think about using computers and the web. Unfortunately, I also dislike Google for some of the same reasons because the company’s attempts to push that envelope are single minded and, sometimes, ill-conceived.
From my point of view, the problem Google has as a company is that its heart and soul lives in Silicon Valley, where internet access is cheap and ubiquitous and where everyone is writing code for the next big web sensation. I think that the company doesn’t understand that more than half the population of the United States does not live in Silicon Valley, or even a major city, and that the solutions they preconceive will not necessarily work in, say, rural Ohio.
For example, I would love to be able to use Google Documents as a regular part of the tools I use to create, write, document, and explore. My problem is that Google Docs is only online, in the cloud, and decidedly under Google’s control. I don’t have ubiquitous web access where I live, so having documents locally resident is a must. Further, I need to know that, if something terrible happens out there on the web, I still have control of what I have created.
What Google needs to understand, then, is that there are users who would use their products if Google solved the problem in a different way. I would use Google Docs a lot more than I do if it had a locally resident interface with locally stored files that I could easily manipulate offline whenever I needed to then synchronize with the cloud when I decide to.
Google already has a version of this same technology built into its Chrome browser in the form of its bookmarks synchronization tool. All I am looking for is something that takes the same idea one step further and applies it to the rest of Google’s tools.
Until then, Google Docs, and really the rest of Google’s impressive array of tools, will continue to be a nifty form of file replication with editing capabilities for me, and I suspect, a lot of other people.
I love Google’s Chrome browser because it is, so far, the best and most stable browser out there (thanks to Netscape, Microsoft, and Mozilla blazing a path for it).
I do have a problem, though, with the fact that Chrome does not have a hard refresh option for web pages. This makes checking certain kinds of changes to web pages almost impossible without switching to another browser or by clearing Chrome’s cache. From a developer point of view, neither of those solutions lend me to using Chrome for development work, which is unfortunate given how good the browser is otherwise.
So here’s my suggestion to the good folks at the Chromium development project, if you’re bothering to listen: add a hard refresh feature to Chrome. I would even accept a utility that I have to install or a menu item I have to specifically select. But, if I am going to use your browser instead of someone else’s, it has to do all of the things I need it to do, not just some of them.
For anyone who doesn’t know what net neutrality means, you can check out this great FAQ from Save the Internet. For those of you who don’t want to, allow me to sum up: net neutrality is the principle wherein service providers must provide open access to all content without special limitations on certain kinds of content. This means that a service provider cannot charge more for downloaded movies than it does for visiting Facebook, for example, nor can it block movie downloads or access to Facebook because it decides to.
What this means is that the same openness that helped make the internet the incredible resource it is today will remain in effect for some time to come. Of course, there will be legal challenges to this ruling, but it is a good ruling, nevertheless, for anyone who wants the internet to remain open and free from corporate interference.