Overhauling the Internet

Great Debates
1

I don’t know if this goes in GQ or not. I’ll leave it to the discretion of the mods to move it if deemed appropriate.

My question is: If the Internet were to be overhauled, that is, completely redesigned from scratch, what measures would have to be taken to prevent the abuses that we currently see? These abuses include spam, viruses, pop-up ads and spyware. If any safeguards were put in place to prevent abuse, could they be designed so that abusers could not defeat them? If such an overhaul were to take place, could it be implemented in gradual steps, or would it likely require everyone to throw out all their old hardware (modems, etc.) and get new software all at once? What would be the first step, and are people already at work on redesigning the Internet so that only its benign purposes are utilized?

2

The issues you bring up (spam, viruses, pop-up ads and spyware) are all problems because of the new capabilities the internet provides. But rehauling the internet wouldn’t change them, any more than you could rehaul the freeway system to prevent accidents. Sure you can make minor improvements to that end on the freeways, put in better signs, better laws, better choices in intersections, etc. But the core problem is that freeways enable people to drive, and one of the problems with people driving is that they run into each other.

On another note, I wouldn’t really classify your particular items (except possibly spam) as problems of the internet as much as application weaknesses. It’s like asking if rehauling the freeway system could fix the problems of car radio reception.

3

There is a lot of discussion about this topic in technical circles. There are a number of technical solutions which could be put in place such as strict authentication of users. If every user connection was authenticated based on public keys assigned by certificate authorities, it would be a simple matter to trace any email or website contact to an individual. There would undoubtably be ways to forge authentication, but protocols can be designed to make this prohibitively difficult.

Some of these changes like authentication can be layered on top of the existing Internet, with the downside that this tends to balkanize the net into users who have upgraded and users who have not. For a rather simple example, I know many people who only accept email from a whitelist of addresses and you have to go through several non-email hoops, including being authenticated by a FOAF before getting on the accepted list. I know others who only accept PGP-signed email on the theory that this provides some traceability, but it really just filters out people who won’t jump through that particular hoop.

The problem with all these steps, whether you’re talking about a totally new Internet design or solutions layered on the existing protocols, is that the cure is worse than the disease. I’m frustrated by spam, trolls, DoS attacks, and malware, but I cherish the right to anonymous speech. Most of the steps that are proposed to lock out malicious users would also eliminate the possibility of anonymous free speech which is a crucial part of a free society.

This isn’t really a GQ answer, but IMO, we don’t need technical solutions. We have technical solutions that work for people who want to implement them but making them pervasive and required costs us too much freedom. We need people-based solutions to eliminate the problems. We need for people to get clueful enough not to patronize spammers so it is no longer economically viable. We need to secure our individual systems against malware (not the entire framework) and publically prosecute offenders. We need people to take responsibility (or have it forced on them by their providers) just like we do in other parts of society. Proposing a technical solution to spam or any other problem caused by malicious users is like proposing gun control to eliminate crime; it’s simply won’t work and law-abiding users take a huge hit to their freedoms without gaining anything in return.

4

I think a better analogy would be “how could I redesign the freeway and street system to prevent people I don’t like from driving to my house?” How far are you willing to inconvenience people who should come to your house to prevent those you don’t want from getting there?

5

Spam - The problem of spam is not one bit different than the problem of other junk-mail. The solution is to not ever buy ANYTHING that is advertised to you through spam. If everyone were to do this, spam would more or less stop, because it would not be a productivething to spend time and resources doing. The users have the key to its end.

Viruses - Remember that viruses are specific to the computer they run on. The reason that so many viruses have proven so detrimental is the proliferation of machines running identical, virus-vulnerable operating systems on more-or-less identical microchips. Buy a non-Wintel machine, support anti-trust efforts, and demand that software vendors provide backwards-compatibility for your file formats. Again, the user is the root cause of both problem and solution here.

Pop-up Ads/Spyware- Again, do not go where the spyware/popups are, and let the webmasters know why you left. And don’t use Windows.

The only overhaul the internet needs is greater load capacity.

6

Excellent extremely workable solutions there scotandrsn. Lets just convince everybody to do exactly what we want and there will be no more problems.

7

Technically you are largely talking about the web, not the internet. The Physical network is the Internet, and the data, information and interface are the web. I am currently working on a masters thesis in that area of research, and it is very interesting.

There are major projects working on redesigning the intenet and web. Internet2 and NGI(next generation internet) Are working on the physical capabilities(bandwidth, transfer technologies etc.) Remote surgery, interactive specialized classes and research collaboration are a couple of the benign purposes they like to talk about when mentioning the redesign effort.

The content and data part of the equation is being worked on by W3c(World wide web consortium headed by Tim Berners-Lee) and is called the sematic web. It is an attempt to make the data of the web meaningful(in a sort of AI kind of way), rather than strings of letters. There is also the concept of the deep web. Studies show that something like 4% of the data on the web is accesible by most people with their internet skills. Google, yahoo etc. and other surface searches onlylook at a very few pages. Most of the good data is buried in web databases that are difficult to search. Although a few webcrawlers, and search bots are available if you know where to look, they aren’t very good yet.

Back to your question(sorry, I love talking about that stuff and get distracted easily :)) Most of the design is still being done in the high level view. Language creation and deffinitions, basic setup, nature of web security and that kind of stuff. Basically it is being designed for university, government, and corporate types, and details for the general public usage, are only being talked about in vague terms currently as far as I can find.

8

The sarcasm is not lost, g old buddy, but what would you suggest?

Spam is not an inherent problem of the internet or the web, anymore than junk mail or telemarketing is. They occur because a company has a list of customers’ contact information that they sell to third parties, who then bug the customers with unrequested offers. If customers didn’t ever buy from these offers, it would not be worth the third party’s expense to get the list in the first place.

Tell me a technological change that wouldbe more effective than this.

Viruses are currently rampant, a big reason for which is the predominance of Windows. There are few Mac or Linux viruses, because such viruses wouldnot affect very many users by comparison. If there were a greater variety of OS’s in wider use, there would be fewer viruses, because the virus programmers would be less encouraged by their smaller potential impact.

A lot of the problem behind Windows dominance is the fact that developers of other OS’s and their software have an inexplicable disdain for the market of legacy Windows users. If Mac or Linux developers would simply create software that could read the file formats created in Windows programs, then I doubt Windows would be so widespread. But then again, this is a change in human attitude, not a technological change to the 'Net.

etc., etc., etc.

9

Look you and I both no that almost nobody buys stuff from spammers already. The problem is that that is not good enough. You are not going to be able to convince enough people to not buy stuff from spam.

Spam is a problem with the internet. The problem is that it lets people send messages more or less anonymously to vast numbers of people for very little cost. If it was not so anonymous then workable laws could be made to cut down on spam in the same way that telemarketing is cut down with laws because you can find out who is calling.

10

Excellent advice, scotandrsn. Hey, while you’re at it, why don’t you try to convince everyone to stop using cars, buses, trains and planes, so Exxon doesn’t spill any more oil.

Sure, I’ll join your save-the-planet crusade and use an inferior OS with no apps. Screw productivity! Where do I sign?

11

I don’t we have accept things the way they are, nor do we have to impact the convenience or utility of using the internet. For instance, here is one creative approach to limiting spam that would have minimal impact on most people, but would have a huge impact on spammers:

12

Who said anything about saving the planet? :confused:

None of the specific problems mentioned in the OP is the result of any technical deficiencies in the 'Net, is all I’m trying to get across. The vulnerabilities to these problems have far more to do with Microsoft apps and OS’s (and people’s decisions on how to react to them) than with the internet.

13

Difficult to know where to start with this one.

The computer monoculture has been much criticised of late as being the driving force behind mass security breaches (i.e. any of the famous internet worms of the last few years. Code Red, Nimda etc; the list goes on). However there’s a limit to the number of popular operating systems the marketplace can accommodate. If, say, three or four nominally incompatible operating systems dominated the market with roughly equal shares there’d still be enough machines running each to make them an inviting target. This becomes more true as time goes on since in ten years or so the number of machines running one of those four hypothetical systems would probably outnumber the total running Windows now.

Avoidance of the monoculture is not a solution for the whole internet, only for individuals who’re prepared to put in the effort required to run a minority OS, though dumping Windows isn’t quite a case of switching to an OS with no applications any more - I’m sure we’re all aware that the availability of software for Linux is increasing daily and already represents and impressive suite.

The problem will come when (or if) Linux begins to make significant inroads into the wider user base. Once any system falls into the hands of someone who is either not interested in or not competent to maintain its security it becomes just a matter of time until something takes advantage of them.

Linux and other Unix based systems suffer from security vulnerabilities just like Windows does and, if they’re not patched, they’ll get compromised and rooted. If schemes for fighting spam such as the computational overhead system linked to by Fear Itself become widespread then a compromised machine becomes more valuable to the spammer since he will be able to distribute the computational load. Networks of compromised (“zombie”) machines are already being traded between hackers and spammers for money in order to facilitate volume emailing.

Also, the email scheme mentioned above does not take into account the large number of legitimate bulk email senders. I’ve written software that’s currently churning out something in the order of 750,000 emails a day to subscribers who pay handsomely for the privilege of receiving them. There would have to be a way to authorise such legitimate email users to continue these services or you’ll be dumping on a lot of businesses and the end-users who depend on the information they distribute. If there’s a way for these businesses to continue their services it will undoubtedly be abused; either directly by subverting the authorisation process or indirectly by hacking the authorised networks.

This is the way of the future: Your machine, its internet connection and, indeed, such fundamental things as your good name and identity, are now valuable assets to criminals, and they will attempt to make use of them.

So, what can be done about this? Is it possible to make a computer hack-proof?

Well, no. At least, not yet, but there’s a lot of work going on in an attempt to solve this problem and more than a few people are getting rich off the virtual snake oil business.

Theoretically a fully trusted computing platform would be a solution to viral code, and to adware/spyware, however there’s still a user in the loop and if they permit such software to breach the protection set up for them then there’s little that can be done.

There are also serious issues about whether we can trust such a “trusted” platform not to be exploited by large software companies (read: Microsoft) in an anti-competative manner. A new independant (genuinely independant) body would need to monitor the certificate trees to make sure MS’s authority couldn’t revoke the certificate granted to OpenOffice and that Adobe couldn’t revoke the GIMP’s.

It’s a vicious and nasty thing to say, but the biggest problem on the internet today are the users. I have a Windows box that’s been “naked” on the internet for just over three years (i.e. no NAT, no firewall, just a cable plugged into the back of it), barring power cuts and dropouts by my ISP, and it hasn’t been hacked, compromised or otherwise screwed around with. Why? I know how to configure and maintain it so that doesn’t happen. The same isn’t true of the average internet user.

What can we do to fix the internet’s problems? Educate the masses. Every ISP is keen to promote how easy it is to get online and, all credit to them, it generally is these days, but they gloss over the possibility that once you are connected you may have a duty to maintain your machine so that it does no harm to others.

Inroads are being made in the spyware/adware arena (witness AdAware and SpyBot and the scramble to post the links every time someone mentions a browser problem on any bulletin board on the internet).

Inroads have been made in the virus arena with modern integrated scanners and the fact that almost every PC comes bundled with at least one.

There is a long way still to go. At the moment a secure Windows box remains only a sure thing in the hands of a professional who puts in the maintenance time. Linux still suffers a massive image problem with the general public and, just like Microsoft’s product, is only genuinely secure in the hands of a professional (or at least a non-professional with enough knowledge to be a professional).

Rebuilding the internet from the ground up right now would solve none of the current problems. We just don’t have a good technical answer. We need either time to develop smarter software or smarter users. Both are daunting tasks and I’m uncertain as to which will win out in the end.
Well…that sure went on. It didn’t quite take the direction I originally intended, but there y’go. A proper examination of this might be more of a GD subject.

14

Well, actually, there is one clear difference.

All the postal junk mail I get at least has a valid return address. (The post office won’t accept bulk mail without it.)

But much (maybe most?) of the email SPAM I get has a forged sender address. In fact, the sender shown by my email program is usually different than the actual sender in the email header fields.

So here is a proposed fix: all ISP’s, network transfer points, etc. should refuse to forward any email where the visible sender field did not match the internal header sender field. This wouldn’t really prevent SPAM, but it would at least make it less likely that the SPAM return address is falsified.

Can anyone more knowledgable on internet internals explain why this wouldn’t work?

15

Actually, I know a group of people who are at the thinking/discussing stage of coming up with their own “Virtual Private Internet”. Like me, they remember the Good Old Days before spam and such, when you could have a nice discussion in a Usenet group, etc.

Pretty much an invite only, vouched for, screwup and you’re out system. Membership limited to thousands, not millions.

It doesn’t require any sep. hardware, it would use VPN type networking so not too much work there, but all the major apps would be fixed to prevent forging problems, misleading headers, etc. So that’s a big hold up for going live.

As to using the “old” Internet, it’s just a button click. In one window, you can run a safe new Internet app, in another window you can get infected with the latest worm.

If you understand “network layers” and such, you get a completely different method of virtualizing one network ontop of an existing one without have to worry about any hardware at all. It’s software only. It’s an addon to good old TCP/IP. I.e., just another Internet app, that just so happens to contain a different Internet inside it. No mods to TCP/IP stacks needed. That makes it easier to port to different OSes.

I long for the day that I can put my email address online and not have to worry about spam.

(BTW, I also know one of the folks mentioned in a previous post. Nice person but that idea isn’t going to fly.)

There’s a lot of bad analogies and misinfo in this thread.

First of all, return addresses don’t mean squat in snail mail. There’s nothing valid about them.

Secondly, the road analogy doesn’t work in a meta-universe. Both Internet’s use the same road. But there’s a gate at my driveway that only lets in folk that I trust. (But I can also just open the gate for unsafe surfing too.)

Thirdly, MS makes the Worst OSes On The Planet ™. So a lot of bad stuff takes advantage of that. But a lot of other things are OS independent. Fixing OSes is just a band aid approach. (Which is why MS doesn’t care about security problems in their OSes. It’s all marketing. It doesn’t pay for them to fix “Internet problems”. It’s an SEP.)

16

Junk mail costs the sender; spam costs the receiver. Sending 100 million junk letters costs a lot of money. Sending 100 million emails costs virtually nothing, and the receiver has to pay to process and store the messages.

The only people making money from spam are the ones who sell email lists and software to send spam; there’s hardly anything in it for the companies that actually sell the advertised products. Convincing enough people not to buy from spammers so that the market for spam dries up will be hard, because hardly anyone buys from them anyway.

Requiring senders to “pay” for email with Hashcash would be more effective: To send a message, your computer must solve a little math problem and submit its answer to the receiver’s mail server. The number of emails a spammer can send in a day is limited by the amount of computing power he has, which is limited by the amount of money he has. The problems can easily be made more difficult as technology advances.

For example, if a spammer has to spend 40 seconds of CPU time to do the calculation for each email, he’ll only be able to send about 2000 emails per day per computer.

The delay is negligible for average people who only send a few messages per day, and legitimate bulk emailers (mailing lists, etc.) can be exempted from the Hashcash requirement by verifying their identity, e.g. with a digital signature.

17

There is no factual answer to this.

Off to Great Debates.

DrMatrix - GQ Moderator

18

I specifically referred to bulk mail – the equivalent of email SPAM.

And those return addresses are indeed valid mailing addresses. When you deposit bulk mail with the post office, you need to fill out a form that specifies the return address used on the piece, and if it is not the same as your regular address, you must give the regular address too. And the clerks are supposed to verify both of those addresses before accepting the mail. And they usually do so, at least in my experience at the Minneapolis-St. Paul bulk mail office. We once had a mailing where this was printed in error with someone elses’ number. We had to get a letter signed by them allowing the mailing before the Post Office would process the mailing.

In addition, most bulk mail has a pre-printed permit imprint instead of a stamp on the envelope. That imprint includes a specific permit number, which can be traced back to the actual mailer.

19

This is superficially true but ignores the real problem. I read that spammeisters can make money on a campaign with hit rates of just 1 in several hundred thousand. They send out millions of spam messages burdening everyone who gets them (tragedy of the commons) while just a few hundred low-IQ types send in their checks.

I’m opposed to what you wrote here not just because it’s wrong in this specific case, but it represents a systematic error regarding behavior. That is, the proposed solution involves perfect behavior on the part of too many people; it just isn’t realistic.

20

Oh, I never claimed my solution was realistic or practical. And the points you and several other posters raised about the realities of Spam economics are well taken.

The increased-overhead systems posited by Fear Itself and Mr2001 are of limited use without some system for allowing legitimate bulk-mailers (like Armilla) the ability to bypass them.

Plus, the quantum chip is far closer to reality than fantasy at this point, so the algorithms would most likely have a limited lifespan. It may hold them off for a few years if implemented immediately, but once you are not limited to polynomial time for solutions, your overhead goes out the window.