Microsoft, Facebook, trust and privacy


(It is worth noting that these steps were exactly what people had previously said were bad – Microsoft decides which code you can use on your own computer and which API & # 39; s developers can use, and Facebook determines (people demanding that Facebook decides) who and what it distributes.)

Although Microsoft's approach did everything to protect the existing model against abuse, the industry has switched over the last two decades to new models that make the type of abuse targeted at Microsoft increasingly irrelevant. The development environment moved from Win32 to the cloud and the client moved from Windows (and now and then Mac) to the web browser and then to devices where the whole concept of viruses and malware is either impossible or the size order mode difficult, in the form of ChromeOS, iOS and to a certain extent also Android.

If no data is stored on your computer, computer use will not get an attacker. An application cannot steal your data if it is sandboxed and cannot read the data of other applications. An application cannot run in the background and steal your passwords if applications cannot run in the background. And you cannot mislead a user into installing a bad app if there are no apps. Of course, human ingenuity is infinite, and this change has just led to the creation of new attack models, most clearly phishing, but, anyway, none of this had much to do with Microsoft. We have resolved viruses & # 39; & # 39; by switching to new architectures that removed the mechanisms that viruses needed and where Microsoft was not present.

In other words, where Microsoft places better locks and a motion sensor on the windows, the world goes on to a model where the windows are 200 feet from the ground and do not open.


Last week Mark Zuckerberg wrote his version of Bill Gates & # 39; & # 39; Trustworthy Computing & # 39; memo – & # 39; A privacy-focused vision for social networks & # 39 ;. There are many interesting things in this, but two things are important in the context of this discussion:

  • Most of Facebook's use (he expects) will be a personal message, not one-to-many sharing

  • All those messages will use end-to-end encryption.

  • Just like switching from Windows to cloud and ChromeOS, you could see this as an attempt to remove the problem instead of patching it. Russians cannot go viral in your newsfeed if there is no newsfeed. & # 39; Researchers & # 39; cannot scrape your data if Facebook does not have your data. You solve the problem by making it irrelevant.

    This is a way to solve the problem by changing nuclear mechanics, but there are others. Instagram, for example, has a one-to-many feed, but does not suggest content from people you do not follow in the main feed and does not allow you to post in your friends' feeds. Your feed may contain antivax content, but one of your true friends must have decided to share it with you. Meanwhile, problems such as the spread of dangerous rumors in India are based on message traffic rather than sharing – messages are no panacea.

    In his current form, Mr Zuckerberg's memo raises as many questions as it answers – is it clear how advertising works? Is there advertising in message traffic and, if so, how is it targeted? Encryption means that Facebook doesn't know what you're talking about, but the Facebook apps on your phone would know for sure (before they encode it), is targeting done locally? In the meantime, encryption mainly causes problems when tackling other forms of abuse: how do you help law enforcement officials to deal with exploitation of children if you cannot read the messages of the exploiters (the memo explicitly refers to this as a challenge)? Where is Facebook's Blockchain project in all of this?

    There are many big questions, but of course there would have been many questions if you had said in 2002 that all business software would go to the cloud. But the difference here is that Facebook is trying (or trying to overdo it) to do the judo movement itself, and make a fundamental architectural change that Microsoft could not.