DOWNLOAD NOW
NewsTech

Maiar Manifesto: Towards a New Internet

The problem with the current status-quo, especially in relation with the internet and the data privacy, is not that technology is bad but that so few understand it.

As a result, the internet original value proposition has been subverted and used against us. Exponential technology revolution times are leading to exponential manipulation, ones in which big corporations and data-harvesting organizations with ill intent can reach out and have a negative effect on billions anywhere at any time.

It all seems so daunting and overwhelming, but it is only by first understanding and becoming aware of these threats that we can start making  the changes required to bolster the next web. There are no easy fixes to the situation in which we currently find ourselves. No panacea that will make it all better. 

Reclaiming Privacy

Recently, some of us started becoming aware of the consequences of amassing petabytes upon petabytes of data, information that eventually leaks or is used in ways not originally disclosed or even worse to control our behaviour and decisions.

The mass storage of this data in the hands of a few major Internet and data companies provides a power that transcends geo frontiers and governments in unpredictable and unwanted ways. The more data you produce, the more they know about you.

Though most users have chosen to voluntarily share some of the most intimate details of their lives via online social networks, the companies behind these services gather way more data than most ever realize. These data-giants persistently mine, harvest and track users across their entire online experience as well as their movements in the physical world through the use of their mobile devices.

But the most expensive things in life are free. All of this information is cut, sliced, and diced and sold and re-sold off to the shady and secretive world of data brokers. Though we might complain about these practices, we have no ability to do so. We forfeited those rights in exchange for free email or status updates, agreed to in the click of a ToS agreement that none of us read.

The striking thing about this system is that it needn’t be organized this way. It is estimated that each Facebook user worldwide only generates about $20 in ad revenue for the company per year. We could send Facebook 20 bucks and be left alone.

As the MIT researcher Ethan Zuckerman has proclaimed, “Advertising is the original sin of the web. The fallen state of our Internet is a direct, if unintentional, consequence of choosing advertising as the default model to support online content and services.”

Though our data pay for Gmail, YouTube, and Facebook today, we could just as easily support Internet companies whose goal was to store as little personal data of ours as possible, in exchange for small sums of cash or crypto. Why not just disintermediate the middle man altogether for a much more logical system? We would become Facebook’s and Google’s clients for a few dollars a month and could go on to enjoy our lives.

Unfortunately today the incentives are misaligned from a public safety and security perspective. Facebook, Google and others, are incentivized to gather an ever-growing amount of personally identifiable data on its customers that it can sell on to thousands of data brokers around the world at a profit. That is their business model.

“They capture our attention by providing us with free information, services and entertainment, and they then resell our attention to advertisers. Their true business isn’t to sell advertisements at all. Rather, by capturing our attention they manage to accumulate immense amounts of data about us, which is worth more than any advertising revenue. We aren’t their customers – we are their product.”  – Harari, Yuval Noah. 21 Lessons for the 21st Century

These data-giants control massive monopolised silos of user data valued at trillions of dollars of market capitalisation.

But a fundamental problem is embodied in the DNA of these platforms: who creates the value inside the platform and who captures it? There is a fundamental mismatch between the fact that a central entity, such as a corporation, is capturing almost the entire value created by the community of users and the fact that these users don’t receive any financial upside in return.

The risk of emerging digital dictatorships in which all power is concentrated in the hands of a few central entities is higher than ever. If we want to prevent a dystopian future of surveillance capitalism and politics capable of knowing us better than we do and influence our decisions in unexpected ways, the key might be to regulate the ownership of data (some governments are pushing through extensive data protection regulation, see GDPR).

Whether purchasers of this information ultimately allow it to be used to commit identity theft, stalking, or industrial espionage is of little concern to social media companies after they’ve auctioned the information off to the highest bidder.

Of course it matters to us, those who suffer the economic and social harms from these leaked data. For those who prefer the benefits of the “free” system, let them enjoy it and all it entails. But why not allow the rest of us the option to pay to maintain greater control over our privacy and security?

While it may be impossible to “live off the grid” in today’s modern world, we can by all means design a system that is much more protective.

Kill the Password 

You might not be aware but a string of alphanumeric characters can no longer protect us. Sure, you might buy yourself some time by creating a twenty-five-digit password with upper and lowercase letters, numbers, and symbols, but the fact of the matter is almost nobody does that. The most popular passwords remain “123456” and “password.” That’s why Maiar comes with a built-in Password Manager.  

But fifty-five percent of people use the same password across most Web sites, and 40 percent don’t even bother to use one at all on their smartphones. Even if they did, it might not help much. Given advances in computing power and cloud processing, more than 90 percent of passwords can be brute-forced and cracked within just a few hours, according to a study by Deloitte Consulting.

Worse, organizations such as Russia’s CyberVor have amassed more than 1.2 billion usernames and passwords, which they can use to unlock accounts at will. Plainly stated, our current system of just using a username and password is utterly broken. 

There are some measures we can take today that will provide additional layers of protection. One example is the two-factor authentication offered natively by Maiar mobile browser through the Maiar Authenticator mini-app, which combines your user name and password with something you have such as a security token specific  for each service, app or website.

Most consumer Internet companies use your smartphone as the second factor by sending you a one time code via text message that you must also enter to gain access to your account. Thus even if a hacker cracked your bank account, social media service, or social media profile password, he would still need access to your phone and text message, something he would be unlikely to have if you and your phone were in San Francisco and the hacker in Kiev. While two-factor authentication is definitely a step in the right direction, these systems can be subverted via man-in-the-middle attacks, which intercept text messages via mobile phone malware or SIM swaps or SIM cloning. That’s why 2 step authentication codes generated through an app, like Maiar Authenticator are superior to those sent to your phone via SMS text messages.

To that end, many smart-phone companies such as Apple and Samsung are moving toward another form of two-factor security, combining something you know with something you are – such as your biometric fingerprint, face identity or voice identity. Your fingerprint will increasingly become your password, and with the release of the iPhone 6 and iOS 8 Apple has allowed other companies, such as PayPal, Maiar and your bank, to use your phone’s Touch ID and Face ID to authenticate you. Maiar browser for iOS and Android can be locked with a PIN and your fingerprint or your face. 

While hackers have circumvented some of these systems in the past (if they had access to the device), multi factor authentication can provide a significant improvement over the standard username and password. 

Moreover, through our partnership with TypingDNA, Maiar is working on integrating frictionless authentication based on how you type, also known as typing biometrics authentication.

It’s time to kill the password and move on to multifactor authentication and biometrics, tools that, though far from perfect, are an immense improvement over the feeble alphanumeric characters we use today. Though there is currently no cure-all for user identification, there are tremendous opportunities to create significantly better alternatives.

We, at Maiar and Elrond, envision a future where your login is your wallet, that encapsulates your digital identity (and aliases), protecting your privacy by default and by design through a combination of multifactor authentication and biometrics and blockchain security and crypto-economics mechanisms. 

Blockchain

Blockchain technology—cryptocurrencies’ underlying infrastructure—makes it possible to think of our data as a scarce digital asset that can be owned, controlled and given access in new ways. But If blockchain startups need regular people to understand and care about complex technology, they’re likely to remain as niche as other cypherpunk projects that sought to redistribute the power of the internet. 

As blockchain technology becomes invisible and a familiar user interface begins to connect new pools of data and economic incentives, a new wave of applications will be built focusing on empowering privacy and agency by default for every individual. Maiar and Elrond stand as foundational layers to accelerate the transition and be an active part of the solution.

In order to transition to a new web era, Web 3.0 that is, and to solve the fundamental issues currently plaguing existing platforms, we need to rethink how the web works and to change the fundamental structures we have in place right now enabling a shift to a more human-centric computing and the rise of the Sovereign Individual.

Permission-less programmability, compounding programmable and economic incentives and strong underlying network effects governing blockchain architectures, are the key elements that can be the building blocks of a new, better and safer web.

And if we are on the quest to rethink the web, what better way to do this than to start with the way we access and interact with the web: the Web Browser.

Self-sovereign identity

Following the Cambridge Analytica election scandal, the #DeleteFacebook “hashtag movement” was widely circulating, leading to the question: “what is the alternative?”. 

We believe Self-sovereign identity (SSI) puts people in charge of their own digital identities. It means that individuals have choice and sovereignty over their digital selves to the same degree we have control over our physical selves. 

The rise of the Sovereign Individual can be achieved through a decentralized identity, the general idea being that users could store identity information on the blockchain and their permission would be required for third parties to access it. This stands in contrast to the status quo, where data is held at countless third parties and regularly obtained without the user’s knowledge, much less consent. A decentralized ID could be used, among other purposes, to manage these permissions to users data, including the ability to revoke them when desired.

A decentralized ID  does not require a central authority and is always under the user’s control, much in the way a crypto user has domain over his money.

By empowering users with their own data, the new wave of applications built upon decentralised data networks will increase the trust between each human individual and the (technological) services delivered via an ever increasing number of different smart devices and computing services.

Encryption by Default 

The vast majority of today’s data is unencrypted or poorly protected. A study by HP in July 2014 revealed that 90 percent of our connected devices collect personal data, 70 percent of which is shared across a network without any form of encryption.

That means that anybody who gains access to a computer system through poorly coded software, downloaded malware, or weak passwords can steal, read, and use any of the data contained in that system. Without encryption, the data is entirely readable by anyone who has access to them. 

It’s not just financial data that are too often unencrypted; so too are our medical records, corporate secrets, military video drone feeds, celebrity nude photographs, and nearly all our e-mail. 

The impact of all these computer breaches and data theft could be greatly minimized if the proper implementation of encryption were to become the default standard practice. The majority of data stored on both personal and company hard drives is in plain text, readable by anybody who gains access to these devices. 

The same is true for the lion’s share of traffic crisscrossing the Internet, save for major Websites using HTTPS when sending your password or credit card information.

The Electronic Frontier Foundation, a nonprofit digital rights and privacy advocacy group, has also launched a program known as HTTPS Everywhere to promote the use of encryption in all our Internet browser traffic. In short, it’s high time to encrypt the Internet to help protect the privacy and security of our digital communications and computer data. Maiar comes with built-in capability of HTTPS Everywhere.

Though modern computer operating systems, including those from both Microsoft and Apple, come with free hard disk encryption tools built in, they are not turned on by default, and only a small minority of companies and a tiny percentage of consumers encrypt the data on their laptops or desktops. In fact, most consumers have no idea these security protocols even exist.

In September 2014, Apple announced that its latest iPhone would encrypt all data on the device when a password was set, a move Google vowed to match with its forthcoming Android mobile phone operating system. These are important steps forward in minimizing smart-phone security risks, but given that 40 percent of users don’t even use a password on their mobile phones at all: much more education and awareness are needed.

Education Is Essential 

We have a literacy problem around the world, and it’s not the one most think of. It is the problem of technical literacy. In a world replete with gadgets, algorithms, computers, wearables, RFID chips, and smartphones, only a minute portion of the general population has any idea how these objects actually work.

Those who know how to code will hold power over those who don’t in the same way that those who could not read and write in the last centuries found their opportunities limited. 

We need to build up the technical literacy of the general public. The goal is for citizens to have a basic understanding of how the technologies around them operate, not just so that they can use these tools to their full advantage, but also so that others cannot take advantage of their technological ignorance and harm them. 

Education is key, and the state of our cyber-security education is abysmal. 

The Human Factor: The Forgotten Weak Link 

Cyber security is a people problem, not just a technical one. No matter how strong your computer password is, if you write it down on a yellow sticky and attach it to the front of your computer screen so that you can remember it, all walking by will have access to your digital life. 

For the tens of thousands of people losing money to Nigerian prince scams every year, their problem is not a technical one but the ever-present human characteristics of hope and avarice. 

When you post your vacation plans on social media and burglars pay a visit, it was your decision to share that helped facilitate their criminal activity. And for each and every person who clicks on that link from his bank telling him his password has expired and he needs to change it, the challenge isn’t that his computer has been hacked per se but rather that he fell victim to a socially engineered phishing attack. No matter how many firewalls, encryption technologies, and antivirus scanners we use, if the human being behind the keyboard falls for a con, we are toast. 

According to a 2014 in-depth study by IBM Security Services, up to 95 percent of security incidents involved human error. The human factor can trump all other technological security measures, and thus the need for both workforce and personal education is key. And of course technology can help make us more secure. 

Multi Factor authentication, biometrics, encryption, and geo-location can reduce other security risks. But as we have seen repeatedly, these technological tools can be undermined.

It is convenient to always turn to an easy technological fix when there is a problem, but business owners, policy makers, Internet firms, computer coders, and engineers must consider the human dimension of security if we are to make any progress against the technological risks of both today and tomorrow. 

The good news is there is much we can do by adjusting our own human behavior to significantly improve our personal technological security. 

Bringing Human-Centered Design to Security 

New opportunities for innovation open up when you start the creative problem-solving process with empathy toward your target audience.

Why don’t these idiot customers update their passwords? If only those fools used VPNs and firewalls. Well, are you using WEP or WPA2? As anybody who has phoned tech support to resolve a computer problem knows, most system administrators and help desk personnel don’t hold their “customers” in particularly high regard. The common diagnosis among these technical support personnel is PICNIC: problem in chair, not in computer. 

For those who have studied computer science, taken classes in cryptography, and dreamed in PHP and C++ code, talking to the average computer user can be a frustrating process. We quite literally speak two different languages. For security engineers, the answers seem so clear: “If only those damn users would stop doing x or y stupid thing, everything would be okay.” 

Users on the other end of the line have a simple, often unspoken request: “Why won’t you give me simple instructions and allow me to get back to work?” Our security tools today are too complex and burdensome to use, and, simply stated, complexity is the enemy of security. Information security architects speak in jargon about viruses, malware, zero days, exploits, Trojans, RATs, and AES, and for the most part the general public has no idea what they are talking about. Security software and hardware products today are almost uniformly designed by geeks for geeks. There is nary a fleeting thought or a modicum of empathy toward how these tools might be used by you, let alone your grandmother. Instead, the products that are meant to secure and protect us give us helpful warnings such as “Alert: Host Process for Windows Service Using Protocol UDP Outbound, IPv6NAT Traversal-No, is attempting to access the Internet. Do you wish to proceed?” What the hell does that mean? Nobody knows, except for the original authors of this “helpful” warning. 

It’s time to bring human-centered design thinking to the world of cyber security. Think of the design of an iPhone X or a Tesla – products that are meant to delight. Not only are these tools functional, but they are beautiful, created by people who have a close and deep understanding of their customers and their needs. When one watched Steve Jobs onstage describe his latest products, there was no doubt that each and every one was imbued with the love of its creators. So where’s the Steve Jobs of security? What might Apple’s chief designer, Jony Ive, bring to the problem of our growing cyber insecurity? What would his firewall or antivirus program look like? 

Thus far, we have no idea, and that is a huge problem. It is a problem because when security features are not designed well, people simply don’t use them. Moreover, poor design can lead the human users down pathways that actually make them less secure. Why would people write down their passwords on Post-it notes and stick them on their computers? Because making people change them every two weeks and requiring that they be at least twenty characters long, with an uppercase letter, a number, a symbol, a haiku, and in iambic pentameter, is just too much for the average user to handle. So people subvert the security systems in place so that they can get their work done. 

There are also certain types of security products, such as software firewalls, that give so many false alerts that the person running the tools has to turn them off just to avoid constant pop-ups with incomprehensible warning messages. In these instances when security breaches occur, the IT staff invariably blames the user. It may be time to look in the mirror first. 

Of course the designers of security products and systems are not uncaring or ignorant people; they are just woefully out of touch with the needs of their customers. To borrow a phrase, it’s time to “think different.” Human-centered product design is fundamental to drive the behavioral changes we require in the world of techno-security and to help minimize the growing number of threats we face. The designers of these products need a gut-level understanding of how people interact with computers and smartphones, and they must not expect people to conform to strange behaviors or understand arcane screen prompts. 

Until security gurus start making products the wider public can understand and implement, people will lack both the tools and the information they require to protect themselves. 

Maiar is up for the task and even more.

Notice: some parts and information in this post were graciously taken, inspired or paraphrased from "Future Crimes: Inside the Digital Underground and the Battle for Our Connected World", a must-read book for the privacy concerned individuals, by Marc Goodman
ad blockerblockchaincryptoprivacywebweb 3.0

Lucian Todea

Co-founder of Maiar. Technology entrepreneur and angel investor. Ironman.

Leave a Reply

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound
n/a