SoftwareTechnology

Trust the Rich People on the Internet

There is a lot of sensitive data on the internet, and we rely on that to do commerce globally and post pictures of cute animals.   This brings up, or should, the issue of how we trust websites to protect our credit card numbers and animal pictures.

As with most things that go on with trust, it is mostly behind the scenes. Your average consumer does not have the time or qualifications to determine which things are trustworthy and which are not.  This is why we have regulatory agencies keeping snake oil off the shelves (if we ignore the homeopathic aisle, which at least is labeled as such) and why fire codes exist so that we have some reasonable expectation that a reasonable amount of effort has been made to keep us dying in a fire due to shoddy construction.

The world wide web establishes trust based on a protocol which is implemented with money. Websites that wish to establish trust implement the secure socket layer protocol and place a certificate, purchased at some expense, on the server.  Web browsers see the certificate, and use that to inform you that a website is either secure or not secure.

Teen Skepchick is not secure.  Please do not give us your credit card numbers.

 

Google is secure!

 

Without going into the gory details, you can’t just get any old certificate, or make your own.  Web browsers only trust certificates that come from certain sources, and untrusted certs tend to generate errors such as the below, which scare people.  As they should.  We should not be expected to enter confidential data without established trust.

 

Now the downside to this is that not only do you need money for these things, you need a major credit card.  Meaning that that is just one more barrier for folk in developing countries to participate in a global economy without having to rely on sites from established businesses in the developed world, which may have issues doing business with the less developed world.

I like that the internet is decentralized, but it is also essential for a lot of business activities, and as long as the decentralized nature means that trust has to be purchased with money, that’s going to be a barrier for entry.  Demonstrating trustworthiness and the ability to handle confidential information shouldn’t just be a privilege of those with some spare cash to start with.

Featured Image Credit: James Case via Flickr

Previous post

Reality Checks: Gutting the EPA, Fidget Spinner Physics, Young Human Relatives, and Hitting a Wall

Next post

Reality Checks: Net Neutrality Comments Break, Baby Dragons from China, Not Hating Women on the Red Pill Forum, and Retirement for Dictators

Elizabeth

Elizabeth

Elizabeth is a professional belly dancer, a flaky computer scientist, and a returned Peace Corps volunteer. She lives in Georgia (the state of the U.S., not the country) but is nonetheless somehow not a combination of stereotypes from Gone with the Wind and Deliverance. Her personal blog is Coffeefied. Operafied. Fluffified. Beglittered.

1 Comment

  1. May 14, 2017 at 10:25 pm —

    Check out <a href=https://letsencrypt.org>Let’s Encrypt</a>. It’s signing certificates have been accepted into Java since some recent-ish version of Java 8, and are becoming more widely supported by browsers.

    Disclaimer: My company is one of the sponsors of Let’s Encrypt, though I haven’t done any direct work on it.

Leave a reply