Friday, 23 May 2014

Against The "Internet Of Things"

I was lucky to be at the Berkeley "programming systems" retreat in Santa Cruz a couple of weeks ago. One topic that came up was programming in the world of the "Internet of Things" --- the anticipated future where everyone has dozens of very small, very low-power devices with CPUs, sensors and radios. There's certainly a lot of interesting work to be done in that area, but nobody seems to have asked the question "do we really want an Internet of Things?" Because I don't, not until we've addressed the pervasive problems we already have with security, privacy, and general untrustworthiness of our computing infrastructure. It's obvious that these buy-and-forget devices won't get timely security updates (if updates are even adequate for security), so governments and criminal organizations will be battling for control over them, out of sight and mind of their nominal owners. So we're talking about making the surveillance network of the NSA (and even worse actors) a lot more pervasive. These devices will be able to run for years without a battery change, so when you buy a new house or car, you will inherit a miasma of unseen machines doing everyone's bidding but yours.

There's going to be a big market for scanning and cleaning tools. A small handheld EMP unit would be great. Someone should get on this problem.


  1. My thoughts:

    The emperor has no clothes.
    Don't be evil.
    O frabjous day! Callooh! Callay!

  2. I share the same concern. That actually means our Mission is more important than ever, to prevent that future from happening. I would rather to have my gadgets available to me as open hardware, running auditable, verifiable open source software, than carrying an EMP unit and being laugh at for living in a cave.

    What concerns me is that, from the last meeting, Mitchell seems to be trying to define a narrower scope to the mission, instead of broaden it. I don't see a clean cut between our mission (keeping the Open Web) and the rest of the "liberal", "left-wing" agenda (in US terms). Some day we will look back and realised by not explicitly support what surrounds us (e.g. Open Hardware) we have ended up erode our ability to defend the mission.

    And, sadly, before that, we must to anything vendors from Android community ask us to do to bootstrap FxOS.

    1. There isn't going to be a *clean* boundary for our mission, but three must be a boundary. Otherwise we will lose all focus, and our community will be split.

      I sympathize with some elements of the "liberal left-wing agenda" but I'm against a lot of it too. If Mozilla's mission were to expand to encompass all of it, I'd have to leave. It would be counter-productive to have separate Mozillas for the "left wingers for the open internet", "right wingers for the open internet", "anarcho-Christians for the open internet" etc.

      I very strongly resent the way US politics drives people to reduce their positions on all issues to a single bit of information. I'd hate to see Mozilla become part of that problem.

      We need to be humble and realize that Mozilla can't and shouldn't do all things. Open hardware is a good thing but it seems cleanly separable from what Mozilla is doing. It's hard enough for Mozilla to be successful at the set of things we're trying to do right now, and we won't bring any particular strengths to open hardware. Let other people and other organizations solve the problem. If we need to, *start* those other organizations. Modularity is a good thing.

      And FWIW I don't think open hardware will solve the Internet of Things problem. Openness doesn't make things enough more secure.

    2. Please do not take my comment as an argument that Mozilla must embrace and advocate *all* "liberal", "left-wing" agenda -- note the sarcastic quotes around the words in the original comment. I do not advocate that Mozilla should have a "liberal" and a "conservative" faction neither.

      What I meant to say was that I had a tough feeling on how we act and what we stand in various recent projects/issues. We used to be firm on principle but flexible on practice, and that's perfectly fine, however it seems that we have now started to be flexible on principle too and only deal with what's "manageable".

      That said, I have no better answer on what we should do. Should we separate MoFo and MoCo more so MoFo can be firm on principle and MoCo can be flexible? I really don't know. Not having figure out that bothers me too, cause if we fail, or changed, then there will be no one left to defend and protect Open Web.

      PS I agree Open Hardware will not *solve* the problem. Security is a process, and there is no definite solution to anything (EMP maybe :P?)

    3. I don't think we have really changed our approach to hard issues. We have just faced more of them than we used to. I think this is mainly due to the expanding scope of the Web crashing into areas (e.g. video, DRM, mobile operators) that we haven't had to deal with before. But in the past we certainly did grapple with situations where a "pure" approach to a problem would not have maximized our impact for our mission --- e.g. deciding whether to bundle an ad-blocker in Firefox, or deciding whether to clone some IE-only not-yet-standardized Web features to make certain sites work.

  3. I worry about the internet of things as well. I wonder if Faraday Cages will start being a design feature in homes ("and for your privacy, this house includes a den with a 120 dB Faraday cage").

    I noticed that one of the economist bloggers also has posted about internet of things privacy here: