Eyes Above The Waves

Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.

Sunday 8 April 2012

The Internet Experiment Has Failed

I'm worried about the Internet. Not about the usual Mozilla stuff, although there's a lot of challenges there too. I'm worried that the Internet, the way we use it, is bad for people; bad for individuals, and bad for society.

One reason is security. We do not have the technology to build systems with strong behavioral guarantees; there are always bugs, and always exploitable bugs. The contest between attack and defense is vastly asymmetric; defenders must get everything right, attackers only need to find a few mistakes. Yet we keep bringing more of our world online. Even keeping systems away from the Internet becomes infeasible as mobile Internet-connected devices become increasingly pervasive.

Another reason is our brains. It seems obvious to me that the Internet is a lousy medium for human interaction (beyond people you already know well). There are lots of negative effects at work, and better-informed people than I have much to say about them. "Filter bubbles" are one concern. The accessibility of support groups for every kind of dysfunction (e.g. pro-anorexia or racist groups) is another. My biggest worry is the lack of empathy we experience when interacting with others online. The online comments of almost any major public Web site are toxic, especially on controversies. I've behaved badly online in ways that I never would have in "real life". In the incoming direction, the core Mozilla community is great, but random abuse and conflict from the Internet takes its toll. There's a lot more to be said about what's going wrong, but suffice it to say I'm an optimist about different kinds of people being able to get along in real life; I'm a decided pessimist about them getting along online.

(Even while I'm writing this, Christian Heilmann has posted about problems on Twitter.)

Let's not even talk about privacy and oppressive actors.

I'm fed up with techno-optimists who claim the march of progress is inevitably beneficial and we're just having some teething problems. Techno-optimists had big dreams for the Internet; that it would bring people together (see people yell at each other on Twitter), that bad information would be cured by more good information (see filter bubbles), that all knowledge would be universally available (OK, they got something right; thanks for Wikipedia). Not good enough.

So what should we do? For security, we need to increase the distance between important systems and the Internet. We need to steer towards technologies with provable properties (and somehow escape our dependence on C/C++ code). But that's weak sauce and I don't see our way clear. Human factors will let us down and there are hard limits on technology.

The human interaction problem is even tougher. Maybe we can find technical solutions to reengaging empathy. Providing voice and video interaction everywhere might help; WebRTC could save the world! (Probably not, but we'll try.) Individuals can opt to reduce their online presence and refocus on offline relationships. To some extent that's what I try to do, and in a low-key way I'm discouraging my kids from being online and engaged with computers (mainly by giving them more interesting alternatives).

What about the mass of humanity? Do we just keep accelerating and hope everything works out? Do we form a neo-Luddite action group and sabotage the Internet? Do we figure out some alternative approaches to using the Internet that limit the damage? I wish I knew.


Maybe you just hang out in the wrong corners of the net? reddit.com has lots of great stuff daily. Anonymous people helping each other out, entertaining each other, debating, etc.
Benoit Jacob
I'm worried too, but not quite exactly for the same reasons as you outline in this post. First, I share your worry about the security aspects. What worries me is the misuse of our time, rather than the information overload per se. In other words, if we had infinite time, I would not worry at all about the impact of Internet on our lives, but we don't, therefore the huge amount of time that we spend online deprives us from more important things we used to do. For example, what worries me is when we spend more time cultivating our Facebook profiles than actually being with people; or when we spend 2 hours per day reading news; or when we watch 10 movies per week but don't have time to read books. What does not worry me is the information availability in itself. There were plenty of racist groups before the Internet.
Robert, Well said! I've been feeling this way for some time as well. Rather than "building an app for that" we should instead "develop a healthy behavior for that." We should acknowledge and accept the biological limits of our bodies, brains, and behavior. Maybe then we could use technology in a way that more harmful than helpful.
Benoit Jacob
I've been thinking that Internet is something that none of our existing ethical frameworks (cultures, religions, etc) anticipated; I expect that we'll see new ethic frameworks in response to the changes that the Internet brings to our lives. Typically, I expect new ethic rules to focus on "locality" i.e. the idea that even if plenty of cool stuff is happening 10,000 km away from us, we should still reserve an important part of our time and attention to what's local i.e. people around us.
If you know where the toxic information is, you can make yourself a better person and opt out of those places. If you are contributing to toxic behavior, you can improve the web by not doing so. If you watch ten movies a week and are not reading any books, cut back on one movie and read for two hours each week. Unfortunately, people are people no matter what technology has to offer. You can't change human behaviour with technology. Anybody who says otherwise is being delusional. As far as security goes, getting rid of C/C++ would help tremendously, as would getting rid of XSS vulnerabilities somehow. We know what kinds of security bugs programmers most often make, so if we can figure out how to construct our languages to make those difficult or impossible, that would improve what we have online.
Benjamin Otte
Have you seen http://www.ted.com/talks/danny_hillis_back_to_the_future_of_1994.html ? With that as a background, let me give my view on the 2 points you brought up. About security: You cannot make a complex system secure. I compare the Internet to a civilization (or smaller: a family) or an animal (smaller: a cell) in that respect. None of these can be protected from harm. All they do to deal with this is make things hard where it matters and solve the rest via policies. About human interaction: In this case I would pick cities vs villages and nations vs tribes as things to compare to Internet vs no Internet. All of those make it easier to get more people to be in contact with each other. And while a lot of bad things have come from cities or nations, none of the progress we have today would have been possible without those. And that's not just technological progress, but also societal progress. http://www.ted.com/talks/steven_pinker_on_the_myth_of_violence.html has a good example for that.
Justin Dolske
Mmm. Very deep subject given the combination of a Monday and post-Easter sugar crash. :) One thing that strikes me is that none of this is new; history is filled with failures of human interaction, security, and communication. As an example; the infamous World War 2 case of Admiral Halsey receiving the message "Where is, repeat, where is Task Force Thirty Four? The world wonders." The last 3 words were read as a snarky rebuke, when in fact it was just a simple question with a technical glitch. [http://en.wikipedia.org/wiki/The_world_wonders] Or the Battle of New Orleans (War of 1812), which was fought _after_ a negotiated treaty ended the war, due to slow communications. I think the core question is if, on the whole, we come out ahead considering the way the Internet has helped, hurt, and otherwise transformed the issues. But that still leaves us where you left off... Who can say for sure? And what's the best way to improve things? I wish I knew too.
"The contest between attack and defense is vastly asymmetric; defenders must get everything right, attackers only need to find a few mistakes." This security issue is hardly unique to the net. Most US consumer door locks resemble the physical equivalent of SSL v0.1 Alpha Closed-Source Adobe Edition and offer about as much security as a thin layer of plywood... which coincidently is about how promising a door's general offered protection is against even the slightest whim of a determined attacker. "The accessibility of support groups for every kind of dysfunction (e.g. pro-anorexia or racist groups) is another." So people reading tabloids, getting drunk down the pub and being extremely insecure about everything is an internet thing? Not really now it is... "Let's not even talk about privacy and oppressive actors." Let's not, lest the security cameras in the street outside or the completely un-internet related warrant-less bugging legislation pervasive throughout all Western society catch what we're doing. What you really mean is: I Perceive The Human Society Experiment Has Failed And I Was On The Internet Whilst It Happened. And before you go ahead and suggest I wouldn't speak in this highly passive aggressive manner in person, I assure you I make a general point of it where it has the desired impact. Perhaps the fact that the internet allows you get through more than two sentences without me being allowed to interrupt you and make it socially awkward is, in fact, the primary reason we end up with responses like this on the internet and not in person. Food for thought.
Tiago Sá
The way I see it, our behavioral principles are changing with the internet. And they're for the good, although it brings a lot of bad with it. Basically, the internet is free speech. And, like free speech, a lot of bad stuff happens. But, ultimately, I think it's good. I understand and respect that people may disagree with me on this, but what I don't respect is that people try to take away my freedom of speech. In other words, it doesn't matter if we think the internet is doing good to us or not. It's doing what it's doing, and we're evolving as we're evolving. As a world. From the users, by the users, for the users. No one mind can change its course in such a significant way that it would alter the simple fact that people feel "safe" behind their screens while they insult other people. At least no in less than a few years. Ultimately, I'm thinking we just need to teach kids from a young age about how the internet works, about internet civism and respect for its rules (as in there are none).
I think you should read Schneier's latest book, "Liars and Outliers, Enabling the Trust that Society Needs to Thrive" much food for thought in the line of what you are thinking about here. I think the case for "some teething problems" has a much stronger foundation than what you believe. Digital signatures aims for a quality level that's incredibly superior to manuscript signature, given how easily you can falsify manuscript signature and the link between a signature and the accompanying document has never been really strong. Disappointing result of mass expression on the Internet ? The French revolution saw easy large scale printing together with actual freedom of the press used mostly to print some of the most egregious libel ever (especially the one against Marie-Antoinette, you may dislike the character but still pity the ignominies that she had to withstand). Direct interaction saw thousand of years of refinement before getting to the point it is now. And still is not an universal standard, normal behavior in the West may seem just downright rude in Asia. And normal behavior in Asia downright hypocrite in the West. But still there's one thing that does worry me, when you don't know a domain very well and see on the Internet two opposing theory on it, how can you tell which one is the sensible one, and which one is the wacky one ? You can stop at trusting the reputable media, but what you want to do better than that, give each side a fair process ? You'll find out this is really hard. You'll find out that the wackos are using all of the Internet resources to give their mad theory a semblance of plausibility, with many round of refinement, removing each of the easily proven false arguments with ones that take longer to prove false. Once you've done it fully, well you've spend enough time and thinking to become quite an expert of the domain. Not many people can do that, most will have to settle to just holding true the side they feel is right. There, I'm wondering if we have not lost something with the Internet, if the difficulty in getting significant reputation for an easy access to the print media wasn't serving as a useful filter against crazy ideas. OTOH in the 30's, Hitler had massive success with absolutely crazy racial theories (including in the US, with Henry Ford for example) which the current Internet fueled lunacies are far from rivaling.
I digress about security. A large part of the technology is available, and has been available for some years now (and though of for decades by now). That's not about crypto algorithms which are by design possible to break (and always will be?). It's about implementations, memory safe, compartmentalized components, trusted messaging (all the things IPC). Bell labs, Microsoft, and a few others developed such systems where bugs are easy to figure out and very difficult to produce. More than that, their assurance level can be formally proved, verified and tested (that's EAL7 or the highest assurance level, for the connaisseurs) But there's a trick. No apps run on those. No one cares to buy them. If it doesn't bring back direct benefits, or if the cost is higher than hiring a ton of security personnel (or even simply higher than their monetary insurance which usually the case for banks), there's no reason for it to exist. Of course, eventually, it will chime in. But it could take a few more decades.
On a slight note that I could have included: - WebRTC might actually help the above at least client side, for a few things. When you only need to code the servers, the HTML renderer/JS, and a few other things its easier than when you need to port 10 000 apps. kangonymous.
Taryn Fox
I am autistic. I thrive in a text-based medium. In person, I am disabled; online, I am making a living through writing. I was raised in an abusive family and an oppressive religion. Through the Internet, I found things to hope for, and eventually a way out; financially, emotionally, and spiritually. I feel that it is the best thing that ever happened to me, and the reason that I am alive. Now if you'll excuse me, I'm going to go take a walk down by the pond.
Franklin Chen
Rob, you might like this discussion: http://technosociology.org/?p=431
Thanks for the thoughtful comments, everyone. Benoit: I don't think we need new ethical frameworks. We do need new applications of our existing ones. Havvy, Anonymous: technical solutions such as verified software might help security, but often human and economic factors are the weakest link. I don't see a breakthrough there. Benjamin, rushyo: analogies to security of other complex systems (cities, biology) fail for multiple reasons. For example, in biology, viruses aren't malicious and don't generally benefit from the death of the host. Another big difference is that in biology and physical crime, the laws of physics limit the scalability of attacks. You can't try opening the door of every house in the world at once, and a virus can't attack every possible host at once. So I am not reassured. Benjamin: I do not accept the logic that because cities were overall beneficial, the Internet must be too. The Internet does things that cities don't do. jmdesp: you're right that direct interaction had a long time to be perfected. One problem is that our technologies now advance so fast we don't have generations of learning and evolution for our brains and social behaviours to catch up. Taryn: that's awesome. I'm not autistic but I'm pretty shy in person and being online is a lot more comfortable most of the time. Franklin: interesting read, thanks. That seems to be mostly about modes of speech, which is mostly tangential to the issues I care about. I don't care if everyone uses txt-speak, if they're communicating empathically.
"Do we just keep accelerating and hope everything works out?" Yes.
Josh Cogliati
Do we even have a choice? In order to stop developing technology, the entire world needs to stop developing technology, not just some of the world. The Amish can abstain from developing technology all they want, but they are still affected by rest of the world’s choices in fossil fuel use and computer development. (And to post this I need to prove I'm not a robot by helping a computer read house addresses.)
For starter, how about requiring each website to publish their methods of storing user private information? Maybe having a minimum standard would be a good thing too. Every time a new site requires me to create a login, I have to decide whether I trust them with properly managing my information or not. Is the site going to encrypt my password or will the password be stored in plain text? Do they have competent people to implement information security, or will the site leak data like a sieve? Basic standards shall be a good start for online security.
Well, you make a few valid points, and a few where I think you're just being (deliberately?) blind to reality (or maybe only viewing the worst and least appropriate/useful behavior and pretending that represents the whole). However, even just considering the valid points, your topic title is unsupportable and inflammatory. Was it purposefully made so that you could get counterargument comments? Was it some sort of satirical poke at illustrating your own point?
No, I honestly think that a lot of the hopes for the Internet haven't been borne out in practice and in fact are trending the other way.
Times change, and we change with the times. Fundamentally I think the central tension between conservatism and progressivism is bound into the question of whether the present is better than the past, and ultimately whether the future will be better than the present. And whether we are required to change to accommodate a better tomorrow. I believe yes and yes. When I think of the genuine ills that befall humanities seven billion members, such as poverty, torture, persecution of minorities, etc, they do not flow from some fourteen-year-olds comments on youtube, but rather from the asymmetrical distribution of power. The internet, so far, does not get much of a look in to solving the real problems in the world, but it may do one day as it gets into the hands of those who are deprived of power at the expense of tyrants, armed thugs, foreign states and multinationals. The first world problems we face using the web seem trivial to me in comparison.
Wikipedia isn't even that great, because it's founded on the false premise that a Neutral Point of View exists on every topic. In fact, there is no such thing as neutrality. God exists, or he doesn't - where's the "neutral" view? And your view of that question colours everything else. One can perhaps attempt to be solely descriptive but even then word choice, column inches, and many other things allow one to colour what could be claimed to be "neutral".
Josh Cogliati
I personally figure that humanity has maybe 20 years at most before technology causes some kind of very negative event for humanity. In 1872, Samuel Butler in the book Erewhon http://www.gutenberg.org/files/1906/1906-h/1906-h.htm , the argument is presented that if we want to prevent the bad things happening, we should not use any technology that was invented before 300 years ago. “But returning to the argument, I would repeat that I fear none of the existing machines; what I fear is the extraordinary rapidity with which they are becoming something very different to what they are at present. No class of beings have in any time past made so rapid a movement forward. Should not that movement be jealously watched, and checked while we can still check it? And is it not necessary for this end to destroy the more advanced of the machines which are in use at present, though it is admitted that they are in themselves harmless?”
So essentially you have officially reached the "Damn kids, get off my lawn!" stage of your life? The whole brain/empathy thing is absolutely not new, it's just that you're personally involved in one manifestation of the effect, and it's coloring your opinions. This isn't unique to the internet; it's a fundamental limit of our brains. There's a humorous article written several years back that describes it: http://www.cracked.com/article_14990_what-monkeysphere.html ("The Monkeysphere is the group of people who each of us, using our monkeyish brains, are able to conceptualize as people.") A larger counterargument is beyond the scope of what I feel like delving into, here. Hopefully you can take the basics in the abstract, and derive out the varying implications from there.
"The Monkeysphere" may be a problem, but it's different to my concerns. The empathy problem I'm concerned about is text-only communication losing cues that make me treat the other person as human. It's not related to the total number of people I interact with. I'm not sure what kind of counterargument you're thinking of. As far as you go, I think you're agreeing with me --- our brains have fundamental limits, and those limits cause problems when we use the Internet the way we currently do.
Steve seems to have picked up on a bit of it. Human empathy does not fail when dealing with others without the aid of visual cues; human empathy fails when dealing with others on a large scale. The internet itself (or "the internet experiment", however you want to define that) has not failed; it works perfectly well in a great many areas. It's just that you won't see them much, for the very fact that they operate on a relatively small scale, and thus, necessarily, you are not a part of most of those niches. On the other hand, the easily visible entities -- Facebook, Twitter, etc -- are in the large scale arena, draw the most attention, and show the most breakdown. You see the worst because the parts that are easiest to see are those most susceptible to the problem. The flaw is then deriving your overall conclusion from those aspects, and, as I said, pretending that the parts represent the whole. I would say that the things that most lead to the issues you are concerned about are the pushes to increase the number of connections we have to arbitrarily high levels. This is a benefit on the commercial side because of economies of scale, but is a weakness on the personal side because of humans' inability to scale in the same manner. Earlier in the comments there was also the comparison to cities, which you disagreed with. However there's still a bit of an analogy there: you have your New Yorks, and Londons, and Tokyos as large aggregates, but for as large as all those places are, the vast majority of people still live in the far more numerous, but smaller cities and towns in the world. Cliches about this sort of thing abound, and for a reason. I guess you could say that the 'failure', such as it is, is that people keep pushing for these mass aggregations such as Facebook and Twitter. The optimists from the early days never had those entities to deal with, and thus probably never dealt with their expected impact in a realistic manner. Everything was almost required to exist on a smaller scale (aside from maybe something like AOL, and we all know the jokes about that aggregate); hundreds of tiny home pages, where your web of interactions could only go so far. Gradually these accumulated into larger entities for simple convenience (youtube.com, fanfiction.net, flickr, etc, etc), the way mom and pop grocery stores changed over to supermarkets, or general stores got pushed aside for Walmart. Changing the -manner- of interacting is irrelevant. Voice and WebRTC won't matter. We already have voice (Skype, Ventrilo, etc); we already have video (YouTube). Used on a small scale, they're useful; used as some sort of upgrade on large scale communication, we'll see exactly the same breakdown we have now. You want to improve the manner in which we communicate? Reduce the number of people we communicate with. Increase the distance between 'groups' instead of increasing the distance between the individual and the internet as a whole (while still making it relatively easy to move between groups). Of course this is directly contrary to your point about filter bubbles. Fewer interactions means less contact with 'new' information. However that's not entirely true, and I'd say that it's more that is slows the spread of information rather than stops it entirely, which can in some ways be argued to be a good thing. However this part of the argument gets excessively complicated, so you'll forgive me if I don't delve into it right now. (cont...)
The other main problem with it is making it commercially viable; it's far more difficult to have a self-supporting site with a few hundred participants than with many thousands or millions. This, unfortunately, I have no answer for; though I could imagine some vaguely creative solutions, I have no expectations that they could work. On the other hand, commercial economies of scale still work perfectly fine for commercial entities (eg: Amazon); it's the non-commercial entities that have to deal with this (and one could perhaps consider this to show the flow of the problem: small community > needs money > invest in commercial economies of scale > large community that is self-sufficient, but has grown beyond human interaction scale). One might also bring up arguments about isolationism, cliquishness, etc., as well as wondering if we'd be giving up the entire point of the internet as a global communications medium. For the first, you're not going to change human nature overnight; we've been dealing with those same issues for millenia, they're not going away now. For the latter, no it would not be giving up; it would be more of... re-architecting the software. Modularization. Heck, one could make a pretty good analogy between monolithic software development problems and this whole issue.
My experience is that it's the cues, not the number of relationships. I sometimes have treated *the same people* differently online vs offline.
Steve Fink
I'd say there are both positive and negative examples scattered across the Internet. Perhaps it would be instructive to either look just at the forums that work (using "forum" in a general sense), or maybe even to look at each forum and picking out what works. Except that I think there's a major confounding factor: a successful, "working" forum gains in popularity, and popularity leads almost directly to disaster. There are many niche forums that work exceedingly well on the Internet and in meatspace, and many that I remember fondly because they were great before they got popular. I think a large problem is one of scaling. Except that unlike scaling a software system, I believe that anything dealing with interpersonal communication cannot be the same at both small and large scales. Speaking to 1-3 people is always different than speaking to a roomful of people, even if those people are forced to be silent and invisible. Maybe I'm wrong, and scale is just a small piece of the puzzle. But it seems like it could explain a lot. Many services attempt to make large scale appear to be small, but at the same time they don't want to lose the advantage of serving a large scale, and the abstraction leaks through in a way that matters to our meat brains. I honestly think that many online forums would be vastly better if they prevented an arbitrarily chosen subset of people from participating (or maybe just sharded arbitrarily.) People would probably hate it, because they couldn't interact with specific other people, but it would actually work far better anyway.
On the security front, no amount of security is going to stop the most determined and fanatical attackers out there, and that applies to both real-life physical security and cybersecurity. All you can do is defend in the best way that you can (hopefully without breaking the bank in the process of doing so). Besides, I've seen so many systems vendors (both open-source and proprietary) boast about how secure their systems are, just to see that the day after they make the boast there's a breach of some sort that has to do with their system. We can deploy technology after technology and we'll never be 100%, or even 95% secure.
"that applies to both real-life physical security and cybersecurity" obscures the fact that Internet-borne attacks scale up far more easily than real-life physical attacks.