Is our obsession with regulation killing the web?

Anybody who’s been paying attention has noticed just how much the internet has changed within the last 10 years.

From the humble looks of Google’s homepage to the vast existence old-school message boards and a virtually irrelevant “social” media, the internet largely felt like an accessory, a toy you could play with every now and then, a toy that didn’t have power over us. It was secondary.

People would still phone each other, cherish family photographs in person and perhaps occasionally use their desktops to send “electronic mail.”

The years that followed did see the arrival of social media sites like MySpace, Friendster and Orkut – but they certainly didn’t have the power to disrupt societies and our expectations, the way those of the present day do. The older web lacked the capacity to override the mental models of its users with regards to its acceptable use.

The web of today, on the other hand, has turned us into addicts. From job searches to sending a WhatsApp text to consuming news and entertainment, the internet has been turned into an essential public utility.

Sometime during the last 10 years we forgot what the internet is, how it’s meant to be used and what to expect from it.

Privacy

Considering the internet was created to be a free and open means of sharing information, its creators did not embrace the notion of “privacy” when getting their technological fundamentals right.

Now we get questions like “Are you stalking me?!”

As a software engineer who has developed over a dozen websites, I have always found this tone of questioning ridiculous.

One of the major concepts that defines the internet is something that us security professionals accept as casual truth: anything you post on the web is by default public, accessible to the world. For a lot of people however this notion often comes across as a shock, a hard pill to swallow. “How do you know where I work?”

Because you put it on LinkedIn for the world to see.

It surprisingly easy these days to find someone’s birthday and sensitive details about their personal life on social media, using just their first name and place of work.

To security professionals, if you have a public-facing website or a profile page, you have consensually put data about yourself out there. You’ve consented to have this information accessible to the public.

It’s not that I don’t respect someone’s reservations about who should see their information. But you have to admit, it’s more than a little contradictory to both want to take part of these platforms while getting outraged at the so-called stalker factor. If you want to be selective about who finds out what about you, set up your profiles that way or opt out altogether.

But instead of teaching people some responsibility and about the fundamental nature of the internet, our focus as a society seems to be almost always on blaming the medium (e.g. Facebook), and rushing to regulate it. And this goes against the very principles of open information sharing.

More privacy, more regulation

As if the ugly “We use cookies. Do you consent?” banners weren’t enough, several new acts in Europe, including the UK’s Digital Economy Act 2017 now mandate adult content websites to perform ID checks on their users for age verification. What could have possibly gone more wrong?

Even if total secrecy to the end-user can be guaranteed – which is doubtful in these times of daily breaches – you can imagine how intrusive this approach is to both the user’s privacy and the overall user experience.

What’s worse is, the actual implementation of laws like these is nothing more than a distraction and ways for ID verification businesses to gobble up more revenue. There are trivial methods to get around these controls rather easily: for instance, if you know what a VPN is, as a lot of minors likely do.

Similarly, what startles me is the EU Cookie Law, something that has become the norm, has done little in practice protect the end user. On seeing the wretched banners blocking their view, most users would likely carelessly click “accept all cookies,” with the priority being dismissing the banner. And having to repeat this action on every single website is a prime example of how this law universally killed the user interface and experience (UI/UX) of the web while virtually doing not to protect the user’s privacy.

“The idea of this law is a noble one, it’s just a shame it was drafted by a team of technically illiterate octogenarians who couldn’t find a button on a mouse,” reads nocookielaw.com, a page setup by Silktide to protest the law.

While pushing for more regulation and without regard for its serious long-term consequences, we have put our trust in politicians who have never actually developed a website and may not fully understand how the client-server architecture and cookies work.

Centralization

I’m not against centralization, per se. If everything could run smoothly and reliably on P2P systems and blockchain alone, data hosting companies and IT professionals running them would all go out of business.

It’s rather the ongoing trend of amalgamation of everything into the “big four” tech giants which could be problematic. And in the last decade, the movement has only progressed in one direction.

The fact that what started out as a mere search engine, now has us relying on it for our mail, photos, news, maps, and even smartphone software (Android) and has the control to show us the search results that it agrees with, is proof enough. Similarly, independent messaging and photo sharing apps like Whatsapp and Instagram were acquired by Facebook, the company that is now looking to set foot in cryptocurrency. Medium.com has its roots in the entity behind Blogger and Twitter. GitHub – the world’s leading open-source software repository, is now part of Microsoft.

I need not go into the disadvantages of monopolies and oligopolies, but that’s the direction we’re heading in.

Given all this, it isn’t appalling that people have accepted the possibility that tech companies have power over their elections and democratic processes and must be kept in check. But if we believe this, we likely helped them get there. We’re at least partially to blame.

Censorship

With our internet choices becoming more and more limited every day, what information and opinions will thrive over others? Who gets to decide what’s appropriate? When is it okay to censor?

These are some very subjective questions. There is always a fine line between what’s morally reprehensible and needs censorship and what may need to be censored because those in power see it as unfit. Bear in mind, ethics and morals can be subjective. And every few years as the societal norms evolve, so do the censorship criteria.

If you think what I’m talking about is a mere scare tactic, because anyone is free to create their own website, let’s think this through.

Yes, anybody can create their own media today, but unless they have enough potential to please Google’s SEO polices – for which they already need to be fairly well-established – they would likely never be found.

What’s worse is Google and other major search engines can decide to omit a result from search, at their own discretion, for whatever reason. From suspicions of a website owner engaging in copyright infringement to hosting illegal materials or putting up “unsavory” politically disruptive opinions, search engines can simply block the site from appearing in a search results page – which is well within their rights as a company.

You can write as controversial an opinion as you want, but if sites like Blogger or Medium declare that it goes against their terms of service, they can delete it. That should be obvious. And we’ve all seen public comments on articles published on prominent news websites get removed for not meeting the publishers’ community standards.

But without traffic-drawing power of search engines, your piece will likely never be found, even if it’s hosted on your own unknown, standalone website.

Yes, you can setup PayPal funding for your website, but if your website hosts extreme political opinions or attracts the attention of the Feds, going bankrupt is a real possibility.

To give you a real-life examples: “[on] 22 January 2010, the Internet payment intermediary PayPal suspended WikiLeaks’ donation account and froze its assets. WikiLeaks said that this had happened before and was done for ‘no obvious reason.’”

Will anyone who feels outraged at what PayPal did to WikiLeaks feel the same way when a right-wing website is rendered inoperable, financially by PayPal and Amazon?

Even though we are trusting the people at the top to invoke their censorship powers “in good faith,” we have already seen how subjective this line of action can be. And given the diverse political opinions of people, it may only become more disruptive.

The next-gen web

The question is actually no longer about what we can do to stop this “damage control,” as the Pirate Bay co-founder Sunde once pointed out.

It’s about what will the next-generation web look like.

Whenever legislation tries to impede freedoms – especially technological ones –smarter people will always find a way around it.

Perhaps the next iteration of the web will evade legislation and regulation altogether.

We already have the technology to realize this possibility: blockchain, cryptocurrency, P2P networks, Tor, etc., should be a sufficient tech base to contemplate a proof of concept.

And even though today the vast beneficiaries of these technologies may be privacy-centric fanatics and criminals selling fake IDs, maybe this is the only hope left in restoring the web to its original nature.