In the dark corners of the web there has been a growing debate regarding how social networks expose their users to more risks. The premise behind this is that by and far most social networking platforms are built on open platforms. These platforms let their users create plugins, access APIs, and share their created content with the rest of the world.
The concern to my perspective is two-fold first you will have users (black-hats) who maliciously want to raise havoc either for entertainment, or some sort of gain be it financial or political. Sites that allow users to freely develop and distribute content using their systems and networks do so without the liability or the auditing of traditional development environments. Furthermore the concern is that these developed systems may lure casual users into trusting the code merely based off of association with the parent site. However is that necessarily a bad thing?
These holes will still exist and if you try to actively obfuscate the issue and prevent the creative growth of these systems then you are in the end exposing the users to more risk, in my opinion. There is always going to be a bad element someone who is doing something out of malice or is simply seeking personal gain. However, if we let the malware and spyware authors dictate our actions on the web haven’t they some degree achieved their goals?
Consistently the number one technical support issue we face at the association is aiding customers in configuring all-in-one security solutions, take your pick for my opinion they are all horrible. For people who make their living using web based applications these systems which take blanket approaches to security (assuming everything is bad) rob their customers of productivity. What is worse when you call the vendor to point out the issue they push back on the security solution vendor and vice-versa the security vendor says it is web application developer’s fault.
Don’t get me wrong I am a strong security advocate I teach courses on physical and software security and I truly believe security should be everyone’s priority.
However, when do we go too far? I will admit I have found very few useful applications on facebook and if I get poked one more time I am going to scream, but the free and open development platform has transformed facebook from an online college after party to a central hub of social interaction. Can companies do a better job policing what their applications are used for, yes of course. Though to a certain degree I believe that responsibility should fall to the user community.
If there is anything we can learn from this it is this. First of all open development foster innovation and growth. Openness does not increase the security risks, if you want to argue this I got one word for you Linux. As an operating system it still needs to mature and there are some inconsistencies in the way the system is designed however by and far they handle security issues and patch management much better than closed source vendors. Still not convinced check out Firefox, open source you can browse the entire application at your leisure have fun poke holes in it make a slight different version and post it as your version whatever.
I am not saying that Facebook opening its API is the same as downloading and compiling your own Firefox. What I am suggesting is that if we are going to continue to enjoy the rapid pace of development we need to allow these DIY developers to create their bush whack-a-mole, mapping programs, and whatever else strikes their fancy because you know what - the next big idea is out there just waiting to be found.
great post Mark.
Comments RSS TrackBack Identifier URI
Leave a comment
1 Comment(s)