Your grandmother might steal your identity

by Francois Joseph de Kermadec

«Never put anything on the web you do not want your grandmother to see.»

I must humbly confess that I do not remember who wrote such wise words but these are among the first I saw when first playing around with Netscape Navigator on Mac OS 9, a long, very long time ago — that was about the same time my eyes went teary with joy at the thought I had successfully sent a mail with an oh-so-unpatched version of Outlook.

It is however one of the few guiding principles that I tried to always keep in mind. Indeed, even though there are nowadays encryption software that guarantees almost perfect secrecy and loads of sharing communities — from to flickr — that each provides us with tight control over what we upload, information keeps leaking, from all over.

Why is that? Because people make mistakes. Even the best of sysops can, on Thursday morning at 3, enter addresses in the "CC" and not the "BCC" field, even the best of system administrators cannot spend his time riveted to his keyboard, waiting for some user to mail his password to a friendly stranger on the other side of whatever ocean happens to be in the vicinity. Humans fail, computers fail and information spreads, one way or the other.

In that light, why on earth do we keep putting things on line that should never be? Most of us upload our family photos on .Mac or on Flickr, our calendars on some syncing platform and our archives on a GMail account. If someone steals a picture of you in a Speedo, that won't be the end of the world — and, if you play your cards well, it may even contribute to your success. That's all fine… But why do some companies keep uploading user credentials, social security numbers and confidential documents on the Internet? Most of these files are never used and, when they are, it is usually within a very restricted group of people — even if your definition of "very restricted" means a couple thousand for the largest of corporations. Why make them potentially available to all the inhabitants of planet earth?

Sure, there are immediate reasons to do so. The call center in Dubai needs to access the same data than the guys in Sacramento. The marketing folks in Malmö want to know what the engineers in Madrid are up to… But in the vast majority of cases, these people just need one file, one record, not the whole SQL database… Couldn't we imagine a system that sends information when it is of vital importance, piece-by-piece, step-by-step?

We live in a world where networks go faster than people. Information travels round the clock while we, mere mortals, still need between 5 and 10 hours of sleep every day to function properly. Getting overnight deliveries is great but aren't we willing to sacrifice just about any form of control for the convenience of receiving pet medication to our doorstep in less than 48 hours? The old system of "Ask-Wait-Receive" might be a lot more cumbersome than what we are used to nowadays but it went hand in hand with "Acknowledge-Control-Send", that holy grail of privacy and security we are now striving to find back — although this time with shell scripts and IPv6 networking.