“Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity. With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence. Security shouldn’t have to be purchased like a personal bodyguard. Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.”

The first thing there looks like reputation based antimalware software. If one person reports “malfunction” or there’s reasons to believe something are wrong, anything that’s not normal is checked. Everything is reported too. The more negative reports about a certain file, the more likely it is that it’s bad.
It can be used in many other ways too. that WOT thing mentioned above is similiar.

The second thing you mentioned reminds me of Freenet, a distributed and anonymous data store system. There are also lots of other ways to dezentralize data storage (and downloading of it).

Now when there’s talk about implementing “resource packages” (http://limi.net/articles/resource-packages-spec-ready-for-prototyping), we could go so far as using torrents (with DHT) and all to distribute all images, videos and other embedded data.
The issue here is then this: How do we decentralize the downloading of the index.html file? We can’t really do that in a sane way with dynamic sites.
We need some kind of browser plugin that creates a bittorrent like network parallell with the normal http-based internet connections to servers. It would simple share the cache with others for various sites, and when those sites are down, a custom static version of the index.html file (predefined by the server) would be shared too.

I think that can work.

“Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity. With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence. Security shouldn’t have to be purchased like a personal bodyguard. Far more flexible than Fort Knox are people, each with their own pocketed gold and machinery, empowered to look out for one another.”

This isn’t an unexamined problem! In fact, as you know, a big problem is that most people *don’t* even know how to look out for themselves, much less each other.

I’m not perfectly well versed in security technology, but I imagine the same is true with respect to McAfee. It’s true that as more of our lives are tethered to data and internet connected devices, we’re going to take a few risk-neutral, or even risk-seeking, security shortcuts for the sake of sanity. We’re going to concentrate our security expertise so the benefits of a few brilliant techies can be spread across a wider array of clients for cheaper. That means well-meaning good guys have our lives in their hands. The same might be said to represent the pitfalls of our current financial problems. Everyone placed their retirement funds in the hands of a few seemingly trustworthy mortgage brokers who were connected to financial technologists who were actually way over their heads.

I think we also need to be careful about giving up the cost-saving measures of centralization. From your perspective, it seems we need to stand athwart history screaming “non-proprietary protocols and standards!” =) I remember the poignant imagery on the cover of The Future of the Internet: railroad tracks going off a cliff. There is a reason, though that this shift is happening. Small and medium sized businesses are outsourcing their IT in order to achieve better cost controls for consumers and shareholders. Profit margins are a powerful force to be curbing, of course. So perhaps capitalist interests can protect themselves. Still, it’s worth keeping in mind that Joe and Jane Taxpayer might actually be on the other side of this debate when times are tough, (perhaps even if their government’s computers go down and they need to cart their loved ones to the hospital down the street in an emergency).

As always, this was a great, thought-provoking post. Looking forward to the next one!

I use Linux and Mac OS X, I don’t know what you are talking about :)
But seriously, why do my tax dollars go towards Windows and McAfee licenses when there are perfectly acceptable free alternatives? I’d rather they put that money to good use in something important like hospital *equipment* for example.

That is the problem with the cloud, what you get back from the cloud is not necessarily what you put in to the cloud, you are at the mercy of the hosting company. The best way around it must distributed cloud services such as torrents, I can get the .torrent file from any number of sites so censorship is practically non-existent (Just find the torrent somewhere else) and multiple trackers and seeds makes the system pretty robust.

Rather, we can reinforce open, shared early warning systems to enumerate and deal with security threats, whether against PCs, Web sites, or Internet connectivity. With a few technical tweaks, we can all further help relay data from Web sites that are under attack, stabilizing their presence.

My fear is that such a solution would create more problems than it solves. Adding complexity to a security problem usually gives the attacker additional points to hit: it very seldom (in the long run) gives a net improvement. Or am I missing something?

-Ben