Everything Is Broken

Quinn Norton
May 20, 2014 · 17 min read

Build it badly, and they will come.

For a bunch of us, especially those who had followed security and the warrantless wiretapping cases, the revelations weren’t big surprises. We didn’t know the specifics, but people who keep an eye on software knew computer technology was sick and broken. We’ve known for years that those who want to take advantage of that fact tend to circle like buzzards. The NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom.

The NSA is doing so well because software is bullshit.

Eight months before Snowden’s first revelation I tweeted this:



NASA had a huge staff of geniuses to understand and care for their software. Your phone has you.

Plus a system of automatic updates you keep putting off because you’re in the middle of Candy Crush Saga every time it asks.

This is a thing that actually happened several years ago. To get rid of a complaining message from another piece of software, a Debian developer just commented out a line of code without realizing that it left their encryption open to easy attack (https://www.xkcd.com/424/)

Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.

A map of things which were hacked for the Internet Census.

A well written encrypted chat, what could go wrong?

Let’s take an example computer experts like to stare down their noses at normal people for not using: OTR. OTR, or Off The Record messaging, sneaks a layer of encryption inside normal plain text instant messaging. It’s like you got on AIM or Jabber or whatever and talked in code, except the computer is making the code for you. OTR is clever and solid, it’s been examined carefully, and we’re fairly sure it hasn’t got any of those nasty 0days.

Except, OTR isn’t a program you use, as such.

There is a standard for OTR software, and a library, but it doesn’t do anything on its own. It gets implemented in software for normal human shlubs to use by other normal human shlubs. By now, you know this ends in tears.

C is good for two things: being beautiful and creating catastrophic 0days in memory management.

http://xkcd.com/1354/

When we tell you to apply updates we are not telling you to mend your ship. We are telling you to keep bailing before the water gets to your neck.

To step back a bit from this scene of horror and mayhem, let me say that things are better than they used to be. We have tools that we didn’t in the 1990s, like sandboxing, that keep the idiotically written programs where they can’t do as much harm. (Sandboxing keeps a program in an artificially small part of the computer, cutting it off from all the other little programs, or cleaning up anything it tries to do before anything else sees it.)

People, as well, are broken.




In the end, it’s culture that’s broken.


“Most of the world does not have install privileges on the computer they are using.”

That is, most people using a computer in the world don’t own the computer they are using. Whether it’s in a cafe, or school, or work, for a huge portion of the world, installing a desktop application isn’t a straightforward option. Every week or two, I was being contacted by people desperate for better security and privacy options, and I would try to help them. I’d start, “Download th…” and then we’d stop. The next thing people would tell me was that they couldn’t install software on their computers. Usually this was because an IT department somewhere was limiting their rights as a part of managing a network. These people needed tools that worked with what they had access to, mostly a browser.

The same human impulse that has kept lotteries alive for thousands of years keeps people fighting the man against the long odds. “Maybe I’ll get away with it, might as well try!”

As for self-censoring their conversations in the face of hostile infrastructure, non-technical activists are just as good at it as Anons are, or people told to worry about metadata, or social media sharing, or that first message before OTR encryption kicks in. They blow.


When the IC or the DOD or the Executive branch are the only true Americans, and the rest of us are subordinate Americans, or worse the non-people that aren’t associated with America, then we can only become lesser people as time goes on.

As our desires conflict with the IC, we become less and less worthy of rights and considerations in the eyes of the IC. When the NSA hoards exploits and interferes with cryptographic protection for our infrastructure, it means using exploits against people who aren’t part of the NSA just doesn’t count as much. Securing us comes after securing themselves.

There is certainly a limit to what an organized movement of people who share a mutual dream can do, but we haven’t found it yet.

Facebook and Google seem very powerful, but they live about a week from total ruin all the time. They know the cost of leaving social networks individually is high, but en masse, becomes next to nothing. Windows could be replaced with something better written. The US government would fall to a general revolt in a matter of days. It wouldn’t take a total defection or a general revolt to change everything, because corporations and governments would rather bend to demands than die. These entities do everything they can get away with — but we’ve forgotten that we’re the ones that are letting them get away with things.

The Message

A Pandaemonium Revolver Collection. Season 2 stars @anildash @alanalevinson @ftrain @hipstercrite @itsthebrandi @jamielaurenkeiles @vijithassar @yungrama @zeynep. Season 1 available on DVD shortly.

Quinn Norton

Written by

A journalist of Hackers, Bodies, Technologies, and Internets. ‘’Useless in terms of… tactical details’’ -Stratfor Contact me here: https://t.co/u4F7yfikU4

The Message

A Pandaemonium Revolver Collection. Season 2 stars @anildash @alanalevinson @ftrain @hipstercrite @itsthebrandi @jamielaurenkeiles @vijithassar @yungrama @zeynep. Season 1 available on DVD shortly.