The Other Side of Security: (re-)Weighing Our Choices
The (should-be) obvious problem with advanced feature sets is they require complex protocols, complex hardware, and complex software to implement, and, in that complexity lie bugs/vulnerabilities.
If we want substantially-better security, we need to re-weigh our choices, and put far more weight on minimalism and simplicity.
Do you recall "hypertext applications" (*.hta files)? Microsoft introduced these in the Windows 95~98 era. I ran MS' demo of these on my PC and thought, "Wow, that is very powerful, can be very useful, and is a terrible security risk. Running Joe Random Internet-persons' apps which can do anything to my PC? NO!". I immediately disabled that capability.
Today, we are doing that very same sort of HTA-like thing, with all its vulnerabilities, with Javascript, dynamic code loading, and NPM-like repos.
For security, we ought to go back to something like the simpler, static, mostly-text-based Web 0.5, where you had to explicitly click on a link to download an image.
That ain't gonna happen.
Between monkey-brain-wants-to-see-pretty-moving-images demand, and all the money in ad-slinging -- and the huge infrastructure behind it, it just ain't gonna happen.
Biting the hand that feeds IT
