Yahoo recently revealed that information associated with at least 500 million user accounts was stolen in 2014. It is now working closely with law enforcement on the matter it says was carried by a “state-sponsored actor.”
As an internet pioneer, Yahoo’s system may be considered impenetrable or susceptible to online intrusions and thefts and possibly lead two Yahoo! users in California to file a class-action claim against it for failing to take due care of sensitive information and negligence for poor security.
Yahoo initiated an internal probe following a report in July of a hacker selling 280 million user credentials on the black market, but found no evidence to substantiate the hacker’s claims, according to a source close to the company. A deeper review by the company’s security team found evidence of data theft occurred in 2014. Hence, last week’s announcement.
Why what may be deemed the biggest data breach in history took the company two years to make the discovery has raised the question of safety particularly on whether to always provide real data to a free service. It also touched on the centralized nature of Yahoo’s system as making it a key target for security attacks since it connects advertisers with target audiences through a streamlined advertising technology stack that combines the power of Yahoo’s data, content, and technology.
The hack will no doubt reinforce arguments that the World Wide Web has become a system that is often subject to not just attacks but control by governments and corporations with countries like China blocking certain web pages from their citizens while cloud services like Amazon Web Services hold powerful sway.
This will widen suggestions about the growing need of a decentralized web with more privacy, less government and corporate control, and a level of permanence and reliability in the wake of revelations by Edward J. Snowden that the web has been used by governments for spying and the realization that companies like Amazon, Facebook and Google have become gatekeepers to users’ digital lives.
At the Decentralized Web Summit in June, the main discussion was on coming up with new ways for web pages to be distributed broadly without the standard control of a web server computer and how to store scientific data without having to pay storage fees to companies like Amazon, Dropbox or Google.
Efforts at creating greater amounts of privacy and accountability – make it harder to censor content – by adding more encryption to various parts of the web and archiving all versions of a web page, also came up.
Web today is not available everywhere and the idea of universal access depends on who you are and where you are, says Brewster Kahle of the Internet Archive at the event. He also added that webpages blink on and offline and the web is neither a reliable medium nor reliably available and not private but just fun. But a decentralized web, he says, will offer all these features.
Kahle had described decentralized web as “websites served from many locations; locations that are not coordinated.”
And Jason Griffey, a fellow at the Berkman Center for Internet and Society at Harvard University, referred to decentralized web as a series of technologies that replace or augment current communication protocols, networks, and services and distribute them in a way that is robust against single-actor control or censorship.”
These explain the core proposition presented by decentralized platforms – such as next-gen social media network that is privacy-aware, diaspora*, and Tel-Aviv based Synereo which develops a decentralized tech stack, allowing web applications to exist without centralized servers – to ensure that apps such as email are built in a more secure and decentralized format to prevent such events as an hack of a central server.
Yahoo Hack – more ideas
Synereo’s tech stack is built on the first scalable turing-complete Blockchain, RChain, which includes a distributed storage layer, and a smart contracting language that does not eliminate the human element.
The Rholang smart contracting language, which disallowed the security breach that allowed an attacker to drain The DAO of funds, uses behavioral types that focus on capturing more information about the behavior and structure of the code at a higher level than of the code itself.
It allows for the parallel execution of processes and the composition of higher-ordered smart contracts on the basis of lower ones, in an efficient and secure way, giving it an obvious advantage over traditional smart contract languages and Blockchain scripts, and puts it in the same category with established programming languages. Java, C#, and Scala, have all adopted reflection as a core feature.
This is what allows programmers to use programs to write other programs, on which more complex applications such as a decentralised Spotify, Uber, Airbnb can be deployed for more of the value created to remain in the P2P network on the platform.
Yahoo Hack – what do you think?