The fatal errors plaguing the internet, and how we can fix them
blockworks.co 11 h
The internet is built on a fragile foundation of trust assumptions — and it’s breaking. Every time we browse the web, make online purchases or share personal information, we rely on unspoken assumptions about how platforms manage our data and ensure our security. But trust assumptions are inherently flawed.
A trustless internet, grounded in decentralized technologies like blockchain, can reduce these risks by ensuring that actions are verifiable and secure without requiring blind trust. If we don’t act now to address the internet’s trust problem, we’ll continue to see data breaches and manipulation that undermine both personal privacy and societal stability. By developing new trust protocols and adopting decentralized solutions, we can secure the future of the web.
What are trust assumptions?
A trust assumption is a condition that you blindly assume is true. While that may seem vague or overly simplistic, trust assumptions are actually a critical component of security audits, and form the bedrock upon which security assessments are built.
Imagine a security auditor tasked with evaluating a simple iPhone game. There are hundreds of components to consider, from the device running the app to the compiler processing the code. Not to mention the app itself, which likely contains thousands of lines of code and dozens of interactions with other systems — think connecting to GameCenter for multiplayer or using Google to let users sign in. The auditor cannot realistically verify every single component or piece of code; instead, they are forced to make trust assumptions.
Read more from our opinion section: Blockchains still aren’t great at communication
The auditor might decide to make the trust assumption that GameCenter is secure and will function exactly as indicated by Apple, or that the iPhone hardware will match the stated specs for the operating system and compiler to function as indicated. By assuming certain conditions are true, the auditor can concentrate their efforts on probing other aspects of the system that are more likely to harbor risks. However, once a trust assumption is stated in a security audit, the accuracy of the audit hinges entirely on that assumption being correct. If any trust assumption proves to be flawed, the entire program could be compromised.
Trust assumptions aren’t limited to security auditors; in fact, users make scores of trust assumptions everyday when navigating the web. When you log into a social media site, you trust that it won’t harvest and sell your data to untrustworthy third parties; that it employs adequate security practices and will keep your account and data secure; and that it won’t simply pull up stakes and delete all of your content.
But modern society is built on an increasingly complex web of trust assumptions, and avoiding them simply isn’t possible. It’s why many users continue to get burned by data breaches, most recently like that of national public data, which led to the breach of 2.9 billion people’s sensitive information. It’s also why search engines like Google can convince you you’re browsing “incognito,” while actively gathering and selling your browsing data.
Encoding sociology
It’s clear that trust assumptions breed vulnerabilities, so how can we reduce room for error with a more secure solution?
Read more from our opinion section: Without decentralization, our data will never be safe
Countering the trust assumption are “trustless systems.” Operating on the principle of, “don’t trust, verify,” these systems allow every action performed on the network to be easily authenticated. Between cryptographic algorithms and decentralized consensus mechanisms, trustless systems establish security and integrity without needing participants to know or trust other network participants. This method has been especially novel in improving tasks like verifying payments or transferring digital assets, where actions are straightforward and can be easily verified.
However, while the cypherpunks got it right with Bitcoin, not all online interactions can or should be made trustless — at least for now. Consider, for instance, the Better Business Bureau, which helps resolve disputes between companies and their customers. The site must filter out illegitimate complaints, which involves subjective judgment and layers of context, making it difficult to fully automate. Given the complexity of language and the current limitations of AI, discerning clear-cut rules to determine a valid complaint is challenging, so human moderation is very necessary.
Read more from our opinion section: Stop calling them audits
Because some processes will always require a degree of trust, it is crucial to develop protocols that effectively monitor and manage trust assumptions, so as to identify their potential blind spots and fortify them against manipulation. These protocols can pin-point dependencies, reveal potential vulnerabilities and assess the trustworthiness of network participants. For example, users could see how many others trust a website before sharing their personal data, turning blind trust into an informed, measured decision that enhances security.
Leveraging the power of trust
There has never been a more critical time to rethink how we handle trust online. As our digital and real-world identities become more intertwined, the consequences of misplaced trust grow increasingly dire. And while embracing trustlessness is ideal for certain use cases, a more effective solution for others may lie somewhere on the spectrum.
By developing and leveraging better tools to monitor and evaluate digital trust, we can gain deeper insights into online security and create a safer environment for everyone. Strengthening these trust mechanisms is not just important — it’s necessary. We deserve an online world where reliability and safety are the standard, not the exception.