A couple of days ago I wrote a post about how I thought the whole idea of relying on web based applications was a bad one; but the one area I didn’t get into was the insanity of relying on things like that due to the whole issue of security. Not just the security of the browser itself but also the fact that web application and service providers are more more interested in pumping out fresh betas of their crap than they are about doing it within a secure framework.

It doesn’t matter how you shake it out or how often you you say the contrary the basic fact is that web browsers are insecure. There isn’t a day almost that doesn’t go by where you don’t hear about some exploit or a phishing scheme or the need to apply a security patch of one type or another. While Firefox would like everyone to believe otherwise they have had their fair share of attacks just like Internet Explorer.

Along with this we hear of social networks being hacked and data of millions of users being stolen either by hackers or more likely company employee’s who have become either greedy or dissatisfied. For every case we do hear about we have also been told that we can assume that there is probably double the number of cases that aren’t reported.

Whether it be basic browser insecurity or just plain corporate incompetence the idea that this is the platform which we are being asked increasing to trust with our data is incredulous. Yet we fall for the empty guarantees of data security and equally empty promises of protecting our personal information and for what …. free web based software and services?

I am sure that the millions and millions TJX customers who had their data stolen feel much better because we have free web applications. I am sure that all the indie bands are jumping for joy knowing that caring corporations are protecting their data as they go about trying to rescue their MySpace sites that have been hacked and being told - …sorry but you are shit out of luck however give us a call when you are as famous as Alicia Keys …”

The idea that we are increasingly allowing web companies to handle everything from our financial data to soon our personal health details when they can’t even keep their own data safe just amazes me - but hey you’re getting free stuff right?

As long as we continue to believe that it is safe to transmit sensitive personal information via the web browser, or continue to let web companies store and do what they want with our data all on the promise of being able to use free software then we are only fooling ourselves that the web and web browsers are a secure platform.

The fact is that for Web 2.0 companies it is all about making the money however they can and if the process they lose some data, have user pages hacked it is all part of the price to pay for making all that advertising or VC dollars. For more traditional corporations the bean counters rule that losing millions of user account information is acceptable compared to the cost of securing; and maintaining security, on all that data in the first place.

In the end it all boils down to making the most profit with the least amount of cost and providing secure web application and web browser platform just isn’t worth the cost.

[graphic original - hugh macleod]

Listening to: Mythos - Purity - Triste

Conversation Tags: internet, security, browsers, Web 2.0, web applications