Infrequently Noted

Alex Russell on browsers, standards, and the process of progress.

Attention, bloggers.

I'm something of a pessimist when it comes to new technology, and I think Atom, RSS (not really new, but it's hype springs eternal), FOAF, and other XML serialization/aggregation efforts keep missing one important point: people lie. People lied yesterday, they lie today, and they will lie in the future. Spam is just one way for people to lie, and XML is soon going to take over as the preferred medium for liars everywhere...Primarily because our tools are so trusting. We need to start building in distrust into the processing and authoring tools for XML, or we're collectively hosed.

Scenario A: Bob gets a list of email addresses, uses a worm/virus to install thousands of proxies for mail relay and goes about the task of spreading his revolutionary message about how to enlarge bodily organs via these new zombie SMTP relays.

Scenario B: Alice (being smarter than Bob) decides that spam is too inefficient and uses a worm to attack web servers. The worms payload looks for Atom and RSS XML files on disk and replaces them with her revolutionary message about how to amass great wealth through penny stocks.

While Bob is abusing shared resources and near-zero incremental costs of distribution via the commons that is the network, Alice is doing all of that plus throwing in a little trust relationship abuse in order to have a higher probability of getting her message "through". Why does this work? Because the tools on either end don't know how to validate a feed as from a particular entity. Trust is implicit in that when you request a URL and get an XML document back, all of these tools assume that the content comes from the owner of the URL and is un-molested in transit or at rest. It's like assuming that sending your credit card information to a website is safe without checking that an SSL cert is valid because, well, it came from that URL didn't it?

The upshot of this is that integrity checking (not just validity checking) is going to have to become a primary requirement of these homegrown or community-grown schemes sooner or later. GPG signing your blog posts and other content generation activities must become second nature, and seamless through the tools. I do think it's too late for Atom to get clueful about this, but I can hope.