A bit of a stretch title here, but just think about it:
Almost all of the webapps you are using today are not really safe to use. And I am not talking about that everything is somehow hackable like in the movies, but actual threats that sneak into your systems.
Is this Safe?
From a user perspective, he visits your app and gets a somehow valid ssl certificate (a green lock in the old days) and he matches the URL of you app just to be sure before he interacts with it. That is what many sites propagate to users for safety checks. But this doesn't cover anything basically and gives the user false trust in your app.
How does he know that he is actually communicating with your app? There could still be a man in the middle attack going on.
Can the user be sure that your app is not doing something fishy in the background? Can you be sure about that?
So from a user's perspective he just has to trust you as a developer that you are not scamming him. There is just no way for him to know with 100% certainty what is happening in your app.
Malicious code and behavior
Do you know what code you deliver towards your users? I don't mean what you intend to deliver but what you actually do?
Say you have a typical setup: you push your change into your git, your CI builds, tests, and deploys your app into your cloud kubernetes cluster. Your change is live within a couple of minutes, fully tested. And you are a paranoid type, so you sign your commits, only signed commits are build, and your container images are also signed and thus only signed containers are being deployed in your k8s. Sounds great!
But this is actually quite a long chain of stops for your app where things can go wrong:
Maybe one of your colleagues is about to get fired and commits some backdoor... do you peer review everything?
Do you actually trust you CI? Maybe you have a third party container based CI like GitHub Actions or Gitlab. How much do you know about that platform? Does your build image contain malicious code?
Maybe a dependency of yours changes without you realizing and now does some spooky thing is in the background? Did you 100% pin that thing? And now that weird change is in your signed container image...
Does your k8s cloud provider actually execute your app without changing it? And does Cloud Service XYZ not change or read your data?
Can you actually be sure that there is nothing fishy going on? Do you even check for that?
Verification is key
Instead of trusting your build pipeline you need a way to verify that it is producing valid artifacts. One way to do that is by using reproducible builds. This way you could do automatic checks with multiple independent pipelines or just sporadic manual checkups by comparing a local build with your CI artifacts. This gives you a tool to actually verify that your artifacts weren't tampered with.
What about your actual runtime? Well, this gets a bit more tricky. Having your app running in a public cloud, you never actually know what is going on. Self hosting your app might be an option, but how do you know that nobody infiltrated your company's network and changed your running app? You could build your app as physical hardware (like soldering circuits etc.) but that is just not an option.
Doing a 180, you could host your app publicly. Dynamically having your workloads run on different, independent hosters: various clouds, some server farm, on someones server at home. Services like Akash Network go in that direction and provide a decentralized cloud platform.
But from a users perspective only the code and the execution he can verify is safe. Meaning any closed source code that runs on some closed network is by definition not safe, because he cannot verify it. Thus systems like facebook, banks, government tax apps and pretty much everything is not safe to use and providing any (sensitive) data to them is kind of dangerous, because you do not know what happens with it.
Looking at your typical web3 app, that hosts is open source system on IPFS and some blockchain, the user is actually able to verify the code, the build artifacts and the execution. Thus, such system is safe(r) to use, if the user does his homework by actually verifying and if we ignore bugs and security issues in the code for this argument.
Today basically all major apps we use are closed source and run behind closed doors. Users and developers do not actually 100% know what is going on in there and the less information we have about an app the less we can trust that it is doing what it is supposed to do.
Openness is essential for users and developers to verify an app in its code and its execution.
With the public becoming more aware of software supply chain issues and security vulnerabilities developers need to take measures to increase trust in their applications. And trust is best created by verifying (at least in software).
Top comments (1)
Web3 is going just great
A timeline of some of the greatest hits in cryptocurrencies, NFTs, and other web3 projects since the beginning of 2021