About a week ago a large chunk of the Web vanished for a few hours as Fastly experienced a major outage in their Web cache service. Popular sites like Reddit, the BBC, Amazon and much of the UK government online services suddenly presented blank pages. There was much finger-pointing for days afterwards, then Cloudflare goes down last Friday (more fingers pointing) and today with many of those fingers finally holstered we suddenly find ourselves in the middle of an Akamai outage. Fingers out and reloading!
The thing about these services is that they are mainly caches: intermediary services that optimise the delivery of content from the origin sites. Unfortunately, when they go down, the origin sites do not just go back to some kind of sub-optimal delivery, they go back to nothing. Caches and content delivery networks are not just a means of optimising delivery, they have become the actual means of delivery, and so many major sites on the Web are totally dependent on them.
I woke this morning to the news that Ireland’s health service was hit by ransomware, crippling a vital component of our society in the middle of a global pandemic. The first reported casualty of this evil deed was a maternity hospital. As the day goes on we will find the consequences of this attack will expand to include more hospitals, medical clinics, doctors’ surgeries and particularly worrying the Covid-19 processes (testing and vaccination). Some or all of these will have to go offline. Much will have to move to alternative mechanisms, such as pen and paper!
Undoubtedly any ransom demand will be rebuffed. To accede would simply raise a flag saying “we pay” and invite more attacks. No, this will have to be taken on the chin, even though the cost of repairing the damage could be some orders of magnitude more than any ransom.
The ramifications of this attack could last weeks or months, and the cost could be massive. In the meantime there will be questions about how the criminals got in and how prepared (or not) the health service was to deal with such attacks. There will be a lot of questions about backups, aging equipment and potential data exfiltration.
Nevertheless, I have observed that many major sites are flouting the law by not making the consent process clear, by using opt-out instead of opt-in, and by not providing any kind of “reject all” (even if that only applies to non-essential cookies). Indeed, it would seem that they have adopted a strategy of presenting a massive “cookie notice” overlay that has a big “I accept” button and a refinement process that is so convoluted that almost nobody will go through it. The “I accept” button is essentially coercion.
It would also seem to be the case that some sites have already dropped cookies into your browser while they are presenting the big cookie notice and waiting for your consent!
This has to stop.
I trust the CJEU and the various associated national data protection agencies will be slapping more fines as time goes on, and hopefully the message will get through.
The potential for physical money to be the vector for the virus has encouraged every capable society to shift towards card-based payment, preferably contactless at the point of sale. As a consequence I, like many other people, stopped using cash.
In fact, it has been about a year since I last used cash, and I’m getting to like it. One downside of this is that now all of my transactions are being tracked by someone. With the demise of cash comes the demise of privacy.
So now I predict that there will be a growing popular demand for a true digital cash technology, one that has all the convenience of traditional cash, the added benefits of personal accounting (not to mention the added hygiene), and without loss of transactional anonymity. That’s going to be quite a challenge.
I won’t give the perpetrators the benefit of a mention or link, but it is really troubling when those responsible for a top level DNS domain don’t adhere to their own rules by allowing unethical use of a domain name during the current global crisis. A phrase strongly associated with public health is undoubtedly going to encourage people to enter into their browser’s address bar a site name based on that phrase. Sadly, these unsuspecting people will then be presented with the latest conspiracy theories, anti-vaccination tripe and bizarre political agendas.
During the current worldwide calamity it is not only the search engines and social media companies that need to keep a close eye on their services. All of the infrastructure providers have an equal responsibility. The problem for the public is that any attempt to bring issues to the attention of the providers merely gives publicity to those who are abusing the services, which just makes things worse because the providers are ignoring the complaints.
Claims about removing tens of thousands of inappropriate messages/pages/sites may sound good, but there are hundreds of thousands, if not millions, of such cases. And the problem just keeps growing. The future of public discourse, education and engagement is under threat.