This to me is a people problem.
Absolutely. It always is.
Reduced to its essence, the main problem boils down to the fact there are basically three types of people in this context:
- people who just want to use and enjoy their computers
- people who want to sell these people software and services to run on their computers
- and people who want to fuck with the people who use computers
None of that is going to go away.
But if we can curtail the range of motion and minimize the opportunities for harm from that third group, that's a decent enough win. And probably as good as it will ever get short of caving in and instituting a fully regulated and monitored global network. Which is a cure far worse than the disease. Especially now that we know our own governments are in the habit of straying more and more into that third group of people. So handing them the keys and absolute authority won't help matters. It will only make things worse by an order of magnitude.
But that's not to say we need to roll over and accept what we currently have as the way things are or need to be.
No system will likely ever be completely secure. But almost everything we're currently using could be made considerably more secure. Because we don't
need a "perfect solution." A better
one will more than do for starters - even if it doesn't catch all boundary cases.
Getting one user's data is probably not ever going to be completely preventable. But getting things to where obtaining one
user's data no longer so easily allows you to use that subset to get at every other
user's data certainly is. That's just employing better engineering. Like our electrical codes - they can't prevent every single fire or accident. But they do reduce the number
of incidents to a very tiny statistical probability. Because they contribute to enforcing "known good" standards and "best" practices that minimize the damage when an incident actually does
And that's good enough for day to day use AFAIC.