Solving The #1 Flaw In TLS

UPDATE: Edited because I’m a dumbass who doesn’t know what a CSR is.

There is a distinct chance I’m very wrong about my recent realization regarding TLS. It’s TLS, so apparently everyone gets it wrong, even the folks who wrote TLS. So if this is possible then tell me how. Just pick a web server and tell me how to do this. I can’t figure it out, so I’m going to ask this one simple question:

Why can’t I use a private certificate I purchased from a Certificate Authority (CA) to sign a secondary private key that I put on the server?

It’s not self-signed, as I’m proving I did purchase a certificate and funneled more money into the “Random Bits For Cash” industry. Instead this would be me basically adding one more link between me and the CA so that I don’t have to put my real key on any servers. The reason I ask is because the #1 flaw of TLS is that someone who’s not you (the CA) has your private key, can give it to anyone they want, and you have to put this key on your servers making them valuable and vulnerable targets.

This is totally off the top of my head, but I think it might work like this:

  1. I buy my certificate from RandomBits Corp by sending my signing request and all the things necessary.
  2. They do nothing to confirm my identity, and then give me a certificate that’s totally secure and works because the browsers have given them a monopoly.
  3. I take my tools and generate a secondary key pair that’s exactly the same information as the original, and the tools would just read my real private key to do that for me.
  4. I use my real private key to sign this new certificate proving I do actually own both, and put this new secondary key set on my server, plus my real public key, and all the usual CA information.

I probably got the signing sequence wrong and such. Too much painting going on, but the gist of it is then a browser can confirm this secondary key like this:

  1. Server presents the secondary key just like normal, but includes the real public key.
  2. Browser uses the real public key to check the signature on the secondary key, confirms it’s all in the CA certificate chain, that the information (server, identity, etc) are the same in both, and then uses TACK to ensure forward secrecy.
  3. After that, if the secondary key changes, but if everything checks out, then the user can be warned about it, or just go with TACK. This part is debatable since being able to change the key might be important to allow for changing keys if they’re compromised, so probably allow this as an option.

The reason this might be a good thing is that one of the primary attack vectors that TLS proponents seem to gloss over is accessing the private key.
You have the problem of an attacker compromising a server and then gaining decryption access for all traffic to a domain. If you have hundreds of machines that manage your https traffic then they all need the private keys, so that’s a huge attack vector. You can mitigate some of this, but ultimately the best solution is for each of those servers to get their own key to reduce your potential damage. You also have difficulty in giving your key to a 3rd party to handle your https traffic for you.

By allowing people to sign their own secondary key, you solve the following problems:

  1. The NSA can’t get the private key even if they get on the server or somehow get it like they seem to be able to right now. They could sign Man In The Middle (MITM) keys, but if browsers are using TACK and warning about secondary key changes, then that’s blocked. To get at the traffic on millions of connections to large sites they would need the secondary keys of every server, not just the one big key.
  2. Attackers can’t destroy your certificate investment by compromising one server, and can’t get access to all traffic by getting at one server. One server means only that one server’s traffic is compromised, and then you just rotate the key.
  3. It solves problem of allowing a 3rd party handle my https traffic. Rather than give Amazon or Cloudfront my private key, I give them my secondary key setup and then I don’t worry about them having rogue employees stealing my keys or leaking them to others without my permission.

It also doesn’t seem to have any technical reasons to block it. It’s a one time thing that is done on first connect and should only add a small amount of overhead to that connection, where then TACK would take over from then on. Also, it seems any time someone wants to make TLS more secure there’s a small faction of detractors who trot out the “performance” criticism and it ends up being bullshit anyway. Maybe this time we can just admit that it’s not too bad to make clients do some more work to secure things better.

Of course, I could be a total idiot and this is something that browsers and web servers support, but I have honestly never ran into it. Looking at the TLS standard I think it’s not supported, and I don’t remember this being in any protocols. All the docs for setting up a web server say put a real private key on your server, so if it’s supported then I’m not the only idiot.

However, what if I’m right and we could secure up a major flaw in the internet by changing how keys are stored on servers? Don’t even take my back-of-the-napkin design here (please don’t). Just set a future design goal to be this:

No TLS server will ever store the real private key.

As long as we have PKI that can sign keys, then this should be feasible and realistic. I’m also baffled why I didn’t think of this before, and wondering why I can’t find anyone else who has. Feel free to comment and tell me if someone else already thought of this and if it got shot down for some reason. I’m very curious.

The Failure Of Voyeur Marketing

Do you remember Facebook Beacon? When I think of “Voyeur Marketing” I think of Beacon. For whatever reason, Facebook thought people would be totally in love with random “partner” companies knowing everything they did on Facebook, but also that all of your friends would like to know you bought a dildo last night. A big one. Voyeur Marketing is the idea that being able to watch someone live their private lives gives corporations an ability to sell them things they don’t even know they need, or just whatever crap you want before some other corporation gets to them. In effect, Voyeur Marketing is an attempt to subvert the market by being the first one to offer a consumer some products so they don’t see your competitors’.

I predict that this kind of online advertising will fail horribly, and depending on who you talk to it’s already on the way out. It seems that marketers are finding out that ad effectiveness on voyeur platforms like Facebook and Twitter simply don’t work. The question though is why? To many people it seems intuitive that knowing how many children I have, their ages, whether I’m secretly gay, how big my porn collection is, who I’m having an affair with, and whether I have a drug problem are great ways of selling me diapers, leather suits, more porn, hotel discounts, and heroin. This is at least how the information is pitched to firms. “You will know the deepest darkest secrets of our users, and you can sell them anything.”

It’s almost a kind of first cousin, twice removed, blackmail scheme. “Heyyyyy, I saw that your daughter bought a pregnancy test. You should go to Target and buy some diapers.” It’s not direct blackmail, but it definitely hits all the key points of exploiting people’s private information to make money.

However, I believe that there’s a very specific quantifiable reason why this kind of marketing simply doesn’t work. It’ll be difficult to get any real numbers on this as the people in control of the data (Facebook, Google, Twitter, 23AndMe) have a vested interest in never letting any of their customers see real success information. Given that, I have a guess at why this kind of marketing doesn’t work which is summarized as:

The only statistically valid indicator of future purchases is past purchases.

I believe that knowing personal information does not predict future purchases because, even if they may eventually lead to a purchase, the distance between life event and purchase is separated by research or brand loyalty. This means that private life events end up being statistically invalid as predictors of future purchases because of confounding. The only consumer behavior that works as a predictor of what you will buy is what you bought in the past.

When I look at the emails Amazon sends me vs. the ads I see on Twitter this is fairly obvious. I buy art books, so Amazon shows me new art books, as well as new strings for my guitar, paint, and replacement vitamins. How can Amazon do this? Because I’ve bought art books, a guitar, strings, and paint from them before. Compare that to Twitter, where the ads I see in my tweet stream are completely ignored most of the time. Twitter is so desperate to make their ads effective they’re force following celebrities like William Shatner onto Mastercard. That’s a very good sign their ads are ineffective and they’re grabbing at straws.

Google is an odd case where half of what it does follows this, and half doesn’t. They are very effective at placing ads that match search queries, but that’s only because they use arbitrage to get marketers to figure out the placement for different keywords. The correlation is strong because matching key words of products I’m searching for to products is combined with information on past searches for those keywords. It’s again a case of knowing my past searching behavior will predict my future behavior. Then we have the ads on GMail which hilariously scan my email and offer me totally useless ads. My behavior with my friends is not an indicator of whether I want to buy more lube today. Sorry Google.

I also believe there’s another effect going on here that explains why Amazon and Google Adwords is more successful than other companies. If all anyone had was behavior information then behavior information would win out in the marketplace as the best information. The problem is Facebook is selling an inferior product in the market because voyeur marketing has to compete with information that’s based on real things I bought in the past. Voyeur marketing will be inferior as long as there’s companies who have access to the things I really bought.

This leads me to another prediction about social networks:

Most social networks will start offering marketplace options for direct sales to their users.

I’m actually baffled why this hasn’t happened on platforms like Instagram, Flickr, and Facebook. These platforms have many brands, many creative types, and many consumers. All they need is a “Buy This Art” button and handle all the sales details and they’d be minting money. Additionally it’d alleviate the creepiness of advertising if there was an actual marketplace someone could go to review products and buy. These companies would switch from the model of “We sell lots of users to advertisers who then…uh…” to the model of “We have the largest marketplace of users and the simplest path for them to buy your product.”

To be clear, since people can’t read, I am not saying merely putting a buy button on everything, although that’d be a great first step. I am saying these companies will create full on marketplaces to compete directly with Amazon. In a radical version of this I can see Amazon merging with a social network or inventing their own to gain this combination.

The idea in this is that the fallacy of building a large user base just to sell ads to marketers doesn’t work because the behavior of purchases is too far removed from the products on most social networks. Instead, the social networks need to close the gap and simply offer the products right there with the easiest possible path to purchase. Until then their information on who I’m having sex with can’t compete with Amazon’s information about how many condoms I bought last week.

Artists And Entrepreneurs Oh My

The Atlantic has this incredibly long winded and very one-sided view of art history that makes the claim that entrepreneurs are the new artists. At first I thought this was a huge load of bullshit, but then I realized they may be on to something. I thought about it for, like, 5 minutes more and realized that The Atlantic is brilliant! They have nailed it. The entrepreneur and the artist have so much in common.

Sexy

I have this new theory on accomplishment that you can say you are good at a thing once you either get paid or laid doing it. Since most artists never get paid for their work, all they have is getting laid to prove that they’re actually accomplished at making colorful wall decorations for incredibly rich assholes to hide in their mansions. This is why artists strive so hard to be sexy, but they don’t have to try very hard because our society has placed them near the top of the boning scale. When you read about artists you find out that they’re simply banging everything. Men, women, cans of paint, animals, everything. They’re so desirable for their ability to apply pigment in ways that makes wealthy people wealthier that they can simply walk down the street and get some hot BDSM action.

But who’s at the top of this scale of getting laid? That’s right, the wealthy. There are people so wealthy they can throw Nazi themed sex parties with super models and artists in attendance without any problems. The entrepreneur just has to pretend he’s on track to be wealthy and he can viagra his way right to the tippy top boning ranks on the promise that one day he might invent Uber and stop being an ugly lumpy looking trollkin looking thing just like Travis Kalanick.

World Changing

Entrepreneurs and artists are both about changing the world. For the artist it’s by selling piles of garbage, paintings of incomprehensible color patterns, sculptures of dildos, or literally nothing to incredibly wealthy patrons who then hide the art in their mansions so nobody can see it. By selling art to the crazy wealthy, artists are being socially conscious participants in the world and making sure that poor kids in Detroit can see art every day. That’s how you change the world when you’re an artist. You soften the hearts of the wealthy while they’re banging a stripper at their Nazi themed sex parties.

Entrepreneurs are also trying to change the world with their glorious startups. For them it’s all about selling the startup to the same wealthy patrons either through investments or just getting bought out after they’ve driven their business into the ground. They’ll change the world with their “uber for diapers” for sure, and everyone in the company will benefit from their stock options and make like $5000 whole dollars after the investors make their millions or billions. ‘Cause that’s how you change the world my friends. By fattening the pockets of the wealthy while they’re filling a warehouse with meth to give to the strippers they keep in their dungeon.

Entitled

Artists love to say that there needs to be more artists and that means they shouldn’t have to work a shitty day job like the rest of us “non-creatives” to be able to do what we love. As Molly Crabapple said over at Boing Boing:

“The number one thing that would let more independent artists exists in America is a universal basic income.”

Molly sells her art to really super wealthy people, so she knows that in order to have more art end up in the hands of crazy wealthy assholes, you need more artists. I mean, how else can they speculate on the art market if there’s not more people producing art to speculate on? It’s like when banks were hiring crackheads to help fill out loan applications in 2008. If you have wild speculation on something, you will find just about anyone to make it for you.

But read that quote again. Apparently artists are so entitled and so special (and also mostly white) that they feel they deserve totally free money with no strings attached for simply existing. Notice she didn’t say, “The country would a better place if there was a universal basic income.” She didn’t even say, “We could help the poor with a universal basic income.” She said, “The way you take all those rich kids who can afford $180k in tuition and turn them into ‘artists’ is to give them money to blow on heroin rather than working like the rest of us.” I still don’t know why artists think they shouldn’t have to work like everyone else to gain the freedom to do what they love, but apparently it’s super important. Probably involves giving children and the poor things that will actually just benefit someone wealthy.

Artists are so entitled now that they don’t even want to suffer for their art, but if you want even more entitlement then you need to look no further than entrepreneurs. Entrepreneurs are so special, and so unique, that we debate whether they’re born or made. They are special breeds of humans who are real men taking risks that nobody else will by taking money from incredibly wealthy people in loans that have zero risk to them. Entrepreneurs are the good looking, strong willed, powerful future despots of the Kingdom of Corporate and everyone else is just a worthless nobody who needs to work for them.

And just like artists, entrepreneurs feel they should be given free money just because they exist and can sling together two words around a preposition. Once they get that money their entire life’s goal is to then avoid working at all costs. It’s the entrepreneur dream to make his bank then go steal a public access beach like the Ocean Grinch.

Important

Artists are very important. Why? Pfft. How dare you ask that! Because art is important! No, not everyone can make art silly. Only true artists can make art, and you better not question their socially conscious washing machine scupltures because that’s just an affront to all that is art. How dare you have an opinion on what you like, commoner. You commoners are so lacking in social consciousness it disgusts me. Art feeds the souls of the poor wealthy men who can afford to buy it. Art helps children who’s parents are rich enough to live near schools with art programs. Art is everything, and by extension so is everyone who calls anything they do “art”. Artists are vastly important, and even though everything anyone produces is valid art, not everyone can make just anything like an artist can make just anything and call it art.

Entrepreneurs are just as important. Everything they make is clearly going to change the world. Whether that’s helping Starbucks open more Starbucks, making the cold fusion of batteries, or automating AirBNB, they are definitely changing the world. They’re going to make those poor wealthy investors so much more money that they’ll have no choice but to give their employees another, like, thousand dollars in bonuses once they get sold to Google as a pity deal. Entrepreneurs are the life blood of the world and when they gain power, wow, do they do great things with their money.

Entreprenuers are so important that they are mythological beings who are the sacred guardians of bitcoin (who apparently told a judge he should be released so he can change the world).

Similarities

It’s true. I now see it. Entrepreneurs and artists now share that incredible sweet spot in our society of being given positions of great status for doing so little. They are allowed to produce anything and declare it a sign that they are somehow more special than the rest of us. More important. More deserving of favor than us common idiots who work boring day jobs. No longer should they have to struggle to do their important work of making things for the ultra wealthy. No my dear readers, they are everything in our society and champions of our plight.

Artists and Entrepreneurs belong together.

Admitting Defeat On K&R in LCTHW

I have lost. I am giving up after years of trying to figure out how I can get the message out that the way C has been written since its invention is flawed. Originally I had a section of my book called Deconstructing K&R C. The purpose of the section is to teach people to never assume that their code is correct, or that the code of anyone, no matter how famous, is free of defects. This doesn’t seem to be a revolutionary idea, and to me is just part of how you analyze code for defects and get better at making your own work solid.

Over the years, this one piece of writing has tanked the book and received more criticism and more insults than any other thing I’ve written. Not only that, but the criticisms of this part of the book end up being along the lines of, “You’re right, but you’re wrong that their code is bad.” I cannot fathom how a group of people who are supposedly so intelligent and geared toward rational thought can hold in their head the idea that I can be wrong, and also right at the same time. I’ve had to battle pedants on ##c IRC channels, email chains, comments, and in every case they come up with minor tiny weird little pedantic jabs that require ever more logical modifications to my prose to convince them.

The interesting data point is that before I wrote that part of the book I received positive comments about the book. It was a work in progress so I felt it’d need to be improved for sure. I even setup a bounty at one point to get people to help with that. Sadly, once they were blinded by their own hero worship the tone changed dramatically. I became actually hated. For doing nothing more than trying to teach people how to use an error prone shitty language like C safely. Something I’m pretty good at.

It didn’t matter that most of these detractors admitted to me that they don’t code C anymore, that they don’t teach it, and that they just memorized the standard so they could “help” people. It didn’t matter that I was entirely open to trying to fix things and even offered to pay people bounties to help fix it. It didn’t matter that this could get more people to love C and help others get into programming. All that mattered was I “insulted” their heroes and that means everything I said is permanently broken, never to be deemed worthy ever again.

Frankly, this is the deep dark ugly evil side of programming culture. They talk all day long of how, “We’re all in this together” but if you don’t bow to the great altar of their vast knowledge and beg them for permission to question what they believe you are suddenly the enemy. Programmers consistently go out of their way to set themselves up in positions of power that require others to pay homage to their brilliant ability to memorize standards or know obscure trivia, and will do their very best to destroy anyone who dares question that.

It’s disgusting, and there’s nothing I can do about it. I cannot help old programmers. They are all doomed. Destined to have all the knowledge they accumulated through standards memorization evaporate at the next turn of the worm. They have no interest in questioning the way things are and potentially improving things, or helping teach their craft to others unless that education involves a metric ton of ass kissing to make them feel good. Old programmers are just screwed.

I can’t do anything about their current power over younger new programmers. I can’t prevent the slander by incompetent people who haven’t worked as professional C coders…ever. And I’d rather make the book useful for people who can learn C and how to make it solid than fight a bunch of closed minded conservatives who’s only joy in life is feeling like they know more about a pedantic pathetically small topic like C undefined behavior.

With that in mind, I’m removing the K&R C part of the book and I finally have my new theme. I’ve wanted to rewrite the book but couldn’t figure out how to do it. I was held in limbo because I was personally too attached to something I felt was important, but that I couldn’t advance forward. I now realize this was wrong because it prevented me from teaching many new programmers important skills unrelated to C. Skills in rigor, code analysis, defects, security flaws, and how to learn any programming language.

Now I know that I will make the book a course in writing the best secure C code possible and breaking C code as a way to learn both C and also rigorous programming. I will fill it with pandering to the pedants saying that my humble book is merely a gateway to C and that all should go read K&R C and worship at the feet of the great golden codes held within. I will make it clear that my version of C is limited and odd on purpose because it makes my code safe. I will be sure to mention all of the pedantic things that every pedant demands about NULL pointers on a PDP-11 computer from the 1960s.

And then I will also tell people to never write another C program again. It won’t be obvious. It won’t be outright, but my goal will be to move people right off C onto other languages that are doing it better. Go, Rust, and Swift, come to mind as recent entrants that can handle the majority of tasks that C does now, so I will push people there. I will tell them that their skills at finding defects, and rigorous analysis of C code will pay massive dividends in every language and make learning any other language possible.

But C? C’s dead. It’s the language for old programmers who want to debate section A.6.2 paragraph 4 of the undefined behavior of pointers. Good riddance. I’m going to go learn Go.

UPDATE: I’m going to learn Go, Rust, and Swift. Holy crap. Stop being so religious about who learns what. I learn languages now to teach them to people, not because I plan on using them for anything. Don’t listen to me as a barometer of what’s cool now. Peace.

A Consumer Privacy Law

I’ve had an idea for a privacy law (or policy) that would directly target various privacy invading practices of many companies. The law targets a set of default practices that I’ve observed at several companies which to me are simply basic security failures. I remember one company I worked at had an employee who routinely scanned people’s files looking for juicy bits of information he could view. Other companies have been routinely caught allowing employees completely unfettered access to the accounts of loved ones, ex-girlfriends, and even users with restraining orders against the employee. In addition to this, when caught, these companies feign surprise that this even happens when everyone knows it was probably touted as a perk to employees.

There’s a host of problems that come from companies having complete access to any account they want and there being no way for an account holder to see them. What I propose is a set of policies that put this information in the hands of consumers and then let consumers choose. This set of policies constructs an access log viewable by consumers, and informs them of which companies can view their accounts. The goal is with this information consumers will choose companies that provide better access controls.

Any credentials collecting user interface has to prominently display which companies’ employees could view the credentials or the account.

When I use my phone and access my email, I know that my credentials are not given to my target server. Take an iPhone as the primary example. When I give it the credentials to a private IMAP account, I just know that Apple is collecting these credentials and scanning my email. I know every company is doing this. Users of a login screen have no idea who is seeing the credentials, if those credentials are stored, and who at what companies can see their account after they log in.

To solve the problem, simply display prominently which companies employees can see the account and credentials. Let’s say for example that the mail app on an iPhone proxies my email through an Apple server. The message would then be:

“These credentials accessible to employees of Google and Apple.”

A key component of this is that it cannot be stuffed into a privacy policy document. It has to be displayed right where they log in. Additionally this is for any credentials user interface, which includes Google’s weird collection of Wifi passwords. When you enter your Wifi password, Google has to display:

“These credentials accessible to employees of Google.”

This means that you now know that an employee at Google has the ability to look up your Wifi password, drive a car near your house, and log into your network to packet sniff your data.

Every company has to provide a user interface where an account holder can view the names of each person who has accessed their account, which company that person works for, and the reason for the access.

In the early days of Facebook there were rumors, since confirmed, that employees were stalking members they wanted to date without those members’ knowledge. This eventually led to other repeated privacy affronts until the FTC sued Facebook over them and eventually settled with them. Apparently Google, Twitter, Uber, and nearly every company that has accounts has this same problem. They always allow their employees unrestricted access until they get their ass sued off over it.

Interestingly enough, none of the settlements provide consumers with what they actually deserve which is an ability to see who at the company is snooping on them. If privacy is important, then it stands to reason that knowing who is potentially violating it is an important part of managing your personal security. This will stop stalkers from snooping on ex-girlfriends, employees from snooping on their enemies’ emails, or just basic voyerism that shouldn’t exist in the first place.

However, this part of the policy goes one step further by listing every person and the company they work for. This means if Google gives Ogilvy And Mather access to the traffic data of a million people, then Google has to list all of the Ogilvy employees who viewed that information.

Every company has to provide a statement as to how many people and companies can access an account and under what circumstances they are allowed to access it.

This would be required as part of the user interface that shows recent accesses to an account, and as link or expanded view on the credentials statement during logins. This is simply an estimate of the number of employees, what companies, and how easily they can access that account. If Apple is storing the credentials of my Gmail account, then Apple has to list on my account that both employees of Apple and Google can view my email, how many employees can, and what it takes for them to access it. If only two employees can access my email at Apple, and they need special permission, then I’ll know that. However, if every employee at Apple and Google can read me email without a password, then I’d know that too.

An account holder can provide the names of employees they refuse access to their account, and if those employees gain access the company is fined for every access.

Consumers have a right to explicitly name employees they refuse to have access to their account. This could be for anyone who has to use Google products, but knows that an abusive ex-husband works there, a stalker, or just about any employee they flat out don’t like. The company has to explicitly restrict access to this person, and has to immediately notify the user if they ever gain access.

Once a month, the company must email any account holders who have had a change in their access activity.

This is simply a means of making sure the company is telling the consumers when their account is being accessed. Companies love hiding information from consumers, burying the information in the bottom bowels of privacy statements and footnotes. As long as no employees are routinely accessing consumer information the company won’t have to do much. However, if there’s rampant privacy invasions by employees of users then the users will know about it they can do something about it.

All agents of a company must be identified as such when interacting with any account holder.

A final piece of the puzzle is that employees at a company have to be identified as such when interacting with users. The reason for this is it closes the loop on privacy violations and stalking concerns since an employee could be talking with a user, but also using private information to manipulate them and harass them. However, if you see an employee marked as such talking to you, then you know to immediately go look at your access log and see if they’ve been stalking you.

There’s an additional benefit in that it prevents companies from secretly manipulating their users by pretending to not be agents of the company. The scenario I envision here is where a marketing firm is given access to a large number of users, and then sets up fake users to manipulate their opinion of products. If an agent of a company is talking to me and I see they are labeled as an agent of the company I know they might be shilling.

Law Enforcement

Clearly there is no way we’ll ever get law enforcement to agree to any of the above. I’d say that accesses by law enforcement should be disclosed to the user after any investigations are over, but right, like any of that would happen. Because of this there would need to be provisions that access of a user’s account under the direction of a warrant does not need to be listed to the consumer, but it does need to be logged for later investigations.

Other Sectors

This policy could also be extended to other sectors such as Health Care, Government, Universities, and any organization that stores information on another person. If a random doctor is looking at my medical records then I should know about it. If someone from the IRS is looking at my medical history I should know about that. If a professor is checking out my university enrollment records I should know about it.

However, those organizations are going to be fairly reluctant to enact and kind of policy whereby a user can see who is looking at their information.

Employee Privacy

A small concern would be for employee privacy. If an employee is just doing regular maintenance on my account, at my request, then do I have a right to see their full name? On one side you could throw back the usual defense of, “If they have nothing to hide, then why are they worried about it?” However, I would say that as long as there’s enough information for a consumer to see different people and to question who is accessing their account, then it’d be allowed to hide employee last names or use employee codes. A proposal could be “John T.” as one way to list the name, or “John T. #213434, Google”.

Conclusion

Is this possible? Hell yes it’s possible. There’s nothing radical or onerous about what’s proposed. It’s actually just good security practice at any company to restrict access to accounts. All this does is provide consumers with the information they need to control who has access to their information. Give the consumers information and they will make choices based on what they feel is comfortable. On a technical level though, none of this is crazy hard.

Would it work though? I doubt it. If I were honest, I would say that privacy and security have been so fully eroded in internet culture that even when given this information consumers wouldn’t care. The only time they’d care is if it were an insane amount of abuse that was super obvious. Other than that, I think all the employees at Apple viewing Google email is something that the average consumer just sadly shrugs and accepts. But, it’s worth at least giving them the information they need to make decisions so that at least it’s by their own lack of choice, and not just because they assume a lie is the reality.

Will it ever happen? Aahahahahahahahahahahahaha. Hells no. You seriously think any company today wants to admit that they’ve got employees snooping on users and selling their information to subsidiaries, law enforcement, and marketing companies? You seriously think they want to implement any kind of this? I’m just proposing a total fantasy here, and the chance that some company will have the ethics necessary to do this is incredibly low. If a law like this were even proposed you would see a cash tsunami rain down on Washington DC like it was a Thai fishing village.

I just thought I’d write it up anyway, in case somebody is working on this right now.