Secret Link Paradigm

    The last few days, the Runet has been swept by a new fun: commenting on leaks of confidential data. Conspirologists have already come up with a lot of theories. Here is the malicious activity of Yandex, which does not shy away from expanding the search index. And purposeful preparation of society for the collection of big money with the help of law 152-FZ. And the machinations of vicious competitors (especially relevant in the context of Russian Railways). And of course, hackers who switched from the US Department of Defense and the MasterCard to a more serious opponent are Russian sex shops. Reality with a probability of 99% is much more prosaic. But this is not as interesting as the conclusions that interested parties will draw for themselves: search engines, developers of CMS and sites, and the owners of these sites themselves.

    To begin with: whose ears?


    Yes draws. I am convinced that megaphone sms were found by accident, and the news feed itself is so hot that resonance was guaranteed to him initially. Well, then the initiative citizens themselves began to pick up requests and merge the most successful of them. And neither the CIA, nor WikiLix, nor Google has anything to do with it. Surely we are waiting for new “disclosures”, since in 2011 people suddenly remembered that search engines had query languages.

    Who is guilty?


    Certainly not Yandex with Google. All the talk that Yandex needs to analyze content for personal data or not index pages with hash parameters or not include pages on which there are no external links, contradict the logic of the existence of search engines. Their direct goal is to find in general everything that is on the Web. If I am looking for compromising evidence against my wife, business partner or competitor, I may be a nasty typist, but I expect from the search engine not a moral assessment of my base motives, but the result. His task is to find me information. But to hide this information is the task of the site where it is stored.

    Therefore, the responsibility for leaks is entirely on the side of the site. And as a result, on the side of the developers of the site and the manufacturer of the control system. Shop-Script developers reaction,partially recognizing their responsibility , in this context deserves respect.

    Why did the problem become so widespread? In my opinion, the main reason for this is a simple and once true paradigm, stuck in the brains of developers. We believe that if a page has a rather complicated and inhuman address, then no one will ever find it until we give or publish a direct link to this page. Authorization by hash links, tracing orders by long numbers - all of this series. It turns out that the paradigm is wrong, and you need to replace it with another: if the page exists and is not closed with a password, the search robot will get to it sooner or later. Or maybe to get to the closed, there were precedents.

    Therefore, you cannot unequivocally blame the leakage of confidential data on search engines or developers. Unless it is necessary to find the guilty one, for example, an indication from above is given.

    But to whom I would blame, it’s a sensationalist journalist. Presenting the situation in the style of “Yandex has declassified” or “thanks to an error in the site engine”, they involuntarily disorient an audience far from Internet technologies, which, of course, makes up the vast majority of the population. And instead of thinking the next time, before indicating their real name when buying a dildo, people will think that all the blame is exclusively for spyware from Yandex, as well as worthless programmers. As recently as today, one reputable online publication cited a list of departments whose secret documents went to Google. The first item in the issue is the FAS website, in the development of which I took part, and I know very well that the documents of the chipboard there simply cannot be published. The journalist certainly didn’t know this, but,

    What to do?


    Search Engines - think over templates of information that you don’t need to index. This contradicts my own logic, but we live in a real world where a court can prohibit Google from indexing news on specific sites, and he is responsible for pornography in the issuance of Yandex, and not the owners of the indexed sites. Well, do not forget about 152-FZ . CMS developers - to reconsider the approach to an even convenient, but potentially unsafe way to access sensitive information. Website developers should carefully choose methods of accessing private information, taking into account the potential damage to users from unauthorized access to their information (somewhere you can’t do without a USB token, and somewhere else you don’t need special protection).

    And users - do not forget that Big Brother is alive and well. Like never before.

    UPD. In more detail about the allegedly secret file of the FAS and whether this situation is possible on sites running NetCat - in our blog .

    Also popular now: