Beat the Drum: Open Web needs to be Secure!

Mozilla DrumbeatMozilla is beating the drum for an Open Web at their new project page “Drumbeat“. Mitchell Baker, the Chair of the Mozilla Foundation has been regularly blogging about a more Open Web and what it might mean for us. There is lots of talk about openness, decentralization, freedom and public resources of the public Internet, but I’ve seen very little about security, privacy and how the lack thereof might affect The Web far more than anything else - negatively of course.

Just consider the Internet in its current, mostly insecure form. Is this a secure place to hang out? What will inevitably happen if your identity gets misused constantly, your conversations tapped, your banking accounts phished and credit cards stolen and your mail box becomes unusable because it drowned in spam? Different grids will take the place of the world-wide-web, closed intranets will guard our privacy, proprietary networks and affiliations through selective listings will be norm. Without relief from the current “openness” to be freely attacked and the freedom to be mislead and misused at will, the openness of the Internet in its most basic form is in danger.

In order for the Web to remain open and free, the Web must have a secure foundation. This is the basic requirement upon which the other noble goals can be built. Paradoxically as it may sound, this is probably not possible without some rules and regulations, something entirely counter to the current “openness” of the Internet. However I suspect, that those rules would be able to guard the openness of the Web, where privacy is a right and protection from phishing attacks and fraud, not a meaningless race of blacklists.

Tools like point-to-point encryption, personal identification and vetting of businesses already exist today. They are not the solution, but are part of it. They help us to get along with each other and protect us from unwanted encounters. Like in real life, as we drive along with our cars (computers) on the roads (networks) and meet friends (social web sites), invite them to our houses (blogs, personal web sites) and businesses (e-commerce, online shopping), we enjoy clear rules of engagement (licenses, permits, passports). Right now the Web is in a state of anarchism, not freedom and openness. At every corner lures another trap, another fraud attempt, another intrusion of privacy, another invasion.

Making identification and encryption for every netizen highly available and affordable has been the mission of the StartCom Certification Authority since its inception. With the goal to provide reasonable security by certifying web sites and email addresses without charge (free), StartCom is enabling point-to-point encryption wherever possible. With the higher level validations, but also a web-of-trust scheme, StartCom allows for proper identification of the participants on the web. With the natural right of security and protection, the web may become an enjoyable, open and free place to be.

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Other Posts
Securing the Enterprise
Refute the FUD

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

You must be logged in to post a comment. Click here to login.

Reader Comments

All this SSL is really useful, a big improvement, but most of the time they also take up a dedicated IPv4-address.

This is because IE on Windows XP still doesn’t support TLS-SNI (’host-headers’ for HTTPS/SSL).

We need more widespread usage of IPv6 and/or support for TLS-SNI to not cause any new problems on the long run.

I really hope Microsoft will do something about this. As a webdeveloper I’d love to see Microsoft doing something about IE6 usage.

I do have some doubts about Microsoft choosing the moral right/or what is technically required for IE9.

But who knows maybe it will be different this time. :-)

In other news it seems the root is gonna get DNSSEC-signed soon, I wonder if it will mean in the long run we will just be putting the our own self-signed certificate fingerprints in DNS as is now possible with SSH.

Exciting times. :-)

Hey Leen, it’s great that you understand the importance of the open web! Telekommunisten have recently won a Distinction for Thimbl at Transmediale after having competed in the Transmediale/Mozilla Foundation open web award. We were also awarded supported status on Drumbeat and invited to compete for the Prix Ars Electronica this september.

I was actually visiting this site because, of course, SSL is necessary for open web projects, and Thimbl is no exception.

Would Start perhaps be interested in sponsoring us by providing Extended SSL certificates for the Telekommunisten and Thimbl Project, and advising us on best practices.

For more information about Thimbl see

You can reach us at