Zach Latta ->

Perhaps some of the cultural issues we're facing in the age of the internet are a result of the internet being a zero trust space, and typical society being a medium trust space.

When you go to the local coffee shop and chat with people, you can have basic assumptions about them: they're not a serial killer, they are who they say they are, they live nearby, and you probably share mutual people in the community with them - so there would be reputational damage to them if they were to be a jerk to you, or try to scam you, or otherwise.

When you go online, you can't make those same assumptions. For people, who grew up on the internet and have spent a significant percentage of their life online - that's normal, that makes sense, and that's the default. It'd be weird any other way. Growing up, I remember being shocked when I realized that paper checks had the underlying account numbers on them. In the age of the internet, that violates the basic practices of security 101, but that design decision probably made sense in the medium trust world of the 1950s when paper checks were invented. Similarly, there are probably analogies to when a lot of 20th century companies were starting to come online, and you'd read these stories about how people were able to socially engineer their way into someone else's cell phone through working the customer support line - that was probably possible because the company systems were designed around the assumption of a medium trust environment.

The role of government is to solve tragedy of the commons issues: managing shared resources (property, water, etc), building and maintaining shared infrastructure (roads, electrical grid, internet), safety, etc. I also think a secondary role of the government is to articulate a clear, specific positive vision for the future.

Perhaps trust in the age of the internet is a new type of tragedy of the commons issue that the government should concern itself with. Despite a zero trust world feeling "ideologically pure" (of course the systems you design shouldn't trust that people are who they say they are!), it's a lot of work to design every system assuming zero trust. Identity fraud alone is probably what 10% of all labor in the software field goes toward preventing.

Then there's also the transition cost. For much of the population today, they aren't deeply familiar with zero trust spaces - and perhaps that's a transition that's too difficult.

How can we turn culture back into a medium trust space?

Edited just now. Created just now.