The Greatest Failing Of Open Collaboration - How open collaboration will inevitably privatize
-
Keywords: Impersonation, Spoofing, Social Engineering
2005-10-11 - This was inspired by old notes, whose creation date was not recorded.
Introduction ∞
This project was spawned from my interest in open source collaborative efforts. It touches on concepts also in Wiki pros and cons as well as The Self-Moderating Forum. Basically, I see some serious issues with collaborative structures and am working on this to help alleviate my concerns.
Currently, my major points haven't been properly sorted out. I'm sure lots of this stuff has been discussed to death elsewhere, but at the very least my doing this will help me wrap my brain around some of the concepts.. and perhaps help some others as well.
I'm bringing this here so I can work on it online for a bit..
On hold ∞
I'm take a break from this and come back to it.. there are some major holes in the argument that I've got to apply some logical putty to. At least in this form you all will get to see a bit of the inside of my head. Perhaps this stuff is worthy of an anti-open-source page. I honestly see a lot of topics chained together.
The Greatest Failing Of Open Collaboration ∞
How open collaboration will inevitably privatize
Open collaboration is a form of collaboration in which all members are peers. In such a case, members may have differing ethereal social statuses, but they are otherwise all equal. While there may be administrators, there are no moderators. There are no user or access levels.
In the case of a Wiki, the openness aspect is extreme, in that not only can anyone enter such a community, but there is nothing "sacred". Any user has equal sway over all content. In some Wikis, users attempt to lay claim over text but post-pending their pseudonym to the end of a paragraph they add. This activity directly defies the intention of a Wiki. There is no real structure to ensure that a user cannot simply overwrite some other user's name with their own.
I have misgivings about the Holy Grail that something like collaborative journalism or collaborative writing is the ultimate hope for Collaboration.
Open-source includes a discussion on how "many eyes" can see more, and so undesired activity can be noticed and efforts can be directed to affect change. While it is true that "many eyes" can see more, there is no logical or real-world example of why will or must be true.
In a sense, the weakest link becomes more of a threat in a chain of collaborators.
If the original fear driving collaborative journalism is the avoidance of propaganda, misdirecting facts, and other such "evil" influences, then even a single mole could cause significant damage from the inside.
This single mole could be capable of seeding either a system by which propaganda can still propagate, or of planting tools or information within this collaborative system which could misdirect, or even subvirt, it's collaborators.
There are attackable components in a collaborative system such that certain influences may integrate themselves so cleanly as to be undetectable. Imagine how vulnerable a system of everyday people is to social engineering attacks?
Is it feasible to "train" every citizen in the population of such a collaboration?
Open-Source has a holy grail concept that the sheer openness it strives towards is it's biggest asset in fighting concepts such as malicious code like "trojan horses". The idea is that though code changes may be small they are heavily audited and can be very hard be merged into a project. However well-crafted code can still sneak its way in and remain hidden until future code audits or some accident discovers it. See the Spectre and Meltdown bugs]]. Open source is still far better than closed source in this regard, because at least the code can be audited.
Open source has at it's heart the concept that many eyes, many minds, and many hands can collaborate towards forging good software. However, one could make an argument similar to that found in security in that misplaced trust can seed an open source collaboration with it's most dangerous enemy.
Many eyes, many minds, and many hands don't matter if these citizens to the open source sub-collective are not educated. They obviously cannot be equals if there is "open" (unrestricted) membership. It is unreasonable to assume there is anything more than passing worth in educating these members with, say, social engineering concerns if even a single member cannot fully absorb and be fully empowered with this knowledge. The only solution would be to close off membership in order to maintain tight security control. Obviously, this is wholly against the "open" concept in open source.
Open source does, in fact, openly restrict membership. It's citizens have tiers of membership, whereby certain members gain seniority due to their efforts and both their actual and perceived skills. This, however, does not mean that said member cannot be subverted. It does not mean that said member cannot be a threat.
Against a very real threat, the "many citizens" concept is ineffectual unless at least some members are both wholly educated and empowered against inside threat.
Security through obscurity, is both a known and fought concept in the open source world in that there is a belief that the inexhaustible openness of open source will mean that both members and observers can know of and plan against problems.
Last updated 2023-03-19 at 01:47:03
Added some more thoughts: Trojan horse code can indeed sneak into open source and be just as bad as closed source, as exemplified by the Spectre and Meltdown bugs.