This is older, but I just discovered it: Why Digg’s non-hierarchical editorial control does not work and how to exploit it.

I could comment now on the lame comments this guy got but I have little patience with people that like to shoot the messenger. Next: how to prevent this?

It’s prediction time. Here’s my prediction: Technical measures will fall short. They allways do. The problem with most techies is that it is all they can come up with.

If your “protocol” is flawed and even theoretically allows for these attacks, all you can do is go into an arms race with your opponents. Email is a nice example. The Email protocol is flawed because the cost is with the recipient. No amount of technology will solve that very basic problem, only a redesign of the protocol will do. The same with Linux, Windows, MacOS X and other ACL-based operating systems: they will always be insecure to some extent, period. Read on the Confused Deputy and other stuff on that site to see why.

So, as Digg and other services will continue to become more popular, they will continue to become the target of attacks like the one described above more and more often. The result is a vicious spiral of completely wasted time: admins install anti-hack measures, hackers circumvent these, ad nauseam. Until either side gives up because the revenue of hacking Digg is smaller than the cost.

If you contrast this with sites like Advogato or its clone Squeak People, they are running basically the same code that Raph Levien threw together almost 6 years ago. No need for constant patching as admins fight attempts by hackers. That is because the underlying protocol is secure by virtue of relying on social, rather than technological measures to keep the site’s contents clean.

Yes, the communities are smaller and there is a barrier of entry. But it seems, at least to me (and I have been watching this for quite a while now, starting on Bix and Fidonet in the ’80’s), that in this case you really can’t have your cake and eat it, too.

Oh: last post before Christmas. So a merry Christmas to all of you!

This entry was posted on Saturday, December 24th, 2005 at 1:01 pm and is filed under Stuff on the Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Stumble it!  Post to del.icio.us