Updated: Apr 23, 2020
Last November I had the privilege to speak at The Times Tech Summit, on the Security & Trust panel. As panels go, this was quite delightful - the audience had just the right amount of experience to have informed questions and engaged for the full 45 minutes.
The first question Daniel asked my panel was "Can you have a safe internet?"
To answer this, let's quickly look the original design for the internet. The internet was built for Government, Military, and Universities to communicate. These three organisations tend to be trusted, and there was no real reason to limit any traffic or verify intentions.
When they designed the original IP addressing (IPv4), they didn't realise the current mass amounts of communication and connection it holds together. We ended up running out of address space and had to design both a a temporary solution to reduce our usage (Network Address Translation) that has outlived it's design as well, and create a whole new address space (Internet Protocol version 6).
The internet was created to freely pass communication between remote locations, without hindrance. Unfortunately, this communication can be both legitimate and illegitimate. The internet itself doesn't discern between them - because again, it wasn't expected to need to. We as humans, along with what controls we put in place, are responsible for detecting legitimate and illegitimate things.
Nothing will ever be 100% secure, even the top agencies in the world are breached at times. We are human, nothing we make is going to be 'hack' proof. However, we can educate ourselves to make informed decisions. When you come across a product, read reviews. When you receive an email, read what it's saying think how it makes you feel before clicking a link.
I came across a Phishing campaign once that took three steps before the attack actually took place, the storyline was of a possible buyer looking to purchase artwork. The email seemed legitimate, there were no malicious links or attachments, it came from a legitimate address. It was only when I searched on Google for the sender's email address did something come up.
We all know Google is our friend, use it. Improve your Google-Fu by using operators to narrow down your search; such as "Zoë Rose" site:twitter.com would bring up my twitter account. There are many different operators, but "" and site: I use most often. If this seems a bit too confusing try Google Advanced Search that will again, clarify findings so you don't have to spend hours reading.
I've worked at, and consulted for, ISPs; that is, Internet Service Providers. Once a customer had an issue, their computer was infected with malware, and they called to complain. See, this customer believed that we provided not only their broadband, but also had controls in place to make sure it was safe. In reality, you can think of an ISP as someone who connects the dots. ISPs bring internet from point A to point B, they typically don't monitor what information you can receive, it's your job as the person accessing that information to verify it isn't malicious.
Going back to Daniel's first question, no we can't have a safe Internet, as the Internet isn't designed to protect you, it's designed to connect.
However, we can be the heroes of our own stories. We can combine technical controls, limit connectivity to only what's needed, and spread awareness so everyone understands their part towards making the online world a safer place.