Last November I had the privilege to speak at The Times Tech Summit, on the Security & Trust panel. As panels go, this was quite delightful - the audience had just the right amount of experience to have informed questions and engaged for the full 45 minutes.
The first question Daniel asked my panel was "Can you have a safe internet?"
To answer this, let's quickly look the original design for the internet. The internet was built for Government, Military, and Universities to communicate. These three organisations tend to be trusted, and there was no real reason to limit any traffic or verify intentions. Even the people who designed IP addressing for example, how devices and networks speak to each other, sort of like a telephone number, wasn't designed for our current mass amounts of communication. We ended up running out of address space and had to design both a way to reduce our usage (Network Address Translation), and even create a whole new address space (Internet Protocol version 6).
The internet was created to freely pass communication between remote locations, without hindrance. Unfortunately, this communication can be both legitimate and illegitimate. The internet itself doesn't discern between them. We as humans, along with what controls we put in place, are responsible for detecting this.
Nothing will ever be 100% secure, even the top agencies in the world are breached at times. We're human, nothing we make is going to be 'hack' proof. However, we can educate ourselves to make informed decisions.
When you come across a product, read reviews. When you receive an email, read what it's saying before clicking a link. I came across a Phishing campaign once that took three steps before the attack actually took place, the storyline was of a possible buyer looking to purchase artwork. The email seemed legitimate, there were no malicious links or attachments, it came from a legitimate address. It was only when I searched on Google for the sender's email address did something come up.
We all know Google is our best friend, use it. Improve your Google-Fu by using operators to narrow down your search; such as "Zoë Rose" site:twitter.com would bring up my twitter account. There are many different operators, but "" and site: I use most often. If this seems a bit too confusing try Google Advanced Search that will again, clarify findings so you don't have to spend hours reading.
I've worked at, and consulted for, ISPs; that is, Internet Service Providers. Once a customer had an issue, their computer was infected with malware, and they called to complain. See, this customer believed that we provided not only their broadband, but also had controls in place to make sure it was safe. In reality, you can think of an ISP as someone who connects the dots. ISPs bring internet from point A to point B, they typically don't monitor what information you can receive, it's your job as the person accessing that information to verify it isn't malicious.
Going back to Daniel's first question, no we can't have a safe Internet, as the Internet isn't designed to protect you, it's designed to connect. However, we can be the heroes of our own stories. We can combine technical controls, limit connectivity to only what's needed, and spread awareness so everyone understands their part towards making the online world a safer place.