Centralisation and security

Which is more secure? Centralised or decentralised software?

“I have nothing to hide and I don’t mind if the government is monitoring my communication” is a line often rolled out by users who are worried about terrorism and therefore willingly accept government surveillance programs. Seeing the terrible terror attacks in Belgium and around the world it is understandable that software users are willing to give up control over their data and accept breaches to their privacy more readily. But is software really more secure with centralisation and backdoors which allow governments to carry out those surveillance programs?

The issue is when your data is stored on centralised servers - where the government can freely intercept private communication - then you can be sure that corrupt employees of the centralised services providers, hackers, cyber criminals and industrial spies can do exactly the same. Software centralisation and weak software security (that allows breaches of privacy) not only empowers government, but it create a convenient target for hackers as well. Centralised cloud servers - which store the data of millions users and implement backdoors for government surveillance programs - creates opportunities for hackers and cyber criminals as well. After all, hackers only need to break into one central place in order to steal the data. Not only that, experts are suggesting that much of the hacking directed against companies actually stems from insiders within the companies themselves. Centralized systems will be always vulnerable to dishonest employees. Centralisation, breach of privacy and software backdoors achieve the very opposite of what was the aim in the first place: it weakens the security of software users.

Internet of Things and machine-to-machine (M2M) communication systems are facing the same problem. The government wants to know who controls the devices (e.g. a drone which can be used for terrorist acts) and will monitor device communication. In order to monitor devices the security must be weakened. Consequently, centralisation makes the attack on IoT devices easier for hackers and cyber criminals. A decentralised P2P system such as Streembit is virtually impossible to intercept.

Of course the decentralised P2P software must be robust and reliable to keep the data and communication safe, but that’s why we are working hard on Streembit: to create a secure, decentralised, P2P communication system for humans and machines.

Check out other open source projects I have contributed. You can contact me at tzpardi@streembit.com if you have any questions or comments.