Can we please be respectful and use data when debating important things online?
I wrote an article that was published by the Certificate Authority Security Council recently. You can read it here. In my article, I explain why I believe there is a need for new browser-based UI for website identity. To lend credibility to my opinions, I published a lot of data points for everything that I could think of on the subject.
Unfortunately, website identity attracts some people with extreme opinions, who are either unable, or unwilling to listen to people who hold a different opinion to them. It’s similar to the polar opposites in British and American politics today.
Everyone has an agenda. Mine is to encourage Mozilla to rethink their decision to remove website identity on October 22nd 2019. It’s also good content marketing for me and MetaCert.
I’ll be exceptionally surprised if Scott says that he doesn’t write blog posts or comment on Twitter for the purpose of attracting attention to his talents - in the hope that it benefits his career. I would kindly ask Scott and others to rethink how they question my integrity — I won’t stand for that. It’s bullshit. My track record across mobile and web standards speaks for itself. If a person has reason/evidence to suggest that I have hidden motives, they should show it instead of throwing general insults that hit my core. I rely on ethics as a moral compass in business.
I have never worked for a Certificate Authority and MetaCert doesn’t sell any type of SSL certificate. It doesn’t sell website identity services either. The Security Council reached out to me after reading a few of my articles on LinkedIn. If you read my bio at the end of the article, it should be easy to conclude that I have contributed so much to industry that I’m unlikely to shill something for the sake of making money.
My longterm dream is to see the entire decision making process for URL classification decentralized, as you can see from metacertprotocol.com
If browser vendors do as I suggest, my company flagship product becomes useless. It doesn’t get more impartial than that.
After publishing this particular article, a few people took to Twitter to voice their differences of opinion. My article is more of a thesis or white paper — with 5,000+ words. It’s crammed with data, and I hyperlinked to at least 10 different expert sources.
Everything I published has been published before. But I believe my article is the first of its kind to document everything I covered, in one place — for better context. Context is everything.
Back to the folks on Twitter. They appear to be experts in various aspects of cybersecurity. I suspect they are more experienced than me in many areas. But they were unable, or unwilling to substantiate their opinions with data. And they didn’t take the time to specify what they disagreed with. They just made general observations — sometimes proving that they didn’t read, or at least, consume my thesis. That’s ok. It’s difficult to consume content properly when you think you’re going to disagree with it.
When both sides of a debate reach stalemate, we should avoid throwing general insults at each other. We should try to reference data to show why we hold a specific opinion.
It’s easy to read a specific data point or comment, and get angry because you disagree with it. But for the sake of this particular thesis, I wish people would read my comments in the context of the entire story and then provide counterarguments.
Some people are even asking me why MetaCert uses a DV certificate from Let’s Encrypt if I think free DV certs are bad for the web. If this is their only concern, I can only assume they are unable to disprove anything I’ve said on the subject.
Here’s an extreme example to demonstrate my previous point further… I personally use Facebook to stay in touch with family and friends. But I also believe Facebook does more harm than good for society and the web. Should I stop using Facebook? I probably should. But this shouldn’t be used to distract us from data points about whether something is good or bad. MetaCert also uses Gmail and I believe Google is creepy in how it disrespects people’s privacy. I think you get my point.
Moving forward, can we please do the following:
- Listen to opposing views
- Articulate why you agree or disagree with specific view points
- Try to avoid making general remarks based on a gut feeling
- Use research / data to substantiate personal view points
- Don’t assume people who work for a big company are more right
- Be open to changing your position
A strange analogy
HTTPS EVERYWHERE = people who prefer fruit.
HTTPS IN-SOME-PLACES = people who prefer vegetables.
Many HTTPS EVERYWHERE people also like some vegetables.
Many HTTPS IN-SOME-PLACES people also like some fruit.
Some people like equal amounts of fruit and vegetables.
The problem
Some HTTPS EVERYWHERE people and some HTTPS IN-SOME-PLACES people will eat anything that’s sold to them as long as it’s from their favourite store. They will do this even if it’s not good for their health.
There are some extreme HTTPS EVERYWHERE people and there are some extreme HTTPS IN-SOME-PLACES people.
We should never assume that someone hates all fruit or vegetables.
Let’s be openminded, more respectful in our communication and be open to changing our mind. 🙏 ✌️
