| Here's a tortious causal chain that I think explains everything. Computing evolved up the point of Multics. The military has always been a driver of computing research to some extent. The deployment of computing resources to help plan airstrike missions showed a critical need for developing a system in which a single computer could handle multiple levels of secure data. The research resulted in capability based security, which was in the process of being folded into Multics. The folks at Bell labs happened to have a spare DEC machine, and having seen the complexity of Multics, decided to eschew capabilities, and instead relied on a much simpler, and quicker to implement system based on group and user IDs into Unix. This quickly spread to be the defacto multi-user model of security across the academic world. Over time, PCs came to dominate the low end of computing. When it came time to implement multi-user and network systems, the Unix model, or a slightly upgraded model, based on access control lists (as in Windows) effectively ate the world. Eternal September happened, and the internet went commercial. With this, we now have persistent internet, and are stuck with the oversimplified security model from Linux and Windows dominating everything. As such, no computer is actually secure. Because computers aren't secure, you can't trust programs that run on them to be secure. Because of this, you can't trust the web browser on your computer to not get you into trouble if you click on the wrong link. This results in a very strong tendency to avoid clicking on links from unknown domains and sites among the general public. Because the audience has settled into a few walled gardens, most of the authors of content have had no choice but to move to do the same. And here we are, because capability based security is seen as too complicated (it doesn't have to be, in fact it can be simple to use), we're all stuck with facebook, twitter, etc. |