Lance Vick on Security Vulnerabilities and the Need for Privacy2021年 2月 22日
Lance Vick has been fixing digital security risks since the age of 14.
"At the time, I was just a teenager, and I didn't have any experience," Lance said on the latest Follow the White Rabbit podcast recounting his early exploration of program vulnerabilities.
Agreeing to help a university administrator whose server was compromised, Lance taught himself to detect malware and returned control of the server back to the institution. This was just the beginning of his 20+ year affair with privacy, security, and digital sovereignty.
Today, Lance is the founder of #! (Hashbang) -- a group "like a hackerspace, but online," that hosts Unix services, publishes privacy and security research, and conducts penetration testing to uncover security flaws. At the same time, Lance is a Security Engineer at Polychain Labs and has experience as the Lead Security Engineer for Bitgo.
Lance's commitment to mitigating digital security risks showed him that vulnerabilities are everywhere. In fact, Lance believes that most large online services are "very highly vulnerable" to security breaches.
"There are so many obscure security bugs that -- unless you have a particular experience set -- you're never going to spot them. They could be there in plain sight," Lance said.
The solution? More open-source code, more decentralization, and more secure encryption.
"Having code be open-source where anyone can audit it, and then incentivizing audits" improves security, Vance said. Made freely available, open-source software provides a public 'check' on the quality of code, increasing the software's security and utility. It is the type of decentralization Lance would like to see more of -- the type that protects our privacy.
"We see a lot of highly centralized services are used ... and that really concerns me," Lance said. The problem is, even if encrypted, centralized services hold user data and can change privacy agreements on a whim.
This is significant because privacy is not just good for user trust; it is essential to a healthy society. As Lance put it when discussing free speech: "In order for civil discourse to be really effective, you have to have zones where speech can happen completely freely ... the best way to make sure this happens is to make sure it is highly private and encrypted."
To hear more about Lance's security experience, the dangers of hacking, and the importance of privacy, follow us down the rabbit hole. Listen to the conversation here or on your favorite streaming service.