Most digital security advice tells you to change your password; this conversation tells you the entire foundation of the internet is rotting. The Hated One hosts a deep dive with Daniel, the CTO of Safing, who argues that fifty years of internet technology have failed to evolve beyond the insecure protocols of the 1970s. This isn't just about hackers; it's about a system where traffic flows in plain text because it is cheaper to ignore the risk until disaster strikes.
The Car Analogy and the 1970s Legacy
The Hated One frames the discussion around a startling comparison: the internet today is like the automobile industry before seatbelts or airbags were mandatory. Daniel, the guest expert, explains that "when we first had cars... there wasn't secured at all and people were just dying horribly." He argues that information technology is currently undergoing the same painful, fundamental rework that the automotive industry eventually faced. The core of his argument is that we are still relying on architecture built for a time when there was no reason to expect malice. "The problem is we're still using loads of protocols and technology that was built back then and just not suitable for digital world that we have now," Daniel states.
This framing is effective because it shifts the blame from individual user error to systemic design failure. It suggests that no amount of vigilance can fully protect a user when the road itself is broken. The Hated One highlights how the lack of encryption was once a rational economic choice for server operators who saw no benefit in the hassle of implementation. "If you ask like a server operator like why didn't you use HTTPS today it just don't see the benefit and it's just a hassle for them," Daniel notes. This historical inertia explains why the internet remains vulnerable, but it also exposes a dangerous complacency in the corporate world.
Critics might note that the car analogy oversimplifies the decentralized nature of the internet; unlike a single manufacturer, no one entity can mandate a global protocol upgrade overnight. However, the point stands that the cost of inaction is now far higher than the cost of migration.
The Business Case for Breach-Driven Security
Perhaps the most cynical insight in the piece is the observation that companies only invest in security after they have been catastrophically breached. The Hated One and Daniel discuss how management often ignores security because "if it works you don't feel it." They only allocate resources when a crisis forces their hand. The conversation cites the Maersk shipping attack and the Aramco incident as prime examples where companies suddenly received "unlimited budget" to fix their security, but only after suffering massive damage.
"The problem of security in companies is if it if it works you don't feel it... it's only when they they there's a problem that they realize well we have to throw more money at it."
This dynamic creates a perverse incentive structure where security is a cost center rather than a value driver. The Hated One points out that regulations like the GDPR have finally started to change this calculus by attaching massive financial penalties to negligence. "With the huge finds that's something get that CEOs acknowledge and see visi okay there there might be a huge file so it might be cheaper just to invest a little more security before and not have to pay a fine," Daniel argues. This is a crucial pivot point: the market is finally being forced to price risk correctly, but only through the threat of fines rather than a proactive culture of safety.
The Economics of Vulnerability Markets
The discussion takes a darker turn when examining the market for "zero-day" vulnerabilities—flaws in software that are unknown to the vendor but known to attackers. The Hated One raises the issue of companies like Apple, which have been criticized for offering relatively low bounties for discovering these flaws compared to what state-sponsored actors will pay. Daniel suggests this is a "tactical decision" by companies to avoid driving up the market price of exploits. "If you just like pump the price there will just be more people looking for abilities and Apple is still not the one who's gonna be offered to them," he explains.
This argument is provocative and reveals a grim reality: companies are not necessarily trying to eliminate vulnerabilities, but rather managing the cost of acquiring them. The Hated One notes that while Apple increased its rewards to $1 million, the top price for a vulnerability remains around $2 million, a figure that pales in comparison to what nation-states will pay. This suggests that the gap between corporate security budgets and the black market for exploits is a deliberate strategic choice, not an oversight.
"It's basically be pre the Snowden revelations like loads of traffic was unencrypted and because nobody was other reason to because if you ask like a server operator like why didn't you use HTTPS today it just don't see the benefit and it's just a hassle for them."
The Hated One effectively uses this section to illustrate that the threat landscape is not just about rogue hackers, but about a sophisticated ecosystem where vulnerabilities are commodities traded between corporations and governments. The lack of border control on the internet, combined with unverified routing protocols like BGP hijacking, means that anyone can pretend to be a trusted server. "There's no security concept to this and slowly we're adapting new additional protocols or upgrade protocols that actually do some verification of it," Daniel admits, highlighting that the internet is only now beginning to solve problems it should have addressed decades ago.
Bottom Line
The strongest part of this argument is the reframing of digital insecurity as a systemic failure of 1970s architecture rather than a lack of user vigilance. The Hated One and Daniel successfully argue that the internet is fundamentally broken by design, and that the only thing driving change is the increasing cost of failure. The biggest vulnerability in their stance is the assumption that market forces and regulation will eventually force a ground-up rebuild, a process that could take decades. Readers should watch for the implementation of DNS over TLS and HTTP/3, as these are the first tangible steps toward the security overhaul the authors demand.