Creating A “Can’t Be Evil” Terms of Service

Larry's Blockstack Summit 2019 talk on how we can create a new security model for the web.


4 min read

Though April is upon us, we’re still reflecting on lessons learned at Blockstack’s 4th annual summit in San Francisco this past October. Larry Salibra — the Founder of New Internet Labs and a former member of the Blockstack core team — took a deep-dive into how user intent is treated in today’s web climate, and how creating a new “Can’t Be Evil” terms of service could change everything.

Today’s Web Terms & Virtual Volcanoes

Salibra began his talk with a theoretical example illustrating today’s web climate. Say there’s a woman who uses a company called Evil Books as her accounting software. “She enters into her web browser, clicks enter, decides to pay $10,000 to Bob, and enters it into the accounting software,” he said. “When she enters that transaction, a whole bunch of her personal information goes up and into the cloud like a volcano, spreading information to a bunch of different parties.” We can assume that the woman intended to share her information with EvilBooks, but she’s probably unaware of how many third parties it was passed on to. What users want today is a web where they can use apps and only have a relationship with that app’s developer. “This is the web we think users want. It’s the web that I want,” said Salibra.

Creating “Can’t Be Evil” Terms of Service

So how do we get there? We try to determine what the user’s intent is — what information they want to share with other parties — and then we enforce it through the terms of service. “The option is binary. You’re presented with a legal contract at the beginning of your app-using experience. And you can choose either to accept it or reject it,” explained Salibra. “If you accept that contract, the app developer and the world assume that your intent was to share the information that was in that 50-page, finely worded document.”

But there’s an asterisk at the end of every terms of service, which is that it’s subject to applicable law. This meaning your terms of service may actually have different provisions depending on where you and the vendor are physically located. This is how user intent is enforced through the legal system, but it’s a slow, expensive, complicated process inaccessible to all but deep-pocketed corporations. “But we have a solution to this. Software can eat this problem. We can create a ‘Can’t Be Evil’ terms of service using software.”

Playing in the New “Can’t Be Evil” Sandbox

The current web works in the concept of a blacklist where everything is permitted unless explictly forbidden. App developers can connect to any servers they want when you load a web app. If you don’t like it, you can install a blocker…but as soon as you do, the app developer can make a connection to somewhere else.

Salibra advocated for switching to a whitelist model: “It’s this idea of least privilege. That apps should only have access to resources that they need, and shouldn’t have any more privileges than they absolutely need.”

The whitelist model was the basis for the Can’t Be Evil Sandbox, which launched as part of the New Internet Extension in November 2019, shortly after the Blockstack Summit. Version one has no cookies, which is a technology that was made for the client-server web as a way for app developers building a to track users across different requests. It prevents automatic loading of third-party assets - images and code loaded from other people's servers - which Salibra argues originated out of laziness. “As developers, we want to use some code but we’re a little bit lazy. We don’t want to figure out how to package it and put it in our app. So we just copy this link into our code. That was something that needed to go.”

How it works

Here’s how the Can’t Be Evil Sandbox works: app developers opt in with an HTTP header. It’s the Can’t Be Evil HTTP header, and they set that to true to indicate that their app can’t be evil. When an app can’t be evil, the New Internet Extension enforces the sandbox rules on the app. If there are any attempted violations, the extension reports that back to the user and then prevents the violations from happening. If an app hasn’t opted-into the sandbox — if it’s an evil app —then the extension reports on how many third-party assets and requests are made by the app.

“I’m really excited about this new web that we’re building. I think that we can take the web tech that we all love, that’s really easy for developers to work with, and we can add components of Blockstack like the Blockstack naming system, smart contracts and Gaia storage along with the Can’t Be Evil Sandbox,” summarized Salibra. “We’ll be moving closer to the new web that we all deserve and something that’s really different — a general-purpose computing platform that’s trust-minimized, and user-centric by design.”

View the full talk on YouTube below:


Visit the Blockstack Summit site to view more talks from the 2019 Blockstack Summit.

Questions? Tweet at Larry on Twitter.

Want New Internet updates?

Sign up for the latest on our products and the ecosystem.