Soft security

Updated November 25, 2019

As opposed to hard security. Soft security patterns from Meatball Wiki:

Soft Security is like water. It bends under attack, only to rush in from all directions to fill the gaps. It's strong over time yet adaptable to any shape. It seeks to influence and encourage, not control and enforce.

If nothing within you stays rigid, outward things will disclose themselves. Moving, be like water. Still, be like a mirror. Respond like an echo. — Bruce Lee

The earlier and more primitive animals were mostly made from soft materials because they not only make it much easier to wriggle and extend oneself in various ways, but soft tissues are usually tough (as we shall see), while rigid ones like bone are often brittle. Furthermore, the use of rigid materials impose all kinds of difficulties in connection with growth and reproduction. One gets the impression that Nature has accepted the use of stiff materials rather reluctantly... — J.E. Gordon, Structures: or Why Things Don't Fall Down

I made what I think is a somewhat nuanced and complicated argument about the nature of security. As such it is difficult to summarize. Basically I think that security measures of a purely technological nature, such as guns and crypto, are of real value, but that the great bulk of our security, at least in modern industrialized nations, derives from intangible factors having to do with the social fabric, which are poorly understood by just about everyone. If that is true, then those who wish to use the Internet as a tool for enhancing security, freedom, and other good things might wish to turn their efforts away from purely technical fixes and try to develop some understanding of just what the social fabric is, how it works, and how the Internet could enhance it. However this may conflict with the (absolutely reasonable and understandable) desire for privacy. — NealStephenson, ComputersFreedomAndPrivacy 2000 (Toronto)

Soft Security is a collective solution, whereas Hard Security is often an individual solution... When Soft Security becomes unilaterally enforced, it fails. This is a chicken and egg statement.

Soft Security follows from the principles of:

  • Assume Good Faith: People are almost always trying to be helpful; so, we apply the Principle of First Trust, confident that occasional bad will be overwhelmed by the good.
  • Peer Review: Your peers can ensure that you don't damage the system.
  • Forgive and Forget: Even well-intentioned people make mistakes. They don't need to be permanent.
  • Limit Damage: When unpreventable mistakes are made, keep the damage within tolerable limits.
  • Fair Process: Kim and Mauborgne's theory that being transparent and giving everyone a voice are essential management skills.
  • Non-Violence: Do no violence lest violence seek you.

From How Wikipedia Works.

One of the paradoxes of Wikipedia is that this system seems like it could never work. In a completely open system run by volunteers, why aren't more limits required? One answer is that Wikipedia uses the principle of soft security in the broadest way. Security is guided by the community, rather than by restricting community actions ahead of time. Everyone active on the site is responsible for security and quality. You, your watchlist, and your alertness to strange actions and odd defects in articles are part of the security system.

What does “soft security” mean? It means that security is largely reactionary, rather than preventative or broadly restrictive on user actions in advance. With a few exceptions, any anonymous editor can change any page on the site at any time. The dangers of such a policy are obvious, but the advantages are perhaps less so: Wikipedia’s security offers a level of adaptability and flexibility that is not possible with traditional security policies and tools.

Soft security allows for permissionless innovation.