Akamai and SSL

SSL stands for “Secure Sockets Layer” and refers to a protocol for using the web in a secure, encrypted, manner. Every time you connect to a website with an address prepended with https://, instead of just http://, you’re connecting over SSL. Almost all banks and e-commerce sites, for example, use SSL exclusively.

SSL helps provide security for users in at least two ways. First, it helps keep communication encoded in such a way that only you and the site you are communicating with can read it. The Internet is designed in a way that makes messages susceptible to eavesdropping; SSL helps prevent this. But sending coded messages only offer protection if you trust that the person you are communicating in code with really is who they say they are. For example, if I’m banking, I want to make sure the website I’m using really is my bank’s and not some phisher trying to get my account information. The fact that we’re talking in a secret code will protect me from eavesdroppers but won’t help me if I can’t trust the person I’m talking in code with.

To address this, web browsers come with a list of trusted organizations that verify or vouch for websites. When one of these trusted organizations vouches that a website really is who they say they are, they offer what is called a “certificate” that attests to this fact. A certificate for revealingerrors.com would help users verify that that they really are viewing Revealing Errors, and not some intermediary, impostor, or stand-in. If someone were redirect traffic meant for Revealing Errors to an intermediary, users connecting using SSL would get an error message warning them that the certificate offered is invalid and that something might be awry.

That bit of background provides the first part of this explanation for this error message.

whitehouse.gov error message claiming the host is a248.e.akamai.net

In this image, a user attempted to connect to the Whitehouse.gov website over SSL — visible from the https in the URL bar. Instead of a secure version of the White House website, however, the user saw an error explaining that the certificate attesting to the identity of the website was not from the United States White House, but rather from some other website called a248.e.akamai.net.

This is a revealing error, of course. The SSL system, normally represented by little more than a lock icon in the status bar of a browser, is thrust awkwardly into view. But this particularly revealing error has more to tell. Who is a248.e.akamai.net? Why is their certificate being offered to someone trying to connect to the White House website?

a248.e.akamai.net is the name of a server that belongs to a company called Akamai. Akamai, while unfamiliar to most Internet users, serves between 10 and 20 percent of all web traffic. The company operates a vast network of servers around the world and rents space on these servers to customers who want their websites to work faster. Rather than serving content from their own computers in centralized data centers, Akamai’s customers can distribute content from locations close to every user. When a user goes to, say, Whitehouse.gov, their computer is silently redirected to one of Akamai’s copies of the Whitehouse website. Often, the user will receive the web page much more quickly than if they had connected directly to the Whitehouse servers. And although Akamai’s network delivers more 650 gigabits of data per second around the world, it is almost entirely invisible to the vast majority of its users. Nearly anyone reading this uses Akamai repeatedly throughout the day and never realizes it. Except when Akamai doesn’t work.

Akamai is an invisible Internet intermediary on a massive scale. But because SSL is designed to detect and highlight hidden intermediaries, Akamai has struggled to make SSL work with their service. Although Akamai offers a service designed to let their customers use Akamai’s service with SSL, many customers do not take advantage of this. The result is that SSL remains one place where, through error messages like the one shown above, Akamai’s normally hidden network is thrust into view. An attempt to connect to a popular website over SSL will often reveal Akamai. The White House is hardly the only victim; Microsoft’s Bing search engine launched with an identical SSL error revealing Akamai’s behind-the-scenes role.

Akamai plays an important role as an intermediary for a large chunk of all activity online. Not unlike Google, Akamai has an enormous power to monitor users’ Internet usage and to control or even alter the messages that users send and receive. But while Google is repeatedly — if not often enough — held to the fire by privacy and civil liberties advocates, Akamai is mostly ignored.

We appreciate the power that Google has because they are visible — right there in our URL bar — every time we connect to Google Search, GMail, Google Calendar, or any of Google’s growing stable of services. On the other hand, Akamai’s very existence is hidden and their power is obscured. But Akamai’s role as an intermediary is no less important due its invisibility. Errors provide one opportunity to highlight Akamai’s role and the power they retain.

Lorem Ipsum Dolor Sit Amet

I was browsing this store for worker clothes in Germany a few weeks back when I noticed something funny in the bottom corner. I’ve highlighted the snafu in the screenshot below with a big red arrow.

lorem ipsum screen shoot

The arrow points to paragraph that is definitely not in German. In fact, it’s Latin. Well, almost Latin.

The paragraph is a famous piece of Latin nonsense text that starts with, and is usually referred to as, lorem ipsum. Lorem ipsum has apparently been in existence (in one form or another), and in use by the printing and publishing industry, for centuries. Although it’s originally derived by a text from Cicero, the Latin is meaningless.

The story behind lorem ipsum is rooted in the fact that when presented with text, people tend to read it. For this reason, and because sometimes text for a document doesn’t exist until late in the process, many text and layout designers do what’s called Greeking. In Greeking, a designer inserts fake or “dummy” text that looks like real text but, because it doesn’t make any sense, lets viewers focus on the layout without the distraction of “real” words. Lorem ipsum was the printing industry’s standard dummy text. It continues to be popular in the world of desktop and web publishing.

In fact, lorem ipsum is increasingly popular. The rise of computers and computer-based web and print publishing has made it much easier and more common for text layout and design to be prototyped and much more likely that a document’s designer is not the same person or firm that publishes the final version. While both design and publishing would have been done in print houses half a century ago, today’s norm is for web, graphic, print and layout designers to give their clients pages or layouts with dummy text — often the lorem ipsum text itself. Clients — the “real” text’s producers, that is — are expected to replace the dummy text with the real text before printing or uploading their document to the web.

We can imagine what happened in this example. The clothing shop hired a web design firm who turned over the “greeked” layout to the store owners and managers. The store managers replaced the greeked text with information about their products and services. Not being experts — or just because they were careless — they missed a few spots and some of the Greeked text ended up published to the world by mistake.

A quick look around the web shows that this shop is in good company. Although lorem ipsum is often preferred because the spacing makes the text “look like” English from a distance, many other dummy texts are both used and abused. Here’s an example from an auto advertisement.

car advertisement with dummy text

Due to rapidly and radically changed roles introduced by desktop publishing — changes in structure and division of labor that are usually invisible — you can see accidentally published lorem ipsum text all over the web and in all sorts of places in the printed world as well. We don’t often reflect on the changes in the human and technological systems behind web and desktop publishing. Errors like these give an opportunity to do so.