Just as there can be appsec truths, there can be appsec laws.
Any sufficiently advanced technology is indistinguishable from magic.
Witchcraft to the ignorant… Simple science to the learned.
With those formulations as our departure point, we can now turn towards crypto, browser technologies, and privacy.
The Latinate Lex Cryptobellum:
Any sufficiently advanced cryptographic escrow system is indistinguishable from ROT13.
Or in Leigh Brackett’s formulation:
Cryptographic escrow to the ignorant . . . Simple plaintext to the learned.
A few Laws of Browser Plugins:
Any sufficiently patched Flash is indistinguishable from a critical update.
Any sufficiently patched Java is indistinguishable from Flash.
A few Laws of Browsers:
Any insufficiently patched browser is indistinguishable from malware.
Any sufficiently patched browser remains distinguishable from a privacy-enhancing one.
For what are browsers but thralls to Laws of Ads:
Any sufficiently targeted ad is indistinguishable from chance.
Any sufficiently distinguishable person’s browser has tracking cookies.
Any insufficiently distinguishable person has privacy.
Writing against deadlines:
Any sufficiently delivered manuscript is indistinguishable from overdue.
Which leads us to the foundational Zeroth Law of Content:
Any sufficiently popular post is indistinguishable from truth.