Social media philosophy blog
Monday June 26th 2017

Technologies will sometimes fail us

In the aftermath of the Japanese earthquakes and the horrible effects on nuclear power plants, this technology is being reevaluated all over the globe. It is as if we were blind for the potential hazard of positioning nuclear plants in one of the most earthquake prone regions of the world. If we have missed something this obvious, what else have we missed? I see a direct parallel to our current development of Internet technology where we on the one hand are embedding Internet into all features of our civilization (including nuclear plants). On the other hand, we are massively expanding new vulnerabilities practically day by day.

After the earthquakes, news media could at least console us with the news that Japanese Internet service had remained open through the crisis. And yes, there is this kind of awesome stability built into the very technology of the Internet. The distributed character of Internet communication allows continued service even if some parts of it are shut down. However, this robustness is misleading. We need not be worried about us hurting the Internet, but perhaps about it, this marvelous technology, becoming an instrument for hurting us.

50 ways to steal your password, part 1

“At the risk of being crude, there must be 50 ways to leave your lover,” sang Paul Simon in the 1970s. In the following, I will modernise this into 50 ways to steal your password. This is certainly not my area of expertise, but I know enough to be very scared. As the world seems intent on running like crazy towards the wonders of cloud computing and Internet mobility, I would like to encourage reflection with this homage to Paul Simon: 50 ways to steal your password.

1. Let us start with the most elementary. Many browsers simplify your life by saving your passwords. Those who know how can easily extract both usernames and passwords for all sites where you have saved your password. In Mozilla Firefox this access is conveniently (and ironically) right under the tab for “security”. If you do not put your computer on windows password protection any time you leave it on, it can be easy for someone to sneak a peek and access all you got. This can for instance be done at work. Many leave their computers on and unprotected when going to lunch break. Not the smart thing to do. Let us be paranoid, shall we?
2. Many out of laziness leave their computers on and unprotected overnight. At some workplaces this is even required in order to have the computers accept important updates overnight. Easy for the janitor or your competitor at work to take a peek. They will have your passwords in a minute.
3. You might leave your computer on at home as well. You might be burglarised without knowing it, because this thief knows that there is more money in your passwords then in your homebound property. So, your passwords may be stolen without you really knowing that there’s been a burglary.
4. So far you have been victimised since you have been sloppy with your computer and not activated the Windows password function. Unfortunately, Windows vigilance does not mean safety, only that you are still vulnerable to a slightly more sophisticated brand of criminal. There are a number of ways of cracking the Windows password. Most crudely, you interrupt the start-up routine and from there it is simple to disable the password. In this case, you will notice that the computer has been hacked when you next open it, but your passwords are stolen.
5. And in closing this first round on password theft, the most obvious is for the villain to check under your keyboard. A popular place to save a note with the passwords.

The safetymilitude mindset

We are currently in the middle of a gigantic transformation of Internet use. Basically, social media, smart phones and cloud computing trends are egging each other on, opening up Internet use and aggregating information. Sets of information, personal information, professional information and collaborative information are increasingly connected to each other. Furthermore, as we have increasingly powerful access to information once we have the right password, this access has been distributed into many more nodes. As a result, prospects for cyber crime have never been better. Increasingly, if the criminal can access one of your passwords, he can access them all. That, in turn, can lead to identity theft, economic ruin, kidnapping of your computer (botnets) or all of these in combination.

My basic point is that we need to realise that our information is not safe. We tend to be lulled into thinking that everything is okay as we have an updated security software which gives a green light. However, cyber criminals will also have the same security software. Their day job is to bypass it. We cannot achieve total safety, only safetymilitude, coming as close as possible.

The “your computer is safe” message from our security programs is in a way dangerous. It creates a mindset where we delegate safety thinking to our solid security program. The safetymilitude mindset is different. If we know that our information is not completely safe, we could re-evaluate what we should and should not connect to the Internet.
In addition, we could re-evaluate our personal balance between convenience and safety. These two tend to go in different directions. More convenience, less safety and vice versa. Most of us need to strive for more safetymilitude, which means less convenience.
In order to bring my point home, I will write a series of posts on the theme “50 ways to steal your password”.

Safetymilitude

A few days ago, the US government announced an increase in the research budget on cyber crime with some 30%. Yesterday, UK foreign Secretary William Hague spoke at the 2011 Munich security conference.

http://www.securityconference.de/Hague-William.622.0.html?&L=1

He noted that:

-Over 40,000 pieces of sensitive information and financial data are traded on the online black market each day.
-Malware ZEUS has been successful in bypassing the protection system of the UK government.
-The UK defense industry has been deliberately attacked.
-Sophisticated attacks have been made against government staff by official looking e-mail.

Hague notes that the UK government has excellent defenses but that our concept of what it means to be “secure” must adapt in response to evermore increasing sophistication of the attacks.

This remark reminds me of a key argument by the old philosopher of science Karl Popper. He claimed that we can never really reach truth, we can only strive for coming as close as possible. He called this “verisimilitude”. I think this is something similar.

We may have to give up the idea of having a computer that is completely safe, but we can strive for “safetymilitude”.

“Two turkeys do not make an eagle”

The convergence between the mobile phone business and the web has created a crisis for long-time market leader Nokia. As the old Symbian system has proved inadequate for the multitasking of smartphones, Nokia has elected to go into a partnership with Microsoft. This has been a controversial move, but seems to make good business sense. Microsoft is a system specialist with a big push toward smart phones. Nokia is a giant in the mobile phone business. So, two real giants collaborating! Is it only maliciousness when Google VP Vic Gundotra tweeted: “two turkeys do not make an eagle”?

It turns out that big business has a long memory and that Gundotra is simply feeding back this same phrase, coined by Anssi Vanjoki, then executive vice president and general manager of Multimedia at Nokia, 5 1/2 years ago.

Still, one wonders, is there actually a problem that these two giants are too similar in basic competence?

Another problem: what now with Nokia’s famous slogan? Would it not be  “connecting people”, but rather “connecting Microsoft”?

On technological fixes

British architect Cedric Price once joked “Technology is the answer, but what was the question?” Today, this is more thought-provoking than funny. The idea that we tend to solve technical problems with more technology, has never been more applicable than with Internet technology. Furthermore, increasingly, we feel that more technology can solve societal and political problems as well. Such ideas are described as cyber-utopian in the much discussed The Net Delusion: how not to liberate the world, by Evgeny Morozov (2011). Morozov argues that more free information often is seen as a profound and quick fix to totalitarian regimes. Unfortunately, while social media can create new arenas for discussion, this can also help the regime to identify, control and apprehend dissidents. More information does not lead to more free people.

Morozov starts the book with an interesting criticism of the role Twitter played in the Iranian demonstrations, June 2009. This discussion is surprisingly similar to current discussions on the role of social media and the uprising in middle eastern countries, such as Egypt.

While Morozov’s book is a healthy wake up signal, these kinds of criticisms of technological fixes are problematic in the way that societal problems are divorced from technological problems. As I see it, our society is hopelessly intermingled with a wide range of technologies and these stand as part of the definition of a modern society. There is no technological fix on a nontechnological societal problem, is there?

Municipalities up in the cloud

Swedish municipality Salem recently announced that they were the country’s first municipality to place all of their IT services at Google apps. This surprised me greatly, since it is such a dramatic step with extensive and complicated consequences. Did they really know what they were doing? It didn’t sound like it based on the public announcement. This is what I interpreted as their thinking:

• -we are just switching from Microsoft to Google, just a platform switch
• -this is basically a choice based on technological reasoning
• -this makes good business sense, much of this is free and we do not have to pay all these expensive licenses
• -we can put more resources into working with important policy issues
• -cloud computing is the future, so let’s embrace it
• -all the services are integrated, so none of that compatibility trouble
• -all services are reachable from anyplace
• -all of the 2500 schoolchildren will have the same platform

I would have liked to read their thinking on a number of other issues. The involved people seem to be well informed, so maybe they have already thought about things that concern me:

• -What are the ethical and legal implications in moving data and services from computers and servers owned by the municipality to computers owned by an American multinational corporation?
• -What kind of freedom of choice does the municipality have when investing in future information technology?
• -What kind of competitive advantage is Google given concerning associated technology on the local market? For instance, regarding smartphones?
• -In which ways can Google Sweden safeguard its information in relation to the mother company?
• -Did officials of the municipality have the right to take the decision to move information from Swedish citizens to an American corporation?
• -Isn’t information to be seen as a kind of currency? That we are giving away for free?
• -In which ways is the Salem information linked with other nation-based resources? What else was Google given in this deal?

And so on. Personally, I find cloud computing as a sideline to the regular Internet quite exciting. I find the trend to put all resources on the cloud scary. Very scary. Information is slippery guys, very slippery.

Cloud computing and passwords

A common synonym for password is “access key”. And as a key to our property, the password is increasing in importance. This has a lot to do with the current transformation of the Internet from a highway to a hotel. When the civil Internet broke free from the military ARPANET, in the late 1980s, it came into the hands of the US National Science Foundation. At the time, it was developed with democratic ideals: no privileged access depending on your status or citizenship. The Internet became an anonymous network with no login or identity checks. In the recent decade, the Internet has been colonised by appliances. Today, Internet is increasingly being used as a Hotel rather than a highway as we stop to sleep over at Facebook, Twitter or YouTube.

When the PC broke through in the 1980s, it made the old terminal system, connected to one large supercomputer, obsolete. When users shared the same supercomputer, they had to log into the terminal to access the account. But the PC was property. Start it up and you are in. For a period, then, humans were actually spared much of the trouble with passwords. There were neither one on the PC nor on the Internet. Eventually, the passwords came back to the PC. Actually, the personal computer started to look more like a terminal as different users could share the same computer with separate logins and accounts. Also, work PCs became connected to supercomputers. In principle, you were working with a PC, but in practice it was back to the terminal.

Then came Cloud computing. There are two distinct ideas behind Cloud computing. First, convenience, that users can access the same resources regardless of location. Second, increased and more stable revenues for corporations. It is this second idea that is the real driver. There is, quite simply, a lot of money in having users utilise web-based services instead of our PC bound programs. And this is, arguably, one of the most influential business ideas of the new millennium.

The corporate world that produces software and cultural products has had a long standing problem getting users to pay and pay in full. A major complication has been shareware and open source activities as well as filesharing of music, programs and movies. All the talk about information sharing and gifting economies that followed the breakthrough of Napster in 1999 were nightmarish for many corporations. As long as users owned the program and used it on their own computers, it has always been possible to remove protection software and fake activity codes. As a result, activity codes have become longer and more complex and regular paying customers more irritated. Application services on the cloud stops this kind of cheating dead in its tracks.

Cloud computing is being sold as a convenience for the user: access your documents from everywhere. However, the real winners are the providers of software that can bypass the PC and sell software as a service on the web. Furthermore, the move makes it easy to transform buying a program into renting a service. Instead of selling the new program version to the customer, corporations now aim for rental services. Users are being pushed into the cloud as the traditional PC-based programs are emigrating to the cloud. Even Microsoft, the caretakers of our computers, is pushing hard in this direction, for instance in making Microsoft Office 2010 Cloud compatible.

As we increasingly have everything up there in the cloud, we might need to rethink our old ideas about passwords. This simple word, access key, increasingly seem to be of more value than the keys to our cars or homes. Furthermore, we can more easily guard our homes and lock up our car in the garage. But, our Internet possessions are everywhere, it is silly to even visualise them as being located in distinct places. What’s more, once someone has hold of our password, they can access our possessions, conveniently, from anyplace. This is scary and, unfortunately, we are not really good at handling passwords, given the way the web looks like today.

We need a large number of passwords to access everything we have in the cloud.

They all need to be different.

They all need to be complex.

And therefore difficult to remember.

But we must remember them, even those that we use seldom.

And as we become more mobile, we leave them on computers everywhere, at the Hotel, at the computer of a colleague etc

We must be absolutely certain to remember our most important passwords.

We must not mix them up.

We shouldn’t write them down, since notes can be stolen.

And we should change all of them on a regular basis.

We should use secure password-management tools, such as LastPass or Roboform, but it seems scary to put all that power into an appliance.

Isn’t there a better idea out there?

Do we need a moratorium on Internet access development?

In many countries, insurance on cars and homes are mandatory. This is a swell idea, it is for your own good, protecting the economy of the individual in case there is an accident. However, one could argue that there are great similarities with computers and computer protection. Today, standard computer protection in the form of virus-, spyware- and phising- protection as well as a firewall is up to the individual user. The way that the World Wide Web has developed, this can be associated with a number of problems. First, as there are many unprotected or poorly protected computers out there, they easily become part of the very scary botnet networks. These can create huge damages and disrupt the affairs of both governments and businesses. Second, unprotected computers contribute to the further spreading of bad code. Third, the lack of mandatory regulation creates legal problems concerning responsibility. This last issue certainly seems like a ticking timebomb.

What is your responsibility if your unprotected computer has been misused? There are many possible scenarios. The most obvious is that a so-called “infostealer” troyan steals credit card figures and thereafter cleans out an account. The current credit card policy is that you should guard your credit card intensely and you may not be reimbursed if you have been neglectful. What shall we say about an unprotected computer?

A similar scenario concerns passwords. Some of these may lead to credit card access as well, such as PayPal or Internet store accounts. Others may enable access to subscription services such as World of Warcraft. Another serious threat would be that criminals are given access to e-mail addresses. This, in turn, opens up for a number of different crimes. Are national legal systems prepared for this?

A specific kind of vulnerability concerns hijacking of poorly protected wireless connections. What is your responsibility if your IP number has been used for criminal activity, such as cleaning out others bank accounts, uploading copyright protected material or distributing child pornography?

Given all these problems it would indeed be reasonable to suggest that sophisticated computer protection would be as mandatory as car insurance. Having said that, we are already much too late… The new generation of smartphones, tabs and reading devices enable easy and quick Internet connection and supply new vulnerabilities. Since they lack the power of an ordinary computer, it is difficult to design effective protection for them. This is very troubling since they often contain credit card data, e-mail passwords, etc. Furthermore, as they are designed to interact with a number of different personal and corporate computers, they can easily spread Troyans to systems that otherwise are well protected. Since computers tend to “trust” the smartphones of their owners, cybercrime seems to be in good shape.

Development of Internet access is so fast. The idea of moratorium has frequently been discussed, and sometimes used, in connection with the development of genetic mapping and genetic testing. It seems to be a good idea to use regulation to slow down development of Internet access until we have time to understand what is really happening and how various drawbacks of technology can be dealt with. A further reason for putting on the brakes is that we are currently approaching a major challenge concerning Internet access. The 30-year-old standard for Internet addressing, IPv4, is quickly running out of IP numbers, quite possibly already this year. The process of moving the global Internet resources into the new standard of IPv6 has been going far too slowly. Doesn’t it seem that we are too slow when we need to be fast and frantically speedy when we need to slow down?

Zuckerberg’s law of information sharing

What does it really mean to “share information” in the 2010s? In 2008 Facebook innovator Mark Zuckerberg made the prediction that: “I would expect that next year, people will share twice as much information as they share this year, and next year, they will be sharing twice as much as they did the year before. That means that people are using Facebook, and the applications and the ecosystem, more and more.” This prediction, allowed the New York Times to jokingly dub this the “Zuckerberg’s law of information sharing” as a paraphrase to Moore’s law (predicting the doubling of the number of transistors that can be placed on an integrated circuit every two years) (http://bits.blogs.nytimes.com/2008/11/06/zuckerbergs-law-of-information-sharing/).

Zuckerberg’s law of information sharing is no joke. Looking at the official Facebook statistics, the development has actually been much more dramatic. At the end of its first year, 2004, Facebook reached almost 1,000,000 users. One year later day had more than 5.5 million. With the exception of another 400% increase 2006-2007, there’s been a steady doubling of membership figures each year. In 2010 Facebook reached more than 500 million users. Of these, 50% are logged in on any given day. Altogether, Facebook users spend 700,000,000,000 min. per month on Facebook. It’s probably unrealistic that Facebook will continue to double in membership numbers during the coming years. However, the figure of minutes per month will be just as interesting to follow. Naturally, Facebook is only one of several platforms for information sharing.

Seeing that Zuckerberg’s law carries some validity, what does it really mean for us as a species? It seems to signal many things. I would like to suggest that it is important to make a distinction between the sharing of creativity, opinions and identity. Unfortunately, these tend to blend into each other.

Concerning the sharing of creativity, there is an element of emancipation, humanity being set free through sophisticated social technologies. Clay Shirky reasons quite fittingly about the “cognitive surplus” of the masses that now finally can be set loose for creative means. Increased information sharing is therefore an indicator of connectivity allowing new forms of creativity.

Information sharing can also include exchanges of opinion as we discuss politics, arts, trends etc. What politics, films, music do I like? Which kind of communities can I join in these interests?

With the sharing of identity, it is the self of the individual that is the object for discussion and disclosure. Who am I,? Who are my friends? What is my politics? What is my sexuality? What are my ambitions in life? Etc.

Information sharing is deceptive as, once again, these three blend into each other. We think that we are only sharing creative products or opinions on politics, but as a byproduct we are surely sharing identity. In a sense, we are tagging our identities, making these searchable. Most social media applications are built upon the Google driven idea of producing free resources that are paid by large scale advertisement projects (AdWords, AdSense and DoubleClick). These kinds of projects have tended to move from a traditional idea of advertising the trademark, to data mining in order to aggregate information about the user and match the right individual with personalized commercial content. Information sharing is therefore the most important product for Internet development. In other words, the cognitive surplus is being used to finance both Google and Facebook. It is our tagging of ourselves that corporations need in order to better sell their products to us.

Zuckerberg’s law of information sharing is no joke. It has been observed that Moore’s law, first formulated in 1965, actually have served as a driver for technological development. Both hardware and software produces use it to plan ahead, knowing how to upsize the volume of long-term projects. How can Zuckerberg’s law of information sharing be used for strategic planning?

 Page 2 of 3 « 1  2  3 »