🪖 Cyber Guerilla Is Upon Us
🔦This week's spotlight: Tension in Lebanon and Iran Demonstrate Tech is a Super-Weapon
Back in 2012, I was a "citizen blogger" for a national newspaper. I blogged for less than 6 months and learnt valuable lessons: 1) people almost never read the full articles; 2) to get clicks, you have to talk about politics in a manner that angers people; 3) I didn't have the stomach to withstand hateful comments after following lesson 2, especially because of lesson 1.
I have completely stopped caring about politics since then. Whenever there is an election, I read the programs the evening before and I go with what seems the most rational. I highly recommend a politics-free life. Politics addicts you to anger. Social media makes it worse because it feeds on our tribal impulses.
That long prologue is me trying to tell you I'm about to write about political matters and I am scared.
🏣 Iranian Government Shuts Down the Internet to Crush Protests
22-year-old Iranian Mahsa Amini was seemingly murdered by the Iranian Morality Police after being arrested for not wearing her hijab correctly. Iranian women burned their hijabs and cut their hair in protest. The government, in response, shut down WhatsApp and Instagram. Twitter and Facebook were already blocked. The censorship happens "at the network level", which means authorities likely compelled telecommunications companies into shutting down social media. Privacy-focused communication system Signal is already trying to set up proxies. Tesla obtained authorization from US authorities to make its satellite internet available in Iran.
What is happening in Iran is the scenario that keeps me up at night. Remember, I am a tech optimist. I see the Internet as this force of emancipation as powerful as the printing press. I studied philosophy and literature. I believe in the power of knowledge and rationalism. Seeing an authoritarian theocratic government controlling women's bodies is my own definition of supervillains.
All these privacy-enhancing technologies such as Signal, Apple's Lockdown Mode, Tails OS, Tor browser, and, yes, even Bitcoin, were built for this.
💰Lebaneese Citizens Turn to BitCoin as Economy Collapses
In another depressing story, a financial crisis strikes Lebanon so hard that banks are closed for the foreseeable future. Reports emerged of people holding up banks to withdraw their own money to pay for cancer treatments. The country's currency, the lira, has become worthless. To survive, Lebanese people rely on BitCoin.
If I can see a positive out of this story, it's how it allows re-framing the discussion around cryptocurrencies. Remember my introduction about "lesson 2"? Turns out crypto evokes such visceral emotions in people! Libertarians and alt-right integrated crypto into their toxic rhetoric to the point where people began hating the technology. Here what I see is a country on the brink of bankruptcy and a collapsing financial system. In times of turmoil, a decentralized system can be a lifeline!
🦅U.S. Military Buys Internet Surveillance Tool
In another scary government surveillance story, Vice reports the US military purchased, from the private sector, a machine straight from the Person of Interest TV Show. Cybersecurity firm "Team Cymru" built the "Augury" system that tracks 90% of the Internet's traffic. Team Cymru obtains our traffic data through agreements with Internet Service Providers (ISP), who do not gather consent for such sharing. Government agencies use the capability to track potential criminals and terrorists. These people lost the benefit of the doubt with the Snowden Files. The authorities have shown they cannot be trusted with that type of power.
And remember, you "don't have anything to hide" until some theocratic nutjob gets elected and tries to take away women's and homosexual people's rights.
Say hi to Russia's newest citizen.
🥑Legal Log
🧑⚖️Quebec Gets Its Own GDPR
In a news story that hits close to home, Quebec passed Bill 64. Requirements include the mandatory appointment of a Privacy Officer, breach notification, privacy impact assessments, enforcement of rights to consent and to be forgotten, plus measures around automated decision making. Notably absent are transfer impact assessments and data processing addendums that would guarantee processing by third parties and third countries adhere to similar technical and organizational measures.
This is a big deal for Canada because it benefits from "adequacy decisions" from the EU. Privacy laws must therefore stay comparable to Europe's to keep this competitive advantage. If you look at some of Quebec's built-in advantages in the data center market (cold climate and cheap, green energy), the privacy law makes Quebec more appealing to European companies who wish to gain a foothold in North America while avoiding USA's surveillance measures, as illustrated in the above story.
🎯InfoSec Stories
🚔Hacker Suspected of Uber and GTA 6 Breach Arrested
As a follow-up from the humongous Uber hack from last week, a teenager was arrested in London. The individual is also suspected of carrying out the GTA 6 leak on behalf of the hacking-for-prestige Lapsus$ group.
There was controversy on my Twitter feed over how much "skill" the hacker really displayed. Uber implied the attack was "highly complex" and many disagreed, myself included. To me, a highly skilled hacker is Nadav Grossman who, through hundreds of hours of careful reverse engineering and fuzz testing, discovered a critical WinRar vulnerability. What this kid did required more balls than skills.
👖 DDoS, like High-Waisted Pants, Is Coming Back in Style
Cybersecurity textbooks spend a lot of paragraphs on denial of service attacks. This tendency always irritated me since attacks on confidentiality, especially in web-based settings, are generally more prevalent and damageable, aside from gaming. Maybe it's because one of them is a SMURF Attack and the writers find that funny?
Times are changing. What's old is new again! Thanks to millions of connected devices with incredibly easy default passwords (0000), botnet herders (yes, that's their real job titles) can rent cheap DDoS-as-a-service businesses.
Ars Technica reports on the new modus operandi of cyber-criminals: encrypt critical files, then DDoS the victim so their operational security teams cannot rebuild the systems and the network. I hate to say this but the solution for most businesses to defend themselves from this new pattern probably is vendors.
I'm going to receive "DDoS Prevention!" spam for the next 3 months, right?
💿One of The Biggest Banks in The World Did Not Clear Disks Before Re-Selling Them
Morgan Stanley customer data was found in old hard drives. The bank relied on contractors to dispose of and re-sell the drives. The contractors themselves hired sub-contractors to do the work, and there we are. The biggest question nobody asks about this is: why is this bank allowing their customer's PII to be downloaded on corporate hard drives? BuT ThEiR SeCuRiTy pOlIcY AnD ThEiR CoNtRaCtS SaId tHeY HaD SeCuRe dIsPoSaL 🤪.
🗣️Social Media Chronicles
🥮️Tiktok Eating Away at Google's Text-Based Search
The Verge experimented with replacing Google with TikTok and its conclusions should terrify Google's senior management. While Google's text-based interface keeps the cake in informative queries such as "who is the 16th president of the USA?", Tiktok's search is more effective for product recommendations and activities. For example, Tiktok "won" on the user experience point of view with queries such as "what to eat tonight?", "what to watch on Netflix?", etc.
The Verge concludes that Google's standard "10 underlined blue links with a panel full of Google services" may not be ideal for users of the future. I think the reporter undersold big time how much this is catastrophic for Google's business.
Think about it! Which is more likely to net Google ad revenue: a query about "what type of mammal live in Viet Nam" or "Vietnamese food near me"? Tiktok can show you a genuine 15-second clip of somebody's birthday party in that restaurant! How can text beat that type of experience?
I think we should prepare for the worst from Google. We will suffer in real time from various iterations of "enhanced" search interfaces.
Meanwhile, the privacy-friendly alternative DuckDuckGo improves rapidly its own text-based search. Maybe DuckDuckGo becomes the refuge of people who want a good old-fashioned text search in the future?
🤖AI Almanac
🏩 OpenAI Allows DALL-E Users to Edit Faces
Stable Diffusion's Open Source AI image generator barely turned one month old and people are already using the technology to create deep fakes of celebrities' pornographic material. With that chaotic background, OpenAI announces it is allowing face editing with DALL-E.
Deepfakes on steroids like this will force us to rethink facial authentication (a.k.a. showing your driver's license to buy alcohol).
The only protection from deep fakes I think about is trying to make malicious individuals' lives harder by limiting what you show of yourself online. This is especially true for teenagers who are at risk of cyberbullying.
Speaking of OpenAI...
⛓ Web3 Trippin'
💵El Salvador's Bitcoin Experiment After One Year Lends Mitigated Result
Cointelegraph recaps the first year of El Salvador's pro-cryptocurrency policy. I love when media with a "pro-crypto" bias provide a nuanced article like this. El Salvador's plan to value Bitcoin backfired mostly due to the currency losing 70% of its value in the past year. One of the major disadvantages of a decentralized currency is precisely the risk of falling victim to macro-events. On the other hand, Bitcoin allowed 70% of the "unbanked" population, which consists of 80% of the general population, to access financial services such as payments and remittances.
As an aside, while researching the topic, I was a bit repelled by some more mainstream media coverage of El Salvador's crypto strategy. Its president is depicted as a "millennial", "crypto-mad", "rockstar". The whole enterprise feels condescending. Is this politician taking a risk? Absolutely. But why are we depicting a bold move as the elucubrations of "the cool millennial techno-trippy thing"?
I'm cool as well, dawg
🐶This week's rant: Meta, Google, and Amazon are not Invincible
Every day at work, I come across a problem where I think to myself: "how easier that would be if I was Big Tech". I would have huge brand power and a budget of millions! Well, three stories from Google, Meta and Amazon this week showed us how human Big Tech really is.
😰Google and Meta are Losing It Against Competition
CEOs of Meta and Google went public with their desire to increase productivity, and CNET reports some internal movement is happening to cut costs and create a natural selection. Google's CEO added fuel to the fire in a company meeting by saying employees must not "equate fun with money". This new report by Yahoo might explain why: the once-duopoly is facing a whole new competitive landscape.
Apple is using its grip on its user's device to block cross-site tracking for the benefit of its own ad business.
Tiktok is taking a sizable share of the product (people's attention) for itself.
Amazon's ecosystem locks shoppers in, and Amazon does not need to worry about cross-site tracking to do it.
Microsoft's LinkedIn converts better than any other social media, it has a new partnership with Netflix and is set to become a cloud gaming juggernaut, where both Facebook Games and Google Stadia have failed.
This is not about quiet quitting. Meta and Google are cutting budgets because they are going to struggle to keep shareholders happy otherwise.
👨🏭Amazon Built a 400-People Unit to Work on Tech Debt
Eugene Kim reports Amazon developers are so fed up with legacy code that its CEO himself was forced to take action. 400 developers are working on tooling to remove tiresome operations such as manual tests and "mundane software upgrade work". I admit I have this tendency to see Amazon as this relentless automated machine. Reading this report shows me that, no, the biggest company in the world is addressing the same struggles as every software company!
Now I have to finish this, it's time to tell developers to go work on their low vulnerabilities, just like Amazon does.
Subscribe to the newsletter with the form below.