Category: The Dark Forest of the Internet

Categories
Data Custody Decentralisation and Neutrality Discovery and Curation Products and Design The Dark Forest of the Internet

Preserving the web that matters to us

A quarter of the deep links in The New York Times’ articles are now “rotten”, or no longer accessible. The older the web page, the more likely it is that the articles it links to no longer exist. This chart makes it clear:

The internet is decentralised by design. That means no single entity decides whether a given article on the web is taken down.

But that also means that no single entity can ensure that that article can stay up. If the owner of the domain dies, forgets to renew, or simply chooses not to, it’s gone. The Internet archive can’t archive every single web page that ever existed.

That means it is up to each of us to preserve, privately, those parts of the web that matter to each of us.

I am personally a long-time user of both Instapaper and Pocket (from when they were personal projects of their creators), and have thousands of articles in each. Should either of these services shut down, I will be able to export my saved articles. For articles and web pages with more significant personal value, I also have a folder full of markdown-formatted versions of them. I ended up creating an iOS Siri Shortcut to automate this, which I use every day.

Other ways are to save the full text in Evernote, or OneNote, or Notion using their browser extensions, and they’ll be available to you as long as these services are active. You could also copy the web page, paste it in an email and mail it to yourself, creating a library within email. Which again is accessible – and searchable! – as long as you have access to that email address. There’s no perfect solution.

The important take-away here is that what makes the Internet resilient as a whole makes it fragile at a microscopic level. Saving bookmarks alone is no guarantee that you’ll be able to access something on the web later. You’ll need to save the page itself, and find a system for this that works for you.

Categories
Discovery and Curation Life Design The Dark Forest of the Internet The Next Computer Wellness when Always-On

Life pre-internet

This question on Reddit had a bunch of answers that I think are worth reflecting on.

”People old enough to remember life pre-Internet, what are some less obvious things you miss about that time?”

Work-life balance

“Leaving home and just being gone for the day. No cell phones.”

Mind-wandering

“I miss spacing out. Like, you could legit just sit on a bench or ride a bus and space out completely, letting your mind wander into those creative zones. Now phones/tech makes it much harder to get there.”

“Having an idea, finding a new hobby or skillset or project to work on, going to the library or bookstore to educate yourself about it, start learning and growing and excited about a new passion. Now… you look it up online, realize there’s a bunch of people who are wayyy better at it than you will ever be, and so you immediately give up out of discouragement. :\”

Presence

“If there were cameras, it was really different. You used them to take pictures of things or had people take pictures of you. But there was no social media to preoccupy your mind. It was just doing something. And whoever you were with, was who you were with.“

“My former housemate – who is twenty years younger than me – and I both left our phones at home by accident one day. So we kept on keeping on doing the days activities. Some errands and some wandering around. At one point, she turned to me and said “So this is what the 80s were like?”

“We weren’t getting texts all the time. No constant robocalls and spam e-mails. No expectation of instant reply 24/7. No constant stress or pressure. We were just there enjoying the moment and the simple stuff.”

The news cycle

“News only being on at 6pm. That was it. Now we have 6 hours of local news and 24 hours of cable news. Not being bombarded all day with “news.” And when you saw “Breaking News” on the screen you knew some serious shit went down.”

A curious one for me was one about identity:

“The ability to start over. I moved a lot, every move I could reinvent myself, bookworm, punk, preppie, I got to try out lots of aspects of my personality and my past wasn’t a factor.”

and its reply “I think especially when young it’s genuinely damaging to be locked into an identity by the stuff you have said / done years ago. How are we supposed to grow? Also being judged by the norms of a previous era which are not cool now.”

Categories
Product Management Products and Design Startups The Dark Forest of the Internet Wellness when Always-On

Failure to empathise

On a new feature in Slack via which anyone on Slack can message any other Slack user, across companies:

When Slack introduced the feature today, it hadn’t implemented any features that can help someone who gets harassed. There is no block button or built in mechanism to report the message to Slack or your company’s Slack administrator.

https://twitter.com/44/status/1374737695444901891

Slack reacted:

… “we received valuable feedback from our users about how email invitations to use the feature could potentially be used to send abusive or harassing messages. We are taking immediate steps to prevent this kind of abuse”

– Slack Says Letting Anyone Message Anyone With Few Limits Was ‘a Mistake’

This is a failure to empathise, a rather basic failure when designing products. Gmail took off in its early days in large part because it decimated spam. That is a fifteen year old lesson. Twitter’s issues with harassment and spam are an ongoing lesson.

At Slack’s scale, one should expect product managers to consider the potential for harassment. For information overload. For ambiguity. For bias.

If Slack – or any other company – consciously builds and promotes its products to be used by organisations of all sizes, across all industries, globally, they cannot also dismiss or discount these as incovenient or unnecessary.

These considerations will slow down design and development, they will make the product somewhat less agile and they will increase monetary costs.

That’s the price of making a product that widely available.

You expect that with the increase revenue from this scale, you hire the best product, design and engineering talent to build efficiently while also considering everything above.

(ends)

Categories
Decentralisation and Neutrality Privacy and Anonymity The Dark Forest of the Internet

Decentralisation and criminal activity

A few days ago we discussed how end to end encryption and decentralisation were an inherently political matter.

Signal and Bitcoin are equally dangerous

We saw how Signal’s end to end encryption meant that security agencies can’t simply compel the Signal nonprofit to unscramble users’ messages or monitor them. With Bitcoin, there is no central authority to target, and no easily traceable identities, unless you’re a beginner who’s left their cryptocurrency in an exchange’s account. But it’s because they’re inherently secure, they’re attractive to criminals and terrorists. That in turn attracts the attention – and ire – of law enforcement agencies. And turns it into a political issue.

This article in fact describes the use of Jabber-based messaging apps by criminals in Russia:

Jabber’s federation means that anyone can open a server and run it as they see fit. That’s enormously attractive to criminals worried about companies cooperating closely with governments, especially in the United States. And some Jabber servers are set up specifically to cater to criminals.

– Why Jabber reigns across the Russian cybercrime underground

This isn’t a matter of forcing wiretapping phones, or compelling Apple to unlock iPhones, or forcing a bank to turn over account statements. If traffic on this server is tunneled through a VPN, even locating what Jabber chat server criminals use is a huge problem for security agencies. And unlike Parler or Facebook groups, one can simply set up another Jabber server.

It’s the same reason that sites on the Tor network that sell and list torrents and other contraband are so resilient to being taken down.

(Featured Image Photo Credit: Ricardo Gomez Angel/Unsplash)

Categories
Data Custody Decentralisation and Neutrality Personal Finance Privacy and Anonymity Real-World Crypto The Dark Forest of the Internet

Dalio on Bitcoin – store of value and its threat to governments

Some extracts from the hedge fund manager Ray Dalio’s public note about Bitcoin.

I believe Bitcoin is one hell of an invention. To have invented a new type of money via a system that is programmed into a computer and that has worked for around 10 years and is rapidly gaining popularity as both a type of money and a storehold of wealth is an amazing accomplishment.

Because of what is going on in the world, besides there being a growing need for money or storehold of wealth assets that are limited in supply, there is also a growing need for assets that can be privately held. Because there aren’t many of these gold-like storehold of wealth assets that can be held in privacy and because the sizes of their markets are relatively small, there exists the possibility that Bitcoin and its competitors can fill that growing need.

He does make a counter-argument against supply: that while Bitcoin itself is limited, there is no limit to the number of cryptocurrencies that can be created in the same manner. As untamperable and un-shut-down-able as Bitcoin.

Speaking of untamperable, Dalio recognises that the biggest threat to Bitcoin is not an attack on the chain itself, but in governments restricting access to it in the first place.

I suspect that Bitcoin’s biggest risk is being successful, because if it’s successful, the government will try to kill it and they have a lot of power to succeed… for good logical reasons governments wanted control over money and they protected their abilities to have the only monies and credit within their borders. When I a) put myself in the shoes of government officials, b) see their actions, and c) hear what they say, it is hard for me to imagine that they would allow Bitcoin (or gold) to be an obviously better choice than the money and credit that they are producing.

This is potentially what could happen in India. While the government recognises – rightly – that cryptocurrency isn’t clearly either a currency or an asset and therefore doesn’t fit into existing regulatory frameworks, its approach to it seems to be one of antipathy. A bill that may be tabled and discussed in the coming weeks is described in the current parliamentary session agenda as one that intends to

… create a facilitative (sic) framework for creation of the official digital currency to be issued by the Reserve Bank of India. The Bill also seems to prohibit all private cryptocurrencies in India, however (sic) it allows for certain exceptions to promote the underlying technology of cryptocurrency and its uses.

Categories
Decentralisation and Neutrality Privacy and Anonymity The Dark Forest of the Internet

Signal and Bitcoin are equally dangerous

This article describes the tension at the nonprofit that builds the messaging app Signal – the tension between providing totally private messaging, and the inevitability that such a service will be used by terrorists and criminals to organise.

Privacy was, is and will be political. Governments have always wanted access to information, from intercepting postal mail to eavesdropping on telephone conversations to the USA National Security Agency’s PRISM programme that collected data from nearly every major USA tech company: Microsoft, Google, Facebook, Apple.

Until recently, end to end encryption, like the kind Signal (and Telegram) makes possible, has not been available to people like you and me. With such encryption, not even Signal itself can access the contents of our conversations [1]. This means even if USA or other government spies were to break into Signal’s systems, or obtain its covert cooperation, they wouldn’t be able to see what messages you and I typed to each other.

That means for you and me, the very act of using Signal and other such services is political. Likewise for Signal, providing such a service is a political act.

It is always going to be at the receiving end of governmental efforts, USA and outside, to provide encryption backdoors for their security agencies [2][3].

If you were such a government, you’d use informal private pressure, you’d build a public legal case and you’d discredit the company and private messaging in general by pointing out the danger to national security. This is also the playbook governments the world over have used to deal with cryptocurrency.

I think the only way that the Signal organisation and others like it will be left un-harassed is by reframing the question.

Today it is “What is Signal doing to tackle terrorist activity taking place on your service?”

The much more politically fraught – but correct – question is “Why is the onus of identifying, reporting and shutting down terrorist/criminal activity primarily on Signal?”

Like it or not, Signal is a political organisation. It needs to begin acting like one.

[1] And we don’t need to take Signal’s word for it – the app and server code is available publicly.

[2] Never mind that that kind of backdoor would require explicitly moving to a fundamentally different, less secure encryption algorithm.

[3] PS: And you and I, as Signal users, are going to be suspect.

(Featured Image Photo Credit: Alexandru Zdrobău/Unsplash)

Categories
Data Custody Privacy and Anonymity Products and Design The Dark Forest of the Internet

Are Telegram chats encrypted or not? Here’s what you need to know about encryption, privacy and tradeoffs

A friend sent me this message from one of the groups she was on:

I’ve just found out that chats in Telegram (unlike in Signal) are not encrypted by default (unless started as secret chat) and group chats are not encrypted at all!”

and asked if this was true.

I think terms like “not encrypted”, “end to end encryption” need to be understood better so we can make better decisions about what to use and not. Here’s what I wrote back:

“Yes, Telegram encryption works differently from Signal but it’s just plain inaccurate that Telegram chats are not encrypted. They are. Both “in transit” ie from your phone to Telegram and “at rest” ie on Telegram servers.

So what’s the difference between the apps?

Telegram chats are encrypted by Telegram’s keys, which are stored separately from the data. From their privacy policy:

Telegram is a cloud service. We store messages, photos, videos and documents from your cloud chats on our servers so that you can access your data from any of your devices anytime without having to rely on third-party backups. All data is stored heavily encrypted and the encryption keys in each case are stored in several other data centers in different jurisdictions. This way local engineers or physical intruders cannot get access to user data.

All group chats are also encrypted in the same way:

In addition to private messages, Telegram also supports public channels and public groups. All public chats are cloud chats (see section 3.3.1 above). Like everything on Telegram, the data you post in public communities is encrypted, both in storage and in transit — but everything you post in public will be accessible to everyone.

For 1:1 conversations, Telegram has what it calls ‘secret chats’, where the encryption keys are known only to the two devices – one for each person. Again from Telegram’s privacy policy:

[In secret chats] all data is encrypted with a key that only you and the recipient know. There is no way for us or anybody else without direct access to your device to learn what content is being sent in those messages. We do not store your secret chats on our servers. We also do not keep any logs for messages in secret chats, so after a short period of time we no longer know who or when you messaged via secret chats.

So if you only use Telegram on one iPhone and I use it on iPhone, iPad, and two Macs and I use each of them to chat with you, you will have four distinct ‘secret’ conversations with me on the same phone, and I will have one conversation with you on each of my devices, but all disjointed. In return, no messages are stored on Telegram’s servers.

Signal works this way by default – separate message queue for devices. You can see that the conversion on my iPhone is not synced to my iPad automatically:

But there is a tradeoff. Once again, Telegram’s privacy policy:

For the same reasons secret chats are not available in the cloud — you can only access those messages from the device they were sent to or from.

Without getting into the details, it’s really tough to do all three of the following:

  • a. support perfect message sync between mutliple devices and
  • b. encrypt it on-device and
  • c. not store messages on the server.

With this model,

  • Telegram does b. and c. for secret chats but sacrifices a. Signal works this way by default.
  • Apple iMessage does a. and b. but does store messages on its servers for seven days, after which it deletes them, technically achieving c. but and sacrificing a.
  • Whatsapp does b. and c. but doesn’t do a., which is why Whatsapp Web always needs to connect to your phone.

Hope this helps.”

I’m quite happy with the ongoing conversation around the loss of personal privacy online. There seems to be mainstream coverage of its pervasiveness for the first time, even if it’ll be churned away by the next news cycle.

But this conversation is as vulnerable to being hijacked and derailed by disinformation as any other. I think it’s important for those who can to explain technology and terminology in such a way that people can make educated decisions about reclaiming their privacy.

(Featured Image Photo Credit: Mitchell Ng Liang an/Unsplash)

Categories
Audience as Capital Decentralisation and Neutrality Discovery and Curation The Dark Forest of the Internet

The last Twitter megapersonality – Part 2

(Part 1 – Deplatformization)

What’s new is the Trump episode demonstrated these companies’ herd mentality: first no one could afford to act against his social media accounts because it would mean losing eyeballs. And then all of a sudden no one could afford to keep his account standing. [2]

This means online personalities can’t rely of any of these platforms as an alternative to the others. Now that the platforms have acted in unison once – rather effectively – they’re likely to be more aggressive in the future. It’s like being cancelled, but by entire platforms.

So the next megapersonality isn’t going to be primarily on Twitter or Facebook or YouTube or even Telegram. They are going to own their presence. They may publish and engage on all of these platforms, but their home, their fortress, is going to be an independent online presence.

Two types of such online presences will proliferate among influencers: One, state controlled or state influenced online media for national political leaders. The internet equivalent of state TV and Radio. China leads the world here.

Two, independent online properties. We discussed this earlier in the context of Trump’s options:

Where will the Trump community congregate after the Twitter and Facebook ban?

This Vox article shows how other right-wing personalities like Alex Jones have their own website and online radio show have an audience independent of social media sites. While they also have also suffered in their ability to reach people after being shut out from media platforms, they have survived, even thrived. For Trump, who hasn’t bothered spending any time investing in any platform his own, there is suddenly no way to reach out to his followers. Every political leader, every entertainer, every tech personality has seen this unfold.

Trump may have been the last Twitter megapolemicist, but it’s likely he’s going to run one of the first personal megaplatforms. I’m looking forward to how quickly it happens and what form it takes.

(ends)

[2] The point of this is not about right or wrong. For the record I think Trump’s Twitter account was a disgrace to online decency.

(Featured Image Photo Credit: Harald Arlander/Unsplash)

Categories
Audience as Capital Decentralisation and Neutrality Discovery and Curation The Dark Forest of the Internet

The last Twitter megapersonality – Part 1

‘Deplatformization’ is now a word in the tech world’s vocabulary. It’s what the Tech Giants did to Donald Trump. First one, then another, and then all of the herd followed last week:

“How did you go bankrupt?” Bill asked. “Two ways,” Mike said. “Gradually, then suddenly.”

Ernest Hemingway, “The Sun Also Rises”.

And just like that, Trump’s vast influence was neutered. This site makes the case that after years of hand-wringing, the tech giants took action simply because it had become clear that Trump no longer held political power:

For years Facebook and Twitter were unwilling to enforce their own rules against those inciting violence, in fear of upsetting a substantial part of their userbase… Not only is this [deplatformization] too little too late, but needs to be understood as an admission of complicity… Could it be that after the electoral shake-up what used to be an asset became a liability?

One of the mega trends we explore repeatedly on this site is that of Audience as Capital. You can’t discuss that trend without recognizing the fantastic power now held by social media companies which, if user bases were populations, would be the world’s largest countries:

  • Facebook itself: over 2.5 billion active users
  • Youtube: over 2 billion
  • Whatsapp (Facebook): over 2 billion
  • Instagram (Facebook): well over 1 billion
  • Wechat: ~1 billion
  • Tiktok: ~800 million
  • Twitter: ~300 million
  • Linkedin: over 300 million

Add to this Google Play Store with about 2.5 billion users on Android and Apple’s App Store with over 1.5 billion iOS devices controlling app distribution. They took the right-wing-dominated social network Parler offline.

Further add to this Amazon’s dominance of online commerce, Stripe’s of online payment acceptance, the decades-old Visa-Mastercard duopoly of payments processing [1], and Amazon AWS, Microsoft Azure and Google Cloud Platform’s cornering of the internet applications, including such basic internet plumbing as DNS. AWS took Parler’s infrastructure down too.

We have never before seen such global concentration of attention and distribution.

[1] Not to mention local leaders: China Unionpay and India’s Rupay

(Part 2: so what’s the future?)

(Featured Image Photo Credit: Willian Justen de Vasconcellos/Unsplash)

Categories
Data Custody Privacy and Anonymity Products and Design The Dark Forest of the Internet Wellness when Always-On

Why you shouldn’t delete Whatsapp and move to Signal

The Ars Technica website has a solid explanation of Whatsapp’s new privacy policy changes, which involve sharing extensive data about your Whatsapp usage with Facebook, Whatsapp’s parent company.

Whatsapp has been sharing data with Facebook since 2016, but earlier you had one chance to opt out of it. With the prompt you saw last week, it’s now mandatory – if you didn’t opt in this time, you won’t be able to use the app after 8 Feb 2021.

Now. Whatsapp claims it cannot read the actual contents of your chats – the company says those are encrypted end to end, in a way that even Whatsapp/Facebook can’t unscramble, in fact using technology from the privacy-focused app Signal.

But metadata – “data about data” – is not encrypted. This is your activity in the app:

  • Who you chat with
  • When and how often you chat with them
  • Whether you send multimedia,
  • Whose profiles you search and look at,
  • Whose statuses you check,
  • who you call on the app, when and for how long

All of this is sent as one long, continuous stream of data. The plan is almost certainly to match this with similar data collected by the Facebook and Instagram apps, and the thousands of other apps that use the Facebook ‘SDK’ for ads/tracking, to build a detailed picture of you.

So. Now that you know this, should you move off Whatsapp to Signal, as Elon Musk suggested on Twitter?

In general, no. You shouldn’t move off Whatsapp and move to Signal.

Is this you?

  • You have a Facebook account
  • You stay logged into it on one tab while you browse other sites on the web
  • You run the Facebook app on your phone
  • You have an Instagram account
  • You’ve given either or both FB and Instagram access to your contacts when they asked you at signup
  • You’ve used Log In With Facebook to sign into other apps
  • You hadn’t opted out of sharing Whatsapp data with Facebook when asked a few earlier

If you’ve answered Yes or even I’m not sure to some of these questions,, the Whatsapp policy change really doesn’t make much difference. You’re already sharing data – lots of it – with the Facebook family. Deleting WhatsApp is plugging a few squares in a sieve.

I’m not judging you. Our relationship with technology, especially social media, is highly asymmetric. It isn’t practical for you and me to understand the average privacy policy fully, leave alone that the onus of tracking frequent changes to it is on us. Repeat for each app that we use, and the tracking code from different other companies that that app uses.

Even if you’ve wisened up, even if you’re now uncomfortable with the amount of data the Facebook family of apps collects about you, chances are your friends, family, professional groups don’t care as much – they’ll still happily use them, and they’ll expect you to ‘be’ on these apps too.

Quitting Whatsapp is most effective when you quit the rest of Facebook too. It’ll take time. It’ll take some convincing, it’ll take some re-evaluation of relationships. But you can make it work.

It’s taken even Facebook a few years to hook you enough to get the sheer amount of data it has on you. Give yourself time to rid yourself of it too.

Update: A friend asked me if Facebook was able to collect any less data if one used Instagram in a browser as opposed to the app:

“I signed up [on Instagram] using an email address I created specifically for IG, but it doesn’t take Zuck to figure out that the overlap between the people I talk to on Whatsapp and those that this IG account interacts with means that we’re the same person.”

“Your interaction on Instagram the service reveals more about you than the specific devices you use it on. Sure, the IG app can tell your location more accurately than IG in a browser window can, because the former uses GPS and the latter looks up your IP in a database. But IG in the browser still knows when you log in and for how long, whose profiles you lurk on, what your friend network is and suchlike.”

“When you upload a photo, IG can tell a lot from the photo’s EXIF data: the precise model of the camera you used, phone or otherwise, where you were when you took it, when you took it, among other things. IG can run facial recognition algorithms on them to draw an even more detailed picture of your network. But both of these have little to do with whether you use the app or the browser.”

“If someone spots you at a cafe, you aren’t better hidden if you pulled up to the cafe in an uber as opposed to drove there. The fact remains that you were there and someone saw you. (I am rather bad at analogies but I think this one might actually work)”

(Featured Image Photo Credit: Markus Spiske/Unsplash)