Thought Shrapnel Profile Photo

Thought Shrapnel

A stream of things going in and out of the brain of Doug Belshaw

    The security guide as literary genre

    I stumbled across this conference presentation from back in January by Jeffrey Monro, “a doctoral student in English at the University of Maryland, College Park, where [he studies] the textual and material histories of media technologies”.

    It’s a short, but very interesting one, taking a step back from the current state of play to ask what we’re actually doing as a society.

    Over the past year, in an unsurprising response to a host of new geopolitical realities, we’ve seen a cottage industry of security recommendations pop up in venues as varied as The New York TimesVice, and even Teen Vogue. Together, these recommendations form a standard suite of answers to some of the most messy questions of our digital lives. “How do I stop advertisers from surveilling me?” “How do I protect my internet history from the highest bidder?” And “how do I protect my privacy in the face of an invasive or authoritarian government?”
    It's all very well having a plethora of guides to secure ourselves against digital adversaries, but this isn't something that we need to really think about in a physical setting within the developed world. When I pop down to the shops, I don't think about the route I take in case someone robs me at gunpoint.

    So Monro is thinking about these security guides as a kind of ‘literary genre’:

    I’m less interested in whether or not these tools are effective as such. Rather, I want to ask how these tools in particular orient us toward digital space, engage imaginaries of privacy and security, and structure relationships between users, hackers, governments, infrastructures, or machines themselves? In short: what are we asking for when we construe security as a browser plugin?
    There's a wider issue here about the pace of digital interactions, security theatre, and most of us getting news from an industry hyper-focused on online advertising. A recent article in the New York Times was thought-provoking in that sense, comparing what it's like going back to (or in some cases, getting for the first time) all of your news from print media.

    We live in a digital world where everyone’s seemingly agitated and angry, all of the time:

    The increasing popularity of these guides evinces a watchful anxiety permeating even the most benign of online interactions, a paranoia that emerges from an epistemological collapse of the categories of “private” and “public.” These guides offer a way through the wilderness, techniques by which users can harden that private/public boundary.
    The problem with this 'genre' of security guide, says Monro, is that even the good ones from groups like EFF (of which I'm a member) make you feel like locking down everything. The problem with that, of course, is that it's very limiting.
    Communication, by its very nature, demands some dimension of insecurity, some material vector for possible attack. Communication is always already a vulnerable act. The perfectly secure machine, as Chun notes, would be unusable: it would cease to be a computer at all. We can then only ever approach security asymptotically, always leaving avenues for attack, for it is precisely through those avenues that communication occurs.
    I'm a great believer in serendipity, but the problem with that from a technical point of view is that it increases my attack surface. It's a source of tension that I actually feel most days.
    There is no room, or at least less room, in a world of locked-down browsers, encrypted messaging apps, and verified communication for qualities like serendipity or chance encounters. Certainly in a world chock-full with bad actors, I am not arguing for less security, particularly for those of us most vulnerable to attack online... But I have to wonder how our intensive speculative energies, so far directed toward all possibility for attack, might be put to use in imagining a digital world that sees vulnerability as a value.
    At the end of the day, this kind of article serves to show just how different our online, digital environment is from our physical reality. It's a fascinating sideways look, looking at the security guide as a 'genre'. A recommended read in its entirety — and I really like the look of his blog!

    Source: Jeffrey Moro

    Platform censorship and the threat to democracy

    TorrentFreak reports that Science Hub (commonly referred to as ‘Sci-Hub’) has had its account with Cloudflare terminated. Sci-Hub is sometimes known as ‘the Piratebay of Science’ as, in the words of Wikipedia, it “bypasses publisher paywalls by allowing access through educational institution proxies”:

    Cloudflare’s actions are significant because the company previously protested a similar order. When the RIAA used the permanent injunction in the MP3Skull case to compel Cloudflare to disconnect the site, the CDN provider refused.

    The RIAA argued that Cloudflare was operating “in active concert or participation” with the pirates. The CDN provider objected, but the court eventually ordered Cloudflare to take action, although it did not rule on the “active concert or participation” part.

    In the Sci-Hub case “active concert or participation” is also a requirement for the injunction to apply. While it specifically mentions ISPs and search engines, ACS Director Glenn Ruskin previously stressed that companies won’t be targeted for simply linking users to Sci-Hub.

    Cloudflare is a Content Delivery Network (CDN), and I use their service on my sites, to improve web performance and security. They are the subject of some controversy at the moment, as the Electronic Frontier Foundation note:

    From Cloudflare’s headline-making takedown of the Daily Stormer last autumn to YouTube’s summer restrictions on LGBTQ content, there's been a surge in “voluntary” platform censorship. Companies—under pressure from lawmakers, shareholders, and the public alike—have ramped up restrictions on speech, adding new rules, adjusting their still-hidden algorithms and hiring more staff to moderate content. They have banned ads from certain sources and removed “offensive” but legal content.
    It's a big deal, as intermediaries that are required for the optimisation in speed of large website succumb to political pressure.
    Given this history, we’re worried about how platforms are responding to new pressures. Not because there’s a slippery slope from judicious moderation to active censorship — but because we are already far down that slope. Regulation of our expression, thought, and association has already been ceded to unaccountable executives and enforced by minimally-trained, overworked staff, and hidden algorithms. Doubling down on this approach will not make it better. And yet, no amount of evidence has convinced the powers that be at major platforms like Facebook—or in governments around the world. Instead many, especially in policy circles, continue to push for companies to—magically and at scale—perfectly differentiate between speech that should be protected and speech that should be erased.
    We live in contentious times, which are setting the course for a digitally mediate future. For every positive development (such as GDPR), there's stuff like this...

    Sources: TorrentFreak / EFF