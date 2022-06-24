from the escaping-digital-microserfdom dept.
Dr Andy Farnell at The Cyber Show writes about the effects of the "splinternet" and division in standards in general on overall computing security. He sees the Internet, as it was less than ten years ago, as an ideal, but one which has been intentionally divided and made captive. While governments talk out of one side of their mouth about cybersecurity they are rushing breathlessly to actually make systems and services less secure or outright insecure.
What I fear we are now seeing is a fault line between informed, professional computer users with access to knowledge and secure computer software - a breed educated in the 1970s who are slowly dying out - and a separate low-grade "consumer" group for whom digital mastery, security, privacy and autonomy have been completely surrendered.
The latter have no expectation of security or correctness. They've grown up in a world where the high ideals of computing that my generation held, ideas that launched the Voyager probe to go into deep space using 1970's technology, are gone.
They will be used as farm animals, as products by companies like Apple, Google and Microsoft. For them, warm feelings, conformance and assurances of safety and correctness, albeit false but comforting, are the only real offering, and there will be apparently "no alternatives".
These victims are becoming ever-less aware of how their cybersecurity is being taken from them, as data theft, manipulation, lock-in, price fixing, lost opportunity and so on. If security were a currency, we're amidst the greatest invisible transfer of wealth to the powerful in human history.
In lieu of actual security, several whole industries have sprung up around ensuring and maintaining computer insecurity. On the technical side of things it's maybe time for more of us to (re-)read the late Ross Anderson's Security Engineering, third edition. However, as Dr Farnell reminds us, most of these problems have non-technical origins and thus non-technical solutions.
(2024) Windows Co-Pilot "Recall" Feature Privacy Nightmare
(2024) Reasons for Manual Image Editing over Generative AI
(2019) Chapters of Security Engineering, Third Edition, Begin to Arrive Online for Review
Ross Anderson, a British professor who was recently denied entrance to the US, well-known for his extensive background in cryptography and computer security research, is in the process of writing a new edition of his book on computer security engineering. So far, the preface and two chapters of Security Engineering, 3rd edition are online available for review. Other chapters will follow online as well. The first and second editions will remain available too.
Today I put online a chapter on Who is the Opponent, which draws together what we learned from Snowden and others about the capabilities of state actors, together with what we've learned about cybercrime actors as a result of running the Cambridge Cybercrime Centre. Isn't it odd that almost six years after Snowden, nobody's tried to pull together what we learned into a coherent summary?
There's also a chapter on Surveillance or Privacy which looks at policy. What's the privacy landscape now, and what might we expect from the tussles over data retention, government backdoors and censorship more generally?
Sustainable Security for Durable Goods (2018)
Daniel Stenberg, Author of cURL and libcurl, Denied US Visit Again (2018)
Dr Andy Farnell at The Cyber Show writes about motivations behind dropping use of generative AI for graphics and moving back to manual design and editing of images. The show had been using generative AI to produce images since its first episode, but now find that it is time to rethink that policy. As the guard rails for generative AI are set up and the boundaries restricted, it gets more racist, more gendered, and less able to output edgy ideas critical of its corporate owners and its potential as an equalizing force seems dead already. So, while the show could set up its own AI instance to generate the images they desire, there is the matter of association and the decision to stop using it has been made.
Doubts emerged late last year after Helen battled with many of the generative platforms to get less racist and gendered cultural assumptions. We even had some ideas for an episode about baked bias, but other podcasters picked up on that and did a fine job of investigating and explicating.
Though, maybe more is still to be said. With time I've noticed the "guardrails" are staring to close in like a pack of dogs. The tools seem ever less willing to output edgy ideas critical of corporate gangsters. That feels like a direct impingement on visual art culture. Much like most of the now enshitified internet there seems to be an built-in aversion to humour, and for that matter to hope, love or faith in the future of humaity. The "five giant websites filled with screenshots of text from the other four" are devoid of anything human.
Like the companies that make them, commercial AI tools seem to have blind-spots around irony, juxtaposition and irreverence. They have no chutzpah. Perhaps we are just bumping into the limits of machine creativity in its current iteration. Or maybe there's a "directing mind", biasing output toward tepid, mediocre "acceptability". That's not us!
As Schneier writes;
"The increasingly centralized control of AI is an ominous sign. When tech billionaires and corporations steer AI, we get AI that tends to reflect the interests of tech billionaires and corporations, instead of the public."
Of course we have the technical chops to put a few high end graphics cards in a rack and run our own uncensored models. But is that a road we want to go down? Do we want to adopt the technology of the enemy when it might turn out to be their greatest weakness, and our humanity our greatest strength?
The Cyber Show is a long-form, English language podcast based in the UK which does deep dives into information communication technology, how it effects society, and various aspects of those effects.
As reported by https://www.msn.com/en-us/news/technology/windows-recall-sounds-like-a-privacy-nightmare-heres-why-im-worried/ar-BB1mNGFI , Microsoft is introducing a new "feature" in Windows 11:
If you haven't read about it yet, Recall is an AI feature coming to Windows 11 Copilot+ PCs. It's designed to let you go back in time on your computer by "taking images of your active screen every few seconds" and analyzing them with AI, according to Microsoft's Recall FAQs. If anyone other than you gets access to that Recall data, it could be disastrous.
On the surface, this sounds like a cool feature, but that paranoid privacy purist in the back of my mind is burying his face in a pillow and screaming. Imagine if almost everything you had done for the past three months was recorded for anyone with access to your computer to see. Well, if you use Recall, you won't have to imagine.
That might seem like an overreaction, but let me explain: Recall is taking screenshots every few seconds and storing them on your device. Adding encryption into the mix, that's an enormous amount of bloaty visual data that will show almost everything you've been doing on your computer during that period.
But that's just the tip of the iceberg. Microsoft openly admits that Recall will be taking screenshots of your passwords and private data:
"Note that Recall does not perform content moderation. It will not hide information such as passwords or financial account numbers. That data may be in snapshots that are stored on your device, especially when sites do not follow standard internet protocols like cloaking password entry."
Arguably, the worst part about this is that it will be on by default once you activate your device. Microsoft states:
On by default
A user going by the name of "Alex von Kitchen" summarised the issues quite well: https://aus.social/@Dangerous_beans/112477798730314983