Be an Information Warrior: Fun and Easy Too

September 16, 2022

I spotted an article in Politico. I won’t present the full title because the words in that title will trigger a range of smart software armed with stop words. Here’s the link if you want to access the source to which I shall refer.

I can paraphrase the title, however. Here’s my stab at avoiding digital tripwires: “Counter Propaganda Tailored to Neutralize Putin’s Propaganda.”

The idea is that a “community” has formed to pump out North Atlantic Fellas’ Organization weaponized and targeted information. The source article says:

NAFO “fellas,” as they prefer to be called, emblazon their Twitter accounts with the Shiba Inu avatar. They overlay the image on TikTok-style videos of Ukrainian troops set to dance music soundtracks. They pile onto Russian propaganda via coordinated social media attacks that rely on humor — it’s hard to take a badly-drawn dog meme seriously — to poke fun at the Kremlin and undermine its online messaging.

The idea is that NAFO is “weaponizing meme culture.” The icon for the informal group is Elon Musk’s favorite digital creature.

See related image detail

The image works well with a number of other images in my opinion. The source write up contains a number of examples.

My thought is that if one has relatives or friends in Russia, joining the NAFO outfit might have some knock on consequences.

From my point of view, once secret and little known information warfare methods are now like Elon Musk. Everywhere.

Stephen E Arnold, September 16, 2022

Is Fresh Thinking about ISPs and Network Providers Needed?

September 14, 2022

Today (September 14, 2022) I reviewed some of our research related to what I call the “new” Dark Web. Specifically, I called attention to Internet Service Providers and Network Providers who operate mostly as background services. What gets the attention are the amazing failures of high profile systems like Microsoft and Google Cloud, among others. When I hear talk about “service providers”, the comments fall into two categories:

  1. The giant regulated outfits some of which are government controlled and owned and others which are commercial enterprises with stakeholders and high profiles. The question, “Does cloud provider X allow its platform to deliver CSAM or phishing attacks?” is not top of mind.
  2. Local Internet operations which resell connectivity provided by outfits in Category 1 above or who operate servers or lease “virtual” servers on Category 1’s equipment. Most of these outfits have visibility in a specific geographic area; for example, Louisville, not far from my hovel in a hollow.

Are these two categories sufficient? Do bad actors actually do bad things on systems owned, operated and managed by Category 1 companies? Is that local company really hosting CSAM or delivering malware for a client in Hazard County, Kentucky?

The answer to these questions is, “Yes.” However, technology is available, often as open source or purpose built by some ISP/network providers to make it difficult to determine who is operating a specific “service” on third party equipment. Encryption is only part of the challenge. Basic security methods play a role. Plus, there are some specialized open source software designed to make it difficult for government authorities to track down bad actors. (I identified some of these tools in my lecture today, but I will not include that information in this free blog post. Hey, life is cruel sometimes.)

I mention the ISP/Network Provider issue because the stakes are rising and the likelihood of speeding up some investigative processes is decreasing. In this post, I want to point you to one article, which I think is important to read and think about.

Navigate to “Naver Z Teams Up with Thai Telecom Giant to Build Global Metaverse Hub.” Naver is in South Korea. True is in Thailand. South Korea has some interesting approaches to law enforcement. Thailand is one of the countries with a bureaucratic method that can make French procedures look like an SR 71 flying over a Cessna 172. (Yes, this actually happened when the SR 71 was moving at about three times the speed of sound and the Cessna 172 was zipping along at a more leisurely 120 knots.)

The write up states:

Naver Z, the metaverse unit of South Korean internet giant Naver, has partnered with Thai telecom conglomerate True to build a global metaverse hub for creators.

The new service will build on the Zepeto metaverse platform. Never heard of it? The service has 20 million monthly active users.

Here’s a key point:

The platform is particularly attractive for K-pop fans. Zepeto recently collaborated with Lisa, a member of the popular South Korean girl group Blackpink, to host a virtual event where her fans could take selfies with her avatar on Zepeto.

So what?

What if a CSAM vendor uses the platform to distribute objectionable materials? What if the bad actor operates from the US?

What type of training and expertise are required to identify the offending content, track the source of the data, and pursue the bad actor?

Keep in mind that these are two big outfits. The metaverse is a digital datasphere. Much of that environment will be virtualized and make use of distributed services. Obfuscation adds some friction to the investigative processes.

For those charged with enforcing the law, the ISPs/and Network Providers — whether large or small — will become more important factors in some types of investigations.

Is CSAM going to find its way into the “metaverse”?

I think you know the answer to the question. Now do you know what information is needed to investigate an allegation about possibly illegal behavior in Zepeto or another metaverse?

Think about your answer, please.

Stephen E Arnold, September 14, 2022

The Stochastic Terrorism Loophole: A Hidden Dimension?

September 7, 2022

Now that’s an interesting way to describe the actions of network providers / ISPs who look like “good guys” but may have a less visible suite of services on offer. I think stochastic terrorism is information warfare designed to achieve specific goals. You may disagree, but this notion is okay for me.

I read “How Cloudflare Got Kiwi Farms Wrong.” The write up states:

Most casual web surfers may be unaware of Cloudflare’s existence. But the company’s offerings are essential to the functioning of the internet. And it provided at least three services that have been invaluable to Kiwi Farms.

That’s a fair statement … as far as it goes. I would suggest that the world of network providers / ISPs — what the source article calls infrastructure — is not well understood even by those who are the senior managers of Cloudflare-type companies. This willful unknowing produces statements like, “Senator, thank you for the question. I will get the answer to your office…” My hunch is that Cloudflare is large enough to have a plethora of apologists and explainers, PR professionals and lawyers, to make clear that Cloudflare is working overtime to be wonderful.

The cited article asserts:

… it’s notable that for all its claims about wanting to bring about an end to cyberattacks, Cloudflare provides security services to … makers of cyberattack software! That’s the claim made in this blog post from Sergiy P. Usatyuk, who was convicted of running a large DDoS-for-hire scheme. Writing in response to the Kiwi Farms controversy, Usatyuk notes that Cloudflare profits from such schemes because it can sell protection to the victims.

Is this what I call the saloon door approach? The idea is that technology like a saloon door can admit anyone who can stagger, walk, or crawl. Plus the saloon door swings both ways, just like a flow of zeros and ones.

Also, Cloudflare is visible, has many customers, and positions itself as a champion of truth, justice, and the American way. Is this a new tactic? Has the rhetorical positioning be used by other network providers / ISPs; say, for instance, Amazon, Google, Microsoft, and some others? Are there network providers and ISPs which most people know nothing about? Is there such an operation in Bulgaria, Germany, or Moldova? (Next week I will share some details with those attending my lecture to a couple of cyber professionals who are affiliated with the US government. Sorry. That information is not appropriate for my free blog about stuff that sort of intrigues me.

Let me try to share how I translated the the Silicon Valley real news essay about Cloudflare and KiwiFarms. I think the point beneath the surface of 2,000 word essay is something along the lines of:

No one understands too much about these network providers / ISPs, their business models, their customers, and their services. Wow. Wow. Wow.

May I ask a couple of questions?

Who is responsible for paying attention to the plumbing? Is it the government, the local police department’s cyber investigators, the folks at Interpol, the companies’ boards of directors, the Silicon Valley real news people, or those zapped by weaponized information and services?

I think you know the answer.

No one.

The nifty phrase stochastic terrorism loophole is a consequence of the Wild West, revenue-any-way- one-can-get-it, apologize-and-never ever-ask-for-permission mentality that is having a few trivial social consequences. How are those YouTube content creators in Russia dealing with network providers / ISPs? One could ask Bald and Bankrupt I suppose as he modifies his life in the face of IRL.

News flash: There are thousands of network providers and ISPs in North America. There are some interesting outfits in Iceland and Romania. There are countries not aligned with American processes providing plumbing, including an almost unknown outfit in northern India.

The fancy phrase makes clear that a good understanding of network services / ISPs is not part of the equipment for living. The current dust up has captured the hearts, minds, and clicks of some observers.

There’s more to learn but when one does know what one does not know, the stochastic terrorism loophole does not provide what a day time drama tried to deliver: A guiding light. Who sponsored that program anyway?

Stephen E Arnold, September 7, 2022

Quality Defined: Just Two Ways?

August 25, 2022

I am not sure what to make of “The Two Types of Quality.” A number of years ago I was in Osaka and Tokyo to deliver several lectures about commercial databases. The topic had to be narrowed, so I focused on the differences between a commercially successful database like those produced by the Courier Journal & the Louisville Times, the Petroleum Institute, and ERIC, among a handful of other must-have professional-operated databases. I explained that database quality could be defined by technical requirements; for example, timeliness of record updating, assigning a specific number of index terms from a subject matter expert developed and maintained controlled vocabulary (term) list, accurate spelling, abstracts conforming to the database publishers’ editorial guidelines, etc. The other type of quality was determined by the user; for example, was the information provided by the database timely, accurate, and in line with the scope of the database. Neither definition of quality was particularly good. I made this point in my lectures. Quality is like any abstract noun. Context defines it. Today quality means, as I was told  after a lecture in Germany, “good enough.” I thought the serious young person was joking. He was not. This professional, who worked for an important European Union department, embraced “good enough” as the definition of quality.

The cited essay explains that there are two types of quality. The first is “purely functional.” I think that’s close to my definition of quality for old-fashioned databases. There were expensive to produce, difficult to index in a useful, systematic way even with our human plus smart software systems, and quite difficult to explain to a person unfamiliar with the difference between looking up something using Google and looking up a chemical structure in Chemical Abstracts. When I was working full time, I had a tough time explaining that Google was neither comprehensive nor focused on consistency. Google wanted to sell ads. Popularity determined quality, but that’s not what “quality” means to a person researching a case in a commercial database of legal information.

The second is “quality that fascinates.” I must admit that this is related to my notion of context, but I am not sure that “fascination” is exactly what I mean by context. A ball of string can fascinate the cat owner as well as the cat. Is this quality? Not in my book.

Several observations:

  1. Quality cannot be defined. I do believe that a company, its products, and an individual can produce objects or services that serve a purpose and do not anger the user. Well, maybe not anger. How about annoy, frustrate, stress, or force a product or service change. It is also my perception that quality is becoming a lost art like chipping stone arrowheads.
  2. The word “quality” can be defined in terms of cost cutting. I use products and services that are not without big flaws. Whether it is getting Microsoft Windows to print or preventing a Tesla from exploding into flames, short cuts seem to create issues. These folks are not angels in my opinion.
  3. The marketers, many of those whom I met were former journalists or art history majors, explain quality and other abstract terms in a way which obfuscates the verifiable behavior of a product or service. These folks are mendacious in my opinion.

Net net: Quality now means good enough.

That’s why nothing seems to work: Airport luggage handling, medical treatments of a president, electric vehicles, contacting a local government agency about a deer killed by a rolling smoke pickup truck driver, etc.

Quality products and services exist. Is it possible to find these using Bing, Google, or Yandex?

Nope.

Stephen E Arnold, August 25, 2022

A 2022 Real Time Classification Taxonomy

August 24, 2022

More than a decade ago, a semi clueless government entity in the European Union asked me to think about real time information flows. We looked around for technical papers, journal articles, and online information from investment banks and government agencies shooting stuff into space. (How about that real time communication from a satellite launched in 2009? Ho ho ho.)

I dug around in my paper files and found this early version of my research team’s approach to the subject of real time online information.

image

The team identified six principal types of real time information. I suppose today, these six categories are dinobaby eggs.

As evidence, I submit “Why You’re Probably Thinking About Real-Time Systems in the Wrong Way,” which illustrates how out-of-date our research has become. The article explains that there are three types of real time; to wit:

Hardware based real time systems, for example, high precision automated robotic assembly lines

Micro Batch real time systems; for example, ecommerce systems

Event driven real time systems; for example, embedded artificial intelligence systems

I am not sure how to fit our analysis into the three part categorization in the article.

What’s interesting is that the lack of understanding about real time, what’s needed to make them low latency, and affordable persists.

I will end with one question, “Do you think about real time in real time?”

Yes, ah, well, good for you!

Stephen E Arnold, August 24, 2022

The Metaverse? Not This Dinobaby

August 15, 2022

How many hours a day will this dinobaby spend in the metaverse? The answer, according to a blue chip consulting firm, is four hours a day. Now the source of this insight is McKinsey & Co., a firm somehow snared in the allegations related to generating revenue from a synthetic compound. I am not sure, but I think that the synthetic shares some similarity to heroin? Hey, why ot ask a family which has lost a son or daughter to the alleged opioid epidemic?

The McKinsey information appears in “People Expect to Spend at Least 4 Hours a Day in the Metaverse.” I learned:

Gen Z, millennials, and Gen X consumers expect to spend between four and five hours a day in the metaverse in the next five years. Comparatively, a recent Nielsen study found that consumers spend roughly five hours a day watching TV across various platforms.

If we assume that an old-fashioned work day is eight hours, that becomes about 1,000 hours a year of billable time plugged in or jacked in to the digital realm. I don’t know about you, but after watching students at a major university, I think the jack in time is on the low side. The mobile immersion was impressive.

The write up points out that an expert said:

“[Current AR smart glasses] give you a metaphor that looks like an Android phone on your face. So rectangles floating in space. That’s not enough for [mainstream smart glasses] adoption to happen,” Jared Ficklin, chief creative technologist at Argodesign, a former Magic Leap partner, said.

This dinobaby respectfully refuses to prep for digital addiction.

Stephen E Arnold, August 15, 2022

Pirate Library Illegally Preserves Terabytes of Text

August 15, 2022

Call it the Robin Hood of written material. (The legendary outlaw, not the brokerage outfit.) The Next Web tells us about an effort to preserve over seven terabytes of texts in, “The Pirate Library Mirror Wants to Preserve All Human Knowledge … Illegally.” Delighted writer Callum Booth explains:

“The Pirate Library Mirror is what it says on the tin: a mirror of existing libraries of pirated content. The project focuses specifically on books — although this may be expanded in the future. The project’s first goal is mirroring Z-Library, an illegal repository of journal articles, academic texts, and general-interest books. The site enforces a free download limit — 10 free books a day — and then charges users when they go above this. Z-Library originally branched off another site serving illegal books, Library Genesis. The former began its life by taking the latter site’s data, but making it easier to search. Since then, the people running Z-Library have built a collection that includes many books not available on its predecessor. This is important because, while Library Genesis is easily mirrorable, Z-Library is not — and that’s where the Pirate Library Mirror comes in. Those behind the new project cross-referenced Z-Library with Library Genesis, keeping what was only on the former, as that hasn’t been backed up. This amounts to over 7TB of books, articles, and journals.”

Instead of engaging in the labor-intensive process of transferring those newer Z-Library files to Genesis, those behind the Pirate Library simply bundle it all across multiple torrents. Because this is more about preservation than creating widespread access, the collection is not easily searchable and can only be reached via TOR. Still, it is illegal and could be shut down at any time. Booth acknowledges the complex tension between information access and the rights of content creators, but he is also downright giddy about the project. It reminds him of the “old school” internet, a wonderland of knowledge for the sake of knowledge. Ah, those were the days.

Cynthia Murrell, August 15, 2022

Wikipedia and Legal Decisions: What Do Paralegals Really Do for Information?

August 2, 2022

I read an interesting and, I think, important article about legal search and retrieval. The good news is that use of the go to resource is, so far, free. The bad news is that if one of the professional publishing outfits big wigs reads the cited article, an acquisition or special licensing deal may result. Hasta la vista, Wikipedia maybe?

Navigate to “How Wikipedia Influences Judicial Behavior.” The main idea of the article is that if a legal decision gets coverage in Wikipedia, that legal decision influences some future legal decisions. I interpret this as saying, “Lawyers want to reduce online legal research costs. Wikipedia is free. Therefore, junior lawyers and paralegals use free services like Wikipedia for their info-harvesting.

The write up states:

“To our knowledge, this is the first randomized field experiment that investigates the influence of legal sources on judicial behavior. And because randomized experiments are the gold standard for this type of research, we know the effect we are seeing is causation, not just correlation,” says MIT researcher Neil Thompson, the lead author of the research. “The fact that we wrote up all these cases, but the only ones that ended up on Wikipedia were those that won the proverbial “coin flip,” allows us to show that Wikipedia is influencing both what judges cite and how they write up their decisions. Our results also highlight an important public policy issue. With a source that is as widely used as Wikipedia, we want to make sure we are building institutions to ensure that the information is of the highest quality. The finding that judges or their staffs are using Wikipedia is a much bigger worry if the information they find there isn’t reliable.”

Now what happens if misinformation is injected into certain legal write ups available via Wikipedia?

The answer is, “Why that can’t happen.”

Of course not.

That’s exactly why this article providing some data and an interesting insight. Now is the study reproducible, in line with Stats 101, and produced in an objective manner? I have no idea.

Stephen E Arnold, August 2, 2022

Facebook, Twitter, Etc. May Have a Voting Issue

July 15, 2022

Former President Donald Trump claimed that any news not in his favor was “fake news.” While Trump’s claim is not true, large amounts of fake news has been swirling around the Internet since his administration and before. It is only getting worse, especially with conspiracy theorists that believe the 2020 election was fixed. Salon shares how the conspiracy theorists are chasing another fake villain: “‘Big Lie’ Vigilantes Publish Targets Online-But Facebook and Twitter Are Asleep At The Wheel.”

People who believe that the 2020 election was stolen from Trump have “ballot mules” between their crosshairs. Ballot mules are accused of dropping off absentee ballots during the previous election. Vigilantes have been encouraged to bring ballot mules to justice. They are using social media to “track them down.”

Facebook, Twitter, TikTok, and other social media platforms have policies that forbid violence, harassment, and impersonation of government officials. The vigilantes posted information about the purported ballot mules, but the pictures do not show them engaging in illegal activity. Luckily none of the “ballot mules” have been harmed.

“Disinformation researchers from the nonpartisan clean-government nonprofit Common Cause alerted Facebook and Twitter that the platforms were allowing users to post such incendiary claims in May. Not only did the claims lack evidence that crimes had been committed, but experts worry that poll workers, volunteers, and regular voters could face unwarranted harassment or physical harm if they are wrongfully accused of illegal election activity…

Emma Steiner, a disinformation analyst with Common Cause who sent warnings to the social-media companies, says the lack of action suggests that tech companies relaxed their efforts to police election-related threats ahead of the 2022 midterms. ‘This is the new playbook, and I’m worried that platforms are not prepared to deal with this tactic that encourages dangerous behavior,’ Steiner said.”

There is also a documentary Trump titled called 2000 Mules that claims ballot mules submitted thousands of false absentee ballots. Attorney General William Barr and other reputable people debunked the “documentary.” While the 2020 election was not rigged, conspiracy theorists creating and believing misinformation could damage the democratic process and the US’s future.

Whitney Grace, July 15, 2022

Apple: Intense Surveillance? The Core of the Ad Business

June 28, 2022

I read “US Senators Urge FTC to Investigate Apple for Transforming Online Advertising into an Intense System of Surveillance.” The write up reports:

Apple and Google “knowingly facilitated harmful practices by building advertising-specific tracking IDs into their mobile operating systems,” said the letter, which was signed by U.S. Senators Ron Wyden (D-Oregon), Elizabeth Warren (D-Massachusetts), and Cory Booker (D-New Jersey), as well as U.S. Representative Sara Jacobs (D-California).

There are references to Tracking IDs, “confusing phone settings, and monitoring a user when that user visits non-Apple sites and services. Mais oui! Surveillance yields data. Data allows ad targeting. Selling targeted ads generates money. Isn’t that what the game is about? Trillion dollar companies have to generate revenue to do good deeds, make TV shows, and make hundreds of thousands of devices obsolete with a single demo. Well, that’s my view.

Will something cause Apple to change?

Sure. TikTok maybe?

Stephen E Arnold, June 27, 21022

Next Page »

  • Archives

  • Recent Posts

  • Meta