I find it, both personally, and, especially, professionally, terribly embarrassing that nobody in Port Alberni seems to know that there is any Internet *outside* of Facebook. Facebook, is, of course, one of the least secure systems on the planet. First off, the entire business model of Facebook is antithetical to confidentiality and privacy. They make money by selling your information. And, because of that, when people started to complain about the lack of security on Facebook, Facebook's response (predictably) was to throw a bunch of security functions at people, which, being added after the fact, were a) ineffective, and b) so fragmentary and piecemeal that it is really impossible to say, when you have tried to adjust privacy and security settings on Facebook, whether anything actually is secure. (One of our Big Names in security, at one point tried to use Facebook as a platform to post various public comments and information about security. He just wanted to set all these postings to "world readable." It turned out that even *he* couldn't ensure that something that simple was consistently set properly on Facebook.) So none of us in the security community want to have anything to do with Facebook.
I have to admit that within a few *hours* of starting to use Facebook (when it was first made available to the general public), I disliked it. I figured it was going to divide the Internet. And so it has turned out. But, if I want to say or do anything to do with Port Alberni, I have to do or say it on Fakebook. So, I have to use Fakebook https://www.facebook.com/rslade/ . As embarrassing as it is to admit that.
Social media, these days, is possibly somewhat antisocial. A number of the social media platforms are swinging their weight around. Most famously, these days, Elon Musk is using the Twitter platform, which he bought, and then renamed X, for his own political or philosophical purposes. He has changed the community standards, in terms of what can and cannot be said on Twitter, and is using the technology and the platform itself to broadcast and amplify his own particular brand of political thought.
That's one example. But there are certainly others. One is that Facebook is used to pretty much having its own way with regard to content. Any content available, in any way, on the Internet is available to Facebook as Facebook content. As a matter of fact, an awful lot of people who use Facebook do not realise that there *is* any Internet aside from Facebook.
Facebook has, in particular, been used to, essentially, scraping news stories from media sources and using that material as Facebook content; presenting it as news stories from Facebook.
Various news media companies have approached this in various ways, with some retreating behind paywalls, and otherwise making the content less available to the Internet at large.
A couple of countries have attempted to use legislation to compel Facebook to pay the news services for their information, or for the use of their information. In the case of Australia, Facebook decided it wasn't worth trouble to do anything except to pay. And so it has. In the case of Canada, however (possibly since it is closer to home: Facebook being based in the United States), Facebook has decided to draw a line in the sand. Canada has created legislation requiring online services that use stories from news media to contribute financially to a fund for those news media companies. Facebook has dug in its heels. Basically, if you live in Canada and you use Facebook, you cannot post a link to any news stories, or to news sites. Even if you are talking about a specific news entity or a company, you cannot put a URL reference to that company into a Facebook posting.
(I very strongly suspect that Facebook is completely inconsistent in regard to this restriction. With the current interest in, and pursuit of, LLM/generative artificial intelligence, and the need for massive quantities of content to train the systems [and, in particular, the outright theft of "high quality" content for that training], I am quite sure that Facebook grabs *every* link submitted, and uses the content for its own Meta AI purposes.)
Those of us in Canada, who use Facebook (believe me, as a security professional, I am *well* aware of the embarrassment of having to admit to being forced to use Facebook) have tried various means to get around this restriction. For a little while it was possible to break a URL into various component pieces, so that even if it wasn't a link that people could click through directly they would Be able to create a link and connect to the news story. However, Facebook's restrictive technology has been improving in regard to finding and preventing these types of tricks. And Facebook is getting better at preventing anyone from referring to any news story from a Canadian source at all.
The thing is, I am a security expert. I have been, for many years, studying the tricks that people have been using to fool both people and systems, in order to be able to attack computers and systems. So I have a little bit more experience, and background, with this situation than other people might.
Today, I found a very incisive, comprehensive, detailed, and important article in the Guardian newspaper. The Guardian, published in the UK, has not retreated behind a paywall. It is one of the relatively few news sources that makes extremely high quality news and opinion pieces available without charge. (The Guardian does add a mention to most of its news stories that they would really like you to subscribe or to donate, in some way, to support the important work that the Guardian does. But they do not require it, and do not deny you access to their content if you do not have a subscription to their services.)
As I say, I found this article, a lengthy and important piece, and felt that it needed wider circulation. (Or, that more people needed to know about it.) I started posting it on various social media platforms, simply by posting the URL. Of course, when I got to Facebook, Facebook baulked, and would not allow the posting.
However, I have, as I say, a fair amount of experience with this. I realised that other social media platforms are something that Facebook would have a serious aversion to banning. So, I took the URL from one of the other social media postings that I had made, linking to the story, and used that as a link on Facebook. Those, on Facebook, who are interested now have access to the story.
If Facebook tries to get around this, it is going to have to take a more complicated approach. Either Facebook will have to forbid posting from or to a variety of other social media sites, or Facebook will have to increase the depth of analysis that they make in terms of examining links that are posted on Facebook itself. Facebook will not only have to look at the target of the link, but will then have to download and look at the content obtained from that link. And do further analysis to see if it links to a news site. Increasing this depth of analysis would make examination of all postings on Facebook more compute resource intensive. It would be costly for Facebook to do it. It would also slow and delay the posting of any and all postings made by Facebook users.
It's possible that Facebook may come to the decision that fighting this battle is worth it, and that it is acceptable to slow down the operations of anyone who posts anything on Facebook. On the other hand, Facebook may decide that it simply isn't worth it, and let it go. Of course, if Facebook decides to go further and do deeper analysis and slow down their own system, I do have more tricks up my sleeve. A lot more. I can play this game for a long time. It doesn't particularly cost me anything. As a matter of fact, you might say, it's my job.
I am, after all a security expert. At my time of life, and in my stage of my career, it doesn't particularly matter if somebody is paying me to do a particular type of research. At my stage of my career, I am more of a resource for the security community in general. So I can do things like this. Pick on the giants, find out what they are doing. Find out how far they are willing to go in inconveniencing their own customers, clients, and users in order to get their own way.
As a security expert I am quite well aware that security doesn't matter to most people. So, for the most part, I am simply talking to my colleagues in the security field rather than the general public. But my colleagues will be aware of what I find out.
This is kind of an odd situation to be in.
Many years ago, there was a false idea that was spread abroad that we, in security, and particularly in the malware analysis field where I got my start, were, in fact, the ones responsible for creating computer viruses and malware. The false story said that we were responsible For the creation of the malware because it gave us job security. In reality, nothing could have been further from the truth. We always had, and always will, have job security because there are so many ways that computers and information systems can be attacked. Those of who felt that we needed to study malware and devise protections against it, also knew that there were an awful lot of other things (usually more interesting things) that we could have been doing instead.
So, we never had any time for those people who created malware. We had no fellow feeling for them. We thought that they were a bunch of idiots, usually uncreative and unimaginative idiots, who were writing graffiti on the walls lining the information superhighway, trying to pretend that they were important. Their only importance, of course, was that they disappeared. And we tried to make sure that they, and, so far as possible, their creations, disappeared.
But we learned a bunch of things along the way. So all of the tricks, all of the traps, all of the social engineering (which is simply a fancy way of saying "lying") that attackers and intruders created and explored over the years, well, they have given quite a number of us an education. It's now rather ironic that I can use the things that I learned from spotty and isolated individuals living in their mother's basements to take on the giants of the information technology world who are trying to throw their weight around.
No comments:
Post a Comment