Hacker Cultures

EASST

The European Association for the Study of Science and Technology held its annual conference in August, and a veritable feast of information it turned out to be (as is their website).

In particular though I would like to point readers towards a podcast series, based upon a panel held during the conference.

The podcast series is called Hacker Cultures. From the website:

This year, Covid-19 turned most conferences virtual, so to combat Zoom-fatigue, we decided to try another format and turn a conference session into a podcast. This series comes to you from the 2020 joint Society for Social Studies of Science/European Association for the Study of Science and Technology conference, titled “Locating and Timing Matters: Significance and agency of STS in emerging worlds” which took place from August 18th-21st. Among hundreds of panels, papers and sessions, the Hacker Cultures panel rounded up all sorts of researchers who study what it is to be a hacker, and what hacking, programming, tinkering and working with computers is all about. The hosts of this podcast are Paula Bialski, who is an Associate Professor at the University of St. Gallen, and Mace Ojala, a lecturer at the IT University of Copenhagen. On-site recording and production was done by Heights Beats at Hotmilk Records. The theme song is titled “Rocky” by Paula & Karol. Funding for the editing of this podcast comes from the University of St. Gallen.

The episodes are in the style of an interview rather than a lecture, easy to follow and really interesting.

What is on Offer?

Episode 1: Morgan G. Ames – Throwback Culture: The Role of Nostalgia in Hacker Worlds
Episode 2: Minna Saariketo & Mareike Gloss – In the grey zone of hacking? Two cases in the political economy of software and the Right to Repair
 Episode 3: Annika Richterich – Forget about the learning: On (digital) creativity and expertise in hacker-/makerspaces
 Episode 4: Alex Dean Cybulski – Hacker Culture Is Everything You Don’t Get Paid For In the Information Security Industry
 Episode 5: Jeremy Grosman – Algorithmic Objects, Algorithmic Practices
 Episode 6: Stephane Couture – Hacker Culture and Practices in the Development of Internet Protocols
 Episode 7: Ola Michalec – Hacking infrastructures: understanding capabilities of Operational Technology (OT) security workers
 Episode 8: Sylvain Besencon – Securing by hacking: maintenance regimes around an end-to-end encryption standard
 Episode 9: R. Stuart Geiger & Dorothy Howard – ‘I didn’t sign up for this’: The Invisible Work of Maintaining Free/Open-Source Software Communities

Really entertaining, informative and featuring lots of well known experts, 15 to 20 minutes each, well worth a browse.

Somebody is Watching You (Via TV)

Last week my local Congressman Michael Capuano introduced some important legislation into the house regarding privacy and TV.

Like many of us residing in the US, Capuano was astonished and troubled by the revelations that home TV and telephone operator Verizon was required to give the government lots of data about our telephone use. They provide a daily list of all calls, duration and codes to identify mobile devices so that the government can look for terrorists.

Capuano decided to look further into issues of privacy surrounding this particular operator, and his legislation is a result of his findings.

He found that cable TV companies are developing systems that allow the TV set to watch the viewer. The idea is that a box sits in your house and watches you watch the TV so that advertisers can market their wares better.

A woman watching TV in the dark

Watching TV

The systems will be fitted with face recognition software (see this article for an idea of how far this software has come) so that publicity can be tailor made for the consumer.

So if I am watching something the publicity will be aimed at me, and probably cross referenced with data about my interests, life and Google searches. Fast cars, motorbikes and concert tickets.

If my wife is in the room maybe the publicity will also take her presence into account, and offer her shampoo, a fitness package or the likes, or maybe target us both with a cruise or a romantic weekend in the sun for 2 or likewise. If we are sat at opposite ends of the sofa maybe some counselling or a good divorce lawyer, who knows.

I can only imagine that if the watcher is eating a bag of crisps (chips) and drinking a bottle of beer then publicity for pizza and wine would be in order, the right message at the right time if you see what I mean.

What Capuano and his co sponsor are trying to do is to pass legislation to force producers to build and market a version of their cable interface box without the cameras integrated, and that the TV must show the message “I am watching you” when the machine is watching you.

Not too much to ask you might think but in free market led America I await the outcome. Read more about the legislation here.

I was fortunate enough to interview Congressman Capuano for my Bassetti Foundation blog a couple of years ago. We spoke about technology and his responsibility as a politician to society and his electorate. A transcription of the interview is available here.

Just as a sideline the BBC has an article out about hackers taking over webcams to spy on people covertly. Apparently there is a market for access to your computer, although the stated motivations are different and the practice is not legal.

EDITOR NOTE: Don’t forget the post I wrote about keeping Java up to date Jonny; it mentions about webcam hacking too 🙂 – note by Christopher

Kill the Password

This week I would like to draw readers’ attention to an article that appeared in Wired at the end of last year. Written by Mat Honan and entitled Kill the Password: Why a String of Characters Can’t Protect Us Anymore, it makes for really interesting and alarming reading.

The author starts by explaining that he lost all of his digital life last year as his accounts were hacked, an event that lead him into investigating online security and how it is breached.

What he discovered is not for the faint hearted. The linking together of different accounts using an email as username means that any seriously interested party with a little time on their hands and very little money can relatively easily get into a single account, and from there into the others.

His conclusion is that the culture of using passwords for security is outdated, a thing of the past and that anyone who tells you otherwise is either deluded or trying to convince you of something that is not true.

The worst password choices

Worst passwords of 2012

The availability of information is a problem because of the personal question access to resetting your password. Mother’s maiden name, place born etc. are easy things to find out about anybody through ancestry sites or other documents. Once you have somebody’s email address, you try to reset the password using the personal questions through the provider’s website. The answers might be on Facebook, or on their blog, or maybe intuitive, but they are out there.

Then to the customer services rep that you speak to by phone. They are people and can be misled. The article contains a transcription of a conversation between a hacker and one of these people. As the user needs to be able to reset the password they are offered a series of questions that get easier and easier to guess. Names of best friends is possible using Facebook or other social network publications, but if not try favourite food or others, but the example given is name of one of the files in the account. Try Google, Amazon, Personal, one will be right.

So the problem is that the system needs to be flexible and easy enough to use, so we must be able to easily change our passwords, but this makes security impossible.

How can this problem be addressed? Here the trade off is privacy. If the company knows you, through your search histories, places you have been, where you work and what you like to do they might better be able to tell if the password reset-er is you, but you lose any privacy you think you might have.

Voice recognition can be tricked using recordings, biometrics and fingerprints too. Once a system uses these things that cannot be changed or reset the problem is magnified. If I have a fingerprint lifted from a screen I can use it to get anywhere and new fingers are hard to come by these days, so what do you use next?

The article poses these problems from the point of view of somebody who has been hacked, but the author also looks at who these hackers are and even meets a couple. It is big business in certain circles, particularly in the Russian speaking world where organized crime has a large stake and makes a lot of money through stealing identities and all that follows. In other circles they are just “kids” having some fun wreaking havoc.

There are a few simple strategies outlined in this (not short) article that are worth following but none are foolproof, and that is a lesson we could all learn from. Just a word of warning, it contains some harsh language.

On a lighter note happy new year to everyone, and my mum’s maiden name was Windsor (no relation to either Barbara or Elizabeth).