The #3 spot on the Security For All top posts list entitled Moving On, was about my experience as a Software Engineer at StillSecure on the eve of my departure for a new gig. If you have ever wondered about what it would be like to work for a cutting edge start-up in Colorado you should definitely check out the post. But since I don’t have anything to add or amplify in that post we’ll head straight to the 4th most popular post and revisit January 26, 2009 and the Technology generation gap.
The first occasion to get me thinking about this was when an older family friend was the victim of a fairly benign scam that essentially convinced her to forward some nasty political tripe to folks on her email list. Luckily no harm was done, other than embarrassing WTF responses from the message recipients. I was explaining to her that there are many unscrupulous people and other entities on the net that have no problem with misleading, lying and scamming anybody they can when she remarked that she thought it was “sad that you can’t trust people on the internet“. This remark kind of took me by surprise. I’ve always started from the assumption that internet content is not trustworthy. Not sad, that’s just the way the net works.
She was assuming that email was equivalent to handwritten correspondence from an entity that is known to you. While I was assuming that email is equivalent to bulk mail from an anonymous source. Now certainly there have been grifters and scam artists around since time immemorial, but it’s only been with the advent of the ubiquitously anonymous internet that the scams, schemes and spam have become pervasive. Back in the day, a grifter’s work was strictly up close and personal as opposed to nowadays when you can hit millions of marks with a single shot. Kind of like a knife fight versus carpet bombing. The point is that in my friend’s experience, a person who would lie, cheat or scam others was quickly discovered and was considered an anti-social aberration. And in general, you could trust most people. Not so on the internet, where there are no people to trust.
No people, as in actual living human beings, to trust. This has a number of other disturbing aspects that I take as a given but are shocking and appalling to my friend.
Actual humans are not directly responsible for a fair portion of internet traffic. Much of the content on the web is generated by bots or other automated processes. That’s why we have CAPTCHAs for everything from webmail sign-up to comments on blogs. Problem here is that the mitigation is often more annoying to older folks than the threat we’re trying to mitigate.
Another disturbing aspect is that web content generated directly by younger or more web savvy people can more accurately be attributed to their online persona. Think about it. Starting back in the early days of BBSs and propagated by AOL is the concept of screen name. Check out Facebook or YouTube – or even Security Bloggers Network and you’ll find a whole lot more “LonelyGirl16″ or “G@m3rBoy” IDs than “JoeSmith”. Be sure to check out the content that you find there. What you are looking at is performance art by the online persona of the author. Even here. What? You think I’m really this witty and urbane in real life? Well, okay maybe I am but the rest of those posers… But again I digress. The point is that my older friends treat email and social network posts as direct communication between themselves and other actual humans. They even use their real names. And give out real addresses. They don’t have an online persona, and don’t expect others to either.
Perhaps the most appalling aspect is that the allegory of the web most familiar to older people is print media. Newspapers and magazines. URLs are even referred to as web pages. Unfortunately this carries some very misleading and often dangerous assumptions. For example if a writer in People magazine writes “[hot Hollywood starlet de jour] is a slut”, People will certainly have to print a retraction and possibly face libel charges. But if Perez Hilton writes it in his celebrity gossip blog, well that’s just what Perez does. The point is that print media is held to a much higher standard of veracity than the web where anyone can post anything with very little chance of reprisal or responsibility. There are no standards of veracity on the web. Nor can there be. The dangerous part of this is that there are journalists and editors who don’t understand this. Recently sports publications and sports news outlets reported that Iranian football [soccer to us yanks] stars Javad Nekounam and Masoud Shojaei [who play for Spain] had been sacked due to an incident in a Pamplona nightclub. This story made the wire services and was widely reported. The source was a report on the Osasuna club’s web site. Problem is the site had been hacked and the report was bogus. You can read the real story here. Too bad – damage done.
The next occasion that caused further rumination on this subject was when I was helping my mom with a computer problem. She noticed that several names in her address book application were appearing out of alphabetical order. I diagnosed the problem easily – the names had leading spaces. Apparently the OS/X address book doesn’t do a trim on entry fields. So once I removed the offending space characters the sorting worked as expected. Try as I might, I could not explain this to my mother. She could not get her mind around the idea that a space character is ultimately a binary value like any other alphanumeric character. As far as she was concerned, when you hit the space bar on the keyboard it just “moves over” and doesn’t print anything. In other words a space is nothing. The absence of a letter. Kind of like electrons and holes from my EE days. A hole is where an electron is not. Therefore holes have a positive charge. Yeah like that.
Again I realized that we were having a fundamental disconnect. I’ve always realized that everything I see on a computer screen is an abstraction. At the lowest level it’s all just zeros and ones. Actually high and low voltages or positive and negative charges. Even the zeros and ones are an abstraction. The desktop and windows are an abstract paradigm. Not so with my mom. She sees literal windows or cute little boxes called windows when she looks at her monitor. She clicks on buttons, types stuff into forms and moves sliders up and down. It’s not abstract at all. It’s literal for her.
When you think about it, the information age introduced something unprecedented in human history: the central enabling agent. computers, inserted a layer of unreality between users and tasks. Stay with me here. Even relatively modern devices like telephones were intimately connected to the underlying task. Any abstraction, like say entering a phone number to connect to a specific party, was completely transparent – you entered in the number using a keypad or dial. Now look at my iPhone – a hand-held computer. I could still enter phone numbers from a keypad – a virtual, abstract, keypad – but I usually just touch the picture of the person I want to contact. And that contact can be SMS, IM, email or even a telephone call. Depending on the context of the underlying abstraction. The point is there are no actual walls in Facebook, no windows in Windows, no trashcan on your desktop and no desktop. Abstractions and allegories [or user paradigms if you prefer] all. Can’t wait for virtual reality? Good news – you don’t have to. Bad news – you probably don’t even recognize it.