Internet good or bad? Yes (2)

[1,000 words]

The Internet keeps getting busier — more people going online and spending more time once they get there. It’s also becoming a worse place to be, on almost any objective measure: mental health, privacy, safety, social cohesion, cyberwarfare, etc.

Can we love the Internet and still hate what it’s doing to us?

In two reports released in April, the Pew Research Center provides some surprising answers. The first report doesn’t bury the lead. It’s entitled “A Declining Majority of Online Adults Say the Internet Has Been Good for Society” But there’s a sharp counterpoint accompanying that finding. These respondents see good for themselves as individuals — but for society, not so much (gen-pop survey here). Continue reading

More time online or less? Yes (1)


[840 words]

Barely six months ago, some unusual critics told Apple it was making a big mistake in its iPhone design. It was doing too good a job — and making us too fond of the world’s greatest fetish object. Unusual because the critics included two of Apple’s biggest institutional investors (Jana Partners and CALSTRS: as noted in my January 31 post).

Making phones less attractive is one of the stop-gap remedies for the millions with a case of screen addiction. Along comes Apple’s recent Worldwide Developers Conference, WWDC, and babam! — we have software adjustments in the next iteration of iOS intended to appease the critics and save us from ourselves (WWDC keynote here).

iOS 12 will have two expanded controls plus a newish feature. Do Not Disturb (DND) gets auto-timing and a Do Not Disturb During Bedtime add-on. Notifications get less annnoying with Grouping and Instant Tuning. And add the new Screen Time feature, which tells you precisely how much of your life you’re wasting on your phone and where. Continue reading

The dumb things we do with smartphones

[~1,000 words]

In the previous post, we discussed ways to mitigate the potential harms of digital life. In my responses to the Pew/Elon survey questions, I took two unvarnished truths for granted.

First, unless you’re shilling for Google or Facebook, the harms stemming from digital life are no longer “potential.” Second, we’ve barely begun to think seriously about mitigating any of the harms. That’s especially the case at the personal level: behavioral addiction is up there with cyber-terrorism when it comes to a long-term fix. 

Below are some ideas mooted recently for stemming the towering tidal wave of compulsive and anti-social behaviors sweeping our society — what you might call the Smartphone Crisis. 

1 – France Moves To Ban Students From Using Cellphones In Schools

I recently interviewed an undergrad from the University of Toronto who grew up in London but was educated in the French lycée system. She says phones were nowhere to be seen in any of her classes — part of the strict French approach to education.

So it was a little surprising to read that the French Minister of Education himself decreed recently that he’s banning phones from all primary and secondary school classrooms. That’s especially surprising since France passed such a law — seven years ago. As one high-ranking teachers’ union official put it, presumably speaking of their recalcitrant students, “It is extremely difficult to get respect.

Part of the problem may be of the minister’s own making. He seems to be carving out exceptions before he even starts: “You may need a mobile phone, for example, for educational purposes, for emergency situations…” Oops. As soon as you allow that phones have any legitimate purpose in the classroom then students, vendors and campus admins will all find ingenious wedges to beat the system. Among the biggest opponents to a ban are parents worried about being out of touch with their kids for a few hours. Continue reading

The digital life is killing higher ed (2)

Yesterday I described the latest Pew/Elon survey on the future of the Internet. The first of three main questions for the participants asked whether the digital life will help or harm our personal well-being. Harm, says I.

The next question asks for a personal anecdote to illustrate some of the concerns being aired:

“Please share a brief personal anecdote about how digital technology has changed your daily life, your family’s life or your friends’ lives in regard to well-being – some brief observation about technology’s impact on life for you, your family or friends. Tell us how this observation or anecdote captures how hyper-connected life changes people’s well-being, compared to the way life was before digital connectivity existed.”

Another easy choice. Here’s what I wrote in my survey response: Continue reading

Are digital technologies bad for us? (1)

Of course they are. Just ask the phone addicts ditching the millions of colors on their hi-res screens in favor of boring old black and white.

This ploy to rescue some personal agency from the jaws of the phone monster is part of a much larger trend engulfing our tech-addled culture. Everyone’s worried. The worries are popping up everywhere — like the New York Times, which asks this week, Is the Answer to Phone Addiction a Worse Phone?

The NYT piece does a nice job of exposing the absurd lengths we’re going to in our digital lives. What’s unusual is that it takes the underlying problem for granted — “twitchy phone checking” — and goes right to a coping mechanism. These days we’ve agreed on a long list of digital evils, from homicidal texting behind the wheel to the end of online privacy. We’ve also agreed on a short list of culprits, with Facebook, Amazon and Google at the top of the list.  Continue reading

As online threats multiply, who’s the hacker now?

March was a tough month for hackers.

First we learned from WikiLeaks that the CIA has an arsenal of code designed to break into the world’s phones, cars and TVs, not to mention old-fashioned computers. Then the US authorities announced indictments in the largest hacking case on record: the breach of half a billion Yahoo accounts in 2014. Two of the men charged are Russian spies.

The Kremlin is becoming particularly adept at blending high espionage and lowdown criminal pursuits like the online theft of other people’s data. The king of that particular castle is Evgeniy Bogachev, the guy opposite with his Bengal cat and matching pyjamas. They say he’s extremely wealthy, and once had upwards of half a million computers under his command. He’s also a criminal standout for having a $3 million FBI bounty on his close cropped head. Back home in his redoubt on the Black Sea, however, Bogachev is a popular asset among intelligence operatives.
Continue reading

Who wants to be safe? Online protection as a black box

~~~

[6 min read]

Hacking that affects individuals is very widespread. The Pew Research Center reports nearly 2/3 of online Americans have experienced some form of data theft. A total of about 50% of onliners think their personal data are less secure than five years ago (see previous post for other details).

What does “data theft” look like? Pew examined seven types, and found that only two – fraudulent credit charges and stolen tax refunds – entailed direct financial loss. The others involved some less definable harm, such as an attacker getting his hands on social security numbers or login credentials for social media accounts. We call it “compromising” the data.

This amorphous concept of “compromised data” is growing into one of the chief barriers standing in the way of advances in cybersecurity for end-users. It takes what’s already invisible and annoying (see: strong passwords), and adds a hefty dose of abstraction. Exactly when can we say a piece of data has been sufficiently “compromised” to start worrying and take action? What kind of action?

WhatsApp: how secure?

Let’s look at WhatsApp to see how a popular messaging service handles security for a billion users – and how adding security can actually lead to trouble as well as safety.

Last year WhatsApp announced deployment of end-to-end encryption (E2EE) for all messages and media crossing its systems. Their FAQ assures users that everything they send is “secured from falling into the wrong hands” – right from the sender’s device all the way to the recipient’s (hence “end-to-end”). Marketing wants to be reassuring, not to mention emphatic as to why their platform is better than competing platforms. Continue reading

Security fatigue: problems in password paradise

________

[5 min read]

A new survey from the Pew Research Center paints a bleak picture of how Internet users feel about their online security. The report starts with bad news about passwords, the high profile tool in the toolkit: “69% of online adults say they do not worry about how secure their online passwords are.”

How does not worrying look in real life?

Consider the findings from Keeper, a vendor of password management software. It recently tallied its annual list of the world’s favorite passwords. The top 10 list opposite, taken from an analysis of 10 million sample passwords, illustrates pretty well what end-users mean by not worrying. These passwords are so terrible that the estimated crack time for the “safest” choice on the list (#6) is about 9/1000 of a second – for the others, the effective crack time is zero seconds. This preference for easy – and insecure – passwords goes hand in hand with a set of attitudes to online security that’s not easy to fathom.

To begin with, Pew notes a tension between lack of trust in institutions and reluctance to take personal action on security:

“[While] they express skepticism about whether the businesses and institutions they interact with can adequately protect their personal information, a substantial share of the public admits that they do not always incorporate cybersecurity best practices into their own digital lives.”

Internet users are right to feel skeptical. Site operators as varied as Target, Ashley Madison and Yahoo! have shown they’re not only lousy at network security, but irresponsible in disclosure and damage control. In December, Yahoo! admitted that hackers had breached its systems and stole information from one billion accounts – and had done so three years before management got around to discussing the attack publicly.

A second and more counter-intuitive finding concerns what people do in response to suffering from an actual online attack:

“Americans who have personally experienced a major data breach are generally no more likely than average to take additional means to secure their passwords (such as using password management software).”

What explains such quick dismissal of self-interest?

Despite being a part of daily life, I think most people find passwords not just difficult but, well, weird. The better they are, the worse they are, since what makes them hard to crack also makes them hard to handle. Unlike, say, car locks and safe deposit boxes, passwords work invisibly on assets that are also invisible. Even as we type them, they dissolve into rows of inscrutable little dots. Plus they’re often stored on remote servers, i.e. in the “cloud” – the perfect metaphor for a tool you can’t see or understand.

Perhaps this abstract quality is what prompts people to manage their passwords in another kind of remote cloud: their brains. Two-thirds of onliners (65%) say memorizing their passwords is their most used strategy, while 86% use memorizing as at least one approach. The way distant second? Writing passwords on a piece of paper, the most used method for only 18% of respondents.

Software developers look at this behavior and think they can put us out of our misery by selling us password management software – 1Password, Dashlane, Keeper, etc – the tools security experts recommend most highly.

The bad news, however, is that almost nobody uses them. A mere 12% of onliners say they use these applications at least sometimes, while those who say they use a password manager most often amount to a tiny minority of 3%. Pew cautions this is not niche behavior, as password software “is used relatively rarely across a wide range of demographic groups.”

There’s a useful lesson here.

People at the selling end of the consumer tech business see code as the solution to everything. If you have trouble remembering your passwords and that makes you unsafe and you’re generally miserable about it all, then you’re gonna love our software. What’s wrong with this logic is not how good the software is or how cheap or how user-friendly. The problem is that it’s software.

This mental fatigue extends far past security. It’s only part of the fallout from how mainstream consumers are taught to behave in the digital world – to expect everything we touch to be effortless, easy and user-friendly, even when it clearly isn’t. Vendors know their customers won’t take lessons, respond to scares or read the manual so they just pretend there’s nothing to learn in the first place.

Same deal with hardware. As a tech at the Apple Genius Bar once explained to me, customers come in with broken, manhandled $1500 machines they’ve never maintained or even cleaned, and leave with their repair ready for more abuse. Imagine treating a $1500 Weber gas barbecue that way.

The only way mainstream consumers are ever going to make peace with their devices – and their passwords – is by getting to know them better. Mystification is a terrible motivator, as I can attest after a decade teaching 20-somethings how their digital world works.

Getting this particular demographic to put down their phones, their ingrained habits and their fear of exploring technology (yep, you heard that right), is hard work for all. Like most people, students have been persuaded there must be an app for that – one that will allow them to learn how a data packet crosses the Internet without any effort on their part. Or while texting. Well, there isn’t and there won’t be.

I see a wholesale change in our approach to understanding digital technology as one of the most important educational missions of the next decade. I’ll be writing more about this educational challenge in the coming weeks and months.

(The Pew survey on cybersecurity is available here.)

D.E.

Continue reading