Pluralistic: 27 Apr 2022

Originally published at: Pluralistic: 27 Apr 2022 – Pluralistic: Daily links from Cory Doctorow


Today's links



A padlocked barn door. The rusty padlock is emblazoned with a toy 'Junior Police' badge. Its hasp has been severed and a light-flare is shining through the severed portion. The barn door has been superimposed with a Matrix 'waterfall' effect.

How police backdoors for online services let sextortionists target children (permalink)

An "Emergency Data Request" (EDR) is a warrantless demand by a police officer to a tech company, designed for white-hot emergencies when a cop needs an online service to cough up some of its user data to save a life or prevent a tragedy.

Criminals love EDRs. Once a crook breaks into a police email server (something so easy that the children running the LAPSUS$ crime-gang did it several times), they can send their own EDRs to online services, who will dutifully dox their own users. After all, if someone's in mortal danger, there's no time to stop and verify the cop's identity:

https://pluralistic.net/2022/03/30/lawful-interception/#edrs

Children don't just abuse EDRs, they're also abused with EDRs. Facebook, Apple, Google, Snap, Twitter and Discord have all been tricked with fake EDRs into giving up sensitive information about underage children, according to a Bloomberg report by William Turton.

https://www.bloomberg.com/news/articles/2022-04-26/tech-giants-duped-by-forged-requests-in-sexual-extortion-scheme?sref=ylv224K8

These EDRs were wielded by "sextoritionists" – sexual criminals who blackmail their victims into performing sex acts on camera; videos of these sex acts are used as leverage for increasingly extreme extortion demands.

There was a sextortion wave in the 2010s. It turned out that one extremely prolific sextortionist was a US Embassy staffer stationed in London, who ran a sextortion campaign that targeted at least 75 young women over two years:

https://arstechnica.com/tech-policy/2016/03/former-us-embassy-staffer-sentenced-to-nearly-five-years-for-sextortion/

A 19 year old targeted hundreds of girls and women, and was only caught when he tried to extort a former Miss Teen USA, who had connections that put her in touch with the FBI:

https://arstechnica.com/tech-policy/2013/09/miss-teen-usas-webcam-spy-called-himself-cutefuzzypuppy/

The men who attacked women in this first wave relied on a piece of malware called a "Remote Access Trojan" (RAT). A 2014 sweep of RAT criminals busted 100 men who had victimized 70,000 women and girls

https://arstechnica.com/information-technology/2014/05/more-than-100-arrested-in-global-crackdown-on-peeping-tom-malware/

But today's sextortionist doesn't need to break into his target's computer. He can just send an email from a hacked police account to an online service and they'll hand him all the information he needs to gain access to his target's most sensitive data.

(Readers interested in learning more about how sextortion works in the real world are encouraged to read Lauren McLaughlin's superb 2020 novel, "Send Pics"):

https://memex.craphound.com/2020/04/21/send-pics-ripping-brutal-amazing-novel-about-teens-sextortion-revenge-and-justice/

There are 18,000 police agencies in the US, making it impossible to determine whether an EDR comes from a real cop or not (and, of course, between the 18,000 agencies, it's inevitable that some of those cops will make fraudulent EDRs for money or as a favor to a buddy).

What's more, the online services have little or no clue about how their users' data is being accessed and shared. Amazon had to fire a string of Chief Security Officers until it found a person so underqualified that he wouldn't complain about the company's incredibly reckless data handling. The result was a string of breaches that the company can't even fully quantify.

https://www.wired.com/story/amazon-failed-to-protect-your-data-investigation/

Amazon isn't uniquely cavalier about your data. A newly published leaked Facebook memo reveals that the company's privacy engineers have warned their bosses that the company has no way to know how it's used your data:

https://www.documentcloud.org/documents/21716382-facebook-data-lineage-internal-document

To quote those engineers: "We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation."

Reporting for Motherboard, Lorenzo Franceschi-Bicchierai quotes an internal Facebook source who calls the company's data handling "broadly speaking, a complete shitshow."

https://www.vice.com/en/article/akvmke/facebook-doesnt-know-what-it-does-with-your-data-or-where-it-goes

Let's recap: the companies collect as much of your data as they can. They store it forever. They give it to anyone who has a police department email address, without question. And they don't keep track of who they give your data to.

(Image: Paulo Valdivieso, CC BY-SA 2.0, modified)



The cover of Laura Jean McKay's 'The Animals in That Country.'

Laura Jean McKay's "The Animals in That Country" (permalink)

The Animals in That Country is the debut novel of Australian writer Laura Jean McKay; it's an extraordinary book about a plague of understanding that sweeps across Australia, leaving the infected cursed with the ability to communicate with animals.

https://scribepublications.com/books-authors/books/the-animals-in-that-country-9781950354375

As a premise, this is very good: an inversion of the standard trope of people and animals communicating with one another and finding mutual understanding and peace as a result. In execution, it's even better: McKay sets herself the (seemingly) impossible of dramatizing human-animal communication without anthropomorphizing the animals, and then pulls it off – brilliantly.

The protagonist of Animals is Jean, a self-destructive, aging grandmother living in a wildlife park with her daughter-in-law (the park's director) and her granddaughter, Kim. Her son in not in his daughter's life – he's a loose-footed, irresponsible womanizer who's disappeared. Her ex-husband is also long gone. All Jean really has is Kim, who is the only reason she moderates her drinking and her self-immolating confrontations with friends, family, and strangers on the internet.

Jean and Kim have a fierce bond, and a rich fantasy life about how they would run an animal park if they were in charge. They play out these fantasies even as Australia is in a mounting panic over "zooflu," an epidemic burning its way north towards Kim and Jean. Zooflu's initial symptoms are similar to a mild cold – but afterward, the afflicted find that they can communicate with animals. Mammals at first, but as the disease progresses, the infected are able to understand birds, reptiles, insects.

This is not a pleasant experience. At first, many of the infected are swept up in mystical ecstasies as new worlds open to them, but quickly this turns to terror as the strange, alien thoughts of all the animals of the land, water and sky clamor for attention. The nation begins to shut down.

That's when Lee, Jean's missing son, re-enters her life, bringing the zooflu with him. As the nature park's carers and rangers cope with their infections, Lee kidnaps his daughter Kim and takes her south to commune with whales.

That sets up the main action of the book, a long road-trip tale set in an Australia where civil order in crumbling. But Jean's not the Road Warrior or one of Nevil Shute's square-jawed submarine captain. She's a middle-aged, alcoholic granny in a wheezing camper van, accompanied by Sue, one of the nature park's dingos, who has joined Jean's pack and is leading her to her lost child and grandchild.

Jean's journey – across the land and across the boundaries that separate her from the animal kingdom – is a thrilling adventure tale, a taut thriller, and a wildly imaginative (and linguistically impressive) journey into the hypothetical minds of horses, cows, rats, cats, flying foxes, gnats, and blowflies.

At Rebecca Giblins' suggestion, I bought Animals in audiobook form (from libro.fm, where it is DRM-free), read by the author, whose narration performance is stellar, bringing great depth, pathos, and humor to the animal voices.

https://libro.fm/audiobooks/9781004000432-the-animals-in-that-country

Reading Justine Jordan's Guardian review of Animals, I learned that McKay holds a doctorate in "literary animal studies," a discipline I had never heard of until just now, but reading Animals feels like a master-class in it.

https://www.theguardian.com/books/2020/oct/07/the-animals-in-that-country-by-laura-jean-mckay-review-an-extraordinary-debut


Hey look at this (permalink)



This day in history (permalink)

#20yrsago The Hollings Bill isn’t dead https://web.archive.org/web/20020604080345/https://www.wired.com/news/politics/0,1283,52145,00.html

#10yrsago Consent of the Networked: indispensable, levelheaded explanation of how technology can make us free, or take away our liberty https://memex.craphound.com/2012/04/27/consent-of-the-networked-indispensable-levelheaded-explanation-of-how-technology-can-make-us-free-or-take-away-our-liberty/

#10yrsago Publishing exec admission: “I break ebook DRM” https://web.archive.org/web/20120424134939/http://paidcontent.org/2012/04/24/breaking-drm-publishing-exec/

#5yrsago When Theresa May called snap elections, she killed tax-haven reform https://www.taxjustice.net/2017/04/26/uk-parliament-fails-tackle-financial-secrecy-overseas-territories/

#5yrsago No matter how cool superblack activated charcoal food looks, it’s a bad idea https://imbibemagazine.com/dangerous-drinks/

#5yrsago FCC Chairman Pai wants to kill Net Neutrality, at the expense of small-town America https://www.wired.com/2017/04/ajit-pai-is-siding-with-the-oligarchy-and-misleading-trumps-base/

#5yrsago Insulin prices spike by 1123%, sending parents to the black market to keep their kids alive https://www.nbcnews.com/business/consumer/desperate-families-driven-black-market-insulin-n730026

#5yrsago Oakland elementary school students resist Caltrans’ insistence on taking copyright to their mural https://abc7news.com/caltrans-mural-battle-students-protest-for/1921812/

#1yrago Lexmark's toxic printer-ink https://pluralistic.net/2021/04/27/bruno-argento/#static-controls

#1yrago Unpack the court with judicial overrides https://pluralistic.net/2021/04/27/bruno-argento/#crisis-of-legitimacy

#1yrago Pharma's anti-generic-vaccine lobbying blitz https://pluralistic.net/2021/04/27/bruno-argento/#pharma-death-cult

#1yrago Klobuchar on trustbusting https://pluralistic.net/2021/04/27/bruno-argento/#klobuchar

#1yrago Robot Artists & Black Swans: The fantascienza of "Bruno Argento" (AKA Bruce Sterling) https://pluralistic.net/2021/04/27/bruno-argento/#fantascienza



Colophon (permalink)

Today's top sources: Rebecca Giblin (https://twitter.com/rgibli/).

Currently writing:

  • Picks and Shovels, a Martin Hench noir thriller about the heroic era of the PC. Yesterday's progress: 611 words (88092 words total).
  • A Little Brother short story about DIY insulin PLANNING

  • Vigilant, Little Brother short story about remote invigilation. FIRST DRAFT COMPLETE, WAITING FOR EXPERT REVIEW

  • Moral Hazard, a short story for MIT Tech Review's 12 Tomorrows. FIRST DRAFT COMPLETE, ACCEPTED FOR PUBLICATION

  • Spill, a Little Brother short story about pipeline protests. FINAL DRAFT COMPLETE

  • A post-GND utopian novel, "The Lost Cause." FINISHED

  • A cyberpunk noir thriller novel, "Red Team Blues." FINISHED

Currently reading: Analogia by George Dyson.

Latest podcast: Big Tech Isn’t Stealing News Publishers’ Content

Upcoming appearances:

Recent appearances:

Latest book:

Upcoming books:

  • Chokepoint Capitalism: How to Beat Big Tech, Tame Big Content, and Get Artists Paid, with Rebecca Giblin, nonfiction/business/politics, Beacon Press, September 2022

This work licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.


How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/web/accounts/303320

Medium (no ads, paywalled):

https://doctorow.medium.com/

(Latest Medium column: "Automation is Magic: The Messy Business of Security Economics" https://doctorow.medium.com/automation-is-magic-f4c1401d1f0d)

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

This topic was automatically closed after 15 days. New replies are no longer allowed.