Information superwhichway revisited: XRDS, 24 years ago

Back in September 1994, the ACM took a bold step into the mostly-unknown, and started its first digital-only publication — Crossroads: The ACM Student Magazine. It has changed through the years, including the transition to a dual-format, digital+printed magazine it is today (and which today seems to be the norm). I found it very interesting (and fun!) to take a look at our first issue, trying to peek into the future that was being forecasted for us almost a quarter of a century ago.

Very aptly, this first issue’s main topic is The Internet. Quite a bold step back then! While the Internet had already existed in some form since the late 1960s, and in a form very similar to what we now use (TCP/IP based networking) since 1983, its use was mostly restricted to academia and military research and communications; while Crossroads was aimed at students on Computer Science-related disciplines, a majority of them didn’t even know much about what this network was about if not for specific needs of their tutors.

Crossroads’ first editor, Saveen Reddy, mentions in his editorial: “The theme of this issue is the Internet and computer networking. These represent relatively recent inventions. However, the general public’s knowledge and appreciation for them is even more recent, spurred on by a deluge of coverage by popular media. Unconfined to military or research purposes, the Internet has grown rapidly. Currently experiencing rapid growth for commercial uses, it is becoming a global resource”.

Commercial use of the Internet had only been allowed in 1993, and its growth was truly explosive. While most of current XRDS readers won’t remember what happened in computing by 1994, I have the relative luck to be a latecomer to formal studies in my life; having been a computer enthusiast as a teenager in the early nineties, I can still remember a world before the Internet.

In its early days, media would usually refer to the Internet as The Information Superhighway — We would laugh at the moniker. And, of course, so did Purdue student Craig Pfeifer when he wrote his article, “Information Superwhichway?”. Of course, if you look at the specific technologies it mentions, the article is indeed old and dated — USENET newsgroups? Apple Newton? FTP and Gopher? Fax machines? MUDs (Multi User Dungeons)? Telnet? Please!

But a slightly deeper reading… Shows in a way the full circle we have described when we talk about humans communicating. It would be foolish of me to argue whether the Internet has changed the way we perceive the world. Reading Pfeifer’s text, his analysis can be almost completely detached from the conjunctural.

Other defining items in communications history

Every technology that has become a basis of strongly improving human ability to communicate has been attacked by the holders of central power. The Gutenberg movable type printing press was a true revolution regarding the spread of culture, but was met with the attempts to control and censor its products via royalty-granted printing licenses (which evolved into what we now know as copyright), as well as the always present church censorship. Nevertheless, with the social effects it had, the printing press is often regarded as the most important invention in history.

Mimeographs were invented in the late 19th century. They didn’t provide a qualitative improvement over the –by then– many available printing processes, but it democratized printing: Mimeographs are portable and cheap, and schools, churches and clubs started printing their own leaflets. But, of course, it meant they could completely escape compulsory censorship regimes. In fact, several revolutions in the early 20th century were strongly fueled by clandestine mimeographers, and trying to stop them became routine (of course, failed routine) for the ruling regimes.

In the eighties and nineties, the very peculiar BBS culture grew with computer enthusiasts around the world. BBSs (Bulletin Board Systems) were mainly hobbyist-run computers with a modem, which usually offered some discussion forums, online games (turn-based, of course, as they had no network connection in the sense we understand it today), and some file sharing; BBSs were the breeding ground for the early free software and shareware distribution models.

Communication was fully decentralized (dozens to hundreds of BBSs existed on most mid-sized cities), near-instantaneous and virtually impossible to control. And, of course, as you can see on the particularly relevant editorial of the April 1993 Boardwatch Magazine, the censorship machinery was quite ready and well oiled throughout the United States. What were the arguments? Alleged distribution of hacking tools and information, software piracy and pornography. Due to the inner cohesion of the BBS community and the noise generated, most of the accused operators were freed after long processes with no charges filed.

The Internet, then and now

Just 18 months after the Boardwatch editorial, Pfeifer’s article in Crossroads talks about the image problems the early commercially available Internet had: “When the Internet is the focus of a story, it’s usually negative. Whether it is how child pornography runs rampant on the Information Superhighway or how easy it is to receive pirated software, it seems that the media doesn’t focus on the positive events that take place daily on the Internet”.

Pfeifer continues, “The Internet never sleeps. It’s kind of like New York, but a little bit cleaner, and the high crime rate isn’t so obvious. Of course, with the influx of new users onto the eighth wonder of the world, there is bound to be some friction. Computer crime will probably increase. The Internet (…) is a system based on trust. But when fiendishly minded people see the Internet as an untapped resource, ripe for the plucking, we have a problem.”

These last paragraphs could perfectly apply today — Only not for the Internet as a whole (it is too much engrained into our social conscience and lifestyle). But this is precisely the kind of attacks we see when talking about privacy-enhancing technologies that try to protect user’s privacy and anonymity on the Internet. Tools akin to what we discussed in the XRDS Summer 2018 issue, which I was honored to be the lead editor for.

And yes, what is the media narrative today when tools such as Tor are discussed? “Oh, but that’s just a gateway to the dark net, and… You don’t want to go there! That’s bad and dangerous. There are loose criminals! There is child porn and drugs, and guns and whatnot!” — Of course, this same narrative was applied to the Internet as a whole back in 1994. Or to the BBSs slightly before that. Or, with scarecrows fit to the spirit of their day, to the agents of social change a hundred or more years ago.

Throughout history, communications technology have appeared that allow for easier, better knowledge circulation. Tools that bring the information flow closer to the individual and further away from the power centers — With that, implying greater surveillance resistance and the ability to remain anonymous. 24 years ago, our magazine started by looking at the great potential Internet held for changing society, although nobody could really forsee the depth of the impact. My hopes are that, over time, privacy enhancement technologies gradually become as engrained into our communication uses as Internet has.

Pfeifer concludes by quoting a then-new meme: “You never know to whom you are writing, because, on the Internet, nobody knows you’re a dog. Somehow, though, and no matter how careful I am, all of the ads I have seen today are for dog food.

Impressions of Primavera Hacker (Santiago de Chile)

Due to my involvement in the UNAM/DGAPA/PAPIME PE102718 project on the ”creation of teaching materials regarding privacy and anonymity mechanisms”, as the Southern half of the world gets ready for the warm season, I was invited to participate during the first weekend of December in Primavera Hacker 17. With around 350 participants spanning a good chunk of Latin America, this was a most interesting experience.
Continue reading

How 1 Million App Calls can Tell you a Bit About Malware – Part 2

In my previous blog post, I described some of my findings regarding malicious mobile apps. In summary, I observed that there are POSIX abstractions, which are popular only for malicious apps. The findings were derived from a study that I did with some colleagues on POSIX (Portable Operating System Interface) abstractions. Recall that, a part of our study involved the examination of the POSIX calls that are used by both benign Android applications (~1 million) coming from the Google Play Store, and malicious Android applications (about 1260 of them) taken from a well-known dataset, which you can download from here.

Figure 1: Potentially Malicious Apps. The identification was based on an SVM Model.

Figure 1: Potentially Malicious Apps. The identification was based on an SVM Model.

Table 2: Indicative potentially malicious apps classified by the SVM model. These apps were identified as malicious by more than 15 antiviruses.

Table 2: Indicative potentially malicious apps classified by the SVM model. These apps were identified as malicious by more than 15 antiviruses.

We performed a further analysis on these results to check if we can create a more robust filter to detect malicious apps, than the simple filter described in my previous post (recall that this filter was based on the three most unpopular abstractions among benign applications and at the same time popular among malicious ones). Our attempt involved the following: we fed a set of benign apps (the 500 most popular apps of the Google Store) and the aforementioned dataset of the malicious apps, to an SVM (Support Vector Machine), a binary classifier that builds a model based on given features (abstractions in our case) to separate the two cases. In this way the classifier can classify a new app as malicious or not. By using the model on the same set of apps that we examined in the previous case, 1283 apps were identified as suspicious. Based on the antiviruses provided by the VirusTotal website again, we found that from these apps, 232 (18%) are potentially malicious. Even if the approach seems less robust than the previous one, Figure 1, illustrates that there are more cases of apps that were indicated as malicious by more than one antivirus. Table 1, presents applications that were filtered out by the SVM model, and were identified as malicious by more than 15 antiviruses.

Figure 2: Potentially Malicious Apps. The identification was based on the obfuscated libraries.

Figure 2: Potentially Malicious Apps. The identification was based on the obfuscated libraries.

Table 2: Indicative potentially malicious apps containing obfuscated libraries. These apps were identified as malicious by more than 22 antiviruses.

Table 2: Indicative potentially malicious apps containing obfuscated libraries. These apps were identified as malicious by more than 22 antiviruses.

Through our experiments, we came across a number of Android apps that included obfuscated libraries (991 apps in total). Given the fact that obfuscation techniques have been extensively encountered while analyzing Android malware, we decided to examine all the apps that contained such libraries by using the 54 antiviruses of the VirusTotal website. Surprisingly, almost half of the apps (481 in total — 48.53%) were classified as suspicious. An interesting observation is that the majority of these apps were indicated as potentially malicious by a large number of antiviruses — see Figure 2. Table 2, presents indicative apps that were identified as malicious by more than 22 antiviruses.

As it is clear, a malware detector cannot be based solely on observations like the aforementioned ones. However, such findings could be useful for the development of complex filters that can help find malicious software.

$500 prize money at the ACM SIGAI Student Essay Contest on the Responsible Use of AI Technologies! Apply now!

  1. Do you have an opinion on the responsible use of AI technologies?
  2. Do you want to win one of several $500 cash prizes?
  3. Do you want to talk one-on-one (via skype) to one of the following AI researchers:
  • Murray Campbell (Senior Manager, IBM Thomas J. Watson Research Center)
  • Eric Horvitz (Managing Director, Microsoft Research)
  • Peter Norvig (Director of Research, Google)
  • Stuart Russell (Professor, University of California at Berkeley) or
  • Michael Wooldridge (Head of the CS Department, University of Oxford)?

Read on!

Continue reading

Who Owns Your Device?

We live in an amazing era of technology. The Internet has opened doors that have been dreamed of for years. By adding computing technology to everyday devices, like televisions, thermostats, appliances, and others, we’ve been able to automate many aspects of our daily life. The ideal experience might look something like this 50s ‘futurist’ promotional film entitled “Design For Dreaming”.

The idea of technology being embedded in every object around you is called The Internet of Things, and is one of the fastest growing areas of emerging technology. These days, manufacturers are adding Internet connection to all types of devices around you. One of the most famous examples is the Nest Thermostat [LINK]. This thermostat allows the user to adjust the temperature throughout the day, and eventually learns the user’s patterns, thereafter adjusting the temperature without intervention.

But there’s a dark side to this kind of technology, one that is becoming more visible as the technology goes through growing pains. In this article, we will discuss some of the major issues with putting a computer in every device you own (or don’t really own, as the case may be). We focus on the domestic space, rather than the industrial space, which has its own challenges and benefits. We discuss both the value and problems with adding an internet connection to a device that previously never needed an internet connection, including the reliance on a company to provide updates, security and privacy concerns, and finally judging the value that these additions provide.

Continue reading