Cyberthoughts and a Social Virus 🌐

Plus music 🎧 and hot takes 🔥


Wintry Scenes From a Swedish Wonderland - The New York Times

Nice article, great photos. Makes me want to travel. Also, Ice Hotel?!

If you’re a user of this streaming music service, you will be very amused to learn: How Bad Is Your Spotify?

Whenever you’re on Instagram, you’re hanging out at the mall now. To find what’s next, look at what the Asian equivalents are doing.

Facebook and Instagram Shops are here, finally. Plus an interview with Chinese social commerce giant Pinduoduo - Li's Newsletter

Your first lab-grown burger is coming soon—and it’ll be “blended” | MIT Technology Review

Featured Feeds

In response to my 5-question reader survey, you smartly suggested I include some music suggestions. I’m happy to oblige!

🌅 I really enjoy these Balearic Breakfast mixes from Colleen ‘Cosmo’ Murphy.

🔊 If you’re in the mood for something more electronic and energetic, try some techno from Baugruppe90 via Electronic Groove

I love this recent set from previously-featured artist @lordess.foudre so I don’t care, I’m featuring her again. #based


I’m a big fan of the Signal app so I loved their piece debunking the claims of mobile device forensics company Cellebrite. It includes choice language that would be right at home on r/MurderedByWords:

Last week, Cellebrite posted a pretty embarrassing (for them) technical article to their blog documenting the “advanced techniques” they use to parse Signal on an Android device they physically have with the screen unlocked.
It’s hard to know how a post like that got out the door or why anyone thought revealing such limited abilities was in their interest. Based on the initial reception, Cellebrite must have realized that amateur hour was not a good look, and the post was quickly taken down.

TL;DR: No, Cellebrite cannot 'break Signal encryption.'

Here’s a cool think-piece from WIRED about Cyberpunk 2077 and the origins of Cyberpunk as a genre: Orientalism, 'Cyberpunk 2077,' and Yellow Peril in Science Fiction. The piece came out before the game released, so it withholds judgement about whether Cyberpunk 2077 effectively uses Cyberpunk’s tropes, or falls victim to them.

I’ve got plenty more to say on related topics later, but until then, did you know the U.S. Military Buys Location Data from Ordinary Apps? Turns out it’s easier for the government to just buy the data than to get the approval to collect it!

“Yo dawg, we heard you like cell phones, so we put more cells in your cell towers” —Facebook Engineering, basically.

SuperCell: Reaching new heights for wider connectivity - Facebook Engineering

If you’re interested in dreams (lucid or otherwise) take note: Virtual reality is effective training for lucid dreaming, according to scientific study | Boing Boing


A few things to look out for in the coming year:

🚀 The 11 biggest space missions of 2021 | MIT Technology Review

📈 What to expect in 2021 according to prediction markets | Graphic detail | The Economist

Before I get into deep thinking and ranting, I want to mention some Things You're Allowed To Do. The author outsourced parts of this blog about decision-making and outsourcing and consulting experts, and I really appreciate the result. It helps to have some examples of what you’re Allowed To Do.

Cyber Considerations feat. Russian Hacking

AKA Cyber-norms for Cyber-conflict by Cyber-actors

The big news in cyberspace over the last few months is Russia’s (latest) big hack, dubbed SolarFlare: Russia’s Hacking Frenzy Is a Reckoning | WIRED

The failure of the US Cyber Command’s “Defend Forward” strategy in the face of SolarFlare says to me that something has to change. Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack - The New York Times

An important distinction: this was not an attack, it was espionage, which is internationally tolerated. Russia's Hack Wasn't Cyberwar. That Complicates US Strategy | WIRED

How should the US respond? Perhaps take a page from Israel, who recently explained their interpretation of international law as it relates to cyberspace. Israel has drawn clear boundaries, and based them on legal frameworks. This is explicitly a warning to other nations about what responses they should expect from certain actions.

Israel, Cyberattacks and International Law - Lawfare

Certain conventional weapons programs, like the Join Strike Fighter program, seem to be a very expensive strategy and IMHO not a good value. See this 2019 piece from The New York Times

Lately, it has software bugs: F-35 Flies With 871 Flaws, Only Two Fewer Than Year Earlier - Bloomberg

While I’m at it, I’d like to see a combination of diplomacy, sanctions, espionage, and targeted cyberattacks (rather than kinetic weapon attacks). I’m thinking of Operation Olympic Games, the significant strategic win of hacking Iran’s nuclear program which ultimately created the Iran Nuclear Deal.

Influence operations more broadly, seem like a good value. Russia’s doing plenty of them, and France seems to be getting involved, as mentioned in the excellently-named piece More-Troll Kombat. Is this a blind spot for US tactics, or are they just not getting discovered?

Speaking of a good value… why not just use Cameo actors for your international propaganda ops? Oh, Russia did that already: Charlie Sheen, Dolph Lundgren, and Danny Trejo All Spread Russian Propaganda on Cameo


One of the best arguments against constructing weapons (cyber or otherwise) is that they enable both ‘good’ and ‘evil’ attackers. NSO Group builds cyber weapons, and this perspective piece shows how they grapple—or don’t—with selling these tools to anyone who can pay. And what happens to these weapons when a legitimate state’s government (Mexico) is thoroughly infiltrated by narcos?

Inside NSO, Israel’s billion-dollar spyware giant | MIT Technology Review

Hacktivism can be an effective tool, but a new group is pushing further into the ethical gray area. Is it alright to store, distribute, and republish data that was already leaked on the dark web? What if it comes from corporations more than individuals?

Anti-Secrecy Activists Publish a Trove of Ransomware Victims' Data | WIRED

Qanon as a Social Virus

My favorite anime, Ghost in the Shell, introduces a concept called the Stand Alone Complex.

He himself was copying a plan found floating the net without any apparent source.

The second season of the same show, 2nd GIG, involves a digital virus wherein those infected (in their cyber-brains, obviously) can adopt a viewpoint.

The famous Cyberpunk novel Snow Crash has a similar digital virus, but it requires the person is a programmer so they ‘know binary’ and can be infected through something like a malicious QR code.

Q can very much be described like a ‘social virus’ where there are many optional prerequisites or risk factors, including interest in Christian scripture or conspiracy theories.

I was surprised to learn recently that Evangelical Christians are particularly susceptible to Q’s rabbit hole: Evangelicals are looking for answers online. They’re finding QAnon instead. | MIT Technology Review

Instead of being a drug like in Snow Crash, it’s a game, and games can be equally addictive. A Game Designer’s Analysis Of QAnon | by Rabbit Rabbit

See also The Making of QAnon: A Crowdsourced Conspiracy - bellingcat

On top of that there’s the social proof reinforcement feedback loop from social media: Opinion | They Used to Post Selfies. Now They’re Trying to Reverse the Election. - The New York Times

This apocalypse cult has recently seen its End Of The World scenario not happen, which will cause some changes. Like other apocalypse cults, it seems that this will shed some members but not go away entirely.

In the mean time, consider How to talk to conspiracy theorists—and still be kind since you probably know some of these folks!

One More Thing

If you haven’t filled out the 5-question reader survey, please do! It helps shape the future of this newsletter, and reminds me there are Real Humans out there reading what I write.