Ebenezer Anderson and the Spirits of the Digital World - Part 1

, , , ,

In a previous article, I shared my biggest failure in cybersecurity. If you’re curious about the article, you can read it here: My biggest failure in cyber security. In short, it was about our lack of awareness regarding secret management and how, as an information security professional, I failed to impart this even to my own family. However, I overlooked the fact that it might not even be necessary.

Believe me, it’s quite challenging for me to write about why one doesn’t need to deal with password management, considering it’s partly what I do for a living - helping others secure their valuables. But still, I will give it a try with the help of the Observability pattern.

(I told you I would refer to this pattern many times. :) If you want to know more about the basics of this concept, you can read about it here: Observability in a nutshell)

But in this case, I would rephrase it a bit like this:

Thus, I’d like to invite you to a little story about Ebenezer Anderson’s awakening. (I still have to work on this… essentially, I traverse my relationship between the two worlds through a fictional character…)

Introduction

My name is Anderson, Ebenezer Anderson. I have been dealing with the Internet since I was a child. I’ve had a lot of ideas over the years, so it’s no wonder that I’m still working to exploit this area even more. Throughout my career, I’ve met countless people who can’t even grasp what they’re missing. The possibilities are endless, but unfortunately, everyone wants to take advantage of me.

I can’t let this happen. I know their stories. I’ve seen numerous manifestations of it. Trust me when I say that if something is “free”, there’s a catch. It’s all Humbug.

  • Free Social Media. Humbug. You are the product.
  • Free code. Humbug. Companies exploit creative developers this way.
  • Free AI. Humbug. This is how they copy your knowledge. Stealing opportunities from you.
  • Sharing knowledge with everyone. Humbug. This is how they steal your ideas and trap you in an eternal rat race.

I believe in information security. I know where and how information flows. I know how to see the data stream that others find incomprehensible. This gives me knowledge that I can sell for good money. Mainly to companies, as who else could afford my time?

I’m currently looking for a new assignment. It’s quite a tiring process. Once again, I have to talk to people who have no idea about the Digital World. (Actually, I’m really looking for new opportunities… But let’s get back to this a bit later once you’ve read through the story. :)) They don’t understand that reality hardly exists anymore. If we want to prevail, we must follow the unwritten rules of the Digital World. Here, only one thing matters… information.

I’m tired. Every day, I chase after some new shiny thing. That’s why I hardly know who I am anymore. I’ve registered for so many services and worked for so many companies that I can no longer manage this without a digital tool. Neither can you. And if you say you can… I know that what you’re saying is Humbug. It’s impossible to maintain so many digital selves without at least a password manager.

Of course, it used to be different. Friends, family members, and former colleagues tried to understand this new world together. But they have fallen behind. For various reasons, but it’s nothing but humbug.

The Spirits of the Information

I’m sitting in front of my computer, looking at my three monitors, when a pop-up appears. How is this possible? I block all notifications. I’m only available on chat when necessary.

“Review your history. It’s enlightening. The Spirit of Past Information. Powered by Wayback Machine"

I quickly checked to see if this was another unwanted update messing with my system. It wasn’t. Then maybe malware? Nothing has changed in my file system that I didn’t want. Perhaps a new tracker I didn’t notice? That’s not it either. But curiosity drives me. I create a new virtual machine on my Proxmox server. And there, I try to investigate what this could be.

The virtual machine is ready. I opened it on one of my monitors. The middle one because it caught my attention. The page loads. I don’t find anything unusual in the content, but the page isn’t registered. How is this possible?

As this thought flits across my mind, I unconsciously immerse myself in the memories visible on the page. I see my siblings, with whom I grew up, and my parents, who tirelessly worked day in and day out for us to ensure we had everything. I smell the freshly cooked lunch and feel the exhaustion on my body because we’re building our new (now old) house. I don’t understand. How can this be so real? Why don’t I ever think of these?

  • “Mr. Anderson. How wonderful is this, isn’t it?"
  • What is this voice? Who are you? Where am I? How did I get here?
  • “Ah, apologies. I didn’t mean to frighten you. I am the Spirit of Past Information. These are your old memories, which you barely remember. We thought you might benefit from a new, or rather old, perspective."
  • Spirit of Past Information? What? This is humbu… Wait a minute. You’re not trying to play “A Christmas Carol” with me, are you?
  • “Why? Would that be a problem? You spend so much time behind your monitors that you’ve somewhat forgotten where you came from and where you’re heading."

(This could become a longer, educational “modern fairy tale”. But what if we speed up a little? :D If you’d like me to develop this story further, you can support me on Patreon or elsewhere.)

-“My siblings and I decided to show you our secrets. I came first."

The Spirit of Past Information

  • “Come. Do you remember this?"
  • Of course. I’m playing. I connected the TV to the video recorder to record my favorite cartoon. Even then, I was constantly dragged everywhere.
  • “Strange games you had. :D But I guess you didn’t notice. Look! There in the doorway. That’s your father. Watching how you diligently follow the cables. Look how proud he is of you!"
  • Humbug. He’s just thinking about which movie to copy from the video rental this weekend.
  • “Really? Is that what you think? Let’s look at another story… What do you say to this?"
  • That’s my first computer. So many memories. I see how my brother and I try to play single-player FPS games together.
  • “Isn’t that a cozy time spent together?"
  • Humbug. He never left me alone. I just wanted to relax. He had the chance to be more outdoors. The digital world was all I had because of my allergies. He doesn’t know how much effort it took to get those softwares.
  • “Of course, he knew. And he’s been grateful to you ever since. You were able to see the dangers and made your computers safer."
  • Humbug. No matter what I said or did. As soon as I left home, someone immediately watched Porn on my computer. Then, they wondered why I had to reinstall the system over and over again.
  • “But at least you knew how to do it. And how many times since then have you had to install an operating system because of this?"
  • Just because complaints don’t arise doesn’t mean their computers aren’t infected. A glance at how they use their passwords is enough.
  • “Do they need anything more serious than this? The current system you helped create. They don’t shop online. They only use sites that they consult with you first."
  • Humbug. They just exploit me and waste my time. They’re not even willing to understand that their carelessness also puts me at risk.

For now, I think this is enough from this story. :) I feel a bit ungrateful when I think about this, but what I realized is that for my close relatives, I am a Proxy between Reality and the Digital World. A human Proxy.

In this setup, there isn’t necessarily a need for a more robust “defense system”, like a password manager. We’ve come up with a strong password. (Actually, several.) Which is written down… on a piece of paper…(Never write down your passwords) Good luck finding that piece of paper in a family home’s paperwork mess after wrestling with the dogs. If anything suspicious happens, I’m the first they call. They mostly use the internet for content consumption, not creation. Online payments and other more severe digital operations are left to someone more experienced.

(Although true, it would be much easier if I didn’t have to pay attention to this. But I’ve received much more from them than I could ever list.)

Let’s support those who are less aware of potential dangers. Show them how to be safer and more effective online. We never stop learning, and neither do they. Maybe if we approach them with patience or in a more playful manner, knowledge would stick better. (It’s not an ad, but the concept of Backdoors & Breaches is incredible. Do you know other “play security” games?)

But if you’re observant, you might notice a tiny flaw in this concept. What if a request bypasses the Proxy? A Proxy might monitor traffic, but if bypassed, it doesn’t offer much help. That’s what firewalls are for. They either direct every request through the Proxy or block communication. However, in the Real Life, it’s challenging to create an effective “firewall”. How do you reroute a posted letter, an SMS, or a seemingly innocent conversation with a roaming hawker to someone 100 km away from you?

Another issue with this concept is that the Proxy offers active protection. Why is this a problem, you might ask? Because actively monitoring traffic requires resources. I haven’t mentioned it much yet, but every Node has a maximum performance capability. (If you don’t remember what I’m referring to, feel free to read my Observability in a nutshell article).

Many think the more a Proxy knows, the better. That’s not the case. The more a Proxy knows, the more operations it must perform, thereby handling fewer requests. Do you begin to see why helping our loved ones in our constantly changing world is so exhausting? We’re slowly reaching the limits of our capabilities.

Proxies are great tools, but they are not the solution. If you look closer, they are just Nodes in the observability. Do you need to monitor (Observe) your “Proxies”? Sure! This is DoS protection. And because I was talking about human proxies, it’s called Burnout prevention.

  • Why did you bring me here, spirit? Why did I have to relive this outdated world?
  • “To see that nothing is new. Everything is just a rethinking, a mix of earlier. Look for the traces around you. I think you’ve seen enough. 302."
  • 302? What does that mean?

There’s a knock at the door. Startled by the sound, I barely feel my chin. I’ve fallen asleep in front of my monitor… again. No surprise there, considering I spend nearly 14 hours a day almost nonstop in front of machines, and the coffee is about ineffective. A package has arrived. Finally! I’ve been eagerly awaiting the arrival of my new VR headset. Now, I won’t just read about the Digital World but feel it too.

Closing Thoughts

That should be enough for a first read. :) Luckily, there’s a word counter at the bottom of Obsidian, or I might finish the whole story after a long coffee binge. And I would wonder why not many people read what I write. I believe there are at least two sides to the truth, so I tried to provide an example, or rather an alternative, to secret managers.

Honestly, this has been a challenging task for me since it’s hard to find a more effective solution among our current tools that would provide an average person with better security than a password manager. But there are alternatives in places we might not think of. That’s why I chose this format, as it might be closer to the everyday person. Let’s not forget that even S&P 500 companies are made up of ordinary people.

The story will continue. For now, this is the outline prepared for it:

Spirit of Present Information

In this part, I’d like to write about the isolation of the digital world. In Anderson, multiple personalities develop since he must appear in various online communities. This distances him from reality, and he begins to view the world strangely… as if it wasn’t real.

Spirit of Future Information

In this part, Anderson becomes entirely part of the digital world. Society splits into two: consumers and slaves and those who operate this world.

Consumers chase after various products in blissful ignorance while invisibly enslaved; they strive to reach the bare minimum.

In this world, Anderson is among the operators. He helps build and oversee this system so much so that he nearly loses his true human essence.

Awakening

Anderson is terrified of his own future. He realizes that he doesn’t want to be part of the digital world if it continues in this direction. However, perhaps, together with others, he can influence its course. Thus, he attempts to bring awareness to others. Maybe then, someone will come along with the chance to make the digital world better.

What do you think?

As mentioned in the article, I’m looking for a community/assignment where I can contribute to our future. So feel free to reach out to me on LinkedIn or other platforms. (I really need to work on this. :) Other platforms… Do I really expect you to do OSINT?) For now, you can help improve my content on Patreon or perhaps here in the comments. But again, I’m talking about myself.

What do you think? What alternatives do you know of that could replace a password manager? Why would they be better? Or what disadvantages might they have?

How did you like this story-based approach? Would we live in a safer world if our movie selections included an InfoSec category? :D

Do you know other InfoSec games, like Backdoors & Breaches?