Hacking the Future

Image of Hacking the Future:  Privacy, Identity, and Anonymity on the Web
Author(s): 
Release Date: 
September 13, 2012
Publisher/Imprint: 
Overlook Hardcover
Pages: 
304
Reviewed by: 

“Preventing anonymity prevents protections anonymity provides. . . . starts out well but could and should have been a much better book.”

When the Internet was young it connected scientists and researchers; there was little public interest in what it did or who controlled it. Today, in case you’ve been sleeping under a rock for the past 20 years, the Internet is a really, really big deal. Such a big deal that when you use it, it uses you right back—and can keep on using you even after you’ve disabled off your Internet-enabled cookie-blocker.

What you click says things about you that others can make a buck from—but in order to more efficiently monetize your digital you, there has to be some assurance that your digital you is you. Which means changing how you go about presenting yourself to the Internet.

“I think anonymity on the Internet has to go away,” says Randi Zuckerberg. Randi, in case you didn’t already know, is the marketing director of Facebook and sister of Mark, Facebook’s CEO. And so it goes.

Hacking the Future is entertaining, easy-to-read, and mostly non-technical, though on occasion Cole Stryker assumes the reader is familiar with jargon only recently coined. Be forewarned, as well: The author is a media consultant, telling us he’s “deeply invested in the ability of online publications to monetize their content,” who also weighs the market-brand of Anonymous, and even questions his own motives. “Do I really want to advocate against the business model that puts food on my table?” Disclosures such as these, including telling us that he’s been harassed by hackers for a previous book, should put the reader on guard.

What is he not telling us?

Anonymity has long been used as protection against the powerful and to fight for civil rights and women’s rights. But openness and privacy cut both ways, indeed, are tools that take on the ethics of those who use them. For example, official petitions must be signed to become part of the public record, which could then be used for retribution.

Governments and religious institutions throughout history have censored publications and punished authors. In medieval England an author might have his hands cut off, the publisher’s head put on a pike.

Satire was dangerous, too. Gulliver’s Travels was initially anonymous. For a long time, women were not allowed to publish and had to take on the subterfuge of a male pseudonym.

And barely 23 years ago, author Salman Rushdie had his life threatened for The Satanic Verses and was forced into hiding for 12 years, during which he used the name Joseph Anton. More recently he was prevented from using his first name on Facebook because Salman is a pseudonym, a nickname, even though he is known by millions by it.

Preventing anonymity prevents protections anonymity provides.

If we could create a perfectly transparent web, perfect transparency would work only if everyone behaved honestly and if no one were ever hurt by another’s words and sought retribution. The result? Everyone would be afraid to say anything, which is what you notice on electronic bulletin boards used by employees on corporation intranets.

And perfect anonymity would be just as bad. “Anonymity removes the risk of consequence.” As Lord John Whorfin once said, “Character is who you are in the dark.”

It all comes down to the impossibility of having your cake and eating it, too.

The question whether there is a difference between a written work and a weblog and what protections should be given speech on the Internet is being argued in legislatures and courts even today. It’s still not settled law.

One difference turns out to be longevity. Books can be recalled and burned, their authors and publishers sanctioned, but what’s put on the Web seemingly lives forever. So much for Winston’s job in Orwell’s 1984.

The first law to regulate anonymity on the Internet was made by the state of Georgia in 1997. Intended to outlaw false identification, the law was considered overbroad (It would have prevented nicknames) and overturned by the courts. Today preventing nicknames is something that Facebook and Google+ do on their own—but for reasons of profit, not for rule of law.

Hacking the Future starts out well but could and should have been a much better book. The weakest part is the middle hundred pages in which a reader will encounter a confusing, disjointed, and haphazard study of 4chan (a U.K. based message board/website), Anonymous, WikiLeaks, LulzSec, as well as a smattering of social and technological aspects of anonymity, cryptography, and cyberpunk. The author does not separate what is important from what is trivial, nor fact from rumor from personal belief.

This reviewer will now attempt to sort the author’s hash.

There has been (and continues to be) a number of successful computer attacks on corporations, among them Citigroup, Lockheed-Martin, Google, and Booz-Allen-Hamilton, along with successful attacks on government and quasi-government agencies including InfraGuard, a nonprofit working on cyber-security associated with the FBI; the International Monetary Fund; the CIA; and the Department of Homeland Security.

Consequences of these attacks include the exposure of private information including the email of corporate officers and personal information like credit card numbers of subscribers. An attack on the Sega Corporation compromised account information of 1.3 million customers.

Attacks are not necessarily one-time events. Sony Corporation has undergone multiple attacks. One such attack compromised 77 million user accounts to which Sony responded by shutting down its online games for several weeks, costing it a considerable amount of money.

Note as greater amounts of data become centralized; sites that hold centralized data become tempting targets. South Korea’s national database, which holds information on 35 million of its citizens, was breached in July 2011.

The attack on the HBGary Corporation revealed through exposed emails that the U.S. government is willing to fund nongovernment actors to anonymously manipulate mass and social media. The attack also tells us how anonymity supports and encourages reprisal. Through embarrassing disclosures and continued hacking attacks HBGary Federal was forced out of business. Its CEO was (and presumably still is) hounded by hackers.

Some of the attacks on government sites have occurred in response to proposed laws such as the Stop Online Piracy Act (SOPA) and the Protect Intellectual Property Act (PIPA). The concern over these laws appears to be that these laws would damage free speech, punish online service providers for the acts of their subscribers, and force providers to become censors. That isn’t to say service providers don’t already censor, or wouldn’t be willing to censor to a greater extent, if they were recompensed.

What laws may take away, hackers may give back.

One can find on the Internet tools that can be used to protect anonymity. The principal anonymizing proxy server is Tor, which has an interesting history, and there are alternative networks, such Virtual Private Networks (VPN) and Freenet.

There are also remailers that can be used to hide the identity of senders, and encryption tools to hide email and file contents—though don’t be surprised if you discover for every measure a countermeasure, and for every countermeasure a counter-countermeasure, and for every reprobate service provider, a subpoena.

“People who want to hurt or take advantage of people will always find a way.”

And it’s not as easy as using a tool to mask or unmask anonymity. Portions of web traffic are not encrypted by design, and there is no guarantee providers won’t be legally compelled to turn over information. Given this, remailers are being designed to not save identity-related information.

Nothing saved, nothing to turn over.

The current legality of doing this puts U.S. law (for the moment) ahead of (or behind, depending on your point of view) European law; however, to completely disconnect the relationship between a computer and identity one would have to use a throwaway (or someone else’s) computer with a prepaid credit card or cash for Internet access, and afterward erase the hard drive (though destroying would be better).

A reader may find in Hacking the Future interesting trends. The first is the evolution of (for the powerless) activism starting out as random harassment; becoming semi-organized, semi-anarchic vigilantism; becoming semi-rational political activism that moves outside the web, shedding anonymity. Occupy Wall Street began as a blog post.

The other trend is recruitment to the dark side, hacking by criminals and nations, both growing in competence and destructive power.

A reader may note the surprising seemingly technical (but really much more epistemological) gap between identity and action on the Internet, a disconnect between “I did this” and “Who did what?” And what remains unclear and perhaps will forever remain so is exactly how to correlate the hacker with the hack, to determine whether responsibility should be attributed to social misfits, corporate misdeeds, criminal organizations, or nation-states.

A reader may also note that anonymity taken to an extreme becomes self-destructive; insiders are free to attack their own organizations. Without an ability to enforce rules and accountability, an organization is unable to protect itself from its members. When Anonymous did things its members didn’t approve of, splinter groups defected. Backtrace Security, comprised of former members of Anonymous, created tools the FBI was able to use to unmask members of LulzSec, another splinter group of Anonymous. “We joined them to fight a bully, and they became the bully.” This could also be said of the motivation behind Bradley Manning’s defection from the Army to join WikiLeaks.

After its middle section, Hacking the Future returns to being a readable book.

Cole Stryker briefly covers the use of social media in social unrest, raising valid questions about social media in Third World countries. What is the role of the citizen-freelance journalist? Does poverty limit the spread of technology (Twitter, mobile phones), and are Twitter and Facebook taking unwarranted credit for revolutions in the Middle East?

There is a short piece on anonymous money. Governments take a dim view of competitors printing money. Bitcoin, an electronic alternative to money, is so far the most interesting player in this game. Is Bitcoin a fad, a cat’s paw, or the future? Though Bitcoin has not been shut down, it appears to have been used for money laundering and has recently been itself victim to theft and a Ponzi scheme.

Perhaps the best part of Hacking the Future is an analysis of what anonymity means in terms of its cost, a balancing of the value of what’s hidden against the effort to hide and the effort to unmask.

The principal factors appear to be relationships. Some relationships are technical: the correlation of an IP address (or IP addresses) and an individual (or set of individuals), and the correlation of an IP address (or IP addresses) and an action (or set of actions) on the Internet. Other relationships raise philosophical, ethical, and legal questions.

The chapter titled Fiddling with Your Preferences addresses how computer users can change their computer browser and personal behavior to increase anonymity, though there is nothing one can do better than by reducing one’s activity on the Internet.

The last two chapters provide real-life instances where anonymity on the Internet is used for good, in particular enabling honest and open discussion where there are cultural or legal prohibitions, and that everpresent fear of retribution.

Though Hacking the Future has severe problems, leaving the impression that the book was rushed to print, there are quite a few redeeming features that this reviewer found worth spending time to slog through.