It's great that you and others are calling attention to the ever more convincing scams. Unfortunately things are going to get much worse when the bowky-based botnets start proliferating.
But these videos all offer a non-solution as though it's a remedy: "Be on guard! Recognize the fakes!" - right after showing how difficult it is even for experts to recognize the fakes.
An anecdote will illustrate why we need to do better. Every year I go to the AGC and RSA cybersecurity conferences in San Francisco and the many evening parties sponsored by exhibitors. At the parties, I'll arrange to chat over a beer with a CISSP-certified security expert. After a while I'll say (disingenuously, yes) "You know, I have to admit, I've clicked on an occasional bad link and bad email attachment..."
Over fifty per cent of the time, the person I'm talking to, you know, the expert whose job is to educate their organization's staff to watch for and recognize phishing emails, bad links and bad attachments, will respond, "Yeah, I know, I've done that too..."
So there's a quick assessment of the value of eternal vigilance to fight fakes: It does not work. Full stop.
The sad thing is that there exists a very well set of proven solutions to the problem of fakes, and it's based on the same technology that you, dear reader, are using right now, as evidenced by the "htttps://" that starts the address for this page. But SSL / TLS, as is so often the case, has been deployed by technologists who have less of an understanding of the real world they're protecting their users from than the typical user themselves. SSL/TLS rely on sources of authority (certification authorities) which, like StartCom, can be, and are, bought and sold. (Gee, can you guess what buyer might be particularly interested in a CA that's known for its integrity?) But the technologists who came up with the cite certificate system tended not to understand such real world opportunities for corruption. (Search StartCom for the grim details.)
While the technologists beg to be guided by people with a wider understanding of the problem they've been asked to solve, typically the user recoils from the thought of learning enough of the technology to know what's possible and how it can be applied.
Again, we can SOLVE the problem, but it requires doing things differently. Stay tuned, I'm being summoned to a family event but will continue.
Continuing after my wonderful Father's Day (3 dads, no waiting!) gathering...
The first step is to step back and think about our assumptions about our online world.
The internet used to be called an "information highway" and the name still fits.
So... what is a highway? How do we use highways?
A highway is an OUTDOOR public transport system, right?
And don't we typically use highways to get from one building to another? Because in real life we need these accountability spaces, indoor spaces where you tend to know who's in the room with you. We use the outdoor highway to get to those accountability spaces called buildings, but the buildings are apart from the highway.
Also, the decision to design and construct a new building, a new accountability space for our own purposes, has little or nothing to do with a decision to change the way a highway works. If you want to change red lights to blue, that would be an impossibly immense project, involving roadway intersections around the world. By contrast, your building needs only to comply with building codes and to serve your own purposes and no one else's.
It's often noted that what the internet has lacked, at least since the addition of the markings and signage layer called the World Wide Web, is accountability. "On the internet, no one knows you're a dog"... or a fake person.
Well, accountability is also what's lacking in all outdoor spaces. On the highway or in a public park, it's no one's business who you are unless you choose to disclose that to others (or unless you're caught snatching a purse.)
So the point is, humankind came up with buildings to 1) provide shelter from the elements, and 2) provide spaces of accountability. In the physical world, buildings do that job well.
And in both physical and online spaces, highways do their job well.
But while our digital online world has a wonderful highway system... where are the indoor online accountability spaces that are accessed via, but are separate from, the highway?
Answer: they don't exist.
Yes, we have VPNs and portals that resemble public accommodations and we have "zero trust" assumptions that go with them. But... if what's lacking is accountability, why do we not have digital buildings?
In fact, the technology mentioned earlier that gives us "tunnels" through the interne, that is ssl/tls and https://, is a wonderful construction material for buildings. But hey, think about a tunnel: is it a building? Well, a tunnel is secure in the middle, yes, so the claims of ssl-tls-https are legitimate. But would you hold your meetings, keep your files, and let your kids hang out in a tunnel? Of course not - because a tunnel is wide open at the ends, free for any fraudster or thief to come in and mess up your life.
Instead of a tunnel, picture an enclosed pedestrian footbridge between two office buildings. There's a reception lobby in each building, and a receptionist whose job it is to ensure that people entering either have employee badges or else their ID has been checked and they've been issued visitor badges, and probably disclosed who they're visiting.
So I mentioned that the construction material for buildings is old and proven, and in fact the rest of the methods and technologies (mostly methods) with which to have secure accountability spaces are old and proven as well. But there are lots of such components because, hey, buildings are at least as complex as highways, and the methods for constructing and managing buildings (occupancy permits etc.) have accumulated over centuries.
So allow me to introduce the world's ugliest acronym. Lots of letters, but I guarantee that if you build spaces that check off each letter, you will have a digital building (residence, clubhouse, office building, office-retail complex, stadium, etc.) that provides exactly the solution to the problem presented in that video about deep fakes.
Here's the acronym and what it stands for:
The Ugly Acronym is
DIBPKICMUPFDICTDSMERICOUPAA
DIgital Buildings
built with
PKI Construction Materials
accessed by
Universal Password-Free Digital Identity Certificates
that also enable
True DIgital Signatures
from
MEasurably Reliable Identity Certificates
Identity Certificates
which are
Owned by the User
and which protect
Privacy
through
Accountable Anonymity
Like I said, ugly. But it solves the problem. If you were to build a space for your people that checks off all the boxes, you would be able to assure them that every image, every video, is digitally signed by the individual human being who takes responsibility for its content, and that every person you encounter is accountable for what they say and do - even if they don't disclose their identity. (Think about your car's license plate. It makes you accountable for what happens on public roadways, but no one gets to know your identity unless there's been an incident.)
And, oh yes, forgot to mention: you can't change so much as a single pixel on a digitally signed image or video without the signature showing up as invalid. If someone captures your video explaining your views on a subject and decides to change the parts they don't like, the video will tell the viewer that it's been tampered with and not to trust it.
We have to also remember that there are real people who really believe what they're saying, but they're wrong. Hitler and Nazis were sure they were right. As was the KKK.
There are disaster relief NGOs and other organizations that, unlike the AI appeal in this video, are 100% real. But they are still rip-offs.
One thing that I think is important, is to compartmentalize the hell out of everything in your life. I won't go into details, but if someone got a hold of my computer, they would benefit very little from that access.
"The fundamental cause of the trouble is that in the modern world the stupid are cocksure, while the intelligent are full of doubt. Even those of the intelligent who believe that they have a nostrum are too individualistic to combine with other intelligent men from whom they differ on minor points."
I just came back from a discussion about universal healthcare. We had every point of view. It was a very positive discussion, from very pro to very con to places in between. Everybody made sense. And we reached no conclusions. "Thinkers tend not to be joiners."
It's great that you and others are calling attention to the ever more convincing scams. Unfortunately things are going to get much worse when the bowky-based botnets start proliferating.
But these videos all offer a non-solution as though it's a remedy: "Be on guard! Recognize the fakes!" - right after showing how difficult it is even for experts to recognize the fakes.
An anecdote will illustrate why we need to do better. Every year I go to the AGC and RSA cybersecurity conferences in San Francisco and the many evening parties sponsored by exhibitors. At the parties, I'll arrange to chat over a beer with a CISSP-certified security expert. After a while I'll say (disingenuously, yes) "You know, I have to admit, I've clicked on an occasional bad link and bad email attachment..."
Over fifty per cent of the time, the person I'm talking to, you know, the expert whose job is to educate their organization's staff to watch for and recognize phishing emails, bad links and bad attachments, will respond, "Yeah, I know, I've done that too..."
So there's a quick assessment of the value of eternal vigilance to fight fakes: It does not work. Full stop.
The sad thing is that there exists a very well set of proven solutions to the problem of fakes, and it's based on the same technology that you, dear reader, are using right now, as evidenced by the "htttps://" that starts the address for this page. But SSL / TLS, as is so often the case, has been deployed by technologists who have less of an understanding of the real world they're protecting their users from than the typical user themselves. SSL/TLS rely on sources of authority (certification authorities) which, like StartCom, can be, and are, bought and sold. (Gee, can you guess what buyer might be particularly interested in a CA that's known for its integrity?) But the technologists who came up with the cite certificate system tended not to understand such real world opportunities for corruption. (Search StartCom for the grim details.)
While the technologists beg to be guided by people with a wider understanding of the problem they've been asked to solve, typically the user recoils from the thought of learning enough of the technology to know what's possible and how it can be applied.
Again, we can SOLVE the problem, but it requires doing things differently. Stay tuned, I'm being summoned to a family event but will continue.
Continuing after my wonderful Father's Day (3 dads, no waiting!) gathering...
The first step is to step back and think about our assumptions about our online world.
The internet used to be called an "information highway" and the name still fits.
So... what is a highway? How do we use highways?
A highway is an OUTDOOR public transport system, right?
And don't we typically use highways to get from one building to another? Because in real life we need these accountability spaces, indoor spaces where you tend to know who's in the room with you. We use the outdoor highway to get to those accountability spaces called buildings, but the buildings are apart from the highway.
Also, the decision to design and construct a new building, a new accountability space for our own purposes, has little or nothing to do with a decision to change the way a highway works. If you want to change red lights to blue, that would be an impossibly immense project, involving roadway intersections around the world. By contrast, your building needs only to comply with building codes and to serve your own purposes and no one else's.
It's often noted that what the internet has lacked, at least since the addition of the markings and signage layer called the World Wide Web, is accountability. "On the internet, no one knows you're a dog"... or a fake person.
Well, accountability is also what's lacking in all outdoor spaces. On the highway or in a public park, it's no one's business who you are unless you choose to disclose that to others (or unless you're caught snatching a purse.)
So the point is, humankind came up with buildings to 1) provide shelter from the elements, and 2) provide spaces of accountability. In the physical world, buildings do that job well.
And in both physical and online spaces, highways do their job well.
But while our digital online world has a wonderful highway system... where are the indoor online accountability spaces that are accessed via, but are separate from, the highway?
Answer: they don't exist.
Yes, we have VPNs and portals that resemble public accommodations and we have "zero trust" assumptions that go with them. But... if what's lacking is accountability, why do we not have digital buildings?
In fact, the technology mentioned earlier that gives us "tunnels" through the interne, that is ssl/tls and https://, is a wonderful construction material for buildings. But hey, think about a tunnel: is it a building? Well, a tunnel is secure in the middle, yes, so the claims of ssl-tls-https are legitimate. But would you hold your meetings, keep your files, and let your kids hang out in a tunnel? Of course not - because a tunnel is wide open at the ends, free for any fraudster or thief to come in and mess up your life.
Instead of a tunnel, picture an enclosed pedestrian footbridge between two office buildings. There's a reception lobby in each building, and a receptionist whose job it is to ensure that people entering either have employee badges or else their ID has been checked and they've been issued visitor badges, and probably disclosed who they're visiting.
So I mentioned that the construction material for buildings is old and proven, and in fact the rest of the methods and technologies (mostly methods) with which to have secure accountability spaces are old and proven as well. But there are lots of such components because, hey, buildings are at least as complex as highways, and the methods for constructing and managing buildings (occupancy permits etc.) have accumulated over centuries.
So allow me to introduce the world's ugliest acronym. Lots of letters, but I guarantee that if you build spaces that check off each letter, you will have a digital building (residence, clubhouse, office building, office-retail complex, stadium, etc.) that provides exactly the solution to the problem presented in that video about deep fakes.
Here's the acronym and what it stands for:
The Ugly Acronym is
DIBPKICMUPFDICTDSMERICOUPAA
DIgital Buildings
built with
PKI Construction Materials
accessed by
Universal Password-Free Digital Identity Certificates
that also enable
True DIgital Signatures
from
MEasurably Reliable Identity Certificates
Identity Certificates
which are
Owned by the User
and which protect
Privacy
through
Accountable Anonymity
Like I said, ugly. But it solves the problem. If you were to build a space for your people that checks off all the boxes, you would be able to assure them that every image, every video, is digitally signed by the individual human being who takes responsibility for its content, and that every person you encounter is accountable for what they say and do - even if they don't disclose their identity. (Think about your car's license plate. It makes you accountable for what happens on public roadways, but no one gets to know your identity unless there's been an incident.)
And, oh yes, forgot to mention: you can't change so much as a single pixel on a digitally signed image or video without the signature showing up as invalid. If someone captures your video explaining your views on a subject and decides to change the parts they don't like, the video will tell the viewer that it's been tampered with and not to trust it.
We have to also remember that there are real people who really believe what they're saying, but they're wrong. Hitler and Nazis were sure they were right. As was the KKK.
There are disaster relief NGOs and other organizations that, unlike the AI appeal in this video, are 100% real. But they are still rip-offs.
One thing that I think is important, is to compartmentalize the hell out of everything in your life. I won't go into details, but if someone got a hold of my computer, they would benefit very little from that access.
Or as Bertrand Russell noted,
"The fundamental cause of the trouble is that in the modern world the stupid are cocksure, while the intelligent are full of doubt. Even those of the intelligent who believe that they have a nostrum are too individualistic to combine with other intelligent men from whom they differ on minor points."
And as I put it:
"Thinkers tend not to be joiners."
I just came back from a discussion about universal healthcare. We had every point of view. It was a very positive discussion, from very pro to very con to places in between. Everybody made sense. And we reached no conclusions. "Thinkers tend not to be joiners."
I'm disconnecting more and more from just about everything. You can't even trust half of what you see.
Even when it's real people, a lot of it is lies.