LibrarianShipwreck

Libraries, Archives, Technology, Impending Doom

The Heartbreak of Heartbleed

Periodically when a person uses a computer one may receive notifications that contain phrases such as “do you trust this connection” or “do you trust this site.” While it is unlikely that such prompts are intended to send users tumbling into an existential abyss they nevertheless carry a very important question bundled in the guise of a simple yes or no (“allow” or “don’t allow”) moment. That question: “do you trust…”

Well…do you?

Using technological systems in contemporary society (in particular “high technological” systems) is often premised upon an oft unspoken level of trust, which relies as much (if not more so) on subconscious consent. We trust that our devices will function the way we have been led to expect them to function, we trust that the applications we use will do what they advertise, we trust that the passwords we use are being kept secret by the sites to which they correspond, we trust that the little “lock” logo that sometimes appears in our web browser actually means something, and so forth.

Using these systems requires such extensive granting of good faith that it becomes second nature. We stop thinking about it, and this is at least partially because investing such trust is necessary if we want to be able to continue using these systems. We trust sites like Yahoo because the seeming societal consensus is they can be trusted. Yet, of late, there have been many instances that have made it so that this subconscious trust has been dredged up to the conscious level and it has forced many to evaluate the way this trust has been placed. Like a closely relied upon confidant being revealed as an enemy spy (at which your life tailspins into a noir film!) this crack in the façade may make lead us to find ourselves feeling a bit heartbroken…or at the very least like we are experiencing heartbleed.

Heartbleed, of course, is the name given to a rather serious bug (even deemed “catastrophic” by some), which has revealed that some of our trust may have been sorely misplaced. The bug has already been gnawing away at sites using OpenSSL for a rather disheartening amount of time, but it has chewed through the surface recently.

So, why does this matter? Well, as the Guardian put it, SSL is a common security tool used online – it allows for the flow of information to be encrypted; what Heartbleed allows is for prying eyes to get a glance at that encrypted data – including passwords and the like. Heartbleed has been sinking its pincers and mandibles into many sites including aspects of the Yahoo empire (like Tumblr), as well as other sites such as Eventbrite, Imgur, and (in a bit of irony) OKCupid. Evidently that was not Cupid’s arrow but the stinger of a bug…

As with all revelations about bugs there is a bit of hyperventilating panic (“catastrophic”) and then the exterminator shows up, makes a droll assessment, sprays some of this and that about, and explains that while the infestation was quite bad it has now been seen to. The exterminator was summoned in time. Phew! Stay away from the worst spots for a few days, keep an eye out, but don’t worry, everything is fine, and if you’re worried here’s a helpful resource, and you can always call the exterminator again. But the issue with such bugs is in that they lay bare, even if only for a moment or two, the degree to which our placing trust in certain technological systems makes us susceptible to certain kinds of bugs.

At risk of being grossly overly simplistic: many people who use high-tech devices and platforms have only a vague understanding of everything (emphasis on everything) that goes on in and around such devices. Even those who consider themselves technologically savvy and quite computer literate might still find themselves stumped by some of the questions that crop up around certain code (which comes in many different languages). After all, Heartbleed is a bug that impacted quite a few prominent platforms (and it is not as if past bugs have not hit other companies [see: Apple]) which were conceivably being managed by highly technologically skilled individuals. All of which is a roundabout way of saying – when we use a high tech device or platform our use of it is in some ways a statement (by deed) of trust. There is only a limited amount of choice (for most people) in this regard – and while there are some options these are generally still options based around which sites we want to trust (Yahoo or Google, Tumblr or Facebook, Apple or Microsoft, etc…). Life in technological society requires placing trust in those building the infrastructure, but it seems that these may not be certified architects…

Part of what makes us so susceptible to unhappy discoveries such as Heartbleed is the fact that high tech devices/platforms put us at a disadvantage in regards to fully understanding our tools – once we decide to use high tech devices we are at their mercy to a certain extent. Consider – as a counter example – a bicycle: a person with a basic manual, some time on their hands, and maybe a helpful friend or two can come to understand how such a machine works, where its problems may be, and how to fix it when things go wrong. It is not quite a “simple machine” but it is “simple enough” that an individual can understand it confidently; it does not have layers of secrets. Now consider a smart phone, a computer or a (closed/proprietary) operating system – a person with a manual, some time on their hands, and maybe a helpful friend or two can learn a great deal – but the sheer complexity of the machine will make it so that their mastery over the device is always wanting, always wanting (exceptions certainly exist, but the majority of users are not exceptions).

The more complicated a device (the less “convivial” [Illich], “democratic” [Mumford] or ”appropriate” [Schumacher]) the more we are forced to put our trust not in our skills, or those of our friends but in those who represent the device – those whose interests are tied up in the device functioning in particular ways. It is not so much that bugs are “catastrophic” accidents as that bugs are part of the deal we consent to when we click “agree” on the Terms of Service contract.

What bugs such as Heartbleed demonstrate to a galling (if not necessarily “catastrophic” extent) is the degree to which our placing of trust may be, if not highly misguided, at least not fully considered. From the NSA revelations to Heartbleed we are witnessing ever more evidence that for all of its utopian promises technological society may just be a wonderful paint job on a building being devoured by termites. When the bugs break through the paint the exterminators descend quickly to sort out the issue, but as long as we stay in this house it will only be a matter of time before we spot evidence of an infestation in another room. The techno-utopians who hurriedly painted the house and their comrades the exterminators may speak convincingly and offer seemingly wonderful things, but it seems increasingly that part of the price of “free” is societal trust. And really, they’ve bought that pretty cheap.

Heartbleed may not lead to many cases of genuine heartbreak, but it should serve as a reason to reassess this relationship – to these companies, and to their tools.

If we insist on dining on the free lunch that tech companies serve up, we cannot be truly surprised when the crunchy content of the sandwich turns out to be bugs.

Related Content

And the Bandwidth Played On…

The Book: A Convivial Tool

The Panoptic Con

“More than Machinery, We Need Humanity”

Luddism for these Ludicrous Times

[Image Notethe Hearbleed logo was designed by Leena Snidate / Codenomicon and released under a CC license, the background image “Internet Map 1024” was created by the Opte Project and released under a CC license]

About these ads

About TheLuddbrarian

"I won't explain myself because I hate common sense." librarianshipwreck.wordpress.com @libshipwreck

56 comments on “The Heartbreak of Heartbleed

  1. whitehatk
    April 27, 2014

    Reblogged this on whitehatK.

  2. tuluschristian14
    May 29, 2014

    Reblogged this on tuluschristian14.

  3. sagule10
    June 12, 2014

    que hermosa vista esto es una maravilla

  4. frankdealba
    June 20, 2014

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Information

This entry was posted on April 14, 2014 by in Privacy, Technology, The Internet and tagged , .

Ne'er do wells

Archive

Categories

Creative Commons License

libshipwreck

  • The mayor's office does not want the news story that would result from arresting those flooding wall street. Thus, the waiting game. 1 minute ago
  • The police may have learned their lesson from the Brooklyn Bridge during Occupy...mass arrests can really galvanize a movement. 7 minutes ago
  • If you are mocking protestors by calling them "dirty hippies" you have just given excellent proof that your ideology is decades out of date. 1 hour ago
  • Trolling well-meaning protestors trying to avert climate catastrophe - is the 21st century version of fiddling while Rome burns. 1 hour ago
  • "It is only for the sake of those without hope that hope is given to us" - Walter Benjamin #ClimateChange 2 hours ago
Follow

Get every new post delivered to your Inbox.

Join 8,864 other followers

%d bloggers like this: