| Style over substance|
| Gather 'round the campfire|
The world of technical support is a magical place. User[Who?] beliefs include:
- IT watches everything[better source needed]
- IT watches nothing[more detail please]
- Users control their computers[Who?][more detail please]
- Users do not control their computers. Most likely because Russian botnets or IT does[Who?][more detail please]
- Technicians can understand user requests via telepathy. To be fair, IT often has advanced background information gathering tools and supporting data that is indistinguishable from magic to many users[more detail please]
Technicians and software developers many of whom consider themselves rational logical thinkers are not immune from all kinds of sloppy thinking and superstitions:
- Heisenbugs, issues that never seem the same when you attempt to study them
- Cargo cult programming
- It works on my machine: some programmers and IT have a tendency to assume that because code will run on one computer, that if it doesn't run on another one, that the other one is broken. It's usually the opposite. If you have code that runs on your personal computer but not on other machines, it is probably doing something dangerous that should cause segmentation faults or similar, but somehow is being allowed to do it. Alternatively, it may be set up in a way that is peculiar to the settings and file system on your machine.
- Name, time, addresses, maps, gender misconceptions and more![please explain]
And among most people there is little conception what's involved in programming, to the point that the moviegoing public can accept the idea that a sufficiently good programmer can write a virus for a completely alien operating system, in a completely alien language, and have it work right the first time.
BadBIOS is firmware malware that was created by Ruiu ... in his head. Individuals like Ruiu are extremely concerned about malicious firmware from hackers and the NSA to the point of literal paranoia.
According to Ruiu (@dragosr on twitter), BadBIOS is a rootkit that can infect computers without bluetooth, ethernet, or Wi-Fi. Instead it can infect other computers by emitting "ultrasonic sound [...] from the device's loudspeakers". Computers nearby somehow pick up the sound via the speakers and thus get infected. Ruiu suspected his computers were infected with BadBIOS once his computers were acting strange. Ruiu later provided data dumps of his BIOS only to have experts reveal it was normal data. Ruiu then countered stating that the malware probably erased itself whenever he tried to make a data dump. While these claims are not outside the realm of science fiction, Ruiu has not provided a silver bullet, only speculation. Despite this, his reputation seems to be intact somehow.
Yep, /r/badBIOS/ is a subreddit for a malware that probably never existed! Unsurprisingly, it's inhabited by some users who think that one weird thing in a computer means infected malware. These people are generally paranoid, judging by the threads:
- User thinks hackers infected his ... mp4 file because it got corrupted. OP blatantly states they used a dirty electricity filter to evade hacking. Ironically, his means to evade being hacked is the reason why he thinks he got hacked — having poor connection to an external device can disconnect a device when it's not ready, resulting in corrupted file.
- A user claims that they're picking up ultrasonic sound ... must be badBIOS! Ultrasonic sound is just high-frequency sound above the human hearing range. There are other (plausible) sources of such frequencies such as bats.
- "Neuroimaging tech will soon be able to decode our thoughts" An example of just how paranoid this subreddit is.
Truth to it
Despite Ruiu's paranoia, there is truth to the madness:
- Through an "internal NSA catalog", the NSA performs firmware attacks through backdoors thus confirming proof that such attacks do exist. Unlike BadBIOS, these attacks are actually detectable and actually have documentation; however, certain tools in the catalog require tools priced as high as 250,000$USD, something not to be wasted on the average Joe. Despite this discovery, it doesn't confirm Ruiu's brain fart that has no evidence.
- In the paper Journal of Communication, Michael Hanspach and Michael Goetz showed that BadBIOS is possible but only at 20 bps.
Cargo cult paranoid computer security practices are often advocated by naive internet denizens and trolls towards even more naive newcomers. High profile attacks aimed at Tor hidden services Operation Onymous as well as large attacks on users such as the FBI's legally dubious network investigation malware has created an association of insecurity and surveillance associated with what is in fact one of the most secure and surveillance-resistant networks ever created.
Prospective explorers often ask if they should put tape over their webcam or use Tails in order to 'safely' explore the dark web. They will fixate on how technological configurations can secure their machines, but are entirely clueless about vectors such as password reuse, identity segregation or how to verify safety of file downloads.
Such common misconceptions stem from limited public understanding of threat modelling, privacy and practical computer security. As such, there is a massive market for bloggers and YouTube charlatans such as Takedownman and SomeOrdinaryGamers to offer off-the-shelf tips which increase the user's feeling of security.
Hackers and viruses
Due to the low understanding of what hackers do and how viruses and malware works, it has been a relatively accepted trope for someone to claim their account was hacked as a get-out-jail-free card in the event of certain drug-fuelled rants and dramas.
Some computer users will attribute changes to their computer to malevolent forces in a method comparable to astrology when it comes to rationalising changing and intermittent issues.
Of course, in a video gaming context, anyone who is better than you is a hacker.
There is a small number of 'anti-updaters', an anti-vaccination movement-like contingent of people arguing against automatically updating applications due to the misplaced belief that significant numbers of people care to manually review and install all patches. Patches and updates are generally good, except maybe if you're working with the CIA. Yes, there are occasions where an update breaks something that was working before or causes other mischief, but by and large updates are something you want: they fix problems and improve the security of your system.
Depending on who you ask, encryption can be anything from the largest piece of social good modern mathematics has ever produced or a dangerous weapon utilised by terrorists and child abusers in order to evade justice which must be carefully controlled.
In the early days of strong cryptography, the US government attempted to issue export bans, classifying the technology as akin of munitions. While such bans were overturned in 1992, it wasn't until the rise of ubiquitous personal computing that governments would once again characterize mathematics as a dangerous tool.
The 2010s saw an increased call from politicians[Who?] around the world to backdoor common encryption software. From the encrypted-by-default iPhone through to bans on WhatsApp in Brazil and proposed and later withdrawn in the UK, governments around the world remain convinced they can create a secure back door into software to counter criminals; however, it's not like backdoors are only exclusive to government agencies.
Said statements could be considered rhetoric to coerce tech giants deeper into mass surveillance programs, and less charitably as mathematical denialism from senior elected officials.
Web filtering is a magical solution to all the world's problems. Simply by stopping people (particularly children, but also library patrons) reaching the wrong website you can prevent sexual depravity bringing about the fall of modern civilisation, and prevent terrorism. Companies including Impero, Future Digital, and Securus sell "anti-radicalisation software" which prevents children reading about Islamist terrorism'. According to online security company Akamai, British law requires schools and universities to consider the use of such software. Whether Akamai is an unbiased source of legal advice is for you to judge.
The traditional use of such software is to block access to pornography online, but such filters are pathetically useless. A British newspaper report complained that one filter blocked searches for "sex education" but allowed explicit searches in Spanish; it concluded they provide false security and could be easily circumvented (as anybody who knows anything about children could tell you). More seriously, anti-porn filters may discourage children from talking to their parents and actually promote porn addiction: "Filters can also encourage secrecy, deception and shame – key conditions for nurturing dependency or even potential addiction." Because the naughtiness is half the reason why porn is appealing.
Web filters also rarely if ever consider the blocking of pornography or jihadism to be their first priority. The majority of their efforts go to the blocking of websites offering alternative proxies and websites offering translation software. The former because it allows people to easily and perhaps even unintentionally bypass these filters and the latter because they often allow for diverse translations of the thing that people want to be censored and thus increase exponentially the work required to censor everything. Even more worrying is that some have them by default, meaning that no matter what you do, you won't be able to access Babelfish.
You'll be glad to know that the best in the business who have a firm place in the international market are currently selling their software to dictatorships that want to avoid their citizens reading about any information that might potentially harm the way the government is perceived by its citizens.  On the plus side, since these governments are spending their time with censoring internet traffic and they will never be able to fully do so anyway, this is often accompanied with a more uncensored traditional press and television. However, one might still question why democratic governments support something that is partially marketed to dictators.
- Internet — The internet is not a big truck.[please explain] Nor is it literally a series of tubes — though that's actually not a terrible analogy. Trump could possibly attempt to 'close up' the internet for the US, crippling its economy, but not for the world.[please explain]
- Advertising — You're not the site's 1,000,000th visitor and that nice Nigerian royal may not be as honest as his introductory email claimed. Also, advertiser technology has not yet predicted pregnancies, though Facebook probably knows if you're gay.
- Digital Rights Management — you cannot secure information that must leave via the analogue hole.
- Biometrics — An established trope in science fiction, many consumers and technologists are eager to replace their passwords with fingerprints in a delusion that this is somehow a more 'futuristic' mode of authentication. When asked what they will do if their fingerprints are leaked (or worse, fingers cut off) their answer is to simply change their... oh.
Things that are not computing woo
- Government mass surveillance capabilities
- Insecure backdoors into software and operating systems
- Financial based cybercrime
- The online trade in child pornography
- Sextortion based cybercrime — sometimes there is reason to cover your webcam
- The dangers of both password reuse and doxing
- Darknet market commercial operations for a large amount of drugs, a lot of stolen data and a small amount of weapons
- Your 'smart' TV, Barbie, console smart phone assistant recording your conversations
- Tech giants selling your data to advertisers
- Cyberwarfare and cyber espionage - Including:
- /r/itsaunixsystem on Reddit - dedicated making fun of Hollywood hacking
- willusingtheprefixcybermakemelooklikeanidiot.com - You should always be cautious with the about mainstream media reporting of cyber-anything. If in doubt, be sure to check
- i read your email
- Bastard Operator From Hell
- Bring your own device
- Falsehoods Programmers Believe
- As seen for instance in Independence Day.
- FBI crack Tor and catch 1,500 visitors to biggest child pornography website on the dark web
- Tor: Overview
- This Is The Most Epic Brand Meltdown On Facebook Ever
- Export of cryptography from the United States
- Here's Why Apple Is Going To War Over FBI 'Backdoor' Order
- WhatsApp officially un-banned in Brazil after third block in eight months
- WhatsApp, Snapchat and iMessage could be banned in the UK: Should you be worried about the Communications Data Bill?
- Schools monitoring pupils' web use with 'anti-radicalisation software', The Guardian, 10 Jun 2015
- The Prevent Duty – What’s it all about?, Bloxx, Akamai
- Why online porn filters were doomed to failure, Martin Daubney, Telegraph, 25 Jul 2014
- Donald Trump thinks he can call Bill Gates to 'close up' the internet
- Did Target Really Predict a Teen’s Pregnancy? The Inside Story
- Facebook knows you’re gay before your mother does, IT World, International Data Group, March 12, 2013
- Ironic Windows Vulnerability Shows Why Backdoors Can’t Work
- Not in front of the telly: Warning over 'listening' TV
- Privacy fears over 'smart' Barbie that can listen to your kids
- Mandatory Kinect on Xbox One raises privacy concerns
- The price of free: how Apple, Facebook, Microsoft and Google sell you to advertisers
- Fake news can poison your computer as well as your mind