The Twitter hack: a plea for more decentralization
By Naomi Oba on The Capital
On Wednesday last week, we witnessed one of, if not the biggest social media hack. Thousands of accounts were hacked and used to tweet a scam message — among them public figures like Joe Biden, Elon Musk, Bill Gates as well as known companies such as apple, uber and Binance. The hackers used the access to the twitter accounts to scam for Bitcoin with the very well known pattern of “All bitcoin sent to this address will be doubled and sent back.” Obviously, whatever bitcoin was sent to the address never made it back. By now, we should all be more educated than giving such an obvious scam more than 12 BTC. Then again, we always underestimate the number of stupid people — no offense (It’s one of the five laws of stupidity. You can learn the other 4 in this book).
While some are now quick to jump onto the because it was used in a scam, Bitcoin must be a scam or at least somewhat shady -train, think about how the whole hack could happen in the first place. So far we don’t know for sure how exactly the hackers gained access, but according to what alleged attackers have posted in online forums, it was via an employee account. Twitter has since confirmed that social engineering was involved:
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” (Source)
I am pretty sure that Twitter, like any other company dealing with customers' data, has trained its employees to be aware of the danger of social engineering attacks. This teaches us that we’re all just human and anyone dealing with other people’s data or access to their accounts should be sufficiently aware of their responsibility and the risk of falling prey to social engineering.
Another shocking revelation was the level of control the Twitter employees had over people's twitter accounts. Unfortunately, Multifactor authentication did little to keep the attackers outside, as the intruders could access via Twitter employee's master access. That meant, the attackers could tweet on behalf of all these public figures. It’s not the first time that tech companies have to deal with malicious actors from the inside and it won’t be the last.
What the hack like many others exposes is the problem of centralized systems. We live in a world of centralized systems and services. If you think about it, most countries are run by a central authority, we have central banks deciding about the money supply, companies are run by a central CEO and social media companies like Twitter and Facebook centrally store all the data and access to it on central servers. That has benefits for them and us in case we forget our password and need someone to help us regain access. At the same time, we put ourselves at the mercy of these companies that have all our personal data. How can you be sure what your data is used to and who will access it? The short answer is you can’t be. The Cambridge Analytica scandal has very impressively shown us the weaknesses of central data storage.
So what could an alternative look like?
Decentralization
Blockchain advocates have been praising decentralization for years. Nevertheless, the idea of decentralization is not only applied in the world of data storage but even in politics, where it leads to a democratization of power.
We already have plenty of examples of decentralized organizations. Just think of Wikipedia, the Apaches, Kazaa — a p2p music sharing service or Alcoholic Anonymous in the beginning.
Wikipedia is held up by a network of contributors worldwide who edit content, add and update it voluntarily. The Apaches were a native American tribe living in small non-hierarchical groups where each group was autonomous and kept to themselves. This is what ultimately made it so hard for the Spanish to conquer them, they didn’t find a single point of attack.
Decentralization has several benefits compared to centralization, especially when it comes to how our data is stored and handled.
Possibility of Failure: With a centralized network all control is focused on one location. In case of fire or water damage, an electric blackout, or any other natural disaster, this can shut down the whole network at once. Another danger is that centralized networks often store their backup in the same location, which makes them even more vulnerable to failure.
Access & Diversity: Usually centralized systems follow a one-size-fits-all approach, which means that they are not available for everyone. By use of a single operating system, they automatically rule everyone out from participation, who is not able to use that system. For example, if the system includes the use of an NFC reader, everyone with a phone without, cannot use the system. Furthermore, with this one size fits all approach, centralized systems fail to deliver to the various needs of their different users.
In the case of social networks, it can also be having an IP address from a certain country or whatever criteria the network provider has come up with.
Decentralized systems allow anyone access. The only thing you need will be your private and public key. Furthermore, there is no centralized authority that could decide on who to exclude. If there was to be a decision on excluding certain groups, that would be a question of governance and most likely solved with voting. Which is still a lot more democratic than in centralized organizations.
Security: Due to design all control is focused at a single point in centralized networks making them an easier target to attack than a network that is distributed. In the case of Twitter, the attackers just needed to convince one individual to give them access (or trick them into giving them access) and they were in. If they were dealing with a decentralized organization, they would have to convince hundreds of people (or take over hundreds of nodes) before even having a chance to comprise the system.
So, all in all, decentralized data storage should be a no-brainer, right? Still, we all willingly give our data to Twitter, Facebook, and Google. Part of the reason is that these are well-established and, while we all know that it’s not best practice, we all love Facebook and Google login instead of creating hundreds of new passwords. Convenience is one of the biggest advantages of centralized solutions and if the emergence of one-day delivery, Amazon fresh and Uber eats has taught us one thing, it’s that we love convenience.
It’s probably naive to believe that we’ll just go from centralized to decentralized networks in an instant, but we might see more of a transition to decentralised solutions. Be it more decentralized data storage or decentralizing access to a certain kind of data.
Apart from that, there are some social networks running in decentralized fashion hoping to challenge the existing players and offering an alternative.
Mastodon: Social networking, back in your hands
Mastodon was launched in 2016 by a German developer. It’s an open-source, microblogging software, that allows anyone to join and share their thoughts. While the interface shares some similarities with Twitter, unlike Twitter Mastodon doesn’t store data in a central place but across thousands of servers and websites all around the world. Each server (also called “instance”) hosts a distinct type of content and community from different language-focused communities over arts to beer-lovers, you will probably find at least one you identify with. While all these subnetworks have their own set of policies and rules, users can seamlessly interact across different instances since all subnetworks are connected in a big federated network.
Steemit
In the blockchain community, steemit is probably the most well-known social media alternative. Steemit is a blockchain-based platform that allows content creators to publish content and get paid for it in cryptocurrency. The system issues steem and distributes it to active users and content creators depending on their contribution to the network. Similarly to other platforms, Steemit works with up- and downvotes. The more upvotes creators receive on their content, the higher the number of tokens they earn. What’s more, the more they engage, the more they increase their earning potential. Needless to say, all you need to participate in Steemit is a simple wallet address.
All in all, we’ve always known that our social media networks come with a set of limitations and unfortunately, security concerns. However, most of us join them because our friends are there and as of now, alternatives are still small. But they are growing and the more incidents we experience with Facebook, Twitter, and the like, the more people might realize the benefits of platforms taking a different approach. It might not be a sudden change but take time…still, it’s a change worth making.
Ironically, Twitter last year allocated some money for research into a decentralized version of itself — a project called BlueSky. However, I couldn’t really find any progress on that project and its twitter account seems to be rather inactive these days.
Considering how much these networks know about you, your interests, and how you communicate with others, it shouldn’t be too much to ask for that sensitive data to be managed in a way that it can’t be easily accessed. If that is done via blockchain or via a number of decentralized servers, it’s still better than the centralized solutions out there. One thing is for sure, social media networks won’t start decentralizing storage without an incentive. So it’s up to us as users to demand changes, vote for the right people to push regulations for changes, or to simply stop using their platforms.
