SocietalCode: Curated is a weekly feed of news, analyses, resources, etc. concerning societal change and technology.

I read broadly to keep myself up to date on the space, and pass along the best of what I find here. Intentionally presented with little analysis, it’s meant as a curated stream with a pinch of context, rather than my full thoughts.

Feed

Ukrainian army issues instructional video telling Russians how to surrender to a drone

Ukraine’s army issued an instruction video on Monday with a step-by-step guide for Russian soldiers on how to surrender to one of its drones.

One of those moments in life where you suddenly realize you’re living in The Future.

I Fooled Millions Into Thinking Chocolate Helps Weight Loss. Here’s How.

An excellent story that explains, through example, how science mis/disinformation occurs. The team “fooled millions”, yet at no point did they lie to anyone. They simply conducted intentionally bad (but real!) research that confirmed a predetermined desired conclusion and then publicized their research well.

Here’s a dirty little science secret: If you measure a large number of things about a small number of people, you are almost guaranteed to get a “statistically significant” result. Our study included 18 different measurements—weight, cholesterol, sodium, blood protein levels, sleep quality, well-being, etc.—from 15 people. (One subject was dropped.) That study design is a recipe for false positives.

Think of the measurements as lottery tickets. Each one has a small chance of paying off in the form of a “significant” result that we can spin a story around and sell to the media. The more tickets you buy, the more likely you are to win. We didn’t know exactly what would pan out—the headline could have been that chocolate improves sleep or lowers blood pressure—but we knew our chances of getting at least one “statistically significant” result were pretty good.

Killed by Google

This has been around for a while now, but you may not have seen it already.

It’s a list of all 280 (currently) of the products Google has killed off over the years in the style of Ben and Jerry’s Flavor Graveyard. A fun little reminder to assume that any online service is temporary. Only use them if you either have a way to get your data out (and routinely do make personally-owned backups) or if you’re fine with whatever you’ve done on the service eventually disappearing.

Taking over a Dead IoT Company

5 years after NYCTrainSign collapsed, I investigate why the company failed and end up writing an exploit to take over their fleet.

Fun story that explores the internals of a particular “thing” in the Internet-of-Things (IoT).

It’s all too easy to think of, say, a smart lightbulb as a lightbulb with a wifi-connected on/off switch. However, a safer mental model is to assume each IoT device is a basic home appliance (e.g. a lightbulb) plugged into a tiny desktop computer running the equivalent of an insecure, outdated copy of Windows XP. It can do anything your regular computer can do, but you can’t control it nor monitor it, and the manufacturer may or may not have bothered to add security measures to prevent some bad actor from taking it over.

South Korea’s Online Security Dead End

Last September I started investigating a South Korean application with unusually high user numbers. It took me a while to even figure out what it really did, there being close to zero documentation. I eventually realized that the application is riddled with security issues and, despite being advertised as a security application, makes the issue it is supposed to address far, far worse.

That’s how my journey to the South Korea’s very special security application landscape started. Since then I investigated several other applications and realized that the first one wasn’t an outlier. All of them caused severe security and privacy issues. Yet they were also installed on almost every computer in South Korea, being a prerequisite for using online banking or government websites in the country.

If you have comments, suggestions, criticism, or you just simply want to say hello, I would love to hear from you! You can always reach me by replying to this email.

See you next week,

Nate