5.9 C
London
Friday, December 2, 2022

Programmers sabotage their own code with ‘protestware’. This is what you need to know

Must read

BYJUs, Zomato, Dream11 are among India’s most valuable PE/VC-funded companies according to Hurun

The second edition of the Burgundy Private Hurun India 500 report featured India's 500 most valuable companies with combined revenues of $820 billion. ...

Who is ABC News Anchor’s wife? There are rumors that he is gay

ABC's face David Muir is known for his bravery and for covering the most delicate and deadly news. Not only this, David also...

Georgina Bloomberg-The details about Mike Bloomberg’s daughter

Georgina Bloomberg is one of the many big names in the equestrian industry. At just 39 years old, Bloomberg already owns New York...

Adani may be the richest Indian, but Ambani’s RIL retains the top spot on Hurun’s list of most valuable companies

Mukesh Ambanis dependent industries topped the charts in the key metrics that matter most: value, revenue and profit, according to the 2022 Burgundy...
Shreya Christinahttps://londonbusinessblog.com
Shreya has been with londonbusinessblog.com for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider londonbusinessblog.com team, Shreya seeks to understand an audience before creating memorable, persuasive copy.

In March 2022, the author of: node-ipca software library with over a million weekly downloadson purpose broke their code.

If the code detects that it’s running in Russia or Belarus, it tries to replace the contents of every file on the user’s computer with a heart emoji.

A software library is a collection of code that other programmers can use for their purposes. The library node ipc is used by: Vue.jsa framework that powers millions of websites for companies such as Google, Facebook and Netflix.

This one critical security vulnerability is just an example of a growing trend of programmers sabotaging their own code for political ends. When programmers protest through their code – a phenomenon known as “protestware” – it can affect the people and companies who rely on the code they create.

Different forms of protest

My colleague Raula Gaikovina Kula and I have identified three main types of protestware.

Malicious protestware is software that intentionally damages or takes over a user’s device without their knowledge or consent.

Benign protestware is software created to raise awareness about a social or political issue, but does not harm or take over a user’s device.

Developer Sanctions are cases of programmer accounts suspended By the internet hosting service that provides them with a space to store their code and collaborate with others.

Modern software systems are prone to vulnerabilities because they rely on third-party libraries. These libraries are made of code that performs certain functions, created by someone else. Using this code, programmers can add existing functions in their own software without “reinvent the wheel”.

Using Third Party Libraries is common among programmers – it speeds up the development process and reduces costs. For example, libraries listed in the popular NPM registercontaining more than 1 million libraries, rely on average five to six other libraries of the same ecosystem. It’s like an automaker using parts from other manufacturers to finish their vehicles.

These libraries are usually maintained by one or a handful of volunteers and made available to other programmers for free under an open-source software license.

The success of an external library is based on its reputation among programmers. A library builds its reputation over time as programmers gain confidence in its capabilities and the responsiveness of its administrators to reported defects and feature requests.

If vulnerabilities in the third-party library are exploited, it could give attackers access to a software system. For example, a critical security vulnerability was recently discovered in the popular Log4j library. This flaw could allow an attacker to remotely access sensitive information captured by applications using Log4j, such as passwords or other sensitive data.

What if vulnerabilities are not created by an attacker looking for passwords, but by the programmer himself with the intention of making users of their library aware of a political opinion? The rise of protestware raises such questions and reactions have been mixed.

Ethical questions galore

A blog post on the Open Source Initiative site responds to the rise of protestware stating that “protest is an important element of free speech that must be protected”, but concludes with a warning:

“The downsides of wrecking open source projects far outweigh any potential benefit, and the backlash will ultimately hurt the projects and contributors responsible.”

What is the main ethical question behind protestware? Is it ethical to do something worse to make a point? The answer to this question largely depends on the individual’s personal ethical beliefs.

Some people may see the impact of the software on the users and argue that protestware is unethical if it is designed to make life harder for them. Others may argue that if the software is designed to make a point or raise awareness about a problem, it can be considered more ethically acceptable.

From a utilitarian perspective, you could argue that if some form of protestware is effective in bringing about a greater good (such as political change), it may be morally justifiable.

From a technical point of view, we are developing ways to automatically detect and counter protestware. Protestware would be a unusual or surprising event in the change history of a third-party library. Restriction is possible through redundancies, for example code that is similar or identical to other code in the same or different libraries.

The rise of protestware is a symptom of a larger social problem. When people feel they are not being heard, they can resort to various measures to get their message across. In the case of programmers, they have the unique ability to protest through their code.

While protestware is a new phenomenon, it will likely remain. We need to be aware of the ethical implications of this trend and take steps to ensure that software development remains a stable and secure area.

We rely on software to run our businesses and our lives. But every time we use software, we put our trust in the people who wrote it. The rise of protestware threatens to destabilize this confidence if we don’t act.

This article was republished from The conversation under a Creative Commons license. Read the original article.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

BYJUs, Zomato, Dream11 are among India’s most valuable PE/VC-funded companies according to Hurun

The second edition of the Burgundy Private Hurun India 500 report featured India's 500 most valuable companies with combined revenues of $820 billion. ...

Who is ABC News Anchor’s wife? There are rumors that he is gay

ABC's face David Muir is known for his bravery and for covering the most delicate and deadly news. Not only this, David also...

Georgina Bloomberg-The details about Mike Bloomberg’s daughter

Georgina Bloomberg is one of the many big names in the equestrian industry. At just 39 years old, Bloomberg already owns New York...

Adani may be the richest Indian, but Ambani’s RIL retains the top spot on Hurun’s list of most valuable companies

Mukesh Ambanis dependent industries topped the charts in the key metrics that matter most: value, revenue and profit, according to the 2022 Burgundy...

You’ve been banned from Twitter for posting a swastika

After making anti-Semitic remarks and praising Hitler on Thursday, the rapper Ye has been suspended from Twitter. Formerly known as Kanye West, Ye's account...

Contents