Theories that Refute Themselves

Many philosophical positions wholly undermine themselves because to possess the truth that they claim for themselves they would have to be false. These are the theories that in one way or another reject the meaningfulness or attainability of objective truth

Understanding the social in a digital age

Datafication, algorithms, social media and their various assemblages enable massive connective processes, enriching personal interaction and amplifying the scope and scale of public networks. At the same time, surveillance capitalists and the social quantification sector are committed to monetizing every aspect of human communication, all of which threaten ideal social qualities, such as togetherness and connection. This Special Issue brings together a range of voices and provocations around ‘the social’, all of which aim to critically interrogate mediated human connection and their contingent socialities. Conventional methods may no longer be adequate, and we must rethink not only the fabric of the social but the very tools we use to make sense of our changing social formations. This Special Issue raises shared concerns with what the social means today, unpicking and rethinking the seams between digitization and social life that characterize today’s digital age

Proximity Tracing in an Ecosystem of Surveillance Capitalism

Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks. We further present a novel attack, which we call a biosurveillance attack, which allows the attacker to monitor the exposure risk of a smartphone user who installs their app or SDK but who does not use any contact tracing system and may falsely believe that they have opted out of the system. Through traffic auditing with an instrumented testbed, we characterize precisely the behaviour of one such SDK that we found in a handful of apps---but installed on more than one hundred million mobile devices. Its behaviour is functionally indistinguishable from a re-identification or biosurveillance attack and capable of executing a false positive attack with minimal effort. We also discuss how easily an attacker could acquire a position conducive to such attacks, by leveraging the lax logic for granting permissions to apps in the Android framework: any app with some geolocation permission could acquire the necessary Bluetooth permission through an upgrade, without any additional user prompt. Finally we discuss motives for conducting such attacks