Category Archives: Metaverse

State of Exception – Part Two: Assume Breach

Posted on by
Reply

In part one of this series, I proposed that Trump’s second term, which, as we’re seeing with the rush of executive orders, has, unlike his first, a coherent agenda (centered on the Heritage Foundation’s Project 2025 plan), would be a time of increased aggression against ostracized individuals and groups, a state of exception in which the pretence of bourgeois democracy melts away.

Because of this, we should change our relationship with the technologies we’re compelled to use; a naive belief in the good will or benign neglect of tech corporations and the state should be abandoned. The correct perspective is to assume breach.

In a April, 2023 published blog post for the network equipment company, F5, systems security expert Ken Arora, described the concept of assume breach: 

Plumbers, electricians, and other professionals who operate in the physical world have long internalized the true essence of “assume breach.” Because they are tasked with creating solutions that must be robust in tangible environments, they implicitly accept and incorporate the simple fact that failures occur within the scope of their work. They also understand that failures are not an indictment of their skills, nor a reason to forgo their services. Rather, it is only the most skilled who, understanding that their creations will eventually fail, incorporate learnings from past failures and are able to anticipate likely future failures.

[…]

For the purposes of this essay, the term, failure, is re-interpreted to mean the intrusion of hostile entities into the systems and devices you use. By adopting a technology praxis based on assumed breach, you can plan for intrusion by acknowledging the possibility that your systems have, or will be penetrated.

Primarily, there are five areas of concern:

  • Phones
  • Social Media
  • Personal computers
  • Workplace platforms, such as Microsoft 365 and Google’s G-Suite
  • Cloud’ platforms, such as Microsoft Azure, Amazon AWS and Google Cloud Platform

It’s reasonable to think that following security best practices for each technology (links in the references section) offers a degree of protection from intrusion. Although this may be true to some extent, when contending with non-state hostiles, such as black hat hackers, state entities have direct access to the ownership of these systems, giving them the ability to circumvent standard security measures via the exercise of political power.

Phones (and tablets)

Phones are surveillance devices. No communications that require security and which, if intercepted, could lead to state harassment or worse should be done via phones. This applies to iPhones, Android phones and even niche devices such as Linux phones. Phones are a threat in two ways:

  1.  Location tracking – phones connect to cellular networks and utilize unique identifiers that enable location and geospatial tracking. This data is used to create maps of activity and associations (a technique the IDF has used in its genocidal wars)
  2.  Data seizure – phones store data that, if seized by hostiles, can be used against you and your organization. Social media account data, notes, contacts and other information

Phone use must be avoided for secure communications. If you must use a phone for your activist work, consider adopting a secure Linux-based phone such as GrapheneOS which may be more resistant to cracking if seized but not to communication interception. As an alternative, consider using old school methods, such as paper messages conveyed via trusted courier within your group. This sounds extreme and may turn out to be unnecessary depending on how conditions mutate. It is best however, to be prepared should it become necessary.

Social Media

Social media platforms such as Twitter/X, Bluesky, Mastodon, Facebook/Meta and even less public systems such as Discord, which enables the creation of privately managed servers, should not be used for secure communication. Not only because of posts, but because direct messages are vulnerable to surveillance and can be used to obtain pattern and association data. A comparatively secure (though not foolproof) alternative is the use of the Signal messaging platform.  (Scratch that: Yasha Levine provides a full explantation of Signal as a government op here).

Personal Computers

Like phones, personal computers -laptops and Desktops – should not be considered secure. There are several sub-categories of vulnerability:

  • Vulnerabilities caused by security flaws in the operating system (for example, issues with Microsoft Windows or Apple MacOS)
  • Vulnerabilities designed into the operating systems by the companies developing, deploying and selling them for profit objectives (Windows CoPilot, is a known threat vector, for example)
  • Vulnerabilities exploited by state actors such as intelligence and law enforcement agencies (deliberate backdoors)
  • Data exposure if a computer is seized

Operating systems are the main threat vector – that is, opening to your data – when using a computer. In part one of this series, I suggested abandoning the use of Microsoft Windows, Google Chrome OS and Apple’s Mac OS for computer usage that requires security and using secure Debian Linux instead. This is covered in detail in part one.

Workplace Platforms such as Google G-Suite and Microsoft 365 and other ‘cloud’ platforms such Microsoft Azure and Amazon Web Services

Although convenient, and, in the case of Software as a Service offerings such as Google G-Suite and Microsoft 365, less technically demanding to manage than on-premises hosting, ‘cloud’ platforms should not be considered trustworthy for secure data storage or communications.

This is true, even when platform-specific security best practices are followed because such measures will be circumvented by the corporations that own these platforms when it suits their purposes – such as cooperating with state mandates to release customer data.

The challenge for organizations who’re concerned about state sanctioned breach is finding the equipment, technical talent, will and organizational skill (project management) to move away from these ‘cloud’ systems to on-premises platforms. This is not trivial and has so many complexities that it deserves a separate essay, which will be part three of this series.

The primary challenges are:

  • Inventorying the applications you use
  • Assessing where the organisation’s data is stored and the types of data
  • Assessing the types of communications and the levels of vulnerability (for example, how is email used? What about collaboration services such as SharePoint?)
  • Crafting an achievable strategy for moving applications, services and data off the vulnerable cloud service
  • Encrypting and deleting data

In part three of this series, I will describe moving your organisation’s data and applications off of cloud platforms: what are the challenges? What are the methods? What skills are required? I’ll talk about this and more.

References

Assume Breach

Project 2025

Security Best Practices – Google Workspace

Microsoft 365 Security Best Practices

Questions and Answers: Israeli Military’s Use of Digital Tools in Gaza

UK police raid home, seize devices of EI’s Asa Winstanley

Cellphone surveillance

GrapheneOS

Meta-provided Facebook chats led a woman to plead guilty to abortion-related charges

The Metaverse: A Brief Inquiry

Posted on by

Facebook’s plan to become a ‘Metaverse company‘ (and indeed, completely rebrand the company around this concept) has attracted a lot of comment in tech media and social media spaces.

This is unsurprising; both because the idea seems futuristic (being based on a science fiction confection introduced in Neal Stephenson’s dystopian 1992 novel ‘Snow Crash‘) and also, because the tech media space reports anything announced by a so-called FAANG company as if it’s marvelous and inevitable.

Let’s apply a bit of real-ness to this and use a materialist analysis to interrogate the idea of the ‘Metaverse’ (this is similar in theme to my inquiry into Boston Dynamics).

Light Detective Work and Logical Inference

Tech companies create an air of secrecy around projects such as FB’s Metaverse effort for competitive reasons but also, I’d argue, to obscure what is often merely the assembly of already existing elements into platforms. Mariana Mazzucato analyzes this tendency using the iPhone in her book, ‘The Entrepreneurial State‘.

Here’s how the iPhone’s elements are dissected in Mazzucato’s book:

A similar method can be applied to an analysis of FB’s Metaverse.

The Oculus platform and Facebook’s Ray Ban stories glasses provide sufficient information for some light detective work. No matter how secretive a company tries to be, its job postings, properly interpreted and supported by experience, provide a rich source of evidence for what an organization is doing.

Working on the assumption that the Metaverse will primarily consist of repurposed elements (and the fact everything depends on, and leads to data centers), I examined Oculus job postings and dissected their contents.

The main technical themes were:

  • Optics
  • Haptics
  • Tracking
  • Display
  • Computer vision
  • User experience
  • Audio
  • Perceptual psychology
  • Research Science
  • Mechanical Engineering
  • Electrical Engineering
  • Software Engineering
  • Networking
  • Server operations

Of course, it’s impossible to know the precise details of FB’s system topology without a reference architecture but experience leads me to think we can achieve a solid approximation (and data center dependency is an absolute certainty no matter what else may be going on).

What can we infer from this?

How Sustainable and Realizable Is the Metaverse Concept?

Although the tech press treats every industry pronouncement as an irrefutable prediction there’s precedent of lots of smoke but little to no fire (recall Amazon’s supposedly brilliant drone delivery service). According to some estimates, Facebook has over 2 billion active users. An effort to move all, or even a statistically significant portion of this user base to a platform that generates a virtual reality environment for, and ingests audio/visual data from, hundreds of millions of people means a massive investment in physical infrastructure – computers, network infrastructure, cooling systems and real estate to host this and other relevant equipment (to get a sense of the industrial and extractive elements of what’s called ‘the cloud’ I suggest Nathan Ensmenger’s essay ‘The Cloud is a Factory’).

It also means an increase in demands for data transfer over Internet. It’s easy to project system crashes, bad connections and other problems caused by scalability challenges. It’s fair to ask if, despite the hype, any of this is actually possible as described and if so, how reliable will it be?

Conclusion

There’s abundant evidence Facebook (or whatever it’ll call itself in a week) is a problem. The company’s role in a variety of destructive activities is well documented. For that reason alone, the ‘Metaverse’ push is immediately suspect. I think we can also conclude however, that it might not be achievable as advertised and may turn out to be, like so much else that emerges from Silicon Valley, an elaborate grift, dressed up as a bold vision of the future.

We should recall that in the novel that gave the project its name, the ‘Metaverse’ is the last refuge for people living in a collapsed world. In this case, we might get the collapse without even the warped comforts a virtual world is supposed to offer.

UPDATE (29 Oct)

On 28 October, Facebook announced it was rebranding as ‘Meta’ to reflect its focus on being a ‘metaverse’ company.

The keynote video presented a vision (such as it is) for what the ‘metaverse’ is supposed to be…eventually. Zuckerberg walks within a fully virtual environment, uses a virtual pop-up menu and zooms (virtually) into an environment creatively named “Space Room”.

Rebranding the company formerly known as Facebook as Meta is, in part, surely intended to breathe new life into a moribund platform and distract attention away from the many negative associations Facebook has earned. Even so, we can predict that within the company, there will be efforts to make as much of this notion real as possible – despite the fact promoted elements (such as an environment you can walk through as if it’s real) are thoroughly impossible and likely to remain so for quite some time – indeed, some would require a multitude of breakthroughs in foundational sciences such as physics.

This means that the situation for Meta workers will become more difficult as they’re pushed to do things that simply cannot be achieved.

UPDATE (16 DEC)

On 14 December, Intel’s Senior vice president, General manager of the Accelerated Computing Systems and Graphics Group, Raja Koduri, published this paper which supports my assertion that the ‘Metaverse’ (it pains me to use that term, which describes nothing and is made of hype) will require orders of magnitude more computing capacity than currently available.

Here’s a key quote:

Consider what is required to put two individuals in a social setting in an entirely virtual environment: convincing and detailed avatars with realistic clothing, hair and skin tones – all rendered in real time and based on sensor data capturing real world 3D objects, gestures, audio and much more; data transfer at super high bandwidths and extremely low latencies; and a persistent model of the environment, which may contain both real and simulated elements. Now, imagine solving this problem at scale – for hundreds of millions of users simultaneously – and you will quickly realize that our computing, storage and networking infrastructure today is simply not enough to enable this vision.

We need several orders of magnitude more powerful computing capability, accessible at much lower latencies across a multitude of device form factors. To enable these capabilities at scale, the entire plumbing of the internet will need major upgrades. Intel’s building blocks for metaverses can be summarized into three layers and we have been hard at work in several critical areas.

Intel: https://download.intel.com/newsroom/archive/2025/en-us-2021-12-14-powering-the-metaverse.pdf

Of course, this can be interpreted as self-serving for Intel which stands to benefit (to say the least) from a massive investment in new computing gear. That doesn’t negate the insight, which is based on hard material reality.