Trigger warning for mentions of suicide and self-harm
Indie game developer Angela He’s missed messages sets you up to fail, and that’s a good thing.
Developed for the Ludum Dare game jam, this gorgeous, atmospheric visual novel plays on user expectations to answer the theme “your life is currency.” From the game title to the initial setting, you’re led to believe that this will be another meditation on the surreality of digital relationships. Dropped in front of a laptop in the middle of your character’s college dorm room, the most crucial choice seems to be school work vs AirDrop flirtations with “goth gf’s iPhone.”
From a quick scan of reviews and comments online, everybody falls for it. On the first playthrough, nobody ever catches on, and the game doesn’t end the way it conditions us to expect.
The real question here, it turns out, is what we choose to pay attention to. Too late, most of us realise that the main character’s roommate, May, is suicidal — and the real challenge was spotting the subtle hints that might have helped her stay alive.
Like D.M. Moore writes in The Verge’s review, though, I don’t think the game means to penalise you for missing things the first time around. I’d even go so far as to say the game wants you to fail first, and that it wouldn’t have as big an impact if you didn’t.
See, the beauty of missed messages is that it gives you a safe space to experience this failure and learn from it. Various reviewers have discussed how He’s game feels less like a game than a journey, and that strikes me as a great way to highlight one of the reasons I love indie games like this. Indie games don’t face the same pressures to impress or earn as, say, mammoth franchises or flagship titles. This means games like missed messages have more room to focus on quiet moments, explore complicated themes, and take offbeat approaches.
In this case, I think highlighting the difficulty — and the importance — of “paying attention to the ‘bigger picture’” is just one part of it. Most reviews of the game have already pointed out how difficult it can be to spot subtle cries for help. What stood out to me more, though, was how hard it was to do enough — to even know if you’d done enough — even after you’d seen the signs.
What I mean by this is, I knew May wasn’t in a safe headspace on my first playthrough. She thanked me for being her friend, for crying out loud. I asked her if she was okay; I offered to talk to her about it; she admitted things were kind of rough but said she would be fine. All throughout, I knew something was wrong and thought I was picking the best of the dialogue options offered.
But in the end, I still went off to meet AirDrop person. Perhaps worse than most players, I went off thinking I’d done enough — or at least that I’d spotted the crisis, and had done enough to give me time to come back and help more later, if needed. Only, like most players, I didn’t get a “later.” My first run of the game still ended with a couple of missed messages and a note taped to May’s door telling me to call the police.
Considering the gravity of its chosen subject, missed messages deserves a special shout-out for never being preachy or melodramatic. The script feels natural, even intimate — which is great, since this game runs mostly on dialogue and internal narration. I’ve been May and the main character both, at various points in my life, and it’s a testament to the writing that most lines felt so specific and familiar.
The game blurb asks players, “How will you spend your time?” For the experience of playing through a well-crafted story, as well as the artful exploration of how we choose to care for others, missed messages strikes me as a good answer.
The relentless hustle of startup culture, or the crunch of game development, or whatever synonym other tech-adjacent industries like to use for the endless grind of work, all rest on the metaphor of the worker as a single-minded machine.
When I stumbled on this article, then, I had to laugh:
An interesting detail from the study is that this finding only applies to “biologically realistic neuromorphic processors.” That is, most other artificial systems don’t run into this problem. Rest — or some analogue of it — becomes necessary only when systems try to mimic human brain function.
What is it about the way we think? Setting aside considerations of biology and chemistry, why does human thought require sleep?
Rest is strange in the grip of a pandemic.
Most of us are presumably confined to our homes, and on paper that sounds like an occasion to relax. It isn’t, of course: fear and anxiety are constant; some people have to grapple with childcare duties, uncomfortable home or family situations, loss of income, the need to risk their health to survive, the dissolution of boundaries that tends to occur with extended remote work arrangements.
No wonder so many people are having weird dreams or keeping odd hours.
“Has your sleep been messed up too?” a friend asked me recently, when we met up to check on each other’s sanity.
We’re both uncomfortable with rest, it turns out. The circuit breaker (CB) was a time for paranoia and unease, not just over the virus but over what actions might be penalised in the country’s attempt to contain the spread.
Early on, she’d helped friends move out of their flat and belatedly wondered if that counted as a social visit to another household, leading to a whole month of fretting. She had been sleeping at 4 AM. These days — a week or so into Phase 2 of the post-Circuit Breaker period; months (for her) and weeks (for me) into excruciating job situations — she’s been trying to sleep before midnight.
“I slept at 8 AM,” I offered. That was one time, and anxiety is ultimately easier to endure while unconscious, but in any case, it made her feel better.
I saved this screenshot from Tumblr some time ago:
I’ve been reading a lot about the nature of information lately, and one statement in particular1Hastily jotted down in a notebook, without citation, sigh has stayed with me:
“Data is time-sensitive.”
The validity of whatever information we possess erodes over time. Hard drives can fail; phone numbers can fall out of use. Likewise, access can decay: websites shut down; programs get deprecated; file types or formats cease to be supported. Someone given a floppy disk of people’s contact details, for example, would have trouble using that information, even if nobody in that directory ever changed phone numbers.
Every now and then I wonder about how this affects — well, a lot of things, really. Our relationship with tech, for one thing; our ability to remember or learn from prior knowledge, for another.2Anil Dash rightly points out that the dearth of proper documentation and the speed of information erosion lead quite naturally to an ahistorical view of the tech world that can be quite crippling. On a smaller, pettier level, I think about the bits and pieces of personal history scattered across old OneNote and Evernote files, abandoned email accounts, profiles on social media networks that no longer exist.
Even setting aside the proliferation of streaming services and DRM3digital rights management measures, I wonder: Do we ever actually own anything digital?
Of course, digital objects don’t have a monopoly on impermanence. In an article for the BBC, Lawrence Norfolk wrote, “It is transitional. Work passes through it on the way to becoming something else.” He wasn’t talking about streaming services, but notebooks: paper, ink, writing accumulated over time. There’s a similar erosion of relevance and validity, online or offline. As for access, well: the notebook Norfolk was describing was lost on a train.
But digital objects are more vulnerable to access decay than physical items, I think. Notebooks can be destroyed or misplaced, i.e., unfortunate events can render these inaccessible to us. But a Flash video, a link out to a different website, an Adobe Photoshop project file can be lost to us even if we never do anything, even if the file simply sits on our desktop or the link stays forever on our blog — simply because the digital world would have moved on, often sooner than we’d expected.
There’s a popular tendency to view technology as an “objective” field, “purer” and somehow more essential for it.
For example, we often hear about the apparent infallibility and efficiency of the digital, especially compared to analog tools and processes. Computers and mobile devices have become common fixtures for some of us, and with that comes the shift from physical labour to knowledge work — “pure thought, pure mind, pure intellect,” as Audrey Watters describes it. Developments like artificial intelligence or data analytics allow more of us to crow about “smarter” devices and “data-driven” decisions.
The implication, usually, is that disembodying work minimises uncontrollable “human error,” and boiling phenomena down to “indisputable” numbers constitutes freedom from fault. Most people who talk about these shifts like to frame them, without question, as progress.
In her talk linked above, Watters quotes Asimov:
“In fact, it is possible to argue,” he adds, “that not only is technological change progressive, but that any change that is progressive involves technology even when it doesn’t seem to.”
But as Watters points out, technology always involves human factors — human labour, human judgments — no matter how much our visions of digital utopia like to pretend otherwise. Technology doesn’t spring forth from nothing. Insisting that it does often erases the inequities at play in technology’s production and usage, the structural wrongs technology doesn’t save us from (and often, in fact, perpetuates).
Anil Dash makes a similar point when he asserts that tech isn’t neutral. I’d like to stretch that further and push back against Asimov a little by noting that tech isn’t inherently good. Novelty and innovation don’t automatically translate to welcome change. Tech carries the values, biases, and failings of its creators — and it can easily 10X these at scale, to borrow from the language of Silicon Valley startup bros. Just look at how Facebook is handling misinformation and data mining on its platform.
Tech (and more specifically, its creators) sidesteps a lot of criticism and responsibility when we let it disavow human elements and pretend to be detached, “objective,” incorruptible. I think a lot about Christopher Schaberg’s discussion of the term “30,000-foot view”, a favourite of startup productivity gurus like Tim Ferriss:
The expression enfolds a double maneuver: It shares a seemingly data-rich, totalizing perspective in an apparent spirit of transparency only to justify the restriction of power, the protection of a reified point of authority. It works this way: “Here’s how things look from 30,000 feet. Can you see? Good, now I am going to make a unilateral decision based on it. There is no room for negotiation, because I have shown you how things look, so you must understand.”
This particular use of data — or of the idea of data — has always bothered me. To a certain extent, yes, data doesn’t lie, and a “data-driven” approach does help weed out some of the personal biases and preconceived notions that would otherwise colour, say, research work. Evidence matters.
But quantitative data often isn’t “pure” in the sense that many people like to believe, nor is it automatically more “reliable” or “trustworthy” than other forms of evidence. Judgments also have to be made about what data to collect and how; what analyses to perform; how to interpret and present any results. Skull measurements were data, for example, and for a long while, many anthropologists used that to prop up racist, imperialist narratives of social evolutionism.
In any case, I’ve been thinking a lot about tech lately — the functions it fulfills, the spaces it occupies in our lives.
Some background: On 12th June, Twitter released new datasets that compiled anonymised data from accounts that seem to be linked to information operations run by the Chinese (PRC), Russian, and Turkish states. These accounts have since been shut down, but Twitter has retained data about the profiles and their tweets. This is part of Twitter’s ongoing compilation of data about “potentially state-backed information operations” on their platform.
Sinha’s analyses looked at behavioural trends in the Chinese account dataset, including the timing of tweets:
1. Tweet timings: The tweets from the CCP accounts almost exclusively tweet during "work hours" by Beijing Time.
89% of the tweets were between 7 AM and 5 PM.
For the control group of 58k tweets from 32 accounts in HK & TW, that number was 37%! pic.twitter.com/hbNEAu8j1m
This piqued my interest, of course. As you can probably tell from this blogchain, I’ve been thinking about social media and its influence on information dissemination and consumption. Sinha ends his thread by pointing out how these behavioural patterns and attributes could be used to create some accessible way to identify / flag fake accounts like these. That’s catnip for nerds in a world of digital disinformation, really.1Even if we factor out the very relevant fact that social media is destroying public discourse in my home country.
So I went and downloaded a copy of Twitter’s datasets to try poking through the data myself. The better to practice some R programming, too.
Simple Tweet Data Analysis with R
First things first, Twitter’s datasets are about as tidy as you can hope for. The Chinese set contained two main datasets:
account information, which compiled metadata about each profile (so attributes like user’s reported location, number of followers, etc.)
tweet information, which compiled individual tweet contents as well as metadata (time the tweet was published; reply, retweet, and quote counts; etc.)
There were 23,750 accounts in all, and a total of 348,608 individual tweets.
If you download the datasets, Twitter also provides a handy Read Me file that enumerates all the variables available for each dataset. For these quick probes of the data, I mostly did some simple transformations to isolate the variables I wanted to look at.
Examining Tweet Timings
First, I tried to recreate Sinha’s graph of tweet timings. I think the trickiest step here might be remembering to convert time zones, since Twitter provides timings in UTC by default.
## create column for tweet time by hour and store copy in new object
by_hour <- tweets_all %>%
mutate(chn_hour = with_tz(tweet_time, tzone = "Asia/Shanghai"),
hour_level = hour(chn_hour))
## check new object
glimpse(by_hour)
## check count of instances by hour
by_hour_sum <- by_hour %>%
group_by(hour_level) %>%
summarise(count = n())
From there, it’s a simple matter of visualising the data using ggplot2, with “chn_hour” (basically, the hour in China’s standardised local time) as the focal variable:
## line graph version
by_hour_graph_line <- by_hour_sum %>%
ggplot() +
geom_line(aes(x = hour_level, y = count)) +
scale_x_continuous(name = "Hour of Day",
limits = c(0,24),
breaks = 0:24) +
scale_y_continuous(name = "Tweets",
breaks = seq(0,60000,5000)) +
labs(title="PRC Fake Twitter Accounts - Tweets By Hour",
subtitle="Tweeting trends correspond with working hours in China",
caption="Source: Dataset from Twitter.com") +
ggthemes::theme_economist()
This gives us the following graph:
I tried to create a bar graph version too, in the sense that it might be a better representation of discrete hours (as opposed to the line graph, which links each hour together into a continuous phenomenon).
## bar graph version
by_hour_graph_bar <- by_hour %>%
ggplot() +
geom_bar(aes(x = hour_level)) +
scale_x_continuous(name = "Hour of Day",
limits = c(0,24),
breaks = 0:24) +
scale_y_continuous(name = "Tweets",
breaks = seq(0,60000,5000)) +
labs(title="PRC Fake Twitter Accounts - Tweets By Hour",
subtitle="Tweeting trends correspond with working hours in China",
caption="Source: Dataset from Twitter.com") +
ggthemes::theme_economist()
Which gives us this graph:
The findings track with Sinha’s own graph, which he shared in his Twitter thread. Obviously, this would be the outcome since we were working with the dataset — but it’s always good to have that quick assurance that your own code was structured correctly and yielded the same results.
Examining Twitter Profile Age
Sinha didn’t tweet about this, but I figured I might as well check. In the Philippines, just from what I’ve seen from regular social media browsing, troll accounts tend to be fairly new. I wondered if that might be the case for these PRC accounts as well — if, perhaps, that indicated that most accounts used for specific information ops goals are only created shortly before the campaign starts.
First, then, I had to figure out how long each account was active — that is, each account’s “age.”
Twitter’s dataset doesn’t include activity ranges, but it does provide the account creation date for each profile. The Twitter profiles included in the dataset were taken down in May 2020, so I used that as my end date. Then, it was time to calculate ages for each account.
# Grouping accounts by age ####
mark_date <- as.Date("2020-05-01")
by_age <- accounts_all %>%
mutate(current = mark_date)
## set interval between twitter reporting date and account creation date
by_age <- by_age %>%
mutate(int = interval(by_age$account_creation_date, by_age$current))
## find length of interval and assign ranges
by_age <- by_age %>%
mutate(duration = round(time_length(by_age$int, unit = "month"))) %>%
mutate(range = cut(duration,
c(0,3,6,9,12,Inf),
c("0-3 months", "4-6 months", "7-9 months", "10-12 months", "13+ months")))
I figured there would be considerable variation when it came to the number of months each profile was active. To avoid getting a fairly messy graph2Just imagine 30+ ticks all over your X-axis, I decided to simplify things further and group accounts according to specified age ranges:
0-3 months
4-6 months
7-9 months
10-12 months
13+ months
Then, it was a matter of graphing the results using ggplot2:
## check count per month age
by_age_sum <- by_age %>%
group_by(duration) %>%
summarise(accounts = n())
glimpse(by_age_sum)
## graph count per range level
by_age_graph <- by_age %>%
ggplot(aes(x = range)) +
geom_bar(aes(fill = range), show.legend = F) +
scale_y_continuous(name = "Number of Accounts",
breaks = seq(1000,13000,1000)) +
scale_x_discrete(name = "Age") +
labs(title="PRC Fake Twitter Accounts by Age",
subtitle="Most fake accounts tend to be less than 7 months old",
caption="Source: Dataset from Twitter.com") +
ggthemes::theme_economist()
This gives us the following graph:
The vast majority of these troll accounts appear to have been less than a year old. There are a lot of factors that could affect account age, though: maybe Twitter tends to identify and take down troll accounts before most of them can breach the 6-month mark; maybe accounts get abandoned or deleted after a certain campaign; and so on.
This graph is mostly descriptive; sussing out some kind of explanation for this behaviour will take much more research and analysis. Still, it’s an interesting point to bring to light about these kinds of accounts.
More Information
I tried visualising these accounts as a network, but apparently that was too much work for my lone laptop. R couldn’t even produce a visualisation. 😅
Other, better analysts have, of course, studied this data and come up with much more sophisticated analyses. Twitter has been working with the Stanford Cyber Policy Center’s Internet Observatory, which has published its findings online. They’ve got a fantastic model of the network as divided among the topics of their tweets, as well as some interesting takeaways about the specific narratives that these accounts tried to amplify.
There’s a lot more data to be studied, but if nothing else, this quick look at a couple of Twitter’s datasets highlights the scale and sophistication of the information operations being carried out online. Social media can be a scary place, more so when you consider how its massive reach and influence is essentially unchecked. Like Sinha pointed out in his thread, though, studying these information operations could give us a fighting chance against disinformation online.
There’s a lot happening in the world right now, offline and online. Unfortunately, the web isn’t free of malicious people/groups1Which can include state forces, depending on where you live seeking to monitor, suppress, or harm people who speak out against injustice, inequality, and oppression.
Lately I’ve been fielding questions from friends who want to take extra precautions to protect themselves and their loved ones online. In case it might be helpful to others, I’ve compiled recommendations and resources here.
Not everybody is familiar or comfortable with tech, so I’ve tried to stick to safe, secure solutions that are easy to use. More notes at the end of the post.
VPNs
A virtual private network (VPN) protects you by obscuring the details of your web activity/traffic. Try to use VPNs as much as you can. Look for ones that don’t keep logs of your network activity / usage of the VPN service itself.
Good free options:
ProtonVPN: No data limits; mobile apps available; run by the same people behind ProtonMail (free encrypted email service)
TunnelBear: 500 MB limit per month, but that should be fine if you’re mostly using these when accessing sensitive stuff like email & socmed; mobile apps available
The Electronic Frontier Foundation has a one-page guide to help you learn more about how VPNs work and what features you should look at.
Browsers
Some browsers are more secure than others.
Firefox and Tor are open-source projects2Meaning their code is freely available, so people can check if there are any malicious scripts or critical flaws in the software run by nonprofits dedicated to online privacy and security. In practice, this means these browsers are significantly less likely to collect excessive personal information and/or attempt to sell that to third parties.
Tor: For most people, Firefox should be fine. The Tor browser is a bit more complex, and it can be finicky to use. CNET created a beginner’s guide to Tor if you want to give it a try.
General reminders:
Please clear your cache + cookies + browser history regularly. You can usually find these in your browser’s Settings pane.
Don’t let your browser save passwords for the websites you visit. Use a secure password manager instead.
Browser Extensions
You can install some extensions to enhance your browser’s security. Here are some extensions frequently recommended by cybersecurity professionals/groups:
Privacy Badger: Blocks third-party trackers (e.g., advertisers) from collecting info on the websites you browse/visit
Disconnect.me: Blocks most trackers, cookies, beacons used on the websites you browse
HTTPS Everywhere: Forces your browser to automatically use HTTPS-encrypted versions of websites whenever available
If you want to install other browser extensions, remember to vet them thoroughly. Anyone can publish an extension, so you’re bound to run into ones that aren’t secure, or worse, are shady by design.
Yes, this means you probably can’t memorize secure passwords for all of your accounts. No, this doesn’t mean you should use the same one for multiple websites. (Don’t, don’t,don’t use the same password for multiple accounts. Please.)
Instead, you should use a password manager. The best ones help you generate random, hard-to-crack passwords for different accounts; store your credentials in encrypted “vaults”; and manage your passwords across multiple devices.
Best free options:
BitWarden: Open-source, no usage limits. Windows, Mac, Linux, iOS, Android, and browser extensions available.
KeePass: Open-source, no usage limits, but not as polished or user-friendly as BitWarden. Windows, Mac, Linux, and browser extensions available. No official mobile apps but there are some recommended by the KeePass project team themselves.
LastPass: Popular free option, paid upgrades available. Windows, iOS, Android, and browser extensions available.
Two-Factor Authentication (2FA)
Two-factor authentication adds another layer of security to your online accounts. A website or app with 2FA will verify your identity using another piece of info (other than your password) before granting access to your account.
Most 2FA options will need you to use authenticator apps. These sync with your chosen website/app/service to generate unique codes whenever you need to login.
Here are a couple of free authenticator apps to consider:
Google Authenticator: simple, straightforward app; supports scanning QR codes so you can automatically add a service
Authy: more features, including support for running the Authy app on multiple devices
Email + Messaging
Reading other people’s correspondence is creepy, but unfortunately, there are a lot of creeps3Which can include state forces, depending on where you live out there. Here are some services that can help protect you from them:
ProtonMail: Free email client that offers end-to-end encryption by default
Mailvelope: Open-source browser extension that applies end-to-end encryption to web-based email accounts (e.g., Gmail, Yahoo, etc.)
Signal: Most secure messaging option by far. Open-source, end-to-end encryption, now also includes image blurring. Windows, Mac, mobile apps available
General reminders:
Please don’t leave yourself signed into your email account4or any other online account, really by default.
Avoid using your email or social media accounts to automatically register for / log in to other websites.
Remember that messaging is a two-way activity: Your messages also reside in the recipient’s inbox/accounts, so if those get compromised, your information is at risk, too. Encourage friends and family to be more cautious in their online communications.
Image Scrubbing
When posting photos (and videos!) online, check if you’ve captured people’s faces or other identifiable marks. This kind of information is being used to track down people these days. The same holds true for metadata, i.e., information about your camera / device that is automatically embedded in your image file.
Here are some tools + tips to help you blur out identifiable features in photos:
Edit your photo BEFORE uploading it. Don’t just rely on, say, Twitter’s or Instagram’s built-in tools to scribble over people’s faces. Why? The original photo is still saved somewhere on their server, and the scribbles are just overlaid. Don’t risk it; edit before you upload.
Use the Clone Stamp tool rather than the Blur tool (some people claim that the latter is easy to reverse).
Here are some free tools + a tip to remove metadata from photos before you upload them:
Instead of posting the original image file, take a screenshot of it and upload that instead.
Other Tools/Tips
As much as possible, avoid giving identifiable personal information (birthday, phone number, address, etc) to any online platform. Avoid linking different accounts to each other, too.
Have you been tagging your location on your social media posts? Stop that.
If you’re signing petitions that display your signature/particulars to the public, use throwaway/burner emails. There are services like Guerilla Mail for this.
Avoid using your personal email address in online forms, miscellaneous registrations, etc. Instead, create an account JUST for use on public forms/websites etc., and make sure it’s not linked to any of your personal accounts.
If you ever need multiple email addresses (e.g., for various petitions hosted on the same website, or something like that), remember that Gmail lets you create “aliases” for your email. Add a period anywhere in your username and/or use “@googlemail.com” instead of “@gmail.com” — most forms will read these as new / different addresses, but any mail will still end up in your inbox.
Speaking of email: have you emailed Congress to remind them to be public servants and work for Filipinos’ best interests? You should. Here’s an app to help you email members of Congress about the Terror Bill.
Double-check links before you click them. Avoid downloading things unless you know where they’re from.
Keep your apps and software updated. A lot of breaches happen through old / outdated programs that get exploited.
Feminist cyber activism organization HACK*BLOSSOM has a comprehensive DIY guide, including tips for mobile security.
Not exactly for digital activities, but if you’re at a protest and trouble’s brewing, here’s Teen Vogue’s guide to safely filming police misconduct.
Right now, there’s a lot of information flying around online. Here are some Carrd links that could help you learn more about some of the critical issues / events going on:
This isn’t an exhaustive guide, nor does this post claim to be the last word on cybersecurity. Digital security has far too many dimensions to be tackled in a single post — and anyway, I’m not a cybersecurity professional. I’ve done as much research as I can to vet recommended programs / tools / tips here, but in the end, I’m just another nerd trying to make tech accessible and useful.
After all, technology is not, and never has been, neutral.5I have lots of thoughts about this, but that’s for another post. Anyone who claims otherwise is, at best, oblivious to current events, or at worst, deliberately obscuring the many ways technology can (and does) inflict real harm on people.
That said, “not neutral” doesn’t mean “all bad.” Digital spaces also offer us opportunities to raise awareness about critical issues; band together6 Especially in the middle of a pandemic and take action in different ways; and, well, try to create a better world for everyone. Taking those opportunities and standing up for what’s right shouldn’t have to result in danger for yourself or your loved ones, but here we are. I hope this post makes it a bit easier for people to stay safe, to be brave.
