I’m a firm believer in learning and developing skills over time, but I have to acknowledge that these don’t always work in employees’ favor. The first thing that comes to mind is how academia gleefully encourages people to pursue academic degrees even when those degrees can’t afford their own expense, but this also carries into the business world in which companies demand skills that make the world a worse place to live in, such as psychological manipulation techniques, surveillance technologies, and legal shenanigans used to hide the negative effects of various products and substances.
This, I think, highlights some interesting perspectives on the difference between learning things for personal benefit vs. learning things for financial gain. Too often this is politicized, with liberals clamoring for the humanities and social sciences (despite their relative commercial worthlessness), and conservatives clamoring for employable skills (despite their relative soul-sucking-ness), but I think both of these are the wrong perspective. I think there needs to be a bit more strategy involved.
In the tech industry, for example, there is a growing demand for data analytics, which is frequently being leveraged to strip people of their privacy. I, personally, have never worked on any algorithms that feed into advertising platforms, but by the looks of things, many websites include dozens of hooks into various advertising networks, and you have to wonder what the people who implemented these hooks must have been thinking. Surely, most were just doing what they were told, and most of us need to bring home a paycheck, but you also wonder if their work bothered them in any way. Did any of them sit down and think, “Huh, this kind of sucks. The world is a worse place for the feature I just built”. How many have learned to shrug it off, assuming people surely know most websites are trying to spy on you? You wonder.
What would it mean to learn skills that both work in your favor and make the world a better place?
I’m reading Shoshana Zuboff’s “The Age of Surveillance Capitalism”, and while it’s incredibly eye-opening to the abuses of the tech industry, it’s also depressing. Towards the end there will likely be a “here’s what we can do section”, but in the meantime, I’ve been forced to start thinking of this for myself (it’s a long book). We all kind of know that these big tech companies are up to no good, but never before have I seen so much evidence and analysis to show just how bad things are (and the book was written in 2019).
One of the bigger questions I struggle with concerning my goal of shifting into cyber security is exactly what good will I do for the world? The only companies that can afford to hire pentesting contractors are large and mid-sized companies, and the only ones that can afford their own fully-fledged security departments are the largest of the large. Sure, you get to help secure these companies, which directly affect the public if they get breached, but the people themselves are technically already getting breached when these companies collect their data and repackage it for the highest bidder. Just because you operate under the guise of legality doesn’t mean you are protecting customers in any way.
In fact, I suspect most people go along with this sort of thing because it’s so ubiquitous. After all, if you work for a large corporation and are paid well, it’s hard to hope for the corporation’s downfall, right? But the worse the general landscape is, the less freedom people have to reject the nature of these jobs. To borrow a now-common word, this is basically the ‘enshittification’ of employment.
But I keep wondering…what can I do to make the world a better place? The software business model is kind of broken – hence the financial incentive to screw your customers out of their privacy – and while there is an apparently viable strategy of building software in which a “community” edition is free and open-source, but an “enterprise” edition costs a licensing fee (constituting the only revenue stream), I don’t know how successful this model is overall; moreover, would I work for a company if they could only pay me 75% the going-rate for my skills? Maybe? I still think the best thing you can do if you are earning a lot is to strategize a way to reach financial independence, after which taking lower pay (or no pay) becomes an option and frees you to contribute however you please. But that definitely takes time.
Personally, I think the IoT space is dominated by shit companies. The general business model is to build a product that can be controlled from an app, host the servers, harvest and sell the data you collect, rinse and repeat. Unfortunately, these companies are often hosted overseas and tend not to last long, after which the servers are shutdown, the products become inoperable, and the devices inevitably end up in landfills. Two friends of mine had this happen with an IoT pet feeder they owned. The company shutdown and their device stopped working. Great. Moreover, the security on these IoT devices tends to be terrible, so for a long time it’s been known that these devices are ripe targets for botnets to infiltrate. They are the worst form of embedded systems out there, and that’s ignoring the terrible privacy implications, where some companies have 24/7 access to seeing who is at your front door.
You have to pay the piper, so you need skills for which somebody will hire you. I get that. But that doesn’t mean you have to limit yourself to this.
Pentesting is a lot like puzzle solving, and as such, can be a lot of fun in its own right, but I suspect that much of what I can do to make the world a better place is actually from the software side, if I can learn to write secure software, or software that implements end-to-end encryption, or software that replaces “cloud” spyware with something more localized. For example, I have nothing against wanting to be able to call out to a device to play a certain song or a certain band, but it’s a terrible idea when this device is connected to the internet and is recording your conversations, analyzing them, and using this to build up a profile of you that will be sold to other companies and will last forever. The internet connection was advertised as being good for you, when in fact it should never have been necessary in the first place, and was just an excuse for invading your privacy. That being said, only open-source tools which don’t provide a continuous revenue stream to their developers are being made in such a way that these capabilities work locally and without an internet connection. There are also projects like OpenWrt, which can be installed on an amazing number of routers to replace default router firmware, but it’s development is volunteer only – no paid positions. It’s something I might want to put some effort into in the future.
I don’t exactly know where any of this is going, but it got me thinking. I think it’s sad when people don’t invest in any skills at all, but then it’s also sad when people only invest in skills that make them money, without thinking about the broader philosophical question of what they are even doing on this planet. If you want to make the world a better place, it takes effort of some kind.