OSIRIS Brief 1.4.0
China cracks down on video games; ProtonMail gives up an IP address; Atlassian’s Confluence under attack.
China Cracks Down on Video Gaming
Starting on September 1st, youth in China can only legally play video games for three hours per week. Young people will be prohibited from playing video games Monday through Thursday, and will only be allowed three hours per day on weekends. Unsurprisingly, technology giants like Tencent which is part or whole owner of several of the most popular video game companies in the world. With one of the largest video game markets in the world, China’s national prohibition will likely cut into Chinese companies’ revenues.
Prohibitions on video games in China seem to be part of a campaign to toughen up youth, especially young men. Earlier this year, the government began a program requiring more physical training for young people to combat the “feminization” of young men. This week, the government also prohibited effeminate men from appearing on television as part of a campaign of “national renewal” by Xi Jinping. Although the latest policies are new, concern in China about decreasing “manliness” is not a new phenomenon.
Xi Jinping is probably living out the fantasy of millions of parents outside China, but I am less sanguine about the benefits of prohibiting video gameplay. Video gaming generated $180 billion last year, and video games are often gateways for young people to other industries. Video game competitions are multinational spectacles that create overnight celebrities, of the kind China usually pursues at the Olympics. There are many unanswered questions about video games, but I am in the process of starting a research project on video games and their socio-political effects, so watch this space. (Also, message me if you are interested in participating or supporting the research.)
ProtonMail Compelled to Share IP Address
The community was rocked by the revelation that the Swiss Government had forced encrypted mail service ProtonMail to log and disclose an activist’s email. ProtonMail founder, Andy Yen, explained in a blog post that ProtonMail does not usually log IP addresses, but had exhausted all legal recourse. ProtonMail rejected the original request, but the French government sought and received legal support from the Swiss government through Europol. It is not clear what the activist in question is accused of doing, but whatever it was both France and Switzerland regard the action as a crime.
I use ProtonMail and will continue to do so. ProtonMail has been forthright about their preferences and obligations in every document I have seen. No security is perfect, and Tor will protect you from IP logging, if you care.
Confluence Under Attack
Early this week US CYBERCOM warned that Atlassian’s Confluence software was under active attack. Atlassian is an Australian software company that creates collaboration software and services, including Confluence, Jira, and Mercurial. Confluence creates internal “wiki” sites, similar to Wikipedia. Hackers used the weakness in Confluence to hack servers operated by Jenkins (another software company).
Confluence is an interesting attack target because it is an important component of the software supply chain in many companies. Attacks on the software supply chain target points in software production, often with the intent of introducing malicious code into non-malicious software. The most notorious recent software chain attack was the SolarWinds hack, revealed last December.
Noteworthy
Vaccine Passport Flaw: Analysis by Léveillé
A Lesson on Higher Education Cybersecurity Risks by CyberArk
5 Reasons We’re Seeing More Ransomware Attacks Than Ever Before by Partida
David Benson is a Professor of Strategy and National Security focusing on cyberstrategy and international relations. You can reach him at dbenson@osiriscodex.com.
To get more insightful analysis like this in your inbox at no cost please subscribe.
Ask a question! Raise an objection! Leave a comment!