It’s hard to see how the pandemic could bring about anything positive that wasn’t gained at the cost of over a million dead (worldwide), but the change it has wrought is irrefutable. Certain industries like food services and hospitality have had to reshape their entire business model, and many that couldn’t change fast enough succumbed as the entire world retreated to our bubbles. Not surprisingly, most professional services firms (accountants, lawyers, financial advisors, banks, etc – and yes, MSP’s like C2) after the initial panicked spasms were overcome, turned out to be well suited to work remotely, and many are now making a leap of faith to go fully virtual permanently by eliminating one of the larger expense lines in their budget – the office lease.

In most cases, there is no technological reason why some companies can’t go completely virtual. Note the words I emphasized there. For several industries, especially the ones that were born of the digital age, business technology is easily well ahead of the need curve for the majority of organizations in that industry, so far ahead in some cases that many have no idea of what is possible and don’t even consider it. Let’s assume that the technology exists for your company to go virtual, so instead it may be useful to examine the reasons why you might need to consider carefully before tearing up that office lease.

Look before you leap!

As has been made painfully obvious by our (mostly) self-enforced lockdowns, some of us are realizing how much we miss the hustle and bustle of a busy office. Indeed, many companies thrived on spontaneous interactions that can only occur when people are physically adjacent. If you’ve noticed a decrease in productivity or creativity despite everyone having all the tools they need, you may have been one of those companies that developed a culture that was built around face-to-face interactions. Switching to online forms of interaction like videoconferencing and instant messaging will be difficult for people, and certain folks will never consider it as a suitable replacement for those watercooler meetings. The pandemic will end and for staff that look forward to returning to normalcy it may be particularly disheartening to find out that their workplace also fell victim to Covid.

Physical offices allow for a certain level of technology simplicity and manageability that are not achievable (yet) in virtual companies. Granted, if the internet was down for the office, no one was getting any work done, but conversely, it also allows IT managers to ensure a consistent level of service and security that they could literally put their hands on by walking down the hall. Running a company on the back of the internet and personally-owned electronics presents a new layer of complexity that is not easily serviced by a traditional in-house IT department, and it multiplies the potential security vulnerabilities to a level that will be unacceptable for some industries without very careful planning and discipline.

You should also consider the management style of the company’s leadership. Are they used to managing by sight, i.e. they need to see that their employees are busy and engaged, or can they trust that their people know what needs to be done without being physically supervised? It shouldn’t surprise you to know that while it is technologically possible to supervise remote employees just as closely (if not closer) as if you were standing over their shoulder, most folks will find this intrusive and offensive, especially if they are working from home. While I would argue that this type of leadership is perhaps a relic of bygone eras and definitely less effective in today’s workforce, I still regularly encounter it and know that leaders who rely on this style are especially frustrated by virtual staff.

Make no mistake, virtual companies are here. They were here well before the pandemic and I’m seeing many more making the transition as each week passes. While it may be tempting to consider permanently striking real estate leases off your budget, make sure you consider the underlying costs that might not be easily summed up on a spreadsheet.

Now that a lot of you are working regularly from home, you’ve probably gotten most of your technology (that you can control) working more or less reliably, but I’m willing to bet there’s at least one hunk of plastic and sand that is regularly giving you fits. Yes, we’re looking at you, laser or inkjet printer! Printer issues are one of the top ten issues we address for clients, but a good percentage of those issues are resolved by a very specific set of “tricks” that most people can do on their own.

“Sit. Roll-over! Print this page…NO! Bad printer!”

If you are having problems printing, here are some of the basics you can walk through to see if you can bring that recalcitrant printer to heel:

1. Check the printer queue. If you see a bunch of documents stuck in the queue but your printer seems to be oblivious to them, try canceling the jobs, and then resend them.
2. Make sure you are printing to the right printer. Sometimes Windows (and Macs, but less often) will reinstall your printer, but your apps don’t get the memo and will still try to print to a printer that no longer exists. Quit the app and relaunch if you notice this, and make sure you select the active printer when printing. If you have two printers with very similar names and one of them is marked as “disconnected” or “offline”, very likely your apps don’t know that something has changed.
3. Reboot your computer. There. I said it. Again.
4. Reboot the printer. This one actually still gets forgotten quite a bit. Modern printers have little computers in them and sure enough, those little computers can crash. Or they are waiting to apply an update but need a reboot to get it started, just like the big computer on your desk.
5. Check the printer’s built-in display. Most modern printers, even the ones that seem cheaper than the ink they use, have screens that can provide all kinds of information, including the state of the network connection, whether there are jams, or that dang cyan cartridge is empty again.
6. Reinstall the printer drivers. This is a little more advanced, but as I mentioned #2, Windows 10 is notorious for reinstalling printers with a Microsoft-version of your printer driver, which often leads to strange behavior.
7. Check your printing settings. Make sure you aren’t trying to print a page that doesn’t match the paper size loaded into your printer. Even the simplest apps use a standard print dialog box that has at least a half-a-dozen settings that can cause the printer to just stop, as if to say, “Whatever it is you are trying to print does…not…compute.”
8. Make sure your ink cartridges aren’t dried out. Cheap inkjet printers (heck, even the expensive ones), when not used for long periods of time, have a tendency to malfunction due to dried-out cartridges. Depending on your usage patterns, local humidity, and the quality of the cartridges, this period of inactivity could be days or weeks. Make sure you run regular nozzle checks, cleaning and print tests to keep the printer juices flowing.
9. Replace that cheap printer. Most of the printers in use today were probably bought pre-Covid, and most likely were chosen because they were cheap and intended for light-duty use. Nine months later and those part-time printers have become essential workers in a role they were never intended. If you are spending more time fixing jams, replacing cartridges and reprinting poorly imaged pages, it may be time to consider replacing it.

Image by pavelkovar from Pixabay 

While I regularly hear this question throughout the year, it seems seasonally appropriate to talk about this particular phenomenon. “My computer has a mind of its own,” or my favorite, “I think my computer is possessed,” could actually be an accurate assessment of the situation, but not in a supernatural way. A large majority of technology problems can typically be traced to something a human fouled up, but the interconnected nature of today’s technology means that this particular foul up doesn’t have to have been your own fault, or even someone nearby. Your computer issues could have arisen because of a mistake made by someone miles (and possibly years) away, which only makes the universe feel just a little more perverse than usual. In some cases, computer problems arise because of the irresistible second law of thermodynamics, which basically states that everything is slowly degrading over time, and if humans invented, designed, and/or assembled something, even infinitesimally small variations in quality can lead to the difference between your computer loading up properly or giving you the dreaded, “No operating system found” message.

The scary tech stories no one wants to hear…

“Your hard drive will fail.” This is not an “if” but a “when” determination. All hard drives fail – the trick is to replace them before they do, and to back up your data in the interim. Most modern hard drives do have alarms that will warn you that entropy is winning, but not everyone knows what to monitor, nor understand the data that is provided. While it’s true that spinning (traditional) hard drives have more moving parts than Solid State Drives (SSD), and thus is more subject to entropy than it’s solid state brethren, both can fail, and in fact HD’s are easier to recover in certain hardware failure cases than SSD’s because of how they work. Just because it’s SSD doesn’t mean you shouldn’t back up important data.

“Software updates are unavoidable.” Sadly, gone are the days of dodging Windows updates to keep your system and software running just like it did the day you installed it. Microsoft’s forced update cadence has most major software makers in lockstep, meaning that one can’t be updated without the other, and problems will arise if you aren’t marching to their tempo. And as is the case with everything humans do, some updates will cause problems.

“Your personal data is probably already on the internet.” You may not like to consider it, but there is a high likelihood that much of what you consider to be “private” is well known to both advertisers as well as less scrupulous elements around the world. Even so, this is no reason to be less safe with that data. Always challenge requests for this information, and consider the means by which you convey this data to the requestor, as well as who is asking especially if they are new to your circle of interactions.

“Using a single password for everything will get you hacked. Badly.” It may be the hardest to guess password in the world, but the fact that you have to enter it at all means it’s possible for someone to trick you into giving it up, and when that happens, they are on you like a horror-movie killer, and you won’t be guaranteed a Hollywood happy ending. Identity theft teams move at horrific speed and will make your life very unpleasant.

That’s probably enough scary stories for one Halloween. It might be strangely comforting to believe your technical issues are supernatural, as the reality is rather banal and depressing to consider, but attributing them to something otherworldly, while entertaining will only result in a real-world horror story that won’t be resolved with talismans, herbs or weapons.

Though just about any parent I’ve spoken with will tell you that they wish they could install a tracking device on their kids, maybe we should be more careful in wishing. This time the monkey’s paw is curling around a new smartwatch for kids that (up until recently) came with a hidden backdoor that, if used properly, could allow the device to take pictures which could then be uploaded to the manufacturer’s servers, as well as location data and sound as recorded by the devices microphone. Note that I wrote “used properly” in a purely technical and NOT ethical sense. While this feature could be extremely useful in locating a missing or abducted child the fact that this backdoor wasn’t disclosed is troubling, moreso once you consider where the smartwatch was made.

When does supervision become spying?

Though the device mentioned is being sold by a Norwegian company, they developed and manufactured it in partnership with a Chinese security firm that also happens to be on the US Commerce Department’s list of sanctioned companies due to it’s close ties with the Chinese government, which isn’t known for being a stalwart champion of human rights or privacy. In the product’s defense, the investigators who discovered the backdoor noted that being able to exploit the device would require access to data that would not be readily available. The manufacturer also pointed out that the data would only be uploaded to it’s private servers to which access was extremely limited, even to its own employees. On top of this, after being notified of the backdoor, the company has since issued a patch to close the backdoor.

Normally, I wouldn’t even bother pointing out this story to you as the smartwatch was never available for sale in the US (possibly because of the sanctioned Chinese partner) but I thought it would be a useful illustration of what is likely to be a common occurrence in the days ahead. Surveillance technology has taken remarkable leaps forward in ways that we both imagined and in ways that we overlook, like the fact that many of us have internet-connected devices in the same rooms as our children that is always listening and possibly watching as well. Technology is extremely complicated, and sometimes business partners aren’t always able to vet every aspect of their devices, especially if certain components aren’t built in countries that have the same standards as our own when it comes to privacy, security and quality. This is not to say that we shouldn’t buy things made elsewhere – what choice do we really have? – but that we should be mindful that it is no longer possible for the average human to ascertain whether the product we just put on our child’s wrist observes the same level of children’s rights we’ve come to expect in the US. Heck, even our own companies have gotten that wrong in the past, even when they should have known it was illegal.

Image by Tumisu from Pixabay

We are seeing a large spike in email phishing attacks across the board, both targeting our clients as well as their customers. These types of attacks are not new, but remain effective because the attackers are relying on a set of human behaviors that are predictable and exploitable. Gone are the days when scam emails were laughably obvious with their broken English and strange phrasing. The most successful attempts are now exploiting already-compromised email accounts, social media content and other publicly available information to make the phishing emails indistinguishable from genuine emails by using phrasings, nicknames and familiar work tasks or project language in the body of the email. This becomes even more effective when the potential victim is rushed, distracted, tired or too trusting. Up until recently, this level of effort was reserved for “whales” – principals of large companies, government officials and other, traditional “high-value” targets, but now we are seeing sophisticated phishing emails aimed at all levels of professionals.

What does this mean for you?

At the moment, there is no hardware, software or “silver bullet” that you can employ to combat this level of trickery except being constantly vigilant and knowing what to watch out for. To that end, I’ll try to highlight some of the common features of phishing emails which will help you spot them as long as you keep your guard up.

All phishing emails will typically have one of these goals:

1. Get a password from you
2. Get you to send money to an account
3. Get you to reveal sensitive information that can be used to get to #1 or #2.
4. Get you to install malware on your device

To that end, these emails typically follow a small handful of scenarios. They will likely contain:

1. Links to requested information that require you to “authenticate” using your login and password
2. Attachments that need a login and password to be viewed
3. Requests for you to reply via email with a pin or secret word to verify your identity
4. Links to install this app to view your requested files/information

Seeing as some of these tasks are also common in legitimate transactions, you’ll need to look for the second indicator that the email is not real: in most cases, phishing emails will not actually be from the sender they purport to be.

1. Check the actual senders address. How to check the actual sender’s address varies based on the device and platform, but you should absolutely know how to do this on whatever device, app or program you use to read your email. In Outlook, the actual senders address is typically easy to see, but on mobile devices this may not be the case, so don’t just assume the sender is legit unless you can 100% verify it. It is trivially easy to spoof a sender’s email address, and in most programs just as easy to spot as long as you are paying attention.
2. Does the sender’s address match the content of the email? This week several of my clients received emails notifying them that their Office 365 passwords needed to be reset, but the emails were sent from addresses that were clearly not Office 365 (in this example, “webex.com”). This is a dead giveaway as long as you know what the actual sender’s address should be. Check other known-good emails from the customer or platform in question, look at a recent bill or invoice, or check Google – but make sure you verify – don’t just trust the top search result blindly.
3. The email address looks legit. What now? This is easy – pick up the phone and verify that the sender actually sent that email. If this is a customer and they did, they shouldn’t be annoyed that you were being cautious. If they didn’t, you just gave them a heads up that their account may be compromised. If the email appears to come from a large company, you will want to verify by going to the website by manually typing in the website address or by calling the phone number that appears on your official bill. Do NOT rely on any information in an email to be genuine if you are at all suspicious, regardless of how authentic it looks.

Though it may feel like you need to have the observational skills of Sherlock Holmes and the paranoid vigilance of Mad-Eye Moody, there are a few simple, but critically foundational practices that anyone can adopt to safeguard and insulate yourself from attacks like this:

1. Use unique, hard-to-guess passwords for all important accounts, and pay attention when using them. Every. Single. Time.
2. Don’t store your passwords in an unsecured document on your computer, or in a single physical place (little black book) that could be lost or destroyed.
3. Make sure your malware protection is active and you understand how to check its status.
4. Have recent backups of all your important data stored in the cloud.
5. Pay close attention to everything you do on your device screens. The criminals only need you to be careless once.

Image Courtesy of Stuart Miles at FreeDigitalPhotos.net

There is an ongoing debate in the business world when it comes to deciding whether or not to pay a ransom demand when critical data systems are locked up in a successful ransomware attack. As a rule, technology and security professionals recommend against paying the ransom, but often times the business leaders will calculate the loss and potential risks against the ongoing and future harm the current lockout is causing, and decide to pay the money to get back to work quicker. This is a calculus that the attackers also weigh – how much is too much? What sort of threat does the ransomed data represent to the company?

What happens when they don’t pay?

Most of the time when the victim refuses to pay, the hackers move on to their next target, leaving their victim to pick up the pieces on their own. In the case of Clark County School District, critical school systems were compromised 3 days into the new school year. Despite threats by the attackers to leak the data they were holding hostage, CCSD choose to not pay the ransom, prompting the hackers to post some non-sensitive data as a warning that they meant business. When the CCSD continued to stand tough, the hackers apparently shrugged their shoulders and called the district’s bluff by posting the stolen data on both the regular and dark web, free and unprotected for anyone to download. The 25 gigabytes of data included employee social security numbers, addresses and retirement paperwork, as well as the PII of presumably the entire student body, including names, addresses, birth dates, grades and schools attended.

Previously, ransomware attacks seemed to be focused on businesses, allowing most folks to just shrug their shoulders (even if their own information was possibly compromised) as the impact was far removed from home. In this case, what if an organization over which you have very little influence made a decision that results in very real risk to your child’s future (and present!) livelihood? Clark County wasn’t the only school district to be targeted this year – Hartford, CT and Athens, TX school districts were targeted by similar ransomware attacks, resulting in closures and ransoms paid. As you might guess, schools are attractive targets – the stakes are high, and IT is typically not a high-priority budget item, making them easy targets. Even if the school systems had been backing up their systems (unlikely, see budget or lack thereof) it takes several days for systems to be restored even with a highly-trained and prepared IT team (unlikely), and meanwhile, the phone system is being lit like an angry Christmas tree by parents wondering what the heck is going on.

The reason ransomware attacks continue to be an extremely effective criminal activity is because how effective and profitable they can be. As is evidenced by their tactics and continued success, it’s very clear that ransomware campaigns are now an established weapon of organized crime. Unlike the stylized depictions of the “honorable mob” by Hollywood, today’s crime organizations seem to have no problem targeting our most vulnerable organizations, and aren’t squeamish about casualties along the way.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

A little while back, I wrote about a very disturbing trend in 2017 where something was gaming YouTube’s content algorithms with what appeared to be AI-generated content and metatags. If the last part of that sentence made little sense here’s the concept put another way. Someone was (and probably still is) using computer algorithms to build and publish content based purely on what would get to the top of YouTube’s search results. “Great,” I can hear you say, “How do I hire these guys?” That’s the thing – a lot of the content appeared to be completely artificially generated and automatically published. Basically someone built a robot and turned it loose on YouTube, and it actually worked.

Now it’s happening on Spotify

Chances are that you are a Spotify user – according to the company’s Q1 2020 report they have 286 million active users and 130 million premium subscribers. One of the primary draws of Spotify is creating your own playlists, whether based around a genre, artist or mood. You probably started on Spotify with a list of artists, songs and albums that you used to create your first playlists, but the other, wildly popular feature of Spotify is the ability to “discover” new music by searching its vast collection and having it generate playlists for you, as well as seeing what others, especially your friends, are listening to via their shared playlists. As you have probably guessed by now, Spotify drives this discovery process via search algorithms that are, of course, now being gamed like YouTube’s back in 2017. Any summarization I could put together would not do proper justice to just how strange the mushroom is that has grown in Spotify’s garden, instead I would recommend reading the article if you are at all curious as to why Spotify has made certain “odd” choices when recommending music to you. (Note: Medium is a subscription based website that limits story views).

As a wanna-be musician and as someone who deeply enjoys music, I’m not sure how I feel about the path that music is taking on Spotify. On the one hand I find it heartening that the platform allows for a wider swath of musicians to not only have their music be heard by larger audiences, but that they stand to make some money from it (as long as they know how to leverage the Spotify algorithms). On the other hand, audiences are losing track of the artist in sacrifice to search engine optimization, which prevents the artist from building a following. I’m pretty sure that most musicians don’t create purely in service to profit, but for the enjoyment of others. Being able to make a living is (usually) a happy product of this, but if the only objective is profit, I’d like to believe that particular product won’t endure…as long as Spotify doesn’t completely commodify musical tastes.

Though you might not know it, you’ve probably seen at least one TikTok video, and if you spend any significant amount of time on other social media platforms like Face-behemoth you’ve definitely seen one. If you live with teens that have access to the internet, you have more than likely seen them spending hours consuming and producing Tiktok content. Not quite sure what it is? Well, don’t go downloading the app and creating an account without knowing that there are some serious security and privacy concerns about this Chinese social media platform. These concerns are so serious that the US Government threatened to shut down the app altogether unless it sold its US operations to an American company.

“A finger on the Monkey’s Paw curls up…”

Instead of closing a deal with software giant Microsoft with whom they have been huddling since the start of the trouble, TikTok announced over the weekend that US operations of the social media app would be “acquired” by Oracle. Once the initial shock had worn off the announcement and details were revealed, the reasoning behind the agreement became immediately evident. Where Microsoft had been proposing to completely take over TikTok US by completely severing from Chinese firm ByteDancer, Oracle has positioned itself in this deal as TikTok’s “trusted technology partner” which suggests instead of taking over, Oracle will be “partnering” with ByteDancer. Larry Ellison is a vocal and staunch supporter of the Trump administration, and this move allows Oracle to neatly deescalate a thorny problem for the White House as it headed to an ugly legal showdown with TikTok. It doesn’t hurt that this will also allow Oracle to tap into some serious capital, and gain them possible access to ByteDancer’s highly sophisticated AI algorithms that power the app.

At the moment, the deal still needs to be approved by the White House, but given the players and how neatly it ties off the issue for the politicians and business people, it’s hard to see this deal failing. Unfortunately, there are still plenty of questions about what role Oracle will play in answering many privacy and security concerns that still remain with the app. For now, our recommendation is for our clients to keep an eye on TikTok and to enjoy the content via something other than the app itself.

A good portion of you have probably gotten yourself and your family more or less situated to working and learning at home, and unless something dramatic happens in the medical community (experts say this is unlikely), we are probably going to need to carry on in this environment through the end of the year. This means that those hastily assembled home offices/classrooms might be less secure than what would be considered safe by industry standards, especially for what is typically the most private part of your life. Cyber criminals know that home networks are weak, but have largely ignored them as business targets are more lucrative. At least they were more lucrative pre-Covid, but now that a large part of the workforce is home, they know that your defenses there are much weaker, and sometimes non-existent.

Bolster your home defense!

You’ve probably built several pillow forts during quarantine already (even if you don’t have kids), and now you can try building your own network fortress. It’s not nearly as comfortable as the pillow fort, but can provide an extra layer of coziness, knowing that you’ve put some barriers between you and the hackers.

1. That family computer you are using to remote into the office needs malware protection. So do the computers your kids are using to attend class – virtually or in-person. There are literally at least a dozen different companies selling security bundles, and more than a dozen free malware providers, but we only recommend the following: Webroot, TrendMicro, BitDefender, and with some caveats (we’ve found it to cause performance issues on occasion), Norton. All of these companies offer multiple packages with different levels of security that include various aspects of identity theft protection, content monitoring, password management, etc, and all of them have moved to a subscription model that will require a credit card on file with them. Expect to pay between $60-100/year to protect all the PCs in your house (if you aren’t the Brady Bunch).
2. You may need to upgrade from the ISP-provided router to a custom firewall. The devices provided by ISPs are typically fairly simple, and even if they have advanced features, they are not designed to be managed by the average homeowner. If you need content monitoring to make sure younger family members are safe, or advanced features like VPN tunnels, or Quality of Service (QOS) capabilities to make sure business calls aren’t overrun with non-business traffic, you may have to consider purchasing your own router. Though the sellers would have you believe otherwise, this type of upgrade is not for the technically inexperienced. Make sure you consult with a professional before buying and installing anything, especially if you need to factor in better WIFI as well.
3. Use better passwords for your home devices. This includes your WIFI password, and if your home machines don’t have passwords for logins, consider adding them as well, especially if they are being used for business purposes. Change your router password if it’s using the default. Don’t know if it’s the default? If you’ve never changed it and your router is more than few years old, it may be using a default that is well known on the internet which means it may be easily hackable as well. Consider using a password manager to keep track of your growing list of passwords – that little notebook or Excel spreadsheet is just as dangerous as using the same password over and over. We can recommend password managers Dashlane, LastPass or 1Password as affordable solutions that offer family subscriptions.
4. Back up your data. I’m still surprised how many folks aren’t backing up their personal home computers. Yes, many of you are using cloud-based services like iCloud or Google Photos, or Dropbox, but a good percentage of my clients who do use those services aren’t 100% certain what is being backed up by those services. If you’ve been collecting years of digital photos, prior to owning a smartphone, it’s also highly probable that older media is living in a corner of your hard drive not even touched by a cloud-syncing service. Know what is backed up and by what, and if you are relying on USB attached hard drives or thumb drives for back up, you are living on borrowed time. We can recommend Backblaze and Carbonite as family-friendly solutions that are very affordable and relatively easy to set up and manage.
5. Don’t share computers. Especially if you work with client data or financial services. Kids definitely don’t have the same stakes as you do, and even if they are well-trained, are more likely to make poor decisions that could compromise your security. The technology to separate your home network also exists, and is affordable if you want to go the extra-mile, but if you share equipment like printers, this may make things a little more complicated.

Note: all of the products we mention here are not sponsors, nor do we receive any sort of compensation from them if you decide to purchase their services. C2 Technology does offer a line of services that can be extended to your work-at-home PC’s but we do not provide managed services on personally owned devices other than your primary work-at-home device in consideration for your household’s privacy.

Image by Gino Crescoli from Pixabay 

In case you haven’t see one yet, you can find a great example of a “deepfake” video in one of our past postings. While the example I use of Bill Hader impersonating Arnold Schwarzenegger is humorously entertaining, the context makes the manipulation much easier to spot than in this video of Mark Zuckerberg, which was completely faked to make a point about Facebook’s lackadaisical policy towards policing misinformation. Despite this highly publicized broadside, it took Facebook six months to change their policy on allowing this type of content on the world’s biggest media platform, and even then the policy has loopholes that allow many fake videos to continue to thrive, especially content posted by politicians, who are given a pass on Facebook’s fact-checking guidelines.

What’s a regular person to do?

While it’s clear that waiting for Facebook to do something is not going to resolve this problem, other major players are taking steps. Twitter has finally found some courage and has been policing demonstrably fake and harmful content, and now Microsoft is developing two platforms that can arm consumers with more ways to spot fake content. Microsoft’s “Video Authenticator” was announced Sept 1, 2020 as a way to detect manipulated videos, particularly deepfakes, by using technology to spot edits that would normally be undetectable to human eyes. Realizing that they will always be chasing improvements to deepfake technology, Microsoft has also announced its participation in an initiative called “Project Origins“, founded by the BBC. Project Origins aims to provide digital content with authenticity watermarks (among many other things) to hopefully curtail the harmful spread of misinformation through unapproved appropriation of legitimate news content.

Unfortunately, the use of these tools actually requires active and willing participation from the general public – if one doesn’t know they are being manipulated or think to question the source of their information, the previously mentioned platforms are not helpful. This is where the concept of “media literacy” is becoming increasingly crucial to navigating the flood of information we receive daily. Microsoft has created an interactive quiz at www.spotdeepfakes.org in partnership with the University of Washington, USA Today, and Sensity as just one way of increasing awareness about this growing threat. The only way we can combat the tide of misinformation is to encourage everyone around you to think critically and to reasonably question information sources, especially during the upcoming election season.

Image courtesy of Stuart Miles at FreeDigitalPhotos.net