Horrific/Terrific is taking leave from Substack | asset theft | a nifty alternative to sim-swapping
✨ANNOUNCEMENT: This week was most certainly something I could have done without 👎 because:
I will now be looking for another platform on which to host Horrific/Terrific (what should I use?? Please help me...)
This is the last newsletter until I find a service that does basically the same thing but without the transphobia (interesting how that's so, uh, hard to find but okay...)
Anyway, follow the arrow, Substack → 🗑️
💦 It's time for your Horrific/Terrific satisfaction assessment
Thank you for tuning in to Horrific/Terrific every week — I would love to know more about why you grant me passage to your exclusive and heavily curated email slots. Please deposit your thoughts into this typeform so that I may make some data driven decisions on how to make Horrific/Terrific more intellectually orgasmic for you. The survey is 3 minutes long.
🕵️♀️ Just like all property, digital assets can be stolen
Two things: NFTs are being stolen, and a lot of them are already broken anyway. Just like real-world possessions!
Last weekend, some users of Nifty Gateway started reporting that their NFTs were missing, or that their credit cards were used to buy NFTs, and then transfer them to a different account. Key facts:
No one 'hacked in' to Nifty Gateway — rather, they exploited vulnerabilities found in humans: the inability to memorise different passwords OR use a password manager. Question: if you're using the same password you've used since you were 13, do you deserve to hold on to your NFTs?
When everything is blockchain, you cannot undo fraudulent transactions or retrieve stolen goods. Because there's no central authority who has control over this stuff. You know, because... that's how blockchain works?
The other thing: when you buy an NFT, you will get a link which takes you to the 'token' that proves you own the fart someone decided to mint. The token, however, is hosted on the servers of whatever platform you used to buy the fart (e.g. Nifty Gateway). In other words, it's just another startup that will go bust one day — if their servers go down, your tokens will disappear. A lot of the links are already broken. Read this tweet thread for more juicy, hilarious details.
Check My NFT 🔎 🖼️ @CheckMyNFT@jonty @cloudinary Btw we’ve been tracking this for 7 days now and most of the files we check from @niftygateway on IPFS fail https://t.co/cQu1cPBXhF
Dunno what Nifty Gateway has to say about the broken links, but they insist that if you don't want your NFTs to be stolen, you should enable two-factor authentication. Uh, except...
🧑💻 Good old, unreliable, 2FA
Perhaps you've heard of sim-swapping, where you can port a number over to your phone, and then use it as if it was your own. This is a great way of getting around two factor authentication, where verification codes are sent via SMS.
I highly recommend you listen to the snapchat thief episode of Reply All on your next government-sanctioned walk — it teaches you everything about how SMS is a really dumb way of keeping accounts secure, and how there are droves of rich teenagers out there, laughing at all of us from their bedrooms in Twickenham, dripping in designer labels and infantile swagger.
And now, 2FA is even dumber: because sim swapping has been rendered obsolete, now that services like Sakari have become so accessible. With these, you can literally send and receive texts to and from another number, very cheaply and easily, as Joseph Cox recently demonstrated. Crucially, if you use this for hacking purposes, the victim will not even notice a loss of service on their phone, which was probably the only obvious way to spot that you'd been hacked. You know, besides the sudden population of dick pics in your snap chat.
🤪 Dystopia strikes again
As you may have heard, Uber drivers in the UK now get minimum wage, holiday pay, and pensions 🥳
How I heard it: Uber drivers had to spend FIVE YEARS convincing Uber that that they entitled to basic rights, and the MINIMUM amount of money that you are legally allowed to be paid to work. Uber are only doing this because the MOST IN-CHARGE COURT told them to.
Will be interesting to see how this changes the way they work, and if the incentives in the Quest feature will change.