Film Review: CTRL on Netflix in India

Watch this film NOW. Not as a fiction film.

Here is the "review" element of the post:

The editor of the film had the capacity to make it an 80 minute film. Or less. I wish they had worked a little harder.
The performances are adequate.
The story telling is engaging. Not as taut as it could be. But engaging. One doesn't look away that much (at the phone, what else?)
The background score and cinematography both delight. I loved the AI avatar being put on screen again and again.
My favourite dialogue in the film (mostly because I keep saying it all the time): Please, please make an informed decision. Aap ek baar proofs dekh lijiye. (Joe's words from his last video).
The dialogues are not too witty. They are just realistic. A little extra work there would have led to some chuckles.
Joe is super cute!

This film does not deserve to be watched or reviewed as a fiction film or sci-fi.

Nothing shown in the film is in the realm of sci-fi. It is possible today. And much of it is happening (minus the idiot looking avatar. They don't need the avatar. They have the feed).

Then ask yourself:

1. Can I live my life without social media?

2. Am I aware of how much social media controls my thoughts? What I see in news, What i think about, which friends I get to see, which ones are ignored, what I (think I) choose, even what makes me feel good and what makes me feel bad. Who decides if you are on the side of Russia or Ukraine? Your feed. You never make the effort to read about the other side's perspective.

Think hard. Think very, very, very hard.

And you will realise why this is a very real cautionary tale.

You don't have to believe me, read what the experts said at the last International Dialogues on AI Safety (Venice, Sep 2024):

https://idais.ai/idais-venice/

Now, give this film to your teens.

Someone wrote about Insta putting teen controls in place. Let me add to that story. The CEO of Meta was summoned by the Congress. Behind him were parents whose kids had been severely harmed or died because of Insta. DIED. He did not bother to look at them. Finally, he was asked to turn around and apologise to them. He had to be asked TWICE before he turned.

THAT is the most haunting Big Tech video for me. This CEO, who KNEW his app was killing young people, not only did nothing to stop, but continued to promote the same algo changes. Without a pause.

https://www.youtube.com/watch?v=QwtYBPcTVPw

Sorry to break it to you, folks, but NO One has your back. No one is looking after your kids. There is no liability. Even the US Congress cannot protect our children (or us). Therefore, Watch CTRL, and as Joe says, make an informed decision.

Behavioural Security

We readily acknowledge that humans are the weakest link in the security chain. 

BUT, people do not want to be conned. NO ONE ever said - Its ok to get conned. What's the issue?  

So, why are they the weakest link? 

I have been thinking about this very deeply. 

In one line, its simply that security has been projected as this esoteric discipline (rocket science) instead of making it a natural everyday thing to do. 

The second is that the approach to security in human behaviour has been directive - Do this, Don't do this, be Scared of this... 

This is never a good approach to take in behavior change. 

Presenting, a new discipline: Behavioural Security - the discpline that focuses on understanding human behaviour and creating models of change that lead to safer behaviour. Much like any other change management. 

Why do we need an entirely new discipline for this? For the simple reason that there is plenty of work to be done. 

I created one video to make it easy to create a complex password that is also easy to remember. And then it hit me - Why do we make it so hard for normal people? You are told to change  your password once a month, to make it Greek and Latin, but no one tells you HOW to do it! 

The education is largely directive, the verbiage fear-inducing rather than supportive. 

But the worst thing is the victim shaming. NO ONE wants to be duped. And yet, after every single episode, the victim is made to feel like a culprit. 

For far too long, companies and governments have focused on the tech side of cyber security - Bounty hunting programs, firewalls and AVs, zero day vulnerability assessments, VAPT... even the OWASP Guides and Top 10 are all tech. They do not focus on human centric security design. It is time to change that.  

So, let's get the work started! Let's research, create experimental models of change, verify those models, and end the era of humans being the weakest link in the chain. We are smart enough to deserve better. 

New Fraud Style

 So, this is a new fraud style.

They first bought a domain name that is very like a govt domain name: maharashtrapolice.in.

Then, they created an email id on that domain name - cyberpolice-nagpur@maharashtrapolice.in.

Then, they sent instructions to bank managers to freeze certain accounts (176 accounts) because of 'suspicious activity'. The bank account details were accurate.

Then, they called the account holders and told them that their accounts are frozen by the govt, and they have to pay some money to unfreeze them.

Sweta Kumar Trilochan Panigrahi, an assistant manager with a bank, thought the email looked fishy and alerted the authorities.

Two arrests have been made in the case.

What makes this case unique?
A. Government email id was faked.
B. The accounts were actually frozen, so if the victim were to check their accounts, they would find them frozen. They were, therefore, more likely to comply.

A story in my next book does deal with this threat. In that story also, the detective figures out that the domain name cannot belong to the government.

What to do if this happens:
Do not transfer any moneys online to police or anyone else. Visit your branch and speak to the branch manager.

Police are investigating how the details of the account holders reached the fraudsters. Bank employees are expected to be involved.