News Daily


Men's Weekly

Australia

  • Written by The Conversation
'Protestware' is on the rise, with programmers self-sabotaging their own code. Should we be worried?

In March 2022, the author of node-ipc, a software library with over a million weekly downloads, deliberately broke their code. If the code discovers it is running within Russia or Belarus, it attempts to replace the contents of every file on the user’s computer with a heart emoji.

A software library is a collection of code other programmers can use for their purposes. The library node-ipc is used by Vue.js, a framework that powers millions of websites for businesses such as Google, Facebook, and Netflix.

This critical security vulnerability is just one example of a growing trend of programmers self-sabotaging their own code for political purposes. When programmers protest through their code – a phenomenon known as “protestware” – it can have consequences for the people and businesses who rely on the code they create.

Different forms of protest

My colleague Raula Gaikovina Kula and I have identified three main types of protestware.

Malignant protestware is software that intentionally damages or takes control of a user’s device without their knowledge or consent.

Benign protestware is software created to raise awareness about a social or political issue, but does not damage or take control of a user’s device.

Developer sanctions are instances of programmers’ accounts being suspended by the internet hosting service that provides them with a space to store their code and collaborate with others.

Modern software systems are prone to vulnerabilities because they rely on third-party libraries. These libraries are made of code that performs particular functions, created by someone else. Using this code lets programmers add existing functions into their own software without having to “reinvent the wheel”.

The use of third-party libraries is common among programmers – it speeds up the development process and reduces costs. For example, libraries listed in the popular NPM registry, which contains more than 1 million libraries, rely on an average of five to six other libraries from the same ecosystem. It’s like a car manufacturer who uses parts from other manufacturers to complete their vehicles.

These libraries are typically maintained by one or a handful of volunteers and made available to other programmers for free under an open-source software license.

The success of a third-party library is based on its reputation among programmers. A library builds its reputation over time, as programmers gain trust in its capabilities and the responsiveness of its maintainers to reported defects and feature requests.

If third-party library weaknesses are exploited, it could give attackers access to a software system. For example, a critical security vulnerability was recently discovered in the popular Log4j library. This flaw could allow a remote attacker to access sensitive information that was logged by applications using Log4j – such as passwords or other sensitive data.

What if vulnerabilities are not created by an attacker looking for passwords, but by the programmer themselves with the intention to make users of their library aware of a political opinion? The emergence of protestware is giving rise to such questions, and responses are mixed.

Read more: What is Log4j? A cybersecurity expert explains the latest internet vulnerability, how bad it is and what's at stake

Ethical questions abound

A blog post on the Open Source Initiative site responds to the rise of protestware stating “protest is an important element of free speech that should be protected” but concludes with a warning:

“The downsides of vandalising open source projects far outweigh any possible benefit, and the blowback will ultimately damage the projects and contributors responsible.”

What is the main ethical question behind protestware? Is it ethical to make something worse in order to make a point? The answer to this question largely depends on the individual’s personal ethical beliefs.

Some people may see the impact of the software on its users and argue protestware is unethical if it’s designed to make life more difficult for them. Others may argue that if the software is designed to make a point or raise awareness about an issue, it may be seen as more ethically acceptable.

From a utilitarian perspective, one might argue that if a form of protestware is effective in bringing about a greater good (such as political change), then it can be morally justified.

From a technical standpoint, we are developing ways to automatically detect and counteract protestware. Protestware would be an unusual or surprising event in the change history of a third-party library. Mitigation is possible through redundancies – for example, code that is similar or identical to other code in the same or different libraries.

The rise of protestware is a symptom of a larger social problem. When people feel they are not being heard, they may resort to different measures to get their message across. In the case of programmers, they have the unique ability to protest through their code.

While protestware may be a new phenomenon, it is likely here to stay. We need to be aware of the ethical implications of this trend and take steps to ensure software development remains a stable and secure field.

We rely on software to run our businesses and our lives. But every time we use software, we’re putting our trust in the people who wrote it. The emergence of protestware threatens to destabilise this trust if we don’t take action.

Read more: What does the Optus data breach mean for you and how can you protect yourself? A step-by-step guide

Read more https://theconversation.com/protestware-is-on-the-rise-with-programmers-self-sabotaging-their-own-code-should-we-be-worried-190836

When to Escalate a Debt Recovery Matter to Legal Action

Knowing when to transition from informal debt collection efforts to formal legal proceedings is a decision that many creditors find difficult to navigate. Acting too early can damage commercial relationships, while waiting too long can reduce the likelihood of recovery... Read more

Why Slurry Hose Systems Are Essential for Handling Abrasive Industrial Materials

Transporting abrasive mixtures is a common challenge in industries such as mining, dredging, and construction. These mixtures, known as slurry, consist of solid particles suspended in water or other liquids. Moving slurry through pipelines requires specialised equipment that can withstand... Read more

Why Choosing the Right Dental Clinic Matters for Long Term Oral Health

Maintaining good oral health requires regular checkups, preventive care, and professional treatment when needed. Visiting a trusted Dental Clinic plays a vital role in keeping teeth and gums healthy while preventing more serious dental problems in the future. Many people only... Read more

Is Deep Plane Facelift Safe in Thailand?

When you ask whether a deep plane facelift is safe in Thailand, you’re really asking: “Can I get high-quality surgical care with strong safety standards and reliable follow-up while I’m traveling?” That’s a smart question. But the country name alone... Read more

Why Cloud Services Are Now Essential for Business Growth and Security

In today’s fast-moving digital environment, understanding how cloud services support long-term stability has become a priority for businesses across Australia. As expectations shift and workplaces adopt more flexible models, organisations are turning to cloud services to keep systems running smoothly... Read more

Steel Cutting Services: Precision That Shapes Modern Construction

In today’s construction, manufacturing, and fabrication environments, steel cutting services play a vital role in turning raw steel into practical, usable components. From large-scale infrastructure projects to bespoke architectural features, the accuracy and quality of steel cutting directly influence the... Read more