Nothing—No Cloud Nor Gold Can Stay

"Welcome to Telegram!" I said to the hacker, who was posing as a friend and who would, boot me out of my account a few days later. I lost many gigabytes of data, and went through a spectrum of emotions: regret, sadness, and at some point, anger that a stranger (or a group of them) forcibly accessed my private life.

I was surprised that Telegram, trusted for its security and known for being the go-to messaging application for social movements, could allow this to happen. If you breakdown how the phishing scam unfolds, it is on the surface (as far as I experienced) low-tech. The scammer, who is posing as your friend and someone on your contact list, acts confused and sends you a screenshot. They ask you about a feature, specifically a "secret chat" that has been made. At this point, they are already trying to hack into your account. They are trying to trick you to also send a screenshot so they can see your message list, and because of how Telegram works, if you don't have 2FA activated, while they are attempting to takeover, a security login code will be sent to your Telegram account and show up on the top of your message list. We often mirror the behaviour of the people we interact with, and because I actually thought it was a friend I was talking to, screen capture I did. It is unnerving that the security login code shows up in the first few lines of your screen. Telegram, please change this. This is clearly a security vulnerability.

Instead of allowing feelings—regret from the failure to protect myself (especially because I worked in data), grief from the loss of the data, annoyance, and powerlessness—to overwhelm me, I sat with it all and switched into action. I stayed awake the next few days to tell as many people as I could about what happened and that it would continue to happen. I felt like the boy who cried wolf, except I was the woman who cried phish and I wasn't lying. I didn't want this to happen to anyone else and I hoped that whatever awareness I raised, would help at least one person. I was so focused on getting the word out that I even made a video to try and warn people (using a cheerful song that had gone viral about being a fish), and spent $20 on TikTok so that it would get some visibility (it must be said because a friend pointed out the irony regarding my stance on data privacy that I'm not a fan of TikTok nor a regular user—but that's how badly I wanted to get the word out about this scam).

View this post on Instagram

A post shared by c@ c0rtes (@catc0r)

The first evening, I had some luck for a few minutes before the hacker caught me and ended my session. Thankfully, I was able to get in touch with the friend whose account was used to phish me. He encouraged me to reclaim mine because by then he had managed to do so. He also gave some pointers about what to do next, some of which I had also gleaned from a Reddit thread, one of the only sources that mentioned this exact scam.

The next time I managed to log-in long enough, I activated my 2FA, (which didn’t seem to help as they had the stronghold over my account at the time, having kept 4 different devices logged in for more than 24 hours, they had an upper hand). The third time, I stuck around longer and I was able to delete some things from my saved messages (which they noticeably moved from individual conversations). I asked friends to delete our chat histories to prevent them from "keeping" anything else. I also changed my profile picture to one that informed any observant folk that I had been hacked. I must credit my friend for this idea. Here's my original design:

I would spend any remaining time before I got booted off again, warning those on my contact list they had recently tried to phish. At some point, I deactivated automatic syncing with my contacts, but I was surprised to see it synced again the next time. I have no idea how the technological side of it works—and if someone has the patience to explain this to me, please send me a message—but this made me wonder if they had a back-up of my data somehow, which is extremely disturbing to think about. Then, maybe because they realised I was attempting to reclaim my account, or because they got what they needed and realised that I was sneaking in to save/remove my data, one day, they finally deleted all my saved messages. I was exhausted. I had barely slept. I was locked into the situation and hyper-vigilant, waking up intermittently throughout the week. There was nothing left to do, but delete my account and accept the loss.

This was not the first loss of data I’ve ever experienced. It's the first of its kind that has affected me this way. In December, I had begun to consciously delete my message history and by March, I had emptied an old inbox from hundreds of emails. However, this unplanned deletion of my digital life began with my portable hard drive in March. After my last trip, my computer could still read and access the files in it. I had even downloaded some footage from my travels to edit them and then suddenly, on the 31st of March—Kaput. Nothing. I lost digital copies of memories on what was supposed to be ‘World Back-up Day’ (a day started by an Ismail Jadun and not Am*z*n, interestingly enough.). I paid $100 for a data recovery software to try to salvage and restore what I could.

Data is as temporary as everything else. But it is only biological beings that we usually consider impermanent. The material world and everything in it (including these intangible things stored in the cloud) was never meant to be around forever. But, we have gotten used to this way of being, where most of us who have means, and at the very least, access to the Internet, can have and keep whatever our heart desires, for a seemingly indefinite time. We have learned to preserve everything. We have back-ups for our back-up. We save these digital things in a faraway somewhat abstract space, making it seem impossible to let go. We have become hoarders of not only objects, but soft copies as well. In reality, there's nothing soft about these copies and the cloud servers that contain them.

None of us want to be reminded that while nothing gold can stay, every cloud too, eventually disappears.

I have been working in data for the past three years so all this talk about it and digital safety—data management, security, privacy and openness—I feel an added responsibility to discuss all its aspects. Even more so, after the phishing incident. I've been watching many films at the Oldham Theatre thanks to the retrospective organised by the Asian Film Archive of Filipino filmmaker, Mike de Leon (and Mick who invited me to watch). This too has reminded me of the fragility of data. At the start of every screening a trailer warns “1 in 2 people lose their data each year”. I am one out of two.

I made "embodiment" my word of the year. When I finally caught a variant of the Coronavirus at the end of 2022, I noticed how I was left so weakened by it that I decided to change how I was treating my body. I wanted to feel more connected to it. To listen to it. To be strong in it. To be grateful for it. And I want this same attitude to match my digital presence. I want to take better care of the 'footprints' I leave behind, including those online. I choose to say goodbye to all my little digital darlings. To let go of memories and conversations that have run their course. Remember the video I had been trying so badly to delete on YouTube? This is cut from the same cloth. I want to be with what's here and what's real, right now.

This article via The Engine Room helped me strengthen my digital safety and regain my focus, since all this happened. I’ve even allocated time in my day to unsubscribe from mailing lists and have been deleting accounts I no longer use. I have learned that some sites require you to jump through hoops to request an account or any sort of data removal. One site, Audius, keeps their account deactivation page hidden. Not even Reddit could help. At the time of writing, I had to email someone who linked me to the page. Here it is in case you were looking up "how to delete my Audius account".

Humans are built to lose and even 'delete' parts of themselves. Cells die. We shed between 0.03-0.09g of skin per day. I face this loss of cells, of skin, and of these bits of data with greater awareness. I let go to make room for the real. Unlike what I dramatically wrote in the sub-header of my last blog, I have not yet outgrown the Internet. But, I take my time coming back to it, embodied, with more care, and with less to hold onto.

Enjoy this poem and playlist for the rest of the weekend! Be well and be safe.

The Summer Day‌‌
By Mary Oliver

Who made the world?
Who made the swan, and the black bear?
Who made the grasshopper?
This grasshopper, I mean-
the one who has flung herself out of the grass,
the one who is eating sugar out of my hand,
who is moving her jaws back and forth instead of up and down-
who is gazing around with her enormous and complicated eyes.
Now she lifts her pale forearms and thoroughly washes her face.
Now she snaps her wings open, and floats away.
I don’t know exactly what a prayer is.
I do know how to pay attention, how to fall down
into the grass, how to kneel down in the grass,
how to be idle and blessed, how to stroll through the fields,
which is what I have been doing all day.
Tell me, what else should I have done?
Doesn’t everything die at last, and too soon?
Tell me, what is it you plan to do
with your one wild and precious life?

‌