#made this cus i have a problem | Explore Tumblr Posts and Blogs

kithj · 7 months

Text

youtube

decent video covering the work of kitty horrorshow. for the most part he just goes through each game and relays the plot, but it is interesting to see them all laid out together, how they are similar and how her work has evolved and the common themes that she keeps revisiting in each one. his analysis mainly focuses on the Places that she explores in her games; the environments, the haunted houses, and how they are all "built wrong." he talks about haunting of hill house, house of leaves, myhouse.wad, vivarium, and a few other movies towards the end.

my own ramblings about some of the games under the cut :-)

one thing i've always projected onto haunted houses, and especially some of the hostile, haunted places prevalent in kitty horrorshow's work, is a trans narrative *everyone pretends to be shocked*

sagan does mention this briefly in the video, and he admits that it's not his personal interpretation that he plans to talk about (which is totally fine) but that is very obviously there, these themes of autonomy and transformation in these works all go hand in hand with gender identity, with the trans/nb experience.

so when people talk about a house being "built wrong" it always reminds me of the trans narrative of "born in the wrong body." i know this isn't necessarily a mindset a lot of people still agree with anymore now that our language around being trans has evolved, but i also know there are some people that do still feel this way regardless, and even if we don't completely consider ourselves "born in the wrong body" i think the majority of us do have a very... contentious relationship with our bodies.

i always see a house that is intent on haunting you as a body that is inhospitable.

we see people in kitty horrorshow's work that try and change the world around them, or failing that, that literally change themselves. in rain, house, eternity, the structure we've been traversing is someone who has broken free of her physical form and been reborn into something that she chose for herself, after her community forced her down a path that she did not want. sagan brings this up again at the end of his analysis, where he talks about the way the environment is molded by the player as well as the way the player is molded by the environment. he mentions the movie vivarium, and how people are forced into these littles boxes (ie the nuclear family, gender roles, preconceived stereotypes, etc), whether they want it or not, by their environment and the societal expectations that are a part of that.

but again, the environment can also be molded by the player; it is influenced by the characters within the narrative. the environment grows flesh and teeth and has a heartbeat and i like this idea that our environment is alive and is also flesh and blood that can be reflected back at us. it could be cathartic or horrifying depending on how you feel about your body, about your experiences, about how society perceives you. in the end we can become the structure, we can change ourselves and become our environment, undefinable and infinite, or we can be restricted by it, and forced into something we don't want-- made inhospitable.

there is both a lack of agency in the house being built, but a reclamation in the haunting as someone or something transitions and fills the empty rooms with a new form. stone to flesh or flesh to stone as it is in rain, house, eternity, or drywall to glitches and blood like in anatomy. inhospitable but at least it's mine.

in 000000FF0000, the game itself doesn't even want to be found. it's a living thing that's hidden itself away and is in great pain. it's restricted by its own code, it longs for the seasons and the sea but it can only think about the cages it's been locked in. the only agency it finds is in shutting itself down after the player reaches a certain point. we are forced to be perceived by others, by society, even when we are in pain, even when we aren't really ourselves, due to how we look, how we were born, or whatever other cages society has put us in. the lack of autonomy, the lack of control in our own creation... this game is actually one of the ones that have stuck with me the most, i think it's extremely well executed and impactful and is possibly her second best behind anatomy.

and then there's circadia-- the girl returning to her childhood home, seeing her childhood and memories and her body reflected back at her in this house. wanting to hurt it, feeling trapped by it and how she used to be. the people there that don't really see her as she is now, the trauma literally in the walls. she laments her apartment, missing it "like a lover" because that's the place she carved out for herself versus this house she was forced into, this house that's always there and always waiting for her to come back even though she clearly never wants to come back.

when you're trans, there are always people trying to get you to "come back," to be like you used to be. looking back at yourself, childhood photos and old memories of when people treated you differently. your body a new space now but there are still the bones of that old house you left behind. the world trying to force you back into the house even if it doesn't fit anymore, even if it's painful, even if all you can do is haunt it.... the code in 000000FF0000 confining the game to exist in one way even though it hurts them, no other option but to bury themselves deep in various folders within your computer and hoping to never be found. hiding from the world because there are people that insist these things are hardcoded into your biology, that predetermine how you have to live and there is no other way for you to live. and if you go against that code it breaks the game for them... does that make sense?

and in rain, house, eternity, she demolishes the house and turns herself into stone, she finds autonomy despite what the game wants and what the world wants. indefinable and infinite because there is no binary and the walls of this house are your house to destroy and rebuild as many times as you want in any way that you want.

i definitely recommend kitty horrorshow's work if you've never played any of her games before. she's most well known for anatomy, which i didn't really touch on because it's so popular (for good reason) she does have a few twine games, hornets and wolfgirls in love, and then circadia is just a 5 page flash-fiction. and of course i also super recommend rain, house, eternity, and 000000FF0000. i already linked her itch page up there but here it is again! check her out.

#fellow kitty h. o7 #wow sorry i got annoying under the cut lmfao #stopped abt halfway cus anatomy is pretty well covered at this point and with the haunted cities collections #i'd like to play more of them myself #anyways im sure someone has made this analysis before but its not something ive seen myself #idk the idea of a house being alive and trapped and unable to change and haunting its occupants....#it feels. familiar. sometimes i feel like im haunting myself #this problem i have where my body is not me #maybe houses feel like that too. you know?#lmfao <- throwing that in to make this less serious teehee #video #dare i put this in the IF tag? sure why not #interactive fiction #games

13 notes · View notes

anothermouse · 1 year

Text

I find it weird how ppl will say for reasons that systems are fake is that multiple alters talk similar or have similar interests. Have u ever met siblings. They talk similar and have similar interests because they've spent years together ya dork, as systems start to get along more they're gonna start sharing more interests and speech patterns just like you with people you spend a lot of time with lol. Also they all share a life, they have to be able to act like each other to get by and seem "normal."

#this isnt directed ive just noticed that me and willow steal each others interests a lot and its making me think abt all the ppl ive seen #using that reasoning in fake claiming. me and her dont really talk similar but i can imagine that happening with systems who #talk to each other or mask as each other more.#idk. its to our best interest to share skills and interests. if only one person likes/knows writing then we have a problem when we need to #write and they're not present. if only one person likes/knows guitar we're in big trouble in guitar class if they're not present.#and we NEED to get along to operate so its good for us to have things to bond over! we used to argue a lot and it was fucking annoying and #made life hard. i couldnt take care of the body and willow was depressed and it made the brain miserable and it sucked #so the more we can get along the better and i think having things in common is good for that!#like i said we dont really talk the same and for us that works just fine but for some systems that could create communication barriers.#idk. i just think ppl should think a little more about why alters might become similar over time. me and my cohost r literally like family #system #osdd #did #multiple #plural #edit: actually maybe i do pick up speech from her. she says 'my friend' a lot and sometimes im tempted to say it cus its nice #but i feel like it sounds weirder coming from me 😅#OH AND LOVELY. she uses the word lovely so much ive just picked it up. its such a good adjective #idk why usually you expect the host to be the one whos language people copy but i feel like i pick up things from willow more than she does #from me.

22 notes · View notes

peapod20001 · 7 months

Text

You know you’ve known someone a long time when u can remember the major changes to their oc

#random post #anyways hii Rox I remember when Eddie was a small little guy and Rae was Red Yellow and Blue #and when Jack has a longer face and no defined lipstick and was exclusively he/him #also do u remember when we fisher started talking and you were worried about not being as knowledgeable of the things I’ve made as the ppl #who knew me longer at that point? anyways did you know that you’re now more knowledgeable than everyone (cus I share more with you)#anyways helloooo I love youuuu you make my world brighter and I hope we get to meet one day #so I can hold you tight ina secure way and not in a way that would distress you by being too tight #which shouldn’t be a problem because I have no upper body strength and my arms are the size of a 9 year old

2 notes · View notes

dany36 · 2 years

Text

i'm not kidding when i say this was my reaction when i first saw maskless melia:

like...i knew there was lore dump coming when the real nia was revealed (in which YES I ALSO LOST MY MIND WHEN SHE FIRST SPOKE ALKSDJFLASKJDFLDS MY GIRL NIA IS ALIVE AND BAAAAAACK!!! LASKDJFLASKJDFLAKJSDFLKJAS), but I was NOT expecting them to show melia right at the start of chapter 7!!!! LIKE HELLO?!?!?!?! I was *literally* speechless and could not concentrate on what was being said cus I was like "oH FUCK I'M WITNESSING THE MOMENT I'VE BEEN WAITING FOR SINCE I FIRST HEARD OF THIS GAME AND KNEW MELIA WAS GONNA BE IN IT" and it wasn't until my second time watching the cutscene that i realized THE ERYTH SEA THEME (aka the theme that made me CRY when i first heard it again in futures connected!!!) WAS PLAYING IN THE BACKGROUND!!! LAKDJFLAKSJDFLKAJDLKFJ

i'm sorry for screaming but i'm love melia's character so damn much and i'm glad that she isn't evil or anything of the sort. can't wait to see what happens next!!!!!!!

#xenoblade #xc3 #xenoblade chronicles 3 #xenoblade chronicles 3 spoilers #xc3 spoilers #THANK YOU JENNA COLEMAN FOR THIS FOOD.....#i may have a lot of problems with xc3 but DAMMIT they got me good with melia and nia #what a Ch 7 Nia redemption from the mess that was XC2 Ch 7 Nia #monolith you are forgiven for SOME OF YOUR CRIMES...FOR NOW 🔫#also kayfaraway if you ever see this i hate that post you made of melia photoshopped with ethel's (i think?) face on it cus #dammit that was the first thing that came to mind upon seeing maskless melia lakdsjflaskjdflkajsdf 🗿#junk #forgive me as i go feral for melia/nia aka world creating WIFE QUEENS #ALSO can't wait to finish this game i'm going to make so much xenoblade art that i'm gonna drown in it!!!#drown in it!!!!!!#tag rant

18 notes · View notes

mandorinart · 11 months

Text

sonic IDW 61 spoilers in the tags

#gotta agree with the general opinion ive been seeing that this past arc was quite disappointing #there were too many ideas being tossed around that couldnt fit into the pacing #the premise could have easily been as dire as say the stakes in frontiers for example #but the dire problems that arose were solved with 1-2 panels and made it seem like “oh jk we're good now”#ie. sonic got trapped in that warp trap but was freed like literally a page later i think #ive seen others point out the discontinuity of shadow using chaos control after getting overworked by the fake gems #he really pulled the I AM THE ULTIMATE PROTAGONIST buff to make it work huh #i think this arc should have been as long as the metal virus arc to really capture everything they wanted to do with it #instead we got unfinished/half-baked character “growth” from everyone #i wonder if they originally planned much more for this arc but had to cut it for some reason #it feels choppy in the way that the ending of frontiers was choppy like things were obviously removed last-minute #ranting in tags bc my thoughts are not organized enough to write a proper post lol #im glad this arc is over tho cus tbh i think IDW comics should focus on plotlines that dont “feel” like they belong in the mainline games #this arc was ambitious and suffered bc of lack of audience interaction which could be filled in by gameplay #the comics get their audience interaction from exploring character strengths and weaknesses #anyway yeah. glad this arc is over. looking forward to the new arcs #mandokusai

2 notes · View notes

nerdie-faerie · 11 months

Text

My entire uni process since I applied three years ago has just been accompanied by a series of my parents getting pissed at me about information they made up, like how are you mad at me about stories you created

#Uni shenanigans #+Extra #personal #ace is a grumpy bean #im sorry theyve really set me off i cant even deal with my own sht without them making up a problem to be mad at me about even when im not #there like fck i already moved to the other side of the country which sure its not far but was the best i could do without a passport #im kinda dealing with all my childhood trauma right now its kinda bringing it all back for some reason #but its been like this the whole time they convince themselves they know things and then get mad about them when thats not even the case #and its not like they fcking listen to me anyway when im the one actually experiencing it and its not like i dont lie to them #i absolutely do but those arent the things they get mad about which makes it extra bizarre #like asking my dad to be my guarantor for my flat last year and i explained that it was the same as first year but instead of being #assigned random flatmates i would be with my friends and he was like 'oh you want me to be your friends guarantor and pay their rent?#im not doing it' and i was like ?? no you theyre parents have already agreed to be their guarantors were all paying separate rents for #separate rooms its the same as last year but i dont get assigned a random flatmate and you didnt pay my rent last year what #and then he started claiming he wasnt my guarantor last year but you cant rent without a guarantor as a student? and i certainly didnt #have a rental history before first year so obviously i needed one what are you on and he just kept getting pissed that i was tryna force #him to pay my friends rent its just been that kinda sht over and over for 3 years with a side of threatening my autonomy when im home #im just so tired and fcking frustrated and i just wanna lose my sht at him about it cus its not like we talk we dont have a relationship #and yet hes still finding things to have a problem with me about when i got enough to deal with as is like youre not getting money from me #right now do you want me to starve? i got grocery and laundry money and tuition thats it there aint no spare money you shouldnt have made #poor financial decisions so you could bully money out of me assuming id be home for the summer only for it to backfire cus #now you owe sht and moneys tight and i aint coming back

3 notes · View notes

archersartcorner · 2 years

Text

Been a while since I’ve done watercolor… so here’s some Val doodles! Plus a Volo cus I think big tall man would give good hugs HH

IDs under cut!

The first shows Valerio, who has brown skin; wavy black hair, pulled back to show a widow’s peak; a triangular-shaped, pointed face; a thin, hooked nose; and large, dark eyes. He has two facial scars, one across his right eyebrow, and one along his left jawline, as well as patchy stubble around his lower face. He’s thin framed and wearing the indigo festival kimono from PL:A, adorned with random white insignia, mirroring the symbol of the Survey Corps. Valerio is looking off angrily at someone/thing, his anger contrasted by the tears running down his face. There’s no text added to the piece, so it’s unknown what he’s saying. The background is a deep red, reminiscent of the red sky during the climax of PL:A.

The second image is done only in various shades of the same blue watercolor. It contains Valerio and Volo. Volo is a broad, tall man, with dark skin; long, dark hair, tied back in a bun, that lightens at the ends; a square-shaped face; a wide nose; and thick lips. He’s wearing the Ginkgo Guild uniform, mostly obscured by Valerio, but the puffs around the neckline and end of the sleeves are noticeable. Volo is holding Valerio in an embrace, as Valerio wraps an arm around him, his other hand holding one of Volo’s. Valerio is blushing, almost buried by Volo’s much larger proportions. The artist really enjoys drawing little guys with big guys. END ID.]

#my art #described #volo #pokeverse valerio #the first image I forgot to write what Val’s saying… but he’s saying smth along the lines of like.#‘I’m tired of fixing all of y’all’s goddamn problems!! y’all want this sky fixed?? DO IT YOURSELF!!’#and then valerio fucks off into the woods for two weeks HWVDJSVSJ #I know pla’s a kids game I know I know. but I do wish there were more choices that could be made #obvs not like a Bethesda game where ur options are. murder HWVDHSHSH but like. an option to NOT rejoin the galaxy team would’ve been nice #cus like. oh boy I still hate that the protag just rejoins like nothing wrong happened. I wish there was more of a ‘fuck you’ I could give #for Val he fucks off into the woods for two weeks. finally goes to deal with the rift since everyone else is apparently incapable.#then yea the comic I posted a bit ago. the day after everything’s settled val just quits. ‘nah not doing this anymore’#‘technically I don’t need the Pokédex to seek out all pokemon. and if that’s what Arceus wanted he should’ve specified!!’#anyway I’ve been having fun with watercolors again 🥺

7 notes · View notes

ravenlost2187 · 2 years

Text

Does anyone else find it kind of problematic when fanfics aren’t like….properly tagged to a degree where you can still be surprised but aren’t so thrown into whiplash by the suddenness?

I just came across a fic where it had pretty big changes from the original text and it wasn’t tagged for that at all and I just got more and more sour about the story and just started skimming. Which is like…disappointing cus it was an amazing story idea but the lack of tags, going in and expecting the characters to be one way and find out they’re not really threw me and I was just unable to enjoy the fic…does anyone else feel that?

#it just sucks cus it was a cool idea #and then it changed an ethnicity but centered a lot of story points around that #and like that’s absolutely not a problem #I don’t read those fics often but I absolutely don’t mind it #but it just made the fic not enjoyable bc it wasn’t tagged for that #and suddenly I was having to compensate in my head like…why is this character called this when…? oh she’s like this now #and it just threw me off so bad that I really wasn’t able to enjoy the fic #and it good points!!!#it had good story telling #great relationship building #but I just suddenly couldn’t read it bc it threw so much in there and none of it was tagged #idk man #I love ao3 bc of its tagging system #and it just makes me real mad and uncomfy when ppl done use it correctly #ao3 stuff #not starker #discourse things #don’t pay attention to me #raven lost post

6 notes · View notes

bittersweet-mojo · 2 years

Text

finished sandman. that sure was a bunch of different stories one after another. kinda makes you wonder if it would have been better suited being a comi-

#about me #mister gaiman dont @ me #anyway yeah my main problems are like entirely structural. its Too faithful to the originals comics #you cant really turn a different medium into another and have it still work theres gotta be edits #this show was so disconnected i knew immediately every time we'd started a new comic #huge momentum problems the individual stories worked fine but they kinda just didnt connect #in the way that tv shows do at least #they had reocurring characters sure but like. the story didnt continue #it was just different shit happens and then dream shows up #i think the reason people liked the corinthian the most is he was the most consistent throughline #he actually managed to stay relevant between the episodes #kinda felt like the only real antagonist everyone else was just gone within the episode #finishing with calliope tho i dont understand. like genuinely man this needed some sort of reason why we were jumping around #cus as is it just feels like a badly written drama #if you gave it some nerrative framing and made the jumping around intentional i think it could work #but dont pretend like theyre interconnected cus theyre not #starting in the fishbowl is also terrible cus it makes us think thats the overarching plot and then its done halfway through and your like #oh

4 notes · View notes

jrueships · 2 years

Note

I'm so glad you liked the lowry gifset!! I thought it was so bad you decided not to post it lol

OMG NO!!!! I WOULD NEVER DO THAT LMFAO T R US T ME! a guy who doesn't even know how to gif deebo BREATHING will NEVER upturn his nose on another's gifset!!! I think all gifs are cool tbh but STILL anything a MOOT makes/sends to me is PRISTINE in MY eyes!!!! don't worry, i and the rest of the tumblrinas appreciated the BEAUTY of THE BOOTY of those gifs! devious content aside 😈😈 i thought they were all great quality and GREAT choices !

#this is just gen message to all the anons n moots who sent me asks i have yet to reply to... im so sorry 😭😭#i want yall to know tho it's NOT cus i thought it was a bad ask or submission !! im just a HUGE overthinker #so i HAVE to think of the BEST way to answer the ask n not make the asker think i just answered it carelessly or whatever !#im the same way with texting.. i am an AWFUL texter #i hate being left on read but i always leave OTHERS left on read it's crazy cus i can understand the feeling #yet continue it onto others #BCS LIKE! i feel like it's my JOB to reply to EVERY SINGLE INDICATION texted best i can #n if i dont then i DIE!#so like if someone sends me a long ask (which i LOVE) or a video.. i gotta think of the best way to RESPOND??#to really VALUE it and make the answer worth the time the ask was sent with! gotta point out every second n everything that made me THINK #in words that make SENSE and are quality responses??? ig????#so YEA WHAT I MEAN IS.. i get the feelin but i am mental 😭#but if ANY of you send me an ask and i havent gotten to it yet so u unsend the ask... i willl Find you.#BCS TRUST ME I AM STILL THINKING OF THE OLD ASKS SENT TO ME THAT I HAVENT ANSWERED YET...#thinking of how to respond best to individual stuff n stuff!#this is just a SO U KNOW so yall know! im just a huge overthinker who sees a simple math problem n takes eons trying to figure it out LMAO #I HOPE THIS MAKES SENSE N IT'S JUST A LIL EXPLANATION 2 LET EVERYONE KNOW THEY ARE VALUED #n appreciated <33!!!#ted asks #THANK U AGAIN FOR UR SERVICE WITH THE GIF IT WAS WONDERFUL !!!!

2 notes · View notes

a-sleepy-ginger · 2 months

Text

21/2/24

❆❅❆❅❆

Banana Mango porridge with dried apricots

Real thick ender toast

Have good vision so don't need glasses

Imagined ocs

Walked alot

Was just in a good mood so had fun

#happiness diary #happiness diary: february #today was a kinda weird day #my computer seems fine #so do my eyes but i have trouble with them sometimes?#like they dont focus as fast as they normally do and its noticeably slow #but my eyes are apparently good so it must be my brain that has the problem #which ye probably #also my blood keeps pooling in my feet when i stand so theyre really warm #but on another day i could stand and walk as much as i did today and theyd be kinda blue with numb toes #i dont get it #dr google says ive got varicose veins which is not right rhose would be pretty noticeable #so who knows #also my tummy hurts :(#made too much porridge for breakfast and the thick bread for lunch going into a really slow digestive system equals ow #feels like my body is having a moment again>:(#but im still in a good mood so its fine :)#good to document in case i need to refer back to it cus i forget alot #anyway gonna sleep #night

0 notes

mostlysignssomeportents · 3 months

Text

How I got scammed

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/02/05/cyber-dunning-kruger/#swiss-cheese-security

I wuz robbed.

More specifically, I was tricked by a phone-phisher pretending to be from my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And then he tried to do it again, a week later!

Here's what happened. Over the Christmas holiday, I traveled to New Orleans. The day we landed, I hit a Chase ATM in the French Quarter for some cash, but the machine declined the transaction. Later in the day, we passed a little credit-union's ATM and I used that one instead (I bank with a one-branch credit union and generally there's no fee to use another CU's ATM).

A couple days later, I got a call from my credit union. It was a weekend, during the holiday, and the guy who called was obviously working for my little CU's after-hours fraud contractor. I'd dealt with these folks before – they service a ton of little credit unions, and generally the call quality isn't great and the staff will often make mistakes like mispronouncing my credit union's name.

That's what happened here – the guy was on a terrible VOIP line and I had to ask him to readjust his mic before I could even understand him. He mispronounced my bank's name and then asked if I'd attempted to spend $1,000 at an Apple Store in NYC that day. No, I said, and groaned inwardly. What a pain in the ass. Obviously, I'd had my ATM card skimmed – either at the Chase ATM (maybe that was why the transaction failed), or at the other credit union's ATM (it had been a very cheap looking system).

I told the guy to block my card and we started going through the tedious business of running through recent transactions, verifying my identity, and so on. It dragged on and on. These were my last hours in New Orleans, and I'd left my family at home and gone out to see some of the pre-Mardi Gras krewe celebrations and get a muffalata, and I could tell that I was going to run out of time before I finished talking to this guy.

"Look," I said, "you've got all my details, you've frozen the card. I gotta go home and meet my family and head to the airport. I'll call you back on the after-hours number once I'm through security, all right?"

He was frustrated, but that was his problem. I hung up, got my sandwich, went to the airport, and we checked in. It was total chaos: an Alaska Air 737 Max had just lost its door-plug in mid-air and every Max in every airline's fleet had been grounded, so the check in was crammed with people trying to rebook. We got through to the gate and I sat down to call the CU's after-hours line. The person on the other end told me that she could only handle lost and stolen cards, not fraud, and given that I'd already frozen the card, I should just drop by the branch on Monday to get a new card.

We flew home, and later the next day, I logged into my account and made a list of all the fraudulent transactions and printed them out, and on Monday morning, I drove to the bank to deal with all the paperwork. The folks at the CU were even more pissed than I was. The fraud that run up to more than $8,000, and if Visa refused to take it out of the merchants where the card had been used, my little credit union would have to eat the loss.

I agreed and commiserated. I also pointed out that their outsource, after-hours fraud center bore some blame here: I'd canceled the card on Saturday but most of the fraud had taken place on Sunday. Something had gone wrong.

One cool thing about banking at a tiny credit-union is that you end up talking to people who have actual authority, responsibility and agency. It turned out the the woman who was processing my fraud paperwork was a VP, and she decided to look into it. A few minutes later she came back and told me that the fraud center had no record of having called me on Saturday.

"That was the fraudster," she said.

Oh, shit. I frantically rewound my conversation, trying to figure out if this could possibly be true. I hadn't given him anything apart from some very anodyne info, like what city I live in (which is in my Wikipedia entry), my date of birth (ditto), and the last four digits of my card.

Wait a sec.

He hadn't asked for the last four digits. He'd asked for the last seven digits. At the time, I'd found that very frustrating, but now – "The first nine digits are the same for every card you issue, right?" I asked the VP.

I'd given him my entire card number.

Goddammit.

The thing is, I know a lot about fraud. I'm writing an entire series of novels about this kind of scam:

https://us.macmillan.com/books/9781250865878/thebezzle

And most summers, I go to Defcon, and I always go to the "social engineering" competitions where an audience listens as a hacker in a soundproof booth cold-calls merchants (with the owner's permission) and tries to con whoever answers the phone into giving up important information.

But I'd been conned.

Now look, I knew I could be conned. I'd been conned before, 13 years ago, by a Twitter worm that successfully phished out of my password via DM:

https://locusmag.com/2010/05/cory-doctorow-persistence-pays-parasites/

That scam had required a miracle of timing. It started the day before, when I'd reset my phone to factory defaults and reinstalled all my apps. That same day, I'd published two big online features that a lot of people were talking about. The next morning, we were late getting out of the house, so by the time my wife and I dropped the kid at daycare and went to the coffee shop, it had a long line. Rather than wait in line with me, my wife sat down to read a newspaper, and so I pulled out my phone and found a Twitter DM from a friend asking "is this you?" with a URL.

Assuming this was something to do with those articles I'd published the day before, I clicked the link and got prompted for my Twitter login again. This had been happening all day because I'd done that mobile reinstall the day before and all my stored passwords had been wiped. I entered it but the page timed out. By that time, the coffees were ready. We sat and chatted for a bit, then went our own ways.

I was on my way to the office when I checked my phone again. I had a whole string of DMs from other friends. Each one read "is this you?" and had a URL.

Oh, shit, I'd been phished.

If I hadn't reinstalled my mobile OS the day before. If I hadn't published a pair of big articles the day before. If we hadn't been late getting out the door. If we had been a little more late getting out the door (so that I'd have seen the multiple DMs, which would have tipped me off).

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if.

The next Friday night, at 5:30PM, the fraudster called me back, pretending to be the bank's after-hours center. He told me my card had been compromised again. But: I hadn't removed my card from my wallet since I'd had it replaced. Also, it was half an hour after the bank closed for the long weekend, a very fraud-friendly time. And when I told him I'd call him back and asked for the after-hours fraud number, he got very threatening and warned me that because I'd now been notified about the fraud that any losses the bank suffered after I hung up the phone without completing the fraud protocol would be billed to me. I hung up on him. He called me back immediately. I hung up on him again and put my phone into do-not-disturb.

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

The risk management person and I talked about how the credit union could mitigate this attack: for example, by better-training the after-hours card-loss staff to be on the alert for calls from people who had been contacted about supposed card fraud. We also went through the confusing phone-menu that had funneled me to the wrong department when I called in, and worked through alternate wording for the menu system that would be clearer (this is the best part about banking with a small CU – you can talk directly to the responsible person and have a productive discussion!). I even convinced her to buy a ticket to next summer's Defcon to attend the social engineering competitions.

There's a leak somewhere in the CU systems' supply chain. Maybe it's Zelle, or the small number of corresponding banks that CUs rely on for SWIFT transaction forwarding. Maybe it's even those after-hours fraud/card-loss centers. But all across the USA, CU customers are getting calls with spoofed caller IDs from fraudsters who know their registered phone numbers and where they bank.

I've been mulling this over for most of a month now, and one thing has really been eating at me: the way that AI is going to make this kind of problem much worse.

Not because AI is going to commit fraud, though.

One of the truest things I know about AI is: "we're nowhere near a place where bots can steal your job, we're certainly at the point where your boss can be suckered into firing you and replacing you with a bot that fails at doing your job":

https://pluralistic.net/2024/01/15/passive-income-brainworms/#four-hour-work-week

I trusted this fraudster specifically because I knew that the outsource, out-of-hours contractors my bank uses have crummy headsets, don't know how to pronounce my bank's name, and have long-ass, tedious, and pointless standardized questionnaires they run through when taking fraud reports. All of this created cover for the fraudster, whose plausibility was enhanced by the rough edges in his pitch - they didn't raise red flags.

As this kind of fraud reporting and fraud contacting is increasingly outsourced to AI, bank customers will be conditioned to dealing with semi-automated systems that make stupid mistakes, force you to repeat yourself, ask you questions they should already know the answers to, and so on. In other words, AI will groom bank customers to be phishing victims.

This is a mistake the finance sector keeps making. 15 years ago, Ben Laurie excoriated the UK banks for their "Verified By Visa" system, which validated credit card transactions by taking users to a third party site and requiring them to re-enter parts of their password there:

https://web.archive.org/web/20090331094020/http://www.links.org/?p=591

This is exactly how a phishing attack works. As Laurie pointed out, this was the banks training their customers to be phished.

I came close to getting phished again today, as it happens. I got back from Berlin on Friday and my suitcase was damaged in transit. I've been dealing with the airline, which means I've really been dealing with their third-party, outsource luggage-damage service. They have a terrible website, their emails are incoherent, and they officiously demand the same information over and over again.

This morning, I got a scam email asking me for more information to complete my damaged luggage claim. It was a terrible email, from a noreply@ email address, and it was vague, officious, and dishearteningly bureaucratic. For just a moment, my finger hovered over the phishing link, and then I looked a little closer.

On any other day, it wouldn't have had a chance. Today – right after I had my luggage wrecked, while I'm still jetlagged, and after days of dealing with my airline's terrible outsource partner – it almost worked.

So much fraud is a Swiss-cheese attack, and while companies can't close all the holes, they can stop creating new ones.

Meanwhile, I'll continue to post about it whenever I get scammed. I find the inner workings of scams to be fascinating, and it's also important to remind people that everyone is vulnerable sometimes, and scammers are willing to try endless variations until an attack lands at just the right place, at just the right time, in just the right way. If you think you can't get scammed, that makes you especially vulnerable:

https://pluralistic.net/2023/02/24/passive-income/#swiss-cheese-security

Image: Cryteria (modified) https://commons.wikimedia.org/wiki/File:HAL9000.svg

CC BY 3.0 https://creativecommons.org/licenses/by/3.0/deed.en

#pluralistic #social engineering #phishing #ai #swiss cheese security #infosec #finance #fraud #carding

10K notes · View notes