I was talking a while back with some friends about how non-computer scientists might misinterpret domain-specific phrases when we talk about our work. For example, if a machine learning person says they’re “training a model,” they probably don’t mean this:
Here’s another computer science term that sounds like it could be something else. If someone taking an Artificial Intelligence class mentions “a star search” (a* search), you don’t need to worry that they’ve misplaced a giant ball of gas.
Is this related to security? Not really. But it does remind me of some semi-relevant security-adjacent-ish work.
Researchers from the University of Minnesota published a paper about how emojis can look very different and send very different messages on different platforms: “Blissfully happy” or “ready to fight”: Varying Interpretations of Emoji.
The grimacing/smiley face in the middle is one of my favorite examples. I once got a message on Tinder that said something like “Hello 😬.” I was very confused and never responded. I saw this paper a few weeks later and realized that if he was using an Android phone, he thought he was sending an overenthusiastic (but not creepy) smiley face.
But other differences – some of which don’t seem to have been considered in this paper – could be more alarming. For example, Apple recently changed their gun emoji to look like a toy pistol, whereas the others still look very realistic. So someone with an iPhone sending “let’s go :gun-emoji:” to someone with an Android phone might come across as threatening.
How is this security-adjacent-ish? Well, I figured out that my Tinder match was probably using Android, which might have surprised him. I’ve also been thinking about other ways in which systems/platforms/apps have functionality that seems similar but reveals subtly different information or works in subtly different ways that may lead to (mostly minor) privacy violations.
For example, if you hit thumbs up to “like” a Youtube video, the person who posted the video will not know that it was you who liked their content, whereas using thumbs up to “like” something on Facebook sends a notification and your name to the person who made the post.
Do you know how different systems handle it when you take your “like” away? Like that time you accidentally “liked” the photo of your crush from 3 years ago … oops! Does the notification disappear or do they get a second notification that the “like” was taken away or would they still have the notification and be able to deduce that you unliked the photo only with their impressive detective skills (e.g., looking at the list of who has liked it and observing that you’re not actually on the list)?
These are (sort of) important questions, right?