Deeplinks
The horrific Russian military invasion of Ukraine has understandably led to a backlash against Russia. The temptation is to label anything Russian, from state media and students to cats, as bad and block it to signal outrage and ostracization. This type of thinking has infected the open source and internet security communities as well—a terrible idea with potentially harmful consequences.
Recently the maintainer of a popular open source Node JS package “node-ipc” released a new plugin called “peacenotwar.” A Node JS package is publicly-available JavaScript code used by developers to add functionality to applications. According to the maintainer, this plugin would display a message of peace on users’ desktops, serving “as a non-violent protest against Russia’s aggression.” Some versions of the node-ipc package, a networking tool that has been downloaded millions of times, will automatically run this protest-ware. Then a post on Github claimed that some versions of the node-ipc package were deleting and overwriting all files with the heart emoji if the package was installed on a computer with a Russian or Belarusian IP address.
If the accusations are true, this is a terrible idea which could result in all sorts of horrible and unintended outcomes. What if a Russian human rights or anti-war organization, or a Russian hospital, was using this particular software package? This action—although conceived of as a simple nonviolent protest by the package creator—could result in the loss of important footage of protests or war crimes, loss of medical records, or even the deaths of innocent people.
The trend of half-baked hacktivism involving everyday internet users is now growing into Anti-War Hacktivism is Leading to Digital Xenophobia and a More Hostile Internet