Centre for Internet & Society

Beware of online threats, as the distinction between friends and foes is false on the internet.


Nishant Shah's column was published in the Indian Express on June 16, 2013.


My parents and I were in Oslo, when after a long day in the city, we returned to an intriguing situation. My father, who is quite a digital migrant and uses the internet for daily exchanges, found an email from an uncle waiting in his inbox. The email begins with the uncle travelling to Madrid, Spain, to help an ailing cousin who needs a surgery and requested that my father help the writer, his cousin, with €2,500. The email ended with a note of urgency, "I will check my email every 30 minutes for your reply".

My father, who was by now rather agitated, asked my brother and me what could be done. People asking for money over email is the modern day equivalent of strangers bearing candy in a car. We were both immediately wary and when we saw the mail, we knew that it was a scam. Somebody had cracked into somebody's account and was now sending out emails to everybody in their contact list, hoping to make a quick buck. The only action we took was to inform the relative that his account seemed to have been compromised and that he needed to protect it.

This incident, in the context of disallowing children below 13 years on Facebook in India, got me thinking. How do we trust somebody, or something online? There is a presumption that digital natives instinctively know how to deal with dubious situations online. True, one seldom hears of a digital native falling for scams of Nigerian princes offering their inheritance or widows of bank managers in Saudi Arabia wanting to transfer millions to their bank accounts. But that might be because digital natives live more in gift and attention economies and have always been suspicious of anybody waving a wad of notes.

However, we do know that the young are often susceptible to other predators on the Web. While it might occasionally seem that the West's paranoia around paedophiles online, preying on young children as sexual victims might have reached the limits of logical absurdity, it remains indisputable that young adults haven't yet developed the codes to trust somebody online. We encounter countless stories of the young who endanger their futures by documenting their follies and foibles in the unforgiving and unforgetting space of the internet. Let us not forget the names of Adnan Patrawala and Koushambi Layek, who fell prey to strangers pretending to be friends and lovers on the social networking site Orkut.

I am not suggesting that the World Wide Web is any more dangerous than the brick and mortar world that we live in. Our flesh- and-bone bodies are under equal danger in our everyday lives. But over time, we have learned and have been taught how to decode conditions that might harm us. We have learned to distance ourselves from strangers with grins, and people who look hostile. The authorities have created visible signposts of danger all around us — from red traffic lights to surveillance cameras — that constantly remind us that safety is not the default mode of our existence but something that we need to incessantly create for ourselves.

The digital world has no such guidelines. The mammoth corporations, which now govern a large part of the cyberspace, individually try to create structures that would save us from falling victim to such attacks. So the filter on your Gmail account is an intelligent system that scans every byte of information that goes in and out of your inbox, learning both your behaviour patterns and your interaction modes, to filter out not only the obvious hoax emails but also things that you might deem as clutter. Smart browsers like Firefox identify IP addresses that are regularly abusive and warn us about installing any software that might originate there. On Facebook, certain pictures and posts with offensive content are censored even before they get into your data stream. The friendship algorithm, further ensures that you increasingly see content from your 'close friends' rather than strangers. In all these mechanisms, which use big data mining tools to recognise harmful patterns as well as encourage you to devise your own vouchsafes, there is an implicit understanding that the people we know will do us less harm. They are designed to keep out unwanted or potentially harmful people because it might lead to danger or conflict.

However, as we saw in the case of the email to my father, the distinctions between strangers and friends on the internet, is a forced one. When all digital avatars are a performance of a kind, it becomes easy for an imposter to take on that identity. The only credentials we have of somebody's authenticity are often their user accounts and email — data which can be stolen and manipulated effortlessly. And increasingly, we have learned that when it comes to the online world, the people who infect us with viruses, rob us of our money and crash our digital worlds are people who are our 'friends'.

While we shall learn through experience and through stories, there remains a need to develop a larger social discussion around trust online. This debate cannot be whether content needs to be censored online or whether certain groups should be allowed to get on to social network systems. Instead, it has to be a debate that realises the notions of friendship and trust, of networks and connections, are not merely extensions of the physical into the digital. On the infobahn, these are new modes of operation and being and it is not going to be easy to create a handbook of online safety. What we will need is an involved and inter-generational debate about the social, political and economic safety online and create signposts that remind us of the dangers of being online.

Nishant Shah's column was published in the Indian Express on June 16, 2013.


My parents and I were in Oslo, when after a long day in the city, we returned to an intriguing situation. My father, who is quite a digital migrant and uses the internet for daily exchanges, found an email from an uncle waiting in his inbox. The email begins with the uncle travelling to Madrid, Spain, to help an ailing cousin who needs a surgery and requested that my father help the writer, his cousin, with €2,500. The email ended with a note of urgency, "I will check my email every 30 minutes for your reply".

My father, who was by now rather agitated, asked my brother and me what could be done. People asking for money over email is the modern day equivalent of strangers bearing candy in a car. We were both immediately wary and when we saw the mail, we knew that it was a scam. Somebody had cracked into somebody's account and was now sending out emails to everybody in their contact list, hoping to make a quick buck. The only action we took was to inform the relative that his account seemed to have been compromised and that he needed to protect it.

This incident, in the context of disallowing children below 13 years on Facebook in India, got me thinking. How do we trust somebody, or something online? There is a presumption that digital natives instinctively know how to deal with dubious situations online. True, one seldom hears of a digital native falling for scams of Nigerian princes offering their inheritance or widows of bank managers in Saudi Arabia wanting to transfer millions to their bank accounts. But that might be because digital natives live more in gift and attention economies and have always been suspicious of anybody waving a wad of notes.

However, we do know that the young are often susceptible to other predators on the Web. While it might occasionally seem that the West's paranoia around paedophiles online, preying on young children as sexual victims might have reached the limits of logical absurdity, it remains indisputable that young adults haven't yet developed the codes to trust somebody online. We encounter countless stories of the young who endanger their futures by documenting their follies and foibles in the unforgiving and unforgetting space of the internet. Let us not forget the names of Adnan Patrawala and Koushambi Layek, who fell prey to strangers pretending to be friends and lovers on the social networking site Orkut.

I am not suggesting that the World Wide Web is any more dangerous than the brick and mortar world that we live in. Our flesh- and-bone bodies are under equal danger in our everyday lives. But over time, we have learned and have been taught how to decode conditions that might harm us. We have learned to distance ourselves from strangers with grins, and people who look hostile. The authorities have created visible signposts of danger all around us — from red traffic lights to surveillance cameras — that constantly remind us that safety is not the default mode of our existence but something that we need to incessantly create for ourselves.

The digital world has no such guidelines. The mammoth corporations, which now govern a large part of the cyberspace, individually try to create structures that would save us from falling victim to such attacks. So the filter on your Gmail account is an intelligent system that scans every byte of information that goes in and out of your inbox, learning both your behaviour patterns and your interaction modes, to filter out not only the obvious hoax emails but also things that you might deem as clutter. Smart browsers like Firefox identify IP addresses that are regularly abusive and warn us about installing any software that might originate there. On Facebook, certain pictures and posts with offensive content are censored even before they get into your data stream. The friendship algorithm, further ensures that you increasingly see content from your 'close friends' rather than strangers. In all these mechanisms, which use big data mining tools to recognise harmful patterns as well as encourage you to devise your own vouchsafes, there is an implicit understanding that the people we know will do us less harm. They are designed to keep out unwanted or potentially harmful people because it might lead to danger or conflict.

However, as we saw in the case of the email to my father, the distinctions between strangers and friends on the internet, is a forced one. When all digital avatars are a performance of a kind, it becomes easy for an imposter to take on that identity. The only credentials we have of somebody's authenticity are often their user accounts and email — data which can be stolen and manipulated effortlessly. And increasingly, we have learned that when it comes to the online world, the people who infect us with viruses, rob us of our money and crash our digital worlds are people who are our 'friends'.

While we shall learn through experience and through stories, there remains a need to develop a larger social discussion around trust online. This debate cannot be whether content needs to be censored online or whether certain groups should be allowed to get on to social network systems. Instead, it has to be a debate that realises the notions of friendship and trust, of networks and connections, are not merely extensions of the physical into the digital. On the infobahn, these are new modes of operation and being and it is not going to be easy to create a handbook of online safety. What we will need is an involved and inter-generational debate about the social, political and economic safety online and create signposts that remind us of the dangers of being online.

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.