Author Archive

More Antivirus is Not Always Better!

Elizabeth Technology August 9, 2022

Built-In Antivirus

Microsoft Windows has come with it’s own antivirus for quite some time. Windows 10 and 11, for example, came with Windows Defender built in and on automatically unless another antivirus was installed, at which point it would automatically switch off. Windows Defender by itself is plenty of defense for the kind of run-of-the-mill threats you’d run across browsing unsecured websites or trying to download games from websites other than big, trusted ones like Steam (given you’re listening to it when it suggests you double-check the source and double-check that you meant to download a .exe file) but some people would rather have this protection from a paid-for antivirus like Kaspersky or McAfee. The fact that those programs cost money doesn’t necessarily mean they’re better, but it can be a peace of mind thing – complaining about something that cost money means that some penalty can be extracted if the user isn’t satisfied, even a penalty as small as a partial refund.

This Computer’s Not Big Enough for the Two of Us

Windows Antivirus is unique for automatically stepping down when another program steps up. Many others don’t!

Antiviruses do not get better the more that you have. They interact in ways that step on each other’s toes and lead to false alarms. As an example: say a computer has both Norton antivirus and McAfee antivirus installed. McAfee will try to scan the computer for new threats upon startup, but will be interrupted by Norton, who interprets the file-checking as potentially hazardous behavior. Norton isn’t wrong, because ransomware will often sweep through files in some way or another, but it doesn’t recognize McAfee, and almost no other program has a reason to do that anti-viral scanning. Thus, Norton then tries to report McAfee to you! Some antiviruses have safety rails that literally will not let you whitelist (whitelisting refers to telling a program that a file or action is okay, or ‘whitelisted’) certain executable programs, so you get stuck in this horrid, unbreakable loop of antivirus fingerpointing every time you boot up your computer.

These interactions actually make your computer less safe – if both antiviruses have deadlocked themselves out of scanning because the other one says it’s a virus, your computer is not being scanned. That’s bad! Scanning is not completely foolproof, and a regular residential antivirus won’t necessarily be able to catch or handle something industrial grade, but it catches plenty of small things like trojans before they become serious problems that can cripple your computer.

Your computer is much better off with just one brand of antivirus on it at a time. Instead of more, buy better. And if you’re unsatisfied with one brand’s performance, completely uninstall it before you install the program you replace it with. Not only does that prevent them from interacting in a negative way, it also prevents the previous program from hassling you to renew it with pop-ups (McAfee is infamous for this). Either way, it’s going to save you some annoyances!

And in Other Realms

The antivirus problem is a pretty unique one because most programs don’t interact with every file on your computer in the way that they do. Two art programs are not going to start fighting over which one you should use, for instance. However, some other cases can be pretty similar. Like VPNs! Having more VPNs is going to slow down your computer without much additional benefit. The way a VPN works is that it takes your request, encrypts it, sends it to a server, unencrypts it, completes the request, encrypts it again, and then sends it back to you. This keeps your ISP from seeing this request, but it doesn’t necessarily anonymize the data – after all, the VPN’s server has to unencrypt the data to actually complete the request, so the VPN knows what the data is, and it knows where the request is coming from in the first place. The VPN has the same visibility the ISP initially had. Adding more VPNs to your computer will not solve this problem, it will just move it down the chain, and add extra time to each request you make in the meantime as it bounces around VPN servers.

If you only need to protect your data from the coffee shop’s open Wifi or want to watch Netflix Canada, the kind of VPNs you see advertised on Youtube will be able to do the job – the data won’t be strictly, unsubpoenably anonymous, but it will be encrypted and rerouted well enough to make those two things happen. If you’re trying to search for things that nobody can know about, you’d be better off downloading TOR (which stands for The Onion Router), a popular VPN with an excellent reputation for encryption and security. Using TOR to do illegal things is illegal, of course, but the act of downloading it and using it by itself is not.

It is Sort Of Weird to be Watching Interrogation Footage Recreationally

Elizabeth Technology August 4, 2022

But Why?

It is very human to see something horrific and ask ‘why?’. Even moreso if the scale is small, and petty, if the stakes come down to ruining a handful of people’s lives for reasons that later seem transient. However, there isn’t always a good reason why… that doesn’t stop the asking.

Jim Can’t Swim and Similar Channels

I appreciate the work that goes into interrogation analysis videos, so long as those videos are made by people who know what they’re talking about. Jim Can’t Swim (often abbreviated to JCS) is a channel on Youtube that reviews and analyzes footage of interrogations released to the public. JCS is one of the biggest and most well-known channels following this premise; JCS’s narrator speaks with authority, is able to identify common tactics used by either the police or the suspect during the interrogation, and is generally respectful of the subject matter. While sometimes the subject matter is humorous because the suspect or the interrogating officer does something that’s weird or pathetic, JCS doesn’t turn serious crimes into jokes.

It also doesn’t devolve into ‘copaganda’, a term used to describe media that paints the police in an overly positive light. Copaganda may suggest that the police never make a mistake, or anyone who asks for a lawyer before speaking to the police is guilty, or that it’s okay for the police to break some of the rules as long as they ‘know’ the suspect is guilty – it’s a nasty trend that leads to well-meaning, otherwise innocent people giving up rights they are legally entitled to for the sake of not ‘looking’ guilty.  JCS often clarifies that the police are allowed to lie to you to get more info out of you during an interrogation because it so often works in the detective’s favor during taped interrogations.

Other channels mimicking his format began cropping up, and then the format began to turn into a problem.

Visibility Bias

There are two issues with the popularity of these channels. The first one is that, with the benefit of knowing how the case turns out, of course you can spot the tells of the suspect. It’s like watching a poker match when you already know who wins! For instance: many channels, JCS included, will point out body language or certain tics as indicators of lies. However, you can’t use those in court – many people tic when nervous, and it would never hold up because everyone tics a little differently. The focus on body language is for the interrogators, who are looking for certain clusters of behaviors as indicators that the person they’re interrogating might not be telling the whole truth. It’s an interrogation tactic to extract a confession, not a hard science that always yields results. While JCS and a handful of the other big channels that started after him will clarify this as they describe why the suspect is likely doing what they’re doing, many others do not – they simply point to a behavior and say “this is where they started lying” because they know how the case ends. The tendency to use big, flashy cases where the murder was gruesome and the suspect left behind tons of evidence worsens the effect, because every video ends in a conviction, giving the viewer a false sense of efficacy when it comes to certain techniques.

You don’t see the videos where the tactics lead to investigators pressuring someone for an hour because they struggled to make eye contact with the interrogator, because that’s not interesting or cool and the channels realize that. However, if every video you see where the suspect couldn’t make eye contact ended in a conviction, you’d be inclined to believe everyone who can’t make eye contact is guilty, and it’s not just something nervous people do – sort of an ‘every square is a rectangle, not all rectangles are squares’ deal. Channels have to be very careful what they’re pointing out as recognizable nervous or lying tics because it’s not a science, they know how the case ends and so may be seeing tells where there aren’t any, and there’s no frame of reference for ‘innocent’ behavior elsewhere on the channel.  

Speaking of which, the second issue is that it often ends up accidentally turning into copaganda anyway – at least, the copycat channels do. When you stop focusing on how inexact many of the tactics are because they always seem to work in the videos and the channel narrator always points certain things out when they happen, it can be easy to fall into the trap of [X] is guilty because when the cops interrogated [Y], this same thing happened. Almost every video on JCS with a few exceptions were cases where the murder suspect either took a plea deal or went to trial, meaning the prosecutors already had a ton of evidence against the suspect. In the one or two cases on his channel where the suspect had been pulled in and later cleared, he points out how not-guilty the suspect acts during the interrogation. The rest? The huge percentage of interrogations that don’t provide any meaningful answers because the police had more or less said ‘this guy was in the area and we’re out of ideas’ to drag that guy in? Those interrogations aren’t the ones that end up on the channel. Why would they? They’re boring. The convicted suspect’s interrogation was probably more interesting anyway, right? The five people investigators went through to get to the prime suspect are never seen, and so the police look hypercompetent on these channels, always nailing the right person and always managing to extract something incriminating related to the case within an hour or three. These channels end up stripping quite a bit of valuable context from the case. It’s actually built into the formatting of this style of channel, because all people want to see is the case and the interview. Nothing else.

Inexpertise

And then there’s the issue of the analysis itself. Many of these folks could be amateur experts (we don’t know what credentials the vast majority of them have), meaning they’ve done extensive research online for specific cases, and specific interrogation techniques… but don’t know much beyond that. While the internet is huge and useful, you can’t research yourself into a self-made Master’s degree. Usually, that’s fine. You don’t need to have a degree in botany to be giving advice on tomatoes, you just need some research from people who do that you can cite when someone asks you how you know something will or won’t work. The field of psychology is not quite this simple, and when mixed with matters of law, sometimes even people in the system confuse themselves into messing up a case! For an outsider to be able to just leap in and begin analyzing footage of two human beings interacting within a specific legal circumstance, and having that analysis be trusted because of an air of expertise despite few credentials and sometimes sparse citations, may as well be a television show.

The problem then is that there’s no official, end-all-be-all way to describe why a new channel’s videos aren’t as good at describing the interrogation as an older channel like JCS is. A huge chunk of these interrogation-analysis videos don’t have any official training, just ‘experience’. Experience is useful, yes, but when anyone can just start making videos on such serious subject matters, you’re going to end up with a lot of pop-psychology and bias making it’s way into the analysis. JCS, with scripters, can avoid some of it, but can a teen with no editor or scriptwriter avoid accidentally suggesting something completely incorrect because it just happens to pan out in this case?

Just like everything else online, you should avoid taking the word of an interrogation channel without a grain of salt. They’re there for your entertainment first – anything else comes second!

Jake Novak Wants to Be Cancelled… Just Not Like This

Elizabeth Technology August 2, 2022

Saturday Night Live

Saturday Night Live is a pillar of American TV culture. It has a lot of history, it has a very talented team of writers that still get laughs out of the target demographic, but it’s not afraid of resorting to the obvious joke in a given scenario because the point of the show is to be kind of rushed. It’s live, and they only have a week to plan it, and there’s no do-overs. When you consider the format and compare it to something like ‘The Simpsons’, which has continually gotten simpler and simpler with jokes until they’re barely jokes at all despite having more time to write the episodes, it’s honestly kind of impressive that SNL has been as consistent as it has over the years.

However, by the nature of the industry, they end up churning through cast members and writers at a decent pace. This does more good than bad, usually. The material naturally freshens up with new eyes on it, and outside of a few select incidents (the Elon-Musk-as-Wario episode truly lives in infamy) the show is able to keep marching despite the turnover. It’s still a juggernaut, and while there may be more good TV out there than ever, it’s still beloved by many.

Jake Novak

You don’t end up on SNL accidentally. The guests may be random one-offs from a variety of professions, but the core cast is entirely comedians with years and years of experience. Of course Musk and any other number of guests have sucked – the guests are usually famous for something other than comedy, and comedy is really hard. Especially when you have to rush it out in a week.

Jake Novak, who – if you know him at all – you likely know as ‘some guy on TikTok’, is better known for his singing and rapping. As many people in the comments of his videos and subsequent criticism videos have put it, he’s a theater kid. He’s heavily inspired by Lin-Manuel Miranda, the writer and lead actor in the hit Broadway musical Hamilton, and it shows quite a bit. His songs might sometimes be funny, but other times they’re political, and many times they’re just telling a story.

Jake Novak has a TikTok and Youtube account, but has either purposefully or accidentally left out any sort of other experience that SNL would be looking for, like… a comedy career offline, or standup experience, or experience writing for a TV show. In his ‘audition’ song, he says he wants to be the next SNL cast member, but he doesn’t point to years of experience or tried-and-true comedic routines, he points out how similar he is to Lin Manuel-Miranda and that he’s good at songwriting. That’s nice, but it’s not what SNL does. It’s what Lin-Manuel Miranda does. He says he wants to give them the next big thing and that he’s good at acting (which he tries to demonstrate in the video) but doesn’t give anything else. He hasn’t released anything new since the SNL ‘audition’ video. It’s as of yet unclear if he’s going to abandon his TikTok altogether – he hasn’t posted since then.

I Want To Be Cancelled

Worse still was one of the first videos he ever posted to his TikTok channel, one in which he says he wants to be canceled so everyone will know his name and he can get enough recognition to be verified on Twitter. This is understandably the last thing any current TV show wants one of its people to say. It is a nightmare for a studio. Right now, DC Comics is trying to handle Ezra Miller getting themselves cancelled for a number of things they did while in Hawai’i, and it’s not going well. Jake Novak is obviously joking by listing out cancelable crimes that he’d never do, and at the end says he could get by with being canceled ‘just a little’ for something minor and stupid, but making the joke in the first place feels desperate if not tone-deaf.

You want to be famous, and you’ll do anything to get it? Including being cancelled or doing something cancellable? You made a whole song about it because you’re ‘jokingly’ jealous of how much (negative!!) fame and press the cancelled people are getting for their very real cases of sexual harassment? And the ‘a little cancellable’ items he lists off aren’t exactly great either – ‘misgendering a tadpole’ rings a little too much like the right-wing joke of ‘did you just assume my gender?!’ for the audience he seems to be trying to attract. This is exactly the kind of video that comes back to haunt you after you ‘make it big’, and that alone may have made him too radioactive to hire, the kind of thing that would get you cancelled. Assuming he was ever actually a possibility in the first place. Which he wasn’t.

Misconception

There was a misunderstanding somewhere between skills he perceived were needed and what a TV show like SNL actually wants its staff to do. If Pete Davidson did a song about wanting to join SNL as a gag, it’d be funny… when Jake Novak does it, it’s just sort of cringe, because he seems to be assuming he’s on the same level as the staff that’s already on the show because he’s big on TikTok and he has flow. He perceives himself to be their peer, at least in the video. He is not.

This divide is the difference between ‘old media’ and ‘new media’. Old media is generally the stuff like newspapers, TV shows, movies, etc. that a team of people make and is generally regulated. New media, on the other hand, is the stuff you see on Youtube, made with minimal or no staff aside from the presenter, and not subject to the same rules about presentability or censoring. New media has made it possible for nearly anyone to become famous given a little luck – you don’t need to audition to be a Youtuber! But old media remains much as it used to, relying on certain markers to identify who will be successful in a given role and who won’t be. It’s rare for a non-reality show to be recruiting from social media because it doesn’t work as well as traditional methods of finding funny people do.

 If anything, the track record so far has been kind of bad, with new media stars being given shows they have to write for and discovering how hard writing is when you have to fill 22 minutes with something. A huge chunk of comedy is timing, so when you get used to being able to make the show as long or as short as you want, a hard time limit feels suffocating for both the viewer and the writer.The Annoying Orange, for example. Or Fred, or Jake Paul. All of them famous online, none of them capable of handling a TV show.

 TikTok is especially new – the set of skills to make a 45 second long song don’t clearly translate to the writing room for a 5, 10, or 15 minute bit. SNL rarely uses singing anyway. He addresses his videos directly to Lorne Michaels which might be for the sake of rhyming or getting his point across, but it comes across as incredibly arrogant, especially when the rest of the song seems to imply he’s auditioning for the show itself, to be next to all of the big important comedians, and not just a bit writer somewhere in the back. His one thing is the singing, and that’s plenty for new media online, but not nearly enough for a TV show. This is the kind of audition you’d make if you wanted to make a short with another Youtuber or TikToker, not a fully staffed old-media TV show! Formatting and content aside, this wasn’t a genius attention grab anyway. Famous online does not equal famous enough for TV.

All that said, don’t bully the guy – he was doing what he loved and the video blew up unexpectedly on him. His audience, wherever they may be now, was interested enough to follow him.

What is DoSing?

Elizabeth Technology July 28, 2022

DoS stands for ‘Denial of Service’. What this means is that someone plans to deny service to and from a website by crashing it, or making it run so poorly that it may as well be offline. As for ‘why’, there are many reasons – someone could be ‘disagreeing’ with the content of the website or it’s discussions, they may be attempting to drive viewers elsewhere, it may be political, it may be simple trolling, the list goes on.

So, how is it done?

The How

Denial of Service is just that: a denial of service. Any means may be used to get to that point. If it’s a poorly secured website, getting in via hacking or password stuffing and changing the contents on-site could be a DoS. If it’s a poorly balanced website, and if it’s one that allows for posting of pictures and memes, sending an image that’s too large for the website to handle could do it. Similarly, sending too much text, animate gifs, or other content that the website wasn’t prepared for could shut it down. Requesting too much data and opening several tabs at once of a big image that did load could simulate an http attack, although that may be equally hard on the computer that’s doing the requesting.

Inputting code into poorly made text entry spots can also crash the website, if the owner didn’t know how to prevent SQL injections. Dinging the website too many times in one go can crash some websites, although that usually requires things like bot nets, which turns it from a DoS to a DDoS.

In that same family, SYN flood attacks can also deny service by requesting information over and over until the website is so overloaded that it can’t respond. In a SYN flood, the computer sends requests to connect to the server repeatedly, but never actually completes them. If it’s done right, the server runs out of ports to take the requests, and legitimate requests mixed in with the faulty ones now have to wait much longer.

Preventing it

Many of these are simple issues of preventing out-of-format content. If a posting box has a hard limit of 10,000 characters, the DoSer could whip up a bot to post over and over, but the website owner would be able to tell that something was going on before it crashes the website. Many picture printing places won’t allow photos over a certain size or resolution to be sent over the web, because it can clog the intake – especially places like drugstores that aren’t set up for large high-quality images. If the network isn’t prepared, it’s entirely possible for photographers to DoS them (at least in the photo station) by accident!  Instead, it’s much easier to keep these incidents out at the gate: configuring comment sections and image requirements for size is a bare minimum.

As far as SQL injections go, we have a whole article on sanitizing inputs (here) – the essence of prevention is keeping data inputs and the command to get it to the database separate from each other. This prevents a number of issues by itself, but is good advice to avoid DoSing via SQL as well.

For SYN floods and other brute-force attacks, configuring the firewall and installing an IPS (Intrusion Prevention Software) are what security vendor PurpleSec recommends. In the olden days, attacks like these may not have crashed the site, but they could still drive the hosting costs through the roof – the owner is then incentivized to pull the plug themselves so they don’t drown in fees from their server company.

To prevent breaches, use two-factor authentication when building your site. Please. Microsoft reports that it stops 99.9% of fraudulent login attempts. It is one of the easiest ways to improve your security.

How is it different from DDoSing?

DDoSing relies on multiple computers to get the desired effect; DoSing takes much fewer. This has many benefits for the person trying to wreck a website. Firstly, DoSing doesn’t involve gathering other computers to attack with – you already have all your resources at your fingertips! However, that’s a double-edged sword, as you can’t attack with more than you have.

DoSing is also easier to coordinate as other people are (usually) only minimally involved. Getting other people to DDoS a site organically is difficult because it requires organizing strangers, and doing it with a botnet requires buying a virus or making one yourself and then distributing it. DoSing with a SYN flood or with SQL injections is hard – but it might be easier than trying to get ever-more-wary strangers to click a suspicious link. Outsourcing to a hacker group, of course, is easier than both unless the malicious party lacks the funds to do so.

On the other hand, hacking into a website that’s only password-protected with a password stuffer (or doing it semi-manually by guessing passwords yourself) is probably easier than any other method. While this carries some risk (if they can tell where the login came from, they may be able to find the attacker), it also has a lot of potential for damage if the website owner hasn’t backed up the website. The problem with this method is that the website has to be poorly secured for it to work – 2FA stops the vast majority of these attacks, and being smart with who gets admin permissions can limit the effectiveness of the attack.  

Sources: https://purplesec.us/prevent-syn-flood-attack/

2FA Do’s and Don’ts

Elizabeth Technology July 26, 2022

We’ve said it before, we’ll say it again – 2FA is one of the biggest steps you can take to keep your account secure. 2FAs serve as heavy reinforcement for bad passwords, and protect you from brute-force, password stuffing attacks that might otherwise work. However, 2FA has a host of it’s own rules, so here are some dos and don’ts!

For Security Questions

Don’t: Make the Answer to 2FA Questions Something Too Obvious (Or Give Those Answers Out)

Social Engineering played a part in a major EA hack a few years or so ago. If you can imagine a coworker wanting to get into your stuff, and you don’t want them to, pick something that’s not common knowledge about you. “Favorite Musician” is a really easy question when you’ve got BTS memorabilia scattered around your desk!

Knowing this, you should also try and avoid mind-gaming yourself! A joke answer, or an answer that is technically correct but not the first one you would have picked if you’d never seen the question before, will make your answer more obscure, but it might also lock you out if you don’t remember what you wrote. Same goes for things that can change over time. On that note,

Don’t: Make the Answer Something Too Obscure for you to Remember

If you had to go back and look it up so you’d know what the answer was, chances are you’ll have to do that again when you’re asked to verify! Mother’s maiden name, your third grade teacher, what year model your first car was – if it’s too tough to remember after a few seconds, it’s probably not a good answer, even if nobody else would know it either.

Additionally, picking questions with multiple “trick” answers can also trip you up! For example – do you consider your first pet your family’s dog, or the pet you adopted as a teen, the first pet that was really ‘your’ pet? When considering what address you grew up at, is it the one you and your family moved away from when you were six, or the address you actually remember at seven? If you can think of multiple answers, it might not be a good question.

Do: Check Your Formatting

Some sites don’t care about case, others treat 2FA as a second password where everything must be precisely as you typed it the first time. Either way, it’s good to know some things about your habits: do you always capitalize the name of your pet, or if it’s something like ‘spot’, did you not do that this time? Do you include the dot when typing out your 3rd grade teacher’s name? Do you care about apostrophes? All of these are things that can trip you up when asked to verify with a typed answer to a question.

For Texts and Emails

Don’t: Click ‘Remember Me’ Unless it’s Your Device

Don’t click ‘Remember Me’ on your school or library’s computer – ‘Remember Me’ usually means either the computer will keep you logged in, or it will forgo the 2FA because you trust that device, via cookies. Most public computers soft-reset every time they’re logged out to prevent things like keyloggers and other nasty spyware from being left behind, but they can only do that if you remember to log out. If you don’t log out, and the computer isn’t set to restart after a period of inactivity (or someone gets to it before it does) it can mean your accounts are under threat, even if you closed out the browser window and logged off of your account. Similarly, this assumes the public computer is configured correctly to do that in the first place.

Do: Set it to Something You Can Access on Your Phone or On The Go

It might be a good idea to download Outlook if your backup email is Outlook. Most folks have their phone on them all the time, and if you end up at the bank or in front of a doctor without access to your account because 2FA sends to your computer, you’re going to be tempted to remove 2FA for next time. Don’t! Instead, make sure you can access whatever number or email it’s going to send that message to.

You should also try to update 2FA as you migrate across accounts – if you have something set to send to your old, abandoned email address or phone number, you may lose access to that account.

Do: Enable it Where You Can

2FA prevents the vast majority of password-stuffing attacks. If you need help, password managers like LastPass are an excellent choice – although you’ll have to add your security answers in the notes section, if you’re signed up with security questions instead of texts or emails.

Nursery Rhyme Music Is Just Repackaged Indie Accent Music

Elizabeth Technology July 21, 2022

What was the deal with the ‘Indie Slur’ In self-produced music? And what does it have to do with this new trend of nursery rhyme music?

What Am I Talking About?

The indie slur, indie (girl or boy) voice, etc. refers to a sort of Scandinavian-adjacent accent commonly used by English-speaking indie music artists online. If you’ve heard it, you’ll know it – singers glide across ‘ee’ and ‘eh’ sound by turning them into ‘ay’s, syllable sounds that end with an ‘ah’ or ‘oh’ turn into ‘aiy’ and ‘oiy’ depending on placement, and by the time they reach the end of a lyric, they’re rasping out the words because they’ve run out of air to sound breathy. It’s sort of like Bjork, if she were trying to write music for the radio. It was also incredibly distinct and served as a signature for a couple of popular Indie artists in the aughts and 2010s.

Halsey

Halsey used a toned-down version. It’s not so harsh as to be unlistenable, she doesn’t sound like she’s trying to imitate a European accent, and it adds some spice to her songs. She’s probably the most well-known user of this technique even though she’s not the most extreme example of it. After her came a wave of people trying to recreate that sound but better in bedroom pop. This is a totally normal trend – when a singer makes it big, other singers want to recreate their sound but better so they’re not known as knockoffs of the original. Or worse, mistaken as the original!

Halsey’s singing is unique both in tone and technique. Mimicking tone is a good way to end up in knockoff territory, so technique is what new indie artists pursued when they wanted to follow in her footsteps. Halsey, therefore, indirectly spawned a trend of online, underground music that used this indie voice as a way to differentiate (or her participation in a trend that was already beginning online lead to that trend blowing up – either way she popularized it). Unfortunately, the new era of internet users were familiar with websites like Soundcloud and Youtube, meaning that new singers had the ability to post music directly to the internet without beta-testing it in front of smaller groups of people first.

This lead to some really ridiculous results. In online spaces especially, ‘but better’ turns into ‘but more intense’; the indie voice is a really distinctive stylistic tool, and it can hide quite a bit of bad technique. Even mediocre singers sound kind of like Halsey if they slur all the way across the line! People who genuinely like the indie voice, people who are trolling so they’ll keep putting out music, and people who think the accent is because the singer really doesn’t speak English as a first language all lead to positive comments online in a way they just didn’t before the internet. Some of these singers stay entirely online because the environment is so much more nurturing than constant garage tours or open mic nights can be, so it became a sort of echo chamber. Anyone can win, anyone can post to media sharing sites, and anyone can build a fandom because the investment to do it online is so much less demanding than doing it the traditional way. There’s no soaring heights, but there’s no crashing and burning either. Eventually, the baseline indie voice got so watered down with all of the people doing it badly that it turned into a meme, and now it’s back into being a ‘sometimes’ tool for beginners.

Nursery Rhyme Alternative Music

But that’s not the only ‘sometimes’ tool this has happened to. In the same way the indie slur was used to hijack the recognizability of bigger stars, so too are nursery rhyme songs hijacking the recognizability of nursery rhymes. You know the phenomenon where you have to hear a song a few times to decide if you like it or not? Or how some people will say a song was played enough on the radio that it grew on them? This is a shortcut to that – you already know the ABC song, now you just have to decide if you like the tweaks made to make it ABCDEFU. On TikTok especially, indie singers with relatively small followings are trying to turn nursery rhymes into the backbone of some really bitter breakup songs. The one that first caught my attention on this trend was one by Leah Kate, called ‘Twinkle, Twinkle, Little B****’ (warning for swearing). 

The video I’ve linked features the hate comments, yes – but TikTok has no dislike button, hate comments are literally the only way people can make it known that they dislike the music (which is a discussion for another time). At 78K+ likes, Leah’s song has wormed its way into moderate success. This is such a unique trend because it’s not very hard to get into, just like the indie slur was. Even the parody songs that people are making in response to Leah Kate’s song sound like the real deal! Look at this one (warning for swearing!). The cursing, the belting, the lyrics themselves are so over-the-top bitter to compensate for how syrupy sweet the nursery rhyme it’s using is that it’s a parody unto itself. The parody might even be a smidge better, because the melody changes in her second line while Leah’s doesn’t stray outside of the original and repeats every other line just like the nursery rhyme it’s using does.

What makes this trend even more fascinating is that it’s following roughly the same pattern the indie slur did! Melanie Martinez may not be a regular feature in the top 40, but she’s undoubtedly popular in her niche, and her niche is a sort of American goth-lolita thing that looks to childish toys, ideas, and yes, nursery rhymes for inspiration. But only inspiration. The majority of her songs are not borrowing melodies from nursery rhymes, and the lyrics are not built to convey an entire song in the space of a TikTok. People want to be her, but more, but better, but even angrier and even more inspired by nursery rhymes, just like they did with Halsey. However, unlike Halsey’s music-writing fans, the memes and jokes are coming out at the same time the nursery rhyme songs are. Leah was getting these hate comments and parody videos as soon as her TikTok about it was posted. The online denizens of TikTok seemed to recognize the trend cycle taking shape and shoved a branch in the spoke before record labels could capitalize off of it. You’re probably going to see or hear a couple similar songs, but since it’s already becoming uncool, something else is going to have to take off in it’s place.  

Sources:

https://www.acelinguist.com/2021/05/dialect-dissection-indie-voicecursive.html

What Do You Do When Search Engines Fail You?

Elizabeth Technology July 19, 2022

The internet is forever – finding your way back to things on it is not.

1) Try a Different Search Engine

It’s well known that Google’s mysterious SEO algorithms show different results based on the person searching, the time of day they searched, where they searched (phone or desktop? Etc.) and more. So, if Google’s not giving you results for this thing you want (or you’re getting a lot of ads instead of relevant results) try Bing, or DuckDuckGo. It might not help, but Bing’s less-labyrinthine SEO functions mean it’s not tripping over itself to correct a perceived typo or find a result that aligns with your star sign off of a vague search entry. Just because Google is the biggest doesn’t mean it’s always the best!

Alongside trying a different search engine, sometimes trying a different search phrase can help as well. Say you’re looking for a foreign film that someone mentioned to you, but you only remember that the title had ‘aytoils’ in it and it’s in French. If you search for that in English, Google is going to think you meant ‘atolls’, and the results are going to feature movies about atolls or tolls or atails even if you click ‘search for aytoils’, because Google doesn’t know what you meant and it’s trying to give you answers even if those answers suck and don’t match. However, if you translate your entire query into French, Google might guess you actually meant ‘étoiles’, the word for ‘star’ in French, and you’ll be just a smidge closer.

2) Forums

Ask for help from real people! If you’re looking for something hyperspecific, an active forum may be able to help where generic Google results do not. There are forums, large and small, all around the web, and those forums cover interests from slingshots to saltwater aquariums to pastry-making to anime. People generally want to share their hobbies, and people who are really into lizards or really into baking are more likely to have run into the same weird niche scenario you’re dealing with right now.

Of course, you should remember to be polite and follow forum rules if you go this route – you’re sourcing information directly from real people, and will often be conversing back and forth with them to get your answers. This is also one of the downsides to using a forum, as ‘real people’ includes beginners to intermediates in the craft, so think critically about the advice once you receive it and whether or not it makes sense for the thing you’re trying to achieve. It’s good to partner forum results with what you could gather from Google sources.

As an example where you should use caution, forums for breeding, trading, or buying and selling ball python snakes! Google will tell you that ball pythons with the ‘spider’ pattern on their back all have a condition called ‘wobble’. Wobble is present in every spider ball python and every derivative of it, but some snakes don’t get it so severely, leading the owner to believe their snake doesn’t have it or won’t pass it down. These people may give their individual snake anecdote to someone looking to buy a spider morph for breeding, while the first few results on Google definitively say every spider or morph with spider in it has wobble (and they do! But the severity is really unpredictable, so again, some people think their snake doesn’t have it or can’t pass it down.). They don’t mean to cause harm, and they most certainly didn’t tell someone to get a snake with this condition because they want snakes to suffer, but they don’t have complete information, and the disease is counterintuitive because you can’t breed it out.

 With all of this in mind, it’s still usually better than nothing, so check out a hobby forum if Google can only give you generic results!

2.5) Forums… But Also Answer Yourself

Cunningham’s Law states that people may not answer a question if left to their own devices, but they’ll be more likely to answer that question if they have the chance to correct someone who answered it wrong. You probably wouldn’t want to do this with anything serious or time sensitive (pets, illness, cars, what the effects of CO poisoning look like, etc.) but for minor things unlikely to result in serious property damage or personal injury, answering your own question about how hot-press watercolor paper holds up to gouache may attract an expert to correct you, especially on places like Reddit or TikTok where corrections get a lot of upvotes and views. It may also attract beginners (as noted above) but Cunningham’s Law applies to them, too.

3) Internet Archive Services

If you remember the URL or the website you first saw whatever you’re looking for, these services may be a ray of hope – they catalog what things used to look like on the web, just like a normal archiving service. They’re not completely perfect, they may have blind spots and gaps, and they’re definitely not first in most searches, but  if you’re getting desperate to see something the way it was, this might be a solution. Unfortunately, the death of Adobe Flash means a huge amount of Flash-reliant content (like games and some videos on sites like NewGrounds, Miniclip, and Nitrome) died with it as well, and even the internet archives can’t bring them back. While some people are working on projects to restore these games using browser plug-ins, it’s not looking good for the vast majority of them.  

4) Seek Out Accounts

‘Han Solo shot first’. You might have seen that sentiment online in Reddit arguments. In the original, unedited Star Wars trilogy, Han Solo fired on his business contact first, cementing his reputation as ruthlessly self-serving. In the Special Edition re-release, Greedo fires first, completely changing the context of Han shooting to kill him. His action is no longer morally gray; Greedo was going to kill him, what, was he not supposed to shoot in self-defense? People were rightfully mad at George Lucas for making this change, and many were even madder that the original film had just apparently vanished into thin air for the sake of pushing his Special Edition harder. But they remembered that Han fired first, and they never missed an opportunity to spread the word.

In some cases, seeking out accounts of how something was when you’ll never be able to find it can fill in a gap in research, if you can find people willing to share. Human memory is fallible, yes, but collectively, the old Star Wars fans knew ‘Han shot first’ and passed it down to their kids in a sort of oral history. Old TV shows, live-air bloopers, consumable products that expire and mold – sometimes, all you have of stuff that’s unsearchable is first- and secondhand accounts from the people who used them and remember them well enough to share with you. It’s not going to pop up in Google, but it might in a microfiche or interview!

Intro To Phishing, And How To Avoid It

Elizabeth Technology July 14, 2022

What is Phishing?

Phishing is the action of sending someone messages with the intent to deceive them into parting with information they otherwise wouldn’t have shared. While it’s commonly used to try and steal logins, cookies, and other digital data, it can be used to snatch things like government-assigned identification numbers, important medical information, and more.

It’s also not limited to email, despite the common perception – ‘smishing’ is phishing over text using things like fake verification texts, and the ever-popular phone scams can phish by pretending to be a bank or other service that the victim may actually use.

What’s the Risk?

Getting your PII (your personally identifying information) stolen is kind of a nightmare. You probably don’t need me to explain all the ways identity theft can really screw up your credit and reputation!

If a scammer gets ahold of the login to your bank service, and you don’t have 2FA enabled on your account, they can do quite a bit of damage to your account by requesting cards, making fraudulent purchases, or transferring out money. Even if your bank has policies to protect you and undo all that mess, it’s still going to be a very frustrating and anxious few weeks of reclaiming control of your account, communicating with the bank, and the bank trying to track down the phisher (if they even can). That’s just one login!

Aside from the big, important services like your bank and utilities, getting your password and login stolen from a service you don’t consider important can still really suck. It can even lead to the phisher getting into the services you do consider really important. Take a smishing attempt that looks like Fedex has tried to deliver a package, but couldn’t. Were you expecting a package? If you were, you’re probably a little concerned. You don’t notice there’s a typo in the text, or that the number it sent from is different than usual. You click on the link, and it leads you to Fedex Smart Delivery manager, prompting you to log in. If you type in the login, then you just gave them your Fedex credentials! That doesn’t sound like a big deal – Fedex is easy to reset, right? But it is a big deal. Your address is in Fedex. You have your telephone number in Fedex. Your delivery history is in Fedex. The phisher can use some of that information to open accounts in your name that they don’t intend to pay for, which can impact your credit score. Plus, if you reused that password anywhere else, you have to reset it everywhere it was used, because odds are the phisher is going to try and get into everything they can to gather more data and steal working accounts.

How to Better Protect Your Accounts

All of this sounds really painful. Luckily, there are a few tips that can make your information safer! Firstly, don’t re-use passwords. You may groan at the thought, but reusing a password for services makes it much easier to steal an account of yours if they get that password via a site breach or a scam. We recommend a password manager like LastPass – it makes it much easier to store and create unique, strong passwords for every site!

Secondly, you’ll be better protected if you use two-factor authentication on every website that has the option to. If you do fall for a phishing scam, the scammer won’t have the code necessary to get in! Of course, some scams are sophisticated enough to think of that beforehand: Craigslist, for example, had a bad rash of scammers a while back who would “text a code” to a seller “to make sure they were a real person”. The seller then gives them the code, and the scammer now has a Google Voice number with the seller’s phone number as the verified number behind it! They just social-engineered their way into bypassing 2FA. This is why you should never give out verification codes – especially if you didn’t request them. Instead, it might be time to reset the password of the account that verification email came from. Just don’t click any links in those verification emails, either: go straight to the home page of the site instead to log in. The verification email might be a phishing attempt all by itself, hoping you’ll click a fake link to the website!

How To Avoid it in the First Place

It’s better if they never get to test 2FA at all. There are a few key tips to avoid phishing scams. Firstly, is there a sense of urgency? Your utility companies aren’t going to call and say they’ll shut off your water without at least a few mailed reminders that your bill is due! The same goes for your bank. If they demand that you resolve a problem right then, right there, out of the blue, it’s probably a phishing scam (if you’re nervous it’s not a scam, call the alleged company using their number off of their Google page or their real website). This goes for both phone and email phishers.

 If it’s an email or a text, ask yourself if you were expecting an email or a text from that company. If you get a Fedex text update that you didn’t sign up for, it might be a phishing scam. If you got a notification from Walgreens that your photos have finished printing, and you didn’t print any photos, it might be a phishing scam. They want you to click or tap the links they include to see what’s going on. Spelling errors are also a common tell – it’s not impossible for a company to make spelling errors in their communications with you, but they won’t be littering the page with them! Phishing scams do that to weed out people who know better so they won’t waste time on targets that won’t crack.

You should also check the sender of the email! Spoofing is a technique that attaches a real name that you might know to an email address or phone number that definitely doesn’t belong to them. Anyone can set their name to George Smith or Big Company Customer Service in Gmail, but they can’t change the email address they’re sending from. If it’s [email protected] and not [email protected], for example, it’s probably a phishing scam.

The same goes for caller ID, although it’s getting harder and harder to tell real calls from fake ones – scammers can set their name to something like “Hospital” or “School” to make it more likely you’ll pick up. Some more sophisticated operations can even make it look like they’re calling from a different number altogether, using VOIP technology to match the area code of the caller to the person being called. Just like in the urgency tip, you should be able to call a legitimate company or organization like a school back from the number they have on their website, or the number you know to reach them at. If they’re really resistant to you hanging up and calling back for reasons that don’t make sense, it might be phishing. Unfortunately, some scam calls are really tough to pick up on, and the FCC can’t do much to stop them if they’re not in the US. Many people today don’t answer their phone unless they were explicitly expecting a call as a result, and phone companies themselves sometimes offer up call and text screening.

Spear Phishing

Spear Phishing is much more sophisticated by default. It’s a scam that can’t just be blasted out to 500 people, they want to get you! They’ll use every trick in the book they can to get you to click a link or give out information you shouldn’t. If they think you have valuable information on your company, for example, they may send an email pretending to be a coworker by using spoofing, and they will write more carefully to avoid misspelling anything. If something doesn’t feel right, it’s important to check the ‘coworker’s’ email address for spoofing, which should stop most spear phishing attempts in their tracks. If you examine the entire domain name for misspellings, you may find one! For example, somebody using [email protected] or [email protected] instead of [email protected] might snag a few people who didn’t look closely enough. A scammer may also try to use a line like “I’m locked out of my work email, so I’m using my personal one” to try and impersonate your coworker. Many organizations have policies against using personal addresses for this exact reason – how can you verify they’re with the company if they’re using Gmail or Yahoo? Anyone could make an account with their name at that point! In this case, if the coworker didn’t warn you or share this address with you beforehand, you shouldn’t interact with the email further. Don’t click any links or attachments in the meantime.

You can even forward the email to IT! If you’re worried that the coworker really needs that sensitive data (which fits into creating a sense of urgency, like mentioned above) consider the risks of falling for a phishing scam vs. the risks of standing your ground when you didn’t need to. A phishing scam can completely pull down your entire operation, lock up or steal files, and wipe computers of their data, setting a company back with nearly nothing. Not giving information out to an email address you don’t recognize can delay a project or annoy a client, yes, but it’s much better than wrecking your organization, in which case you’ll also delay projects, but for much longer as your company recovers from a phishing-based security breach. Better to be safe than sorry!

The Evolution of The Self-Made Singer: “Did I Just Write the Anthem of the Summer?”

Elizabeth Technology July 12, 2022

Industry Plants and The Internet

An industry plant is a band or singer that’s been ‘planted’ by the ‘industry’. Or, to rephrase, these are musicians who a record label has handpicked to be the next ‘big thing’. These musicians might be a gap-filler for the record label, intended to sing pre-written songs other artists rejected, or they might be talented, but not multi-talented in the way they’d need to be to succeed without the label’s backing. If they have connections, they can squeeze in where other people in their situation would have had to give up. Plants still have to have talent, but they’ll often have materials, content, and funding provided for them, which makes their life much easier when it comes to recording and planning for tours.

To be clear, the critics on the internet don’t dislike industry plants – they just don’t like it when it’s obvious or lacking real talent. Imagine Dragons, whose lead singer is the son of a powerful lawyer at an entertainment industry law firm, could be considered a plant by most standards, but they have a lot of real fans who genuinely like their music. It’s not bad to have connections, and many good artists just happen to be related to someone who knows a guy, so basing tastes on some purity standard of being completely self-made with no connections whatsoever would cut out a huge number of really good musicians.

But when it’s obvious, and the band’s not really that good, people online haaaate them. This new generation of social media means that bands can buy follower bots, get fake people to comment things on their pages, and in general use money to smooth the way to becoming viral. Once you look like a big deal, more people are going to pay attention to you. David Bowie famously got his start by acting like Ziggy Stardust and the Spiders from Mars was already a big deal, and locals just hadn’t heard of it yet –imagine doing that but then failing to deliver onstage despite your apparent thousands to millions of ‘real’ fans! Getting hyped for someone that’s supposed to be really cool and well-known already only for them to suck is very disappointing. It feels like a waste of time. The worst example in recent memory was the band Tramp Stamps. Tramp Stamps appeared on TikTok and Tumblr overnight, had way too many Instagram followers for how new the account was (and how few comments appeared on each post despite thousands of followers, allegedly), and then promptly crashed and burned as it became clear the band didn’t actually know their target audience, how to write pop punk music, or how to pander effectively. Trashing Tramp Stamps was really fun for a lot of people online because they made themselves such an easy, unlikeable target.

Unfortunately, that led to a lot of criticizing non-plant bands who hadn’t bought followers and actually had a bit of a fanbase independently before coming to TikTok, meaning they had enough money to fund music videos and merch and the like. One of the things that sets apart plants from non-plants is that they seem to have all that infrastructure already set up and ready to receive them despite a lack of demand, so when the demand is hidden from mainstream view (which happens a lot with niche bands) mainstream listeners mistake the widening horizons of the band for being a plant. If you want to make it big on TikTok, you have to make it clear that either A) you already have a fanbase or B) this music is being made in your garage. The internet expects a certain pathway to success from young independent musicians (indie and punk especially) and won’t let them deviate from it.

A Lack Of Confidence in the Product

As such, instead of trying to explain to several thousand people that just because they hadn’t heard of your band doesn’t mean the band is new or is a plant or anything else, some bands choose to grovel to the algorithmic For You page instead by pretending that both A) and B) are true. “I need fans! You should be my fan, it would really help me out, because look –  I’m recording at my house!” If it sounds like begging and guilt tripping, that’s because it is. Constantly defending yourself online to strangers, especially when you make music that’s outside the flavor of the month, is exhausting, so I don’t blame these musicians for trying something new. It works really well if it’s done right, though: the lady who wrote ABCDEFU got big on TikTok by emphasizing how much of her success was reliant on the early fans who listened to her and stuck by her, which of course would make you feel guilty for ‘abandoning’ her if you stopped streaming it. The problem is that once they have a following, it sounds like they’re fishing for compliments, and they have to update their strategy. But when you’ve built an online following on your humble beginnings, and you don’t have a manager or any marketing experience, what do you do?

From an outside perspective, you’ve earned the right to display some confidence! However, if you’ve only practiced self-effacing marketing, getting the right amount of confidence is going to be tough, especially on a platform like TikTok where relatively small bands may as well be Top 40 hits for the genre niche they fill. As such, it’s difficult to tell where you actually stand relative to other bands. Do you have the mass appeal necessary to say you wrote a summer anthem, without any caveats? When people talk about you offline, do they call you a hidden gem? If you don’t know the answer to these, it’s easy to overestimate a good thing.

Did I Just Write the Breakup Hit of the Summer?

Before it became a meme, artists would put a question in their TikTok thumbnail to try and get people to click, so they could learn the answer. Questions like “Did I just write the Emo Hit of the Summer?” “Did I just write the next biggest breakup song?” Litter the videos of artists who are in the awkward in-between stage of earned humility and earned confidence. Notice that they’re questions, not statements, to try and soften the blow of all that idea implies while simultaneously inviting people to come check it out and judge for themselves. While that works sometimes, it doesn’t work on the cool, hip side of TikTok because it’s cringe to not know whether or not your fans like you enough to call your song their song of the summer. What are you making that you’re asking that question? If you weren’t sure you liked it, why did you release it? It’s in direct contrast to the confidence they’re supposed to have about their music.

The answer is no. It’s always no. Especially online. No matter what genre of singer is asking this question, they’re writing music off of a standard that boils down to ‘you’ll know it when you see it’. Sometimes songs of the summer are year(s) old before they resurface like a lich because the internet has completely changed how these things work. Right now, in June of 2022, Running up that Hill by Kate Bush is super popular because it was featured in the show Stranger Things. That might very well end up being a song of the summer for people who liked the show and like pop. Movies and TV shows have done that too, but TikTok allows this to happen on a new scale. Sometimes a meme alone revives a song from the archives.

By asking, the musician who wrote it jinxed it into impossibility! A song of the summer does not need to state it’s the song of the summer; A song of the summer is not declared before summer is over; a song of the summer from a niche genre is only going to be the song of the summer for that genre. Trying to branch out and make something generic enough that everyone likes it creates a song that nobody loves with all their heart. It’s often reliant on current trends (right now, people are still trying to make rewritten angry nursery rhyme songs chasing the success of ABCDEFU) and as such comes out rushed.

This happens to big labels and well-recognized pop stars too: the Trolls movie featured an original called Wavy by Justin Timberlake, which  was released early so it could contend for song of the summer. It didn’t win and wore out its welcome by the time the movie came out. These ‘Did I Write the X of Y’ songs are missing the forest for the trees, trying to plant a song that didn’t need to be planted, hedging bets on a song that’s supposed to be good enough to speak for itself as the next big breakup song. Even worse, it’s almost entirely tied to TikTok!

In an effort to avoid being mistaken as plants, they achieve the same generic sound and generic branding a label would provide a plant to ensure their success as they build a fandom. Writing too niche for the internet is almost impossible – people were listening to the sound of a jammed dot-matrix printer for a while. It seems like going too generic is a far bigger magnet for trouble than going niche!

Mysteries in Online Tales: How Do You Keep it Scary?

Elizabeth Technology July 7, 2022

Want to write a creepypasta? You’ll have to learn how to balance what your viewers want to know with what they need to know.

What Is Creepypasta?

First and foremost, what is a creepypasta? Creepypastas are scary stories that start online, usually text based but sometimes video-based or audio-based as well. Creepypasta comes from the term copypasta, which comes from a misspelling of copy-paste, and is used to describe stories that people share over and over by copying and then pasting them somewhere else. The first threatening chain e-mails technically count as creepypastas! Slenderman, one of the more famous creepypasta stories online, is often credited with popularizing the term, although it had been used in niche forums for quite some time before that.

Creepypastas used to be a single-author effort, with limited input from the community that consumed them. In the early days of the web, it was very tough to identify what would create a copyright schism, so people weren’t so keen to begin making fan games, write fanfiction, make art featuring copyrighted characters, etc. because the original author might like it, or they might issue a cease-and-desist and make all that work pointless. Anne Rice famously crushed any and all fanfictions about Interview with a Vampire she found well into the late aughts, and so people stopped writing that fiction. There are rules that say you have to defend your copyright or you’ll lose it, so it’s hard to blame creators for being so extreme in the early days before there were precedents for online transformative works, but as a result, the environment was repressive and fan interaction was often limited.

This worked in the favor of the early creepypasta authors. The creator of Slenderman, for example, had a hand in the projects that featured his creation – as a result, most of the cool, big stuff featuring the monster, like the game 8 Pages and the short video series Marble Hornets, retained the original flavor of the monster.

Cruella De Ville

However, things have not stayed this way, for better and worse. To explain this purely by storytelling, lets look at another character, Cruella De Ville. Everything about her is meant to be scary and mean. She wants to skin a bunch of puppies for clothing! She’s named Cruella. She’s arguably one of the most black-and-white (hah) villains Disney ever created. She is just objectively awful, and that’s entertaining in and of itself. Almost anything can happen to her and the audience will think ‘serves her right!’

Until… Disney offered up a movie humanizing her, explaining that dalmations killed her mother, that she’s more of a Devil Wears Prada than genuine, cruel evil. And people hated this movie! Maleficent could be said to be misunderstood, but Cruella was a shallow villain to start with and should have stayed that way. Not only was the backstory unwanted, it added a lot of fluff and humanity to a character that – again – wanted to skin puppies for clothing. It made her motivations confusing and kind of pathetic instead of heartless and cold, defanging her for the sake of making some money on character recognition. This was a multi-million dollar effort on Disney’s side.

I’m explaining all this because in today’s day and age, it’s very easy to accidentally do the same thing to creepypastas and make them funny or clownish instead of scary. Things have changed when it comes to copyright, and fan interaction is not only allowed, it’s sometimes seen as the ticket to getting a lot of really good content about your project for free. Creators now build a community instead of an audience. While this does produce some really good scary content, it also invites a lot of mediocre content alongside it.

Un-Scaring By Missing The Point

There are a lot of talented artists who don’t have the time to create or maintain an ARG, but still want to create scary things. There are a lot of creatives who don’t necessarily have the talent to put their ideas to paper in a drawing, but can describe it over text in a way that is bone-chilling. There are people who can draw and animate things that are terrifying as long as they’re given a prompt, or a mood. There are people who can do neither, but still have great ideas and can collaborate to make those ideas a reality with someone who can put it to paper or animate it.

There are also people in each of these categories who don’t quite grasp what the scariest part of the original story/creepypasta/monster was supposed to be and end up creating something that pulls back the curtain, so to speak, removing the mystery associated with the monster. To use another not-so-scary example, look at Star Wars. The Force is a mysterious, all-encompassing but not omniscient power that flows through all living things, good or bad, weak or strong. It works in mysterious ways; it seeks balance over triumph; anyone may be able to access and harness it if they can devote years and years of their lives to training to become either Jedi or Sith. Some are born with natural talent for it, but others have to work hard to achieve the same talent their peers were born with. But, if they do, it’s worth it, because they get to stand among the Jedi! You get it? It’s so cool! Fans love The Force! Anyone could be a Jedi! And then George Lucas reveals that controlling The Force is actually the result of a blood infection by a microorganism called midichlorians, and all of the cool, metaphorical, mysterious parts of the story are brought into sharp contrast with this new information. Not everyone could be a Jedi. You have to be born special to be special.

To use a scary story, almost literally the same idea was incorporated into Five Nights at Freddy’s with the introduction of this goo called Remnant in one of the books – the animatronic suits that hunt you night after night aren’t bound there by a determination to get revenge on the guy who killed them, they’re there because the suits had that goo in it, and if the suits hadn’t had that goo in it, they would have just moved on. That could be scary, but it’s scientific and cheesy in a way that’s not scary in and of itself. Feeling so much rage that you crawl back out of your grave to seek revenge is a terrifying yet very human concept – midichlorians and Remnant goo remove the element of choice and willpower from the story and turn it into a game of chance. Things happening by chance can also be scary… but the setup has to know that chance is the scary part about the story, because if it’s not, it reads like a plot hole or a contrivance. But that’s the creator doing the un-scaring to themselves, what about fan content?

Fan Content

Many creepypasta monsters are scary because you don’t get a good look at them, either metaphorically or literally. You don’t know where they came from or what they’re after, just that you’re in their sights and you really don’t want to be. Getting a good look at them, therefore, removes the fear and defangs some of them. Some monsters continue to be scary even after they’re revealed to the viewer (a lot of monsters that represent forces of nature or evils remain scary if they don’t take the form of a human themselves – Room 1408 and The Blob, for example), but many more are less scary once they go from concepts to being real things, dumb animals, ‘just some guy’. Slenderman, for example, became divorced from representing paranoia and stranger danger and started being just some guy after countless works of fan art watered his presence down. He’s still plenty scary in the first few games that came out about him, but doing horror poorly tends to turn it camp, and now he’s often just some guy in a suit. Seeing art of Jason Voorhees just casually mowing the baseball diamond at Camp Crystal Lake like a regular camp counselor made him funnier and campier (hah) than actually, genuinely scary, too. Intentionally making art cute, or unintentionally failing to scare makes fanart one of the most dangerous blades a community has. If a monster doesn’t have a lot going for it, consistently cutesy fanart or fanfiction can break down the monster’s reputation more than a badly written chapter or a terrible plot twist ever could!

And Storytelling in a New World of Fan Art

 As previously mentioned, transformative works are no longer a constant source of copyright anxiety, so huge springs of art and fanfiction appear around characters like never before. Hot Topic had to get a license to use Jason Voorhees on their shirt, but some guy on Twitter can sell stickers with him dressed like a regular hockey player without the license because the work was transformative.

As a result, it’s never been harder to control the perception of the monster. Creepypasta writers often do their writing alone, so issues with how the monster might be perceived by fans aren’t necessarily caught until the fans are already perceiving it. Make it dumb, and maybe it’s just a trapped animal, make it smart, and maybe the main character could have reasoned with it, make it demonic, and maybe you should have known better than to invite it in, make it nature, and humans are the monster for the destruction they’ve caused. No monster is perfectly unredeemable… but there are many monsters who don’t get the ‘I can fix him’ treatment from fans because they aren’t lovable.

Still, even if you have beta readers and you’ve written a pretty good monster, people can be weird online. You don’t want to ask people to stop making their art – a scorned artist with a big fanbase can remove their fanbase from yours, which has happened before – but you don’t want the cute, calming art to consume your idea, at least not before the story’s completely over and fans who want to be terrified have gotten their fill.

How Would You Prevent Your Work From Becoming a Meme?  

Assuming you’ve written a pretty good monster (and there are tips online all over the place if you’d like to try your hand) there are a few things you can do to keep the horrifying entity you’ve made from being cross-contaminated with My Little Ponysonas by well-meaning but young fans.

Firstly, create an environment for your story that isn’t going to break immersion for your readers. In a movie, you can’t have someone interrupt your watch with a funny picture of the monster caught in a raccoon trap. If you’re scrolling through a blog, you can – if the artist reblogs works from fans on the same blog that they’re writing the story, they can accidentally reduce the seriousness of their own story. The creepypasta subreddit on Reddit actually has rules that state both the writer and commentors must treat everything as if it’s really happening, so you don’t get awkward breaks at the end of the story where the original poster thanks everyone who gave them nice feedback or medals. This saves the original poster of the story from having to shake hands with fans while they’re still in their monster makeup, so to speak, and it’s a good rule to apply no matter where the story is happening. Keep fan interaction on a side blog or side page so you’re not having to break character.

Secondly, know when enough is enough. This is really, really hard. There’s a saying in music ‘to always leave them wanting more’, but you still want to make the story and share your ideas about it. Share enough to make the story, and maybe some stuff that didn’t make it in, but don’t reveal every corner of every room. Monsters are usually scariest in the dark, metaphorically and literally, so you have to leave some stuff to the imagination. This is where the midichlorian problem from before happens – maybe even you don’t know how your monster works perfectly, but it’s okay to leave it like that. Sometimes no explanation you could possibly give will surpass viewer imagination. Sometimes explanations for how things ended up the way that they did end up making the story less enjoyable, the way Cruella’s prequel movie did.

Thirdly, be aware of who your content is geared towards. In horror games, something like Outlast is going to have a very different audience to something like Five Nights at Freddy’s, and even that is going to have a wildly different audience than something like Poppy Playtime. The more kid-friendly your project is, the more likely it is you’ll end up with cutesy, AU, or less-than-scary fanart, because the population consuming it is going to veer younger. This can be pretty simple – while horror doesn’t have to be washed out and gray, Poppy Playtime sort of shot itself in the foot by giving itself a cute, floppy, absent-minded mascot in a building colored with bright, happy, primary colors. For even starker contrast, Five Nights at Freddy’s creepy animatronics attracted (and scared!) people of all ages. Five Nights at Freddy’s: Security Breach redesigned those characters into cuter, rounder, more human versions, and the game’s fear factor is noticeably lessened as a result.