Hacking Yourself to Ungullibility, part 2

If you are wondering where part 1 of this blog is, it's not here, because I didn't write it. This entry is following up on Bruce Schneier's recent blog and Security Matters commentary in the March 2008 edition of Wired magazine, titled "Inside the Twisted Mind of a Security Professional." I'm an information security professional by day, so I'm a big fan of Mr. Schneier. He is the epitome of a critical thinker, and while he often writes about complex computer security issues, he also frequently comments on critical thinking for every day situations and every day people. His latest commentary is a perfect example of this, so I highly encourage you to read it. It's short, and it is essentially "part I" of this blog.

So what does the mind of a security professional have to do with increasing your own ungullibleness? If you read Schneier's commentary first, you already know the answer, but I'll summarize. Thinking like a security professional means not accepting things at face value. It means looking at things from a different angle to see how they might be used mischievously, maliciously, or sometimes just differently. As Schneier concludes, "If people can learn how to think outside their narrow focus and see a bigger picture, whether in technology or politics or their everyday lives, they'll be more sophisticated consumers, more skeptical citizens, less gullible people." In other words, to become ungullible, you have to think how you might take advantage of a gullible person. Then you know what to look out for.

Mr. Schneier notes in his commentary that an undergraduate class in Information Security at the University of Washington is trying to teach it's students how to think this way. It doesn't come naturally to most people, so it takes practice. Students are asked to "hack" every day objects and services (GM's OnStar service, traffic lights, etc), and then blog about their results.

To pick up where Mr. Schneier left off, I'm going to ask you to do the same thing, but with more of a focus on gullibility rather than security. Below are some suggested exercises for hacking yourself to ungullibility. Remember, it doesn't come naturally to most people, so practice is necessary. But hopefully you'll also find it fun. And please post back here in the comments with your results!

Exercise #1 - Hack your TV
TV commercials are a great way to practice critical thinking. I often use them as teaching tools with my own children. Instead of shielding them from commercials, I ask them what parts of the commercial they think was true, what parts were exaggerated, and what parts might even be untrue. I also ask them what tricks the advertiser used to make the product more appealing than it really is, or pressure you to "buy now" (before you have a chance to think critically through your purchase decision.) So how about you? Pick out a favorite commercial on TV and pick it apart. Late night infomercials are too easy - so I advise picking a normal product, maybe even one you actually use, to keep it challenging. If you aren't much of a TV watcher, then a magazine ad may suffice. And don't forget to report back here with your findings!

Exercise #2 - Hack your Email
Dig into your email's 'Sent' folder and find the last email that was mass-forwarded to you that you in turn mass-forwarded to others. These "chain letters" often have emotional or political messages, or are intended to warn you about some new threat. But they often are full of misleading, incorrect, or even made up information. For example, following the devastation of hurricane Katrina, a family member once forwarded me such an email that warned people to be careful about where they bought yard mulch because it might come from the thousands of trees that were knocked down in the storm, and could therefore spread the ecologically devastating formosan termite. It was all false, and only served to spread fear (and possibly drive down much sales). Find a chain letter email that you actually forwarded, and now critically analyze it for potentially false information and tricks that it uses to get you to forward it to others. Give yourself extra credit if you NEVER forward such emails, then find the last one you received and analyze it. Reading snopes.com is a good way to learn how to recognize the true from the false emails, but using it to research your answers for this exercise is cheating.

Exercise #3 - Hacking your mind!
This is probably the most challenging exercise, but arguably the most important in becoming ungullible. As I stated in my "Top 5 Concepts for the Ungullible Mind," we are all guilty of deceiving ourselves on a regular basis. Our mind is wired to make many kinds of logical mistakes, and it's capable of tricking itself. That's why placebos work. We complain that we "always get stuck in the slow lane" because we remember the frustrating times better than we remember the times we sped through the fast lane, not because the former is actually more frequent. We take our neighbor's advice for the latest herbal remedy (it worked for her, and her mom!) over the advice of our doctor. We jump on the slightest mistake made by our most hated politicians, yet we all too easily ignore or justify similar gaffs made by politicians on our own "team." We prefer explanations that support our pre-existing beliefs (e.g. "After death experiences prove there is an afterlife") over more mundane alternative explanations (e.g. "Or maybe it's just the effects of a dying brain under immense stress, similar to the euphoria and visions caused by some drugs"). If you truly want to become ungullible, you must learn to be ungullible of even your own mind. Don't trust it too much. Look for independent verifications. So what was the latest or most significant mistake in logic you made?

Please share your answers with the rest of us in the comments below. I plan to do the same, but I've got to think about them first. That last one is really going to be difficult. ;)

If you are interested in reading some of Bruce Schneier's books on national security in a post-9/11 world, information security in the modern world, and email security for the average internet user,then Ungullible recommends the following (respectively)...