Wednesday, August 26, 2015

Naked on the Net

In an earlier post, I discussed an article about how common it is now to see photos of nude people on the Internet to the point that it isn't, and shouldn't be, a big deal if someone sees your nude photos there. Be that as it may, most people still feel vulnerable when they're naked, even though that feeling quickly goes away when people get used to being seen that way.

I've often felt that singers and actors reveal more about themselves through their emotions and actions and are thus more naked (as in exposed and thus more vulnerable) than I can possibly be just being seen as me.

What's strange is how exposed and vulnerable people let themselves be on the Internet to the point that being seen naked should be the least of their worries.  I know a lot of people who expose their opinions, their religion, their politics, their preferences, their bad habits, their whatever freely on Facebook.  These same people would never allow themselves to be seen as their body simply is.  I guess I don't get it.

Seeing me naked doesn't make it easier for you to steal my identity.  You can't use it to get money from me.  Trying to blackmail me by threatening to reveal what I look like to my friends and family will only be doing me a favor by then having an excuse not to have to hide my preference to be nude from them any more.  Seeing me nude doesn't reveal my politics or my opinions (though reading those posts will).  You won't get my social security number, the dirty little secrets I told the government to get my clearance, usernames or passwords, my account numbers, my net worth, what I do for a living, my sexual preferences, or anything else naughty or nice about me.  Instead, all you'll see is skin and the shape and form of my body.

People leave themselves vulnerable on the Internet in so many more ways.  Ashley Madison cheaters and cheater wanna bees are learning that lesson the hard way now.  It used to be if you didn't just leave your information out in the open, you were OK.  Or rather, you thought you were.  You trusted your bank, your broker, your Email provider, your cloud backup server, your dating website, and your favorite forums, blogs, or other chat space with your real identity and your innermost secrets.

Between the NSA playing peeping Tom (because who knows what you're into), the Chinese and other foreign agencies looking for what secrets you might have that they can use to get you to do things for them, to hackers breaking in to your services to get your stuff, to just malcontents who want to embarrass the owners of the services that you use.   Look who's naked now, chump!

What people should have learned is NOT to trust important sensitive information to plaintext communications and storage.   Your service providers promises of privacy and security mean nothing when THEY get hacked and they've left your information lying around unencrypted on their server.

Listen up peeps.  If you say something to someone on the Net that you don't want anyone and everyone to hear, use end-to-end encryption.  Learn to use Textsecure, Redphone, TOR, PGP and other tools and force those who you communicate with to use them.  In many cases, using those tools is transparent, or nearly so.

Before you give your personal information, opinions, or other sensitive information to others, ask yourself how do they store it, how do they use it, and how they are going to protect it.  The answers often are, sloppily, too widely, and not hardly, if at all.

Does that mean you shouldn't do banking over the Internet?  Banks and brokerages are rich targets for hackers.  But they know that and they know they have a lot to lose themselves if they're too sloppy, so they often limit what they store and use.   Even so, balance how paranoid you are (or should be) against the convenience.

Do you let others store your backup files and passwords on-line?  If so, is that information encrypted before they get it and do they have any keys to decrypt it?   If so, think long and hard before you do it.  Remember that even if others have the key, if you don't give them physical access to the information, they can't get at it unless they break into your house.  And if someone breaks into your house and steals your laptop or PC, you did encrypt it.  Right?

To keep yourself covered on the Internet and on computers in general:

1)  Limit physical access to sensitive information as much as possible (don't let it be on other people's computers and servers).
2)  Use trusted strong open source file encryption on your computer.  Better yet, make it easy and use an OS that supports it by default (MS Bitlocker, Linux home folder encryption, and newer Android and iOS operating systems on phones).
3)   Use strong passwords (something only you know) and a trusted password manager.  Consider not using anything that isn't open source and proven, and think twice about leaving passwords, even encrypted ones, on other people's servers.
4)  Consider requiring "something that you have" and can't simply know.  Use second factor authentication or a security dongle (Google Authenticator, a Yubikey, or RSA dongle).

But most of all, stop being naked on the Internet.  Be that way physically and post images of yourself that way if you like.  But stop revealing more about yourself than others have a need to know.

No comments:

Post a Comment