“I’m curious about…” is a series exploring subjects we want to learn more about. Curiosity can lead us to learn more about different kinds of cheeses, find a new favorite author, or seek to understand another culture from your own. We can begin to find answers to our questions even when we don’t feel qualified.
In this edition, I’m curious about Internet Security.
How did you become interested in this topic?
I am a part of the Oregon Trail Generation and I grew up with the internet. I’ve always been curious about computers and how they talk to each other. In the late 1990s, movies like Sandra Bullock’s The Net, Antitrust, and Enemy of the State made me wonder which storylines are plausible in real life. In high school, I gained a basic knowledge of computers in an AP Computer Science class and then I took a college-level Information Systems class.
In the mid-2000s, armed with my very basic computer knowledge I started reading Bruce Schneier’s blog, Schneier on Security, and Slashdot to get the latest security news. I didn’t understand all the technical lingo, but I could understand why someone or a corporation would want private information.
Now I’m still interested, because data leaks are often in the news. Two years ago Target stores had 40 million credit card numbers stolen, because of a vulnerability in their air conditioning system! Last year the detailed private information of 50 million Facebook users were exposed because of a few software bugs. The crazy scenarios from the movies have become real and it is fascinating.
What resources did you use to learn more about this topic?
My professional background doesn’t have anything to do with Internet Security, but my curiosity has led me to learn more from books, movies, podcasts, and a conference.
Ghost in the Wires is the memoir of Kevin Mitnick who famously went to jail after scamming and gaining digital secrets without malicious intent.
This fictional story follows a teenager named Marcus who is interrogated and released after a terrorist attack on San Francisco. The book explores the tension between privacy and security.
In Data and Goliath, the author explains how our phones track our location, habits, and private searches. Then what corporations do with our data and gives us suggestions on how to protect our privacy. The end of the book explains what governments can do to protect their citizens.
A documentarian and a reporter travel to Hong Kong for the first of many meetings with Edward Snowden.
Each week the CyberWire’s Hacking Humans Podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that are making headlines and taking a heavy toll on organizations around the world.
San Antonio B-Sides Conference
This summer I got to attend the San Antonio B-Sides Conference with my husband and middle child. My son’s favorite part was learning how to pick locks in the lock-picking village. I really enjoyed hearing Kat Fitzgerald’s presentation titled, “When Refrigerators Attack! Defending Yourself Against Rogue Appliances.” It was so much fun to hear her personal stories involving compromised systems.
What are some things you learned from your research?
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
“Nothing to hide, nothing to fear” is a myth. Privacy is a basic human need. All of us really do have things we want to hide. We can’t control what the culture or government will deem as acceptable. Our personal values may not always line up with those in charge. China has already started a “social credit system” giving the government the power to deny airplane tickets, the right to take away a dog, or barring a child from their school of choice.
I’ve learned that we don’t have the time to read every single Terms of Service, but there are some basic steps we can take to hide some of our data.
Use DuckDuck Go for internet searches, because they don’t track your searches. This search engine also blocks advertising trackers. I really enjoy using the app on my phone, because I can read websites without blinking ads.
Use Signal, because it encrypts all your text messages. Of course, I can’t get all my friends to use Signal, but I use it to text with my husband.
Use 1Password as a password manager. Passwords can easily be broken and you should not use the same password in many places. 1Password is an app and browser extension that can hold all your passwords and generate difficult passwords when you need a new one. I’ve used this system for years and it has been a lifesaver many times.
Turn off your location services for the apps that don’t need your location. Angry Birds doesn’t need to know where you are located while using the app! You can also change your setting to “While Using” and make sure you close the app when you are done.
Phishing and spam emails are getting craftier each day. Even the best security experts can fall prey to a fake email. We get scam emails because they still work on people! Be careful about the emails you open.
My curiosity about Internet Security has made me question what corporations are doing with my data. I don’t enjoy being watched so I can get ads for products specific to my life. I hope companies and the government keep working on their privacy policies. In the meantime, I am going to stay informed and keep doing my best to stay private.
Have you ever been interested in computers or wondered who was using your personal data?
Photo by Matthew Henry.