I’ve given up on privacy and security a long time ago. So I don’t really care much. But every time when my position is reinforced with things like “Weird New Tricks for Browser Fingerprinting“, I still lose some sleep for some reason. And she is on the good side too …
I’m throwing this into the pile of arguments for “security and privacy are little but myths” discussions. If top of the top companies, with multi-million budgets and hundreds or thousands of top security professionals get compromised, how realistic is it for the average Joe to protect his business? I say – not very.
I think 80% of problems can be prevented with the 20% time and effort investment: minimize attack surface by removing and disabling everything you don’t need or use and limiting access to everything else, use layered defense where possible, use encryption where possible and strong passwords if you have to, don’t rely on security through obscurity, have log analyzers and/or intrusion detection system installed, etc. But most importantly, make peace with the fact that being compromised is not the question of “if”, but “when”. Prepare yourself. Have an offsite backup and know how to restore your services in a completely new environment, if necessary.
And as far as your privacy goes, if you put anything private on the Internet, as well, prepare for it to be stolen and leaked. If it never happens, consider yourself lucky. Otherwise, just learn to deal with it. It’s very unpleasant in a variety of ways, but seldom deadly.
10 Conspiracy Theories That Turned Out To Be True – some I’ve heard about before, some are new to me. I’ll keep the list here for further reading and research.
- The Gulf of Tonkin Incident
- Tuskegee Syphilis Experiment
- Project MKUltra
- Operation Northwoods
- CIA Drug Trafficking
- Operation Mockingbird
- Operation Snow White
- Secret Global Economic Policies
- The US Government Illegally Spies On Its Own Citizens
It’s been a long while (almost two years in fact), since I posted a movie review. It’s not that I haven’t seen any good movies in this period, but more of the fact that I tend to sound repetitive when I write these. Watch that, this one is awesome, etc.
Last night I’ve watched “Citizenfour“, and I have to say I’m shaken by that documentary. And I’m not a privacy or security freak, and I was somewhat familiar with Edward Snowden’s story. This film, while portraying his personality, is not so much about him, as it is about the state of affairs.
As a non-US citizen, I have very little interest in what the US government is doing. I don’t particularly care if someone is recording my Internet traffic, Google searches, or the phone calls I make. I’m not worried about ending up “on the list”, or anything like that.
But not everyone is like that. I do understand how government surveillance can be used, how data can be analyzed, and how pressure can be applied. And I do share the point of view that the balance of power between the government and the people is way off (and not only in the US), and that we are beyond the point of any meaningful individual resistance. It’s just that I don’t do anything about it, and Edward Snowden did.
For me personally, quite a few things were new in this film. It was interesting to learn about the variety of NSA and CIA programs, the depth of their rich, and the technology that is in place already. Some of it does sound like science fiction future, but is in fact very possible. The stuff about security access in the NSA, drone video feeds, data gathering, analysis and search, with real time notifications, etc – all that was insightful.
The other side to the movie that I found interesting was the whole process that was used to expose these documents. There is in fact no framework as to how such things can be done, what should and shouldn’t be published, how things can be verified, etc. The move to remove his own bias and pass on the responsibility onto the journalists was interesting.
Overall, I think that the more people see this movie, the better. The issues raised are very important and we should know about them. It doesn’t only affect criminals or terrorists or Americans. It affects everyone. In particular everyone who has a phone, or a computer with an Internet connection, or a credit card. After all, there are 1,200,000 people on the US watch lists, and from what I understand, this list is growing fast.
Google has been pushing for wider HTTPS adoption for a while now – converting its own services, working on the SPDY/HTTP 2.0 protocols, etc. Now, it seems, they want other people to start adopting HTTPS too. And what’s better way than add it as a signal to Google Search rankings?
[…] over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
Nice! Especially for those selling SSL certificates…
Tox – secure instant messaging, video conferencing, and more.
With the rise of government monitoring programs, Tox provides an easy to use application that allows you to connect with friends and family without anyone else listening in. While other big-name services require you to pay for features, Tox is totally free, and comes without advertising.
Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage). In data leakage incidents, sensitive data is disclosed to unauthorized personnel either by malicious intent or inadvertent mistake. Such sensitive data can come in the form of private or company information, intellectual property (IP), financial or patient information, credit-card data, and other information depending on the business and the industry.