Video Veteran IT Journalist Worries That Online Privacy May Not Exist (Video) 44
Note: Alert readers have probably noticed that we talked with Tom about cloud security back in March. Another good interview, worth seeing (or reading).
Tom Henderson: I like the fact that Apple battles the NSA. I think it's all grandstanding to be honest, don’t you think? It’s so nice that they are able to have at least a PR battle with the NSA, whereas I'm guessing that the NSA is already not only through the backdoor but, well, they have their own entrance. And maybe Apple knows it or maybe they don't.
Robin Miller: But how then, let's assume there's no perfect security protection, business or personal, what can we do business wise or personally -- if anything?
Tom Henderson: We’ll take the consumer side first. Just with some quick recommendations. If you like privacy, separate your life into two different browsers. One of those browsers will be your social media browser. The other browser will be, when you buy stuff or when you do banking. Why? Because the correlations between your online social behavior will be used against you in the buying department, Amazon and Facebook are thick as thieves as an example, and if you want to prove the fact, go to Amazon, shop for a few distinct items, perhaps something out of your normal profile, then see those ads popping up on Facebook, not quite instantly but really soon. It doesn't take long for those guys to correlate what's going on and have a good time trying to sell you stuff, which is where all that ad revenue goes. This is the entire business profit model of Google and Google Analytics.
Robin Miller: It works, it takes less than an hour, and you will be followed everywhere including on Slashdot. I work for ad-supported websites, so I can never advocate using any of the ad blockers. But if I did... sometimes I wouldn't use it because I want to see what kind of ads are being run. I would notice that those ads for something I looked at on Amazon or at Best Buy, Those ads follow me all over the web, from the New York Times to The Washington Post, as it were.
Tom Henderson: In our terms, using the Internet is very heavily funded by ad revenue. Ad blockers block a lot of that revenue automatically. If we all did that, the face of the web would change tomorrow morning. We would have a completely different model based on further cuts in advertizing. But the Direct Marketing Association and all of the organizations make money this way, so we'll never have that, so you’re fighting an enormous block of legislative bribery money – oh I’m sorry; campaign contributions.
Robin Miller: Same thing.
Tom Henderson: Then ensure that unfortunately a lot of this is going to continue to be ad driven.
Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?
Tom Henderson: This is, you know, the credit union trying to use information that you told them about, it will verify that it's you and not somebody else who cracked into your account.
In terms of allowing them to do that, we don't really have a choice. Is it good that some credit unions do this sort of thing? The answer is sure. I prefer credit unions over banks. But that's a personal choice because I believe that credit unions are motivated in a different way than banks are, but that said, using a secondary auth is always a good idea. If you’re a commercial organization, you need to think about using private circuits. That involves using VPNs.
If you use VPNs and the security surrounding them, you can get secondary auth if that's important to you, but you can also vet your users in other ways using access control lists. So there's a way to help keep people from peering in on the conversation. There are ways to be able to ensure the data stored in place is encrypted because you purposefully did it with a key that you know is very difficult to break.
I'm not sure any key is necessarily unbreakable it just takes hardware. Hardware is cheap these days. It's really cheap.
Urg. (Score:5, Informative)
NO!!! It does NOT!!!
1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.
2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.
3. Find a bank / credit union that uses real two factor authentication.
Re: (Score:2)
Re: (Score:2)
Yep. Even easier if the information ("correct" answers) are available via Google.
But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.
Their thinking seems to be:
1. So, one username / password isn't enough.
2. A second password should be enough
Re: (Score:2)
Ah, there’s nothing like WWIW2FA (We Wish It Was Two Factor Auth) to improve your bank security...
See this random image we made you choose at sign up? YUP! That’s proves we’re us!!! No chance an MitM could get that!
And this extra random string you entered after that other random string? That makes it TWICE as secure!!!
I’m not without simpathy that 2FA balloons support costs from people who lack the mental facalties to understand what 2FA is, much less keep a token with them when they
Re: (Score:3)
Bingo. People are throwing up their hands and surrendering, when in reality, the bad guys tend to use fairly simple means to get their data.
A few things that help privacy for me:
1: Visit people, and have face to face conversations. Phones should go off, or in a pocket.
2: Have 2FA. This right here stops all but targeted attacks where an attacker is spending resources just to nail one certain person. To help with recovery, buy the new iPod Touch and copy your 2FA info onto that as well, so more than one
The headline (Score:2)
Veteran IT Journalist Worries That Online Privacy May Not Exist
As if there was any doubt?
Re: (Score:1)
Re: (Score:1)
Comment removed (Score:4, Insightful)
Translation: (Score:2)
Translation: Don't worry about abuse. Just accept it.
Renovations (Score:3)
When I buy Slashdot, first thing I'm going to do is tear out all the videos and put in fish tanks.
Re: (Score:2)
I wonder if Slashdot would allow a story about how Slashdot users could best fund the purchase of the site themselves...
Re: (Score:2)
Everyman's inward efforts should put up real walls that actually keep shit out and fuck with the rest. Shutter your windows and poison their wells. At this stage the SJWs are invited to call me victim-blamer, while the remainder appreciates wisdom for actual results.
Privacy and Keyboards* (Score:1)
*How quaint
Re: (Score:3)
We have transcriptions for the faster readers. But you enjoy complaining, so we won't let that silly fact stop you.
Thanks for your input,
- R
He is worried online piracy does not exist? (Score:1)
Maybe he ment online acts of piracy as I haven't seen anyone take someone else's ship online lately but the file sharing thing? That's still going strong.
Re: (Score:2)
It's not cynicism. It's realism. (Score:2)
There is not, and never has been, any such thing as "online privacy". Those either unwilling to recognize that simple fact, or incapable of doing so, seem to be either businesses selling "online privacy" services or their customers.
Want a completely secure computer? Never plug it in. Ever.
Anything else is bells and whistles.