Reading about Mat Honan and his hacking experience on Wired’s blog reminded me that you can never be too paranoid either in security or backups. It brings up a new set of issues, well not actually new to those who were already working in this sphere, but new to the public at large. Which is why it’s surprising that a tech journalist made such really basic mistakes, but also worrying that not all of them were detailed in the Wired’s companion piece on how to avoid such hacking.
The Cloud is being trumpeted as the new saviour of Society As We Know It, from Apple, Google, Microsoft and Amazon. It gone beyond backups and handy systems such as Dropbox and a realm I’d call Cloud Computing if the term wasn’t used for something else. The ideas of thin client computing or ‘always on’ data access aren’t new, but the widespread takeup and pushing into consumer homes is a new step. I think sadly we’ll hear more stories like Mat Honan’s in the future.
With this cloudy new age comes several problems – hacking and data security being just a few (massive internet usage of all that synced/streaming data is another – fine on Wifi, less so on expensive mobile tarrifs). I think the problem is in part ones of trust and complacency because large corporations say ‘trust us with your data’ many shrug and think it’s fine.Privacy and tracking issues aside, it’s not.
In the small bad frontier times of the Internet it was drilled into me you do NOT share personal data online. No primary emails, no real addresses, no password or security related info such as birthdays, not even real names hence the rise of the nickname. This advice which seems basic to me has fallen out of favour – or like Facebook & Google+ dangerously insist on ‘real names’ as identity thieves spread invasive birthday and ID gathering apps and memes on those sites.
So here’s Tim’s Guide To Keeping Safe, in addition to the Wired suggestions (I especially second using VPNs and HTTPS Everywhere).
1. Use fake information online, or if possible avoid putting any personal info out there. We all know not to post our credit cards online (umm right) but what about your phone number on Facebook? Your full birthday in some forum? I always feel slightly weird using fake info when filling forms but unless it’s legal or financial info (ie fraudulent) then why do this information even need to be online in the first place, or correct? But marketers and advertisers LOVE trackable demographic information so hence they make it mandatory, but unless credit checks or full security checks are taking place it’s not needed.
2. A related point: do not put your home address out there. Surprised Wired didn’t mention this as it was a big part of this case, but that includes in your Whois of your domain if you have one. Obviously businesses have to as a legal requirement but personal domains do not, so go ahead and use your Domain Host option to hide your details or even better fake it (the domain host could get hacked, although those places are pretty secure). You’ll also save youself a hell of a lot of mail spam and fake Domain Registrar scams in the process.
3. Don’t put it out there unless you don’t mind losing it or being made public. In these social media times we are encouraged to share, share, share. And I think the apparently private nature of some sites and systems, the ‘walled garden’ approach means people get a false sense of security. But treat everything you put on the Net as temporary, transient and potentially public and you’ll be OK. And back it up!
4. Never put your eggs in one basket. This means don’t trust one company to do everything (called a vendor in the trade) and build in fallbacks. Apple freaks are particularly prone to this, as detailed in Mat’s case. Better to mix and match different systems and don’t rely on one for all your data and hardware….yes they might not work together as ‘smoothly’, then again ‘smoothly’ works just as easily for a snooper or hacker too. Also more reliance on one system means you’re also relying on their security and backup processes being good – again this was in the Mat Honan case.
Switch off any tracking or system integration that means any device can control another unless it’s locked with good passwords and preferably to a single machine or your network only. Apple fanboys think they’re exempt but all those sharing, VNC, FTP, Bluetooth, Find My Mac and Bonjour and Remote Desktop can be just hacker playtoys. If you need that functionality look into other options from other companies or lock it down as much as possible.
5. If you don’t use it, switch it off. Get comfy with your Network Sharing control panel and router controls. Unless you know you need it, or don’t know what it does (find out, for sure the hacker will) shut it off.
6. Don’t talk about it. Yes security by obscurity isn’t all that, but if you tweet you’ve just left home with a picture if your drive with a handy Geotag of your house location (this actually happened) then don’t blame me if you come home to find the place stripped. Several times I’ve been about to post some security or personal related information and then said to myself ‘oh wait, isn’t this telling potential thieves or hackers too?’. Need to know basis might sound paranoid, but if there are no upsides to sharing something and several possible downsides, then don’t do it.
I’m not saying I’m perfect, yes stuff leaks out there and I have been hacked before…but make it hard on the hackers and they will go for an easier victim. And remember storing data in The Cloud is temporary or secondary backup solution and also possibly lets someone peek over your life.
Personally I only trust computers and servers I control…nothing else, whatever the fancy ads say.