How to think in the world of cyber crime and spying
It seems over the last few years we are increasingly frequently being informed of this cyber attack, that ransomware infection, this data leak... To me it does make sense that these events would increase. If technological development follows Moore's Law, then the events surrounding technology should also increase in frequency and impact at a cumulative rate.
And this is what appears to be happening. Cyber threat is increasing, computing is becoming more abstracted away from the binary that drives it, chips and data processing is becoming ubiquitous in our environments and lives. We are at the mercy of the computer, and the people who know how to manipulate them. You now have three choices:
- Reject this reality. Move to the countryside, live a simple life without the computer. We managed it before so you can manage it today. Or can you? It might not be as easy to reject the computer as completely as you would like. Can you go without a bank account? Without on demand entertainment? How much of your favourite music is on CD or vinyl? How did you last contact your family?
- Learn how to behave in this reality. You don't need to be at the total mercy of the experts because you take exactly what you need from this high tech world. You aren't sold on computing capitalism, don't sign up to everything offered and don't rely on things out of your control. If you are going to rely on some tech service, hardware or software, you take the time to ensure you know how to use it properly.
The 1st two options are extremes. Probably, the most important step to take is option 3. So that is the one we will explore in this post. More specifically, how to think in the ever-developing technological world.
You have no privacy.
Your default state of mind should be that if you have something on a computer, a text file, photo, a file of any type, and that computer is connected to the internet, assume that someone can see it. Everything on your computer is accessible. It is accessible to anyone, anywhere in the world. All they need is their own computer, which if you have one, they certainly will. You need to start believing that everything you do is seen by others, especially whilst online. Everything you type is logged, every site you visit is recorded. The internet builds a history of YOU. It builds a story, it builds profiles, and then it can learn, adapt, change and replicate. Knowing this phenomenon results in another: The Chilling Effect. This describes (in this context) how people will alter themselves for the online world, knowing that they are being tracked constantly. (Did you know everything you type into Facebook is logged? Even if you delete everything and never send or post it?) However you don't really want that either. The key is not to adjust your real life to a false life online, but understand what should remain on your computer and what shouldn't. By starting with a mindset that you are not alone when you are connected to the internet, you will either act accordingly whilst on the PC or rethink when you use the PC at all.
What do you do with things that matter?
So this leads on to what do you do with the hundreds of private photos, gigabytes of videos and documents that are precious to you? Well the other baseline mindset you need to have is that all technology fails. Never keep just one copy of anything important. Your hard drive can fail randomly, you can have your stuff stolen, break, corrupt or become obsolete.
Remember most of the things you have on your computer can be easily gotten again. If your laptop gets run over by a car, you can go out and buy a new one, re-download the same programs and set the laptop up the same way. Obviously it is expensive and annoying, but it can be replaced. So do not be too worried about losing specific applications, unless you are relying on obsolete software, in which case, modernise if you can.
It is the stuff that isn't available to re-download that is important. I will describe how I keep my important data: I have the exact same directory structure synced to two separate hard disk drives (both made by HGST). I keep them in anti-static bags, out of a computer and check them regularly for bad sectors. If one of them reports bad sectors I make a new sync onto a new hard drive and destroy the failing one. This is my hardware arrangement. I am not precious over films, music or images I can download again, but I do keep a library of documents, images and films I have found that I cannot be bothered to re-find on the drives. I am definitely precious over photos and documents, school work and other personal data that I cannot get again. This data, I aim to have hard copies of, where appropriate. I also keep a copy of all this on the cloud.
Can you trust the cloud?
What is the cloud? It is nothing and everything. it is a name for the invisible (and sometimes visible) bundle of networks that compose the internet and other webs. Usually we know it as specific company's areas of data storage and processing (iCloud for example, Apples piece of the vast network). Putting something on the cloud simply means you have sent that data over a network and stored it on someone else's hard drive (think in terms of data drives now) somewhere else in the world. Is this safe? Well.. not really. It is likely more secured than on your computer, but big companies are bigger targets and more effort will be put into hacking them.
Encrypt everything you can.
If you are going to use the cloud for storage of important data, I highly recommend using Mega.nz. You get 50GB for free which is more than enough for most people. You may have heard of Kim Dotcom, the mind behind MegaUpload and now Mega. He is a privacy advocate and a brilliant technician. Mega is fully encrypted. So even if a criminal gang decide to try and get the data, it will be scrambled unless they can decrypt it, which brings me on to my next topic.
Passwords, passwords, passwords...
I hate passwords. In fact I hate making accounts full stop. However, knowing how to make good passwords is essential, as the majority of people have passwords easily guessed, brute-forced or manipulated out of them. I make sure not even I know my passwords, though that might not be totally necessary. I use a random key generator with the largest, most complex possible keys that the service will accept for most of my accounts. The passwords are then stored in a password manager so I never need to remember them. Which would be impossible anyway... I'd have to be Rain Man to remember them. The other good technique for passwords is described here in XKCD.
Set up 2 Factor Authentication where you can, especially for accounts that hold important information, billing details and the such.
Cloudwards have written a fairly comprehensive article here, on setting up strong passwords which is worth a read, but beware of password checkers which are mentioned. They use techniques that don't always translate into strong passwords. Here is a good article explaining why.
Try and avoid falling foul of social engineering.
Don't get phished. Don't get manipulated. If you don't know your passwords that's great because no one can weedle it out of you. If you get emailed links, or sent messages on any chat service with links that you don't explicitly already know what it is, then don't open it. Do not become scared by messages you don't understand and react by clicking buttons, installing software or calling numbers. It is practically impossible that anyone would ever contact you about a fault with your computer, a fault with your account. No one official will ever ask you for your passwords or access to your computer, unless you have specifically gone onto a service for help (using the Adobe, or Microsoft online chat, for example) - No one will contact you out the blue.
This is how I think in our new and evolving cyber-world. I would go on and talk about Private Clouds, TOR, VPNs, torrenting and the such, but that's for another time. To sum up:
- Assume everyone can see what you do online
- Assume everything on your computer can be accessed whilst connected to the internet
- Keep important photos, films and documents duplicated and stored offline if possible
- Assume your computer will break at the worst possible time
- Create hard copies if you can
- Only create the online accounts you really need
- Set encryption and 2FA wherever you can
- Make strong passwords and use some form of password manager to store them
- Don't let people scare you or manipulate you into giving away information or opening links
If you have followed the above steps to adjust your behaviour you should never have to worry anyway. Your personal data will be secured, your passwords unknown and accounts locked down. Everything else is transient and not that important, other than it's expense in money and time.