Press "Enter" to skip to content

Friday Freedom Question: Online security

I get the general impression that most people, even here, do very little to protect their online security.

When the subject comes up in links posts, there’s never much comment on it. I’m surprised at the number of readers who write me using Gmail or Yahoo addresses, knowing that all correspondence is scanned for advertising and data mining purposes. Other than people who are already inclined to be nerdy, few people seem to use VPNs, proxy services, or TOR for browsing. A core group of my correspondents encrypt their emails, but most … nope.

At most, people may use an ad blocker or a pop-up blocker on their browser. Which is something. But barely a beginning.

I could be wrong on this. But my impression is that even dedicated freedomistas aren’t that “into” online security. And those gmail addresses and unencrypted messages confirm it.

So my question is: why? If you are not a dedicated online “security freak,” why are you not?

Is it because it’s impossible to keep up with security in a rapidly changing online world?

Because you “have nothing to hide”?

Because all things computerish are a mystery to you?

Because you have better things to do?

Because you believe that mysterious “they” will find out everything you’re up to, no matter what you do?

Tell me!

I should note that this is not a judgment against anybody. I believe I don’t do enough for online security myself. Even though I do enough that my online experience is sometimes crippled by the security measures I have in place, I find myself not keeping up with the latest developments. I find myself rolling my eyes over the idea that I have to go out and *&^%$#@ing do more than I’ve already done and keep track of stuff I can barely understand. I’m just wondering about reasons.

39 Comments

  1. MamaLiberty
    MamaLiberty April 14, 2017 7:00 am

    Locks keep out the honest, mainly. Anyone dedicated to getting in, whether through the door or serious encryption, will eventually find a way to get in. That doesn’t mean you shouldn’t lock the doors or use encryption, but such security measures should probably be viewed (and re-evaluated frequently) in practical terms.

    I needed to use my “new” Visa card yesterday, since I’d neglected to take enough cash. I discovered that it now has a “chip” and won’t work the old way with a swipe of the magnetic strip. The machine swallowed my card, then diddled around for quite a while doing whatever it does with the chip. I was terribly uncomfortable with the whole affair, though I don’t understand the difference. I came home and cut that damned card into a dozen pieces and put them in four different trash bags… to go to the burn barrel.

    What we don’t understand may very well hurt us, of course. But we usually have a choice – so far. I’ll be doing several things to tighten my security now, whether I understand all of the implications and consequences or not. That ugly crawling sensation up and down my spine as I waited for the “chip” to communicate with the borg is reason enough to do so.

  2. ellendra
    ellendra April 14, 2017 7:21 am

    Answers 1, 3, and 4. Every time I try to beef up my online security, I get overwhelmed by the options. I just don’t have the time, patience, and energy right now to deal with it.

  3. Joel
    Joel April 14, 2017 7:33 am

    Answers 1 and 3. Back when PCs had to be assembled I could do that, but if loading programs involved more than sticking in a floppy and punching “YES” I was lost. To this day PGP is a mystery to me. I’ve never understood how it works. I can use it if somebody else sets it up for me, but with a new computer or when something needs reconfiguring I’m like a dog at a spelling bee.

    Every time someone computer literate starts a sentence with “It’s easy, all you need to do is…” I automatically know I will derive no information from the sentence.

    And it’s all kabuki anyway. I do not assume I can outthink the NSA with computer stuff. If somebody sells a security product you can bet our would-be masters have installed back doors for themselves. so the only people I’d like to protect myself from have the key. I have no clue which practices really work and which don’t. Does that menu selection that supposedly turns off the GPS tracking on your phone really do anything? I’ve always doubted it.

    As with other things I don’t understand, I try not to let it ruin my life. And I’m *very* careful what I type on the keyboard of a connected computer. The only secure way to do it on the Internet is not to do it.

  4. John
    John April 14, 2017 7:42 am

    Hi Claire,
    For me, I think security is right there with being situation aware and responsible. Trying to secure everything and always (on or off line) exceeds my capacity. I’m a single small value target out of three hundred million which is defense number one. I use a five year old MacBook Pro and a LG800 Tracfone (dumb phone). I don’t use social media or cloud services and my on line traffic is mostly information or data pursuit and somewhat eclectic at that. I use ABP (off for select sites like yours) and do notice old Google there, helps get some of my product searches into adds on pages I visit later. The incongruity of the offerings is sometimes quite funny. Stuff of a critical or vulnerable nature I do not send in email, which I do respect as being as secure as a post card. I may at a point go with better defenses. 🙂

  5. kentmcmanigal
    kentmcmanigal April 14, 2017 7:57 am

    1, 3, and 5. And also, as you admitted: “I do enough that my online experience is sometimes crippled by the security measures I have in place” and if that’s what it takes, I would rather just give up computers altogether. I have enough trouble without voluntarily adding more for myself. If “they” are going to get me, “they” will get me. If they need to put something incriminating on my computer to do it, they will. If they only need to say they found something, but show no proof, they’ll get away with that, too.
    That may sound fatalistic, but it is also liberating.

  6. Pat
    Pat April 14, 2017 8:28 am

    1, 3, and 5 also. I do have VPN on an email address, use a “secure”
    search engine, and have ad blocking but, like Joel, “I have no clue which practices really work and which don’t” across my computer. I don’t trust any of it any more, which has taken the fun out of it, but I don’t need the computer except for a few select websites, and don’t spend that much time around it any more.

  7. Adam
    Adam April 14, 2017 8:32 am

    How do we really know what any company who sells private email account services or VPNs does with any of our data that pass through their servers? How secure is it? Are they selling it to third parties behind our backs?

    If I encrypted my email, the people I sent it too would not know what to do with it.

    When I make an infrequent online purchase, my credit card allows me to set up a one-time use number for the exact amount of purchase. If hackers breach the company or their processing site, they get my name, address and email, but the credit card information is no good since the amount available on that number has been used up.

    Also for credit card and bank account, I have set alerts to notify me when any transaction occurs.

    I use https when visiting websites, but not all sites use it. Supposedly your ISP can only see the main site you visit using https and not the sub-pages you view. I say this because this is what I’ve read happens when you use https. I don’t have any actual knowledge that this is really happening.

    For telephone service, I still have a landline. For how much longer that will be offered I don’t know. And my cell phone is a “dumb” phone that is so old the battery is somehow still recharging, but I can’t find a replacement.

    I don’t think anyone has “the” solution to online security and privacy.

  8. Comrade X
    Comrade X April 14, 2017 8:35 am

    If they can bug the president…..

    I don’t do Facebook, I am on linkin not because I want to but because an important client requested I be, but I am there as very little as possible (& I hate it!!!). I don’t have a smart phone which gets looks when I pull mine out, it looks like an old Star Trek beam me up scotty phone.

    Due to business I am finger printed and back ground checked and even have a TSA Pre Check number. One day I would love again to tune out and drop out before I die (but that would be one way to do it).

    IMHO if they (who ever those dirty they’s are) want to come and get me they know where to find me, I am neither ashamed nor afraid to say what I believe (even though I use a handle it still is very easy to find out who I am as you know Claire, if Ben Franklin could use a noms de plume why not me even though I’m no Franklin who IMHO was a rock star!) but there is nothing I do that is not legal as per the highest law of the land “our constitution” however IMHO there are those in our government whose actions are illegal as per our highest law and I stand against them in what ever little way I can. Our fore fathers fear of big government was very well founded as is being proven every day now!

    However what is true today was not always true yesterday and what will be true tomorrow may change from what it is today.

    And I can perfectly understand why someone may need to be underground in every way possible and if that is the case they better be off the internet, no GPS in the car, no smart anything and be using burner phones, etc etc etc…. otherwise again IMHO you are very much above ground and easily tracked on “theys” radar no matter what precaution you take, right now methinks it is almost impossible to drive on a freeway or in any town greater then a few thousand (at least true in my part of the 50) without getting your picture taken today, how many of us are using disguises when we drive?

    At least I try to smile a lot!

  9. Ruth
    Ruth April 14, 2017 9:01 am

    Well, I can’t read Wired any more without turning off said adblockers, so I can’t comment on their articles at all. Which I find ironic since they regularly put up articles about handling your privacy online.

    I do try to keep track of whats needed to truly protect yourself online, but for every day actually having a life online sorts of things? It tends to fall somewhere in with 1,4, and 5.

  10. AG
    AG April 14, 2017 9:10 am

    There is no such thing as “online security”.

    Putin uses pencils for a reason.

  11. CB
    CB April 14, 2017 9:12 am

    1, 3, 4, and 5.

    #3 is exceedingly painful to me because once upon a time I was a real developer, data modeler, architect. Now I’m a stupid user trying to convince myself I’m overthinking everything except I know I’m not.

    I have an opensource firewall running on a dedicated server. I have a VPN purchased (last week) and hope to get it installed maybe Sunday. I’ve run PGP/GPG off and on for years and like Joel, the setup and management of it is a hassle. I’m looking to go from Apple Mail to Thunderbird for a couple reasons, one of which is better GPG integration. And in prep for moving off of OSX to a (more secure?) BSD variant. Which means dumping iphoto, etc. But that’s probably not hard to do anyway since I don’t use anything cloud-hosted.

    And I’m amazed at all the gmails and yahoos and even AOLs my friends are on.

    And #6 with Joel. But I think I have to try. Even if it’s pretending.

  12. jed
    jed April 14, 2017 9:14 am

    I’m further along the tech/privacy curve than anyone else I know personally, except for one person, and even he doesn’t do much. And, while I do more than most, I also do less than I could.

    The most succint answer, which encapsulates all the rest, is that I’m just tired.

    I already know that I won’t be able to convince most of my e-mail correspondents to migrate away from Gmail, or Yahoo, or Hotmail, much less use encryption. In addition to that is the neverending job. I also have developed a distaste for things which become more complex than they should be. I like to keep things simple, even when I know and understand the reasons for making them more complicated. Some years ago, I read an excellent article about “learning fatigue”, which I wish I had saved, as I can no longer find it. It can become an issue. A close cousin to learning fatigue is the moving goalposts.

    Plus, I don’t get much support, among my tech friends. Questions such as, “why would you want to pay for e-mail?”, come up from time to time. It often feels as if I’m a lone voice, out there in the desert. They think I’m nuts for disabling JavaScript in my web browser. I’d be doing better at this, if I felt as if I were working with someone, rather than against almost everyone (including the gov. agencies).

    Some examples:

    A friend forwards e-mails to me containing inviations to cycling events, where the ride is built around visits to brewpubs. “Join meetup, or login with your facebook account”.

    I’ve had people put my e-mail address into sites such as e-vite.com, and then get mad at me when I point out that this is in bad form.

    Recently, I received an e-mail about a talk on “Online Privacy 101”. Please RSVP via EventBrite.

    Don Quixote, anyone?

  13. M Jarvis
    M Jarvis April 14, 2017 10:36 am

    It just now dawned on me that last summer when you were helping me set up encryption that I sent you my public pgp key. If THEY were watching THEY could have it and if THEY are snagging anything I send, THEY can decrypt it any time THEY want…

    Oops…

  14. M
    M April 14, 2017 10:56 am

    “And it’s all kabuki anyway.” An excellent point.

    “If everyone is on the List, the List means nothing.” – how many lists can I make and how high can I go!

    Seriously – all the Darkweb/hidey stuff is like the myth of a Redoubt – gathered all together, one fell swoop brings it down.

  15. MacGregor K Phillips
    MacGregor K Phillips April 14, 2017 11:05 am

    Basically I am too old to care anymore. With the amount of information the NSA, CIA, FBI, etc collect everyday 24/7/365 they have no idea what they have, or what is important or not. But, if you are selected as a target they can search through this mountain of data to see what you are doing. All the big tech companies now basically work with or for the government in some capacity or another. With the CIA, I think it was them, putting spyware on iPhones being shipped overseas before they are bought by consumers, are the ones sold in the USA compromised in this way or not. And is it only iPhones or Android phones they are doing this to also. Bottom line is if they think you are a threat to them, they will get you no matter if they have to fabricate all the evidence against you. Back when the old Soviet Union broke up I warned that now that the cold war was over the intelligence agencies would now turn inward and start spying on their own people instead of being downsized or shut down. I hate to say I was right, but I was.

    Senator Frank Church was right back in 1975 when he said this before the Senate Intelligence Committee in regards to the NSA’s ability to intercept electronic transmissions:

    “At the same time, that capability at any time could be turned around on the American people and no American would have any privacy left, such [is] the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately done, is within the reach of the government to know. Such is the capability of this technology…

    I don’t want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over the bridge. That is the abyss from which there is no return.”

    What would Senator Frank Church think of the capabilities of the NSA today?

    If they want to get you they will. So I just enjoy life one day at a time.

  16. ILTim
    ILTim April 14, 2017 11:09 am

    1) It’s a LOT of work.

    2) Research always leads you to discover two eggheads bickering about how wrong each other is, that the sky is falling, and that if you listen to the other’s advice you’ll be boiled alive in Splenda. Who has the time to sort that out?

    3) What, exactly, is the problem, again?

    4) Everything you do will break within four days when updates run or companies go bust.

    5) It’s a LOT of work. Again.

    6) Ugh, why am I bothering again?

  17. Bear
    Bear April 14, 2017 11:10 am

    M Jarvis, if you sent your public key, you’re safe. You have to send that to people or they can’t encrypt anything to you. It’s the private key that’s needed for decryption. (Not counting possible hacks or back doors.)

    As former military, I had an advantage over some folks in adopting message encryption. Back in the day, sending a secure message meant installing the OCR font type ball in the TEMPEST approved typewriter, manually typing everything into the proper form, sealing the message in an approved envelope, and couriering it the base comm center. Receiving a secure message was a little easier, where the comm center had couriers to deliver messages to be signed for. Otherwise, it was another trip to comm center myself.

    GPG is a lot easier.

    Computer security generally has been relatively easy for me since I started with computers in the ’70s. I could adopt stuff gradually as it came available. And I’m the guy people come to for tech assist.

  18. jc2k
    jc2k April 14, 2017 11:18 am

    Comrade X, you should know that LinkedIn scans address books and automatically sends those requests. That important client very likely didn’t send the invite.

  19. Comrade X
    Comrade X April 14, 2017 11:22 am

    jc2k you may be right, been had again! I really really hate them now!

    If only that Nigerian aunt would just pay up too!

  20. RW
    RW April 14, 2017 11:43 am

    What we know they can do is at least 2 gen behind what they can do. There is no online security, tor and other means are waving red flags to “look at me!”. I’m too old to care, we witness the final days of the empire which is too far gone to fix. The cycle of history comes full circle as Tytler noted a long time ago.

  21. Claire
    Claire April 14, 2017 12:56 pm

    M Jarvis — What HWFIW said. Public key is public. Some people even put them on public keyservers for anyone in the world to grab. You have a separate secret key and passphrase. All those deep, dark secrets you shared (of which you didn’t share any because even under encryption you send nothing more high-security than cookie recipes) are safe.

    Except from all the other methods the NSA, CIA, ABCDEFG, and XYZ have to crack them.

  22. deLaune
    deLaune April 14, 2017 1:20 pm

    Mr. Phillips’ first paragraph had me nodding my head. Besides, I think using extra security would make me stand out from the crowd.
    During the Revolutionary war it was easy to spot the British officers. Their uniforms were made with expensive dyes that stayed a nice scarlet color. Not so for the grunts.
    My online presence is a faded, rusty pink. Maybe an enemy, but not worth a bullet.

  23. MJR
    MJR April 14, 2017 1:28 pm

    While I’m not a fanatic I do take some precautions. I tend to use several email addresses depending upon the level of security I want when sending email. My throw away email address is gmail but that’s only for things like logging onto to places like this to post a reply.

    Regarding browsing I do use an ad blocker plus an add on called Privacy Badger

    https://www.eff.org/privacybadger

    that deals with any tracking cookies. For example on this site it has dealt with a total of 16 tracking cookies. The only other thing I use is a VPN. As far as encryption goes I haven’t bothered because there really isn’t anything I’m into that I need it for. Before I would ever go that route I would be dealing with the person in person at a place of my choosing.

  24. coloradohermit
    coloradohermit April 14, 2017 2:34 pm

    “MacGregor K Phillips
    April 14, 2017 11:05 am .
    Basically I am too old to care anymore.”

    Yup. That’s me.

  25. Coyote Hubbard
    Coyote Hubbard April 14, 2017 2:44 pm

    I use a VPN when I do stuff involving cute puppies or boring stuff. If they waste the time to decrypt and figure out what im doing, well, they wasted their time but got cute puppies. I do have a Proton mail but use it only for getting notifications. I have a gmail I use generally, like family stuff and while i know the idea is “I have nothing to hide” – and thats of course, besides the point, if they wanted to know they can, so i can let that slide.

    If theres anything I need to get done or communicate that has an OpSec element, I don’t do it electronically or by snail mail.

    There is a series of books I read from the school library when i was young called “The Three Investigators”. This was a series aimed at young adults, like I was then, about three young adults that did young adult investigations of the things that happened to young adults….

    Anyway, one of their ways of solving a mystery was what they called “The Ghost Phone”. One of them would ask a question to someone not familiar with the mystery about some piece of info they need that they might have info on but they are asked to ask those that they know. Eventually, the call would come back to one of them with someone asking if they knew any a part of it, but that person had already been chatting to others about it and bits and pieces of the puzzle for it were already part of the conversations as it spread around…

    Anyway, no matter how secure you work, they can probably pull in enough general info about any tiny amount you do online either secure or unsecure and get a pretty good idea of where your thoughts and directions are at, kinda like the Ghost Phone.

    So encrypt and VPN, but if its truly an OpSec issue, don’t do it online ever.

    EDITED FOR TYPOS

  26. Comrade X
    Comrade X April 14, 2017 3:02 pm

    A fun way of communicating is the old same book communication method; 1st number is the page, 2nd number is the paragraph, 3rd number is the line; 4th number is the word (and you could add a 5th of the letter, but that to me is getting a little much & takes more time). Methinks the ABCEFG agency hasn’t built a computer that can break that yet. You just have to make sure everyone has the same book and nobody gets their’s taken away, but you could always change books every so often.

    Heck, you get something to read in your spare time out of it too, so it’s important to pick a good book methinks.

    You don’t need no stinkin encryption.

  27. SamInOregon
    SamInOregon April 14, 2017 5:13 pm

    1, 2, 4, 5
    I’m probably already on one or more lists, so why worry about it? I’m a retired computer software engineer so have the technical expertise to be more circumspect if I chose. I have an iCloud email account and a Proton email account – both are supposed to be more secure. I even fiddled with PGP at one time. But, bottom line, I can’t be bothered. So, I just use my gmail account and don’t sweat the small stuff.

  28. larryarnold
    larryarnold April 14, 2017 7:41 pm

    Mainly #6: My wife shares the computer, and if I can’t get her to lock the doors of her truck when it’s parked in our driveway and shut the garage door…

    “Nobody’s going to invade us!”

    Anyway, we both work for a newspaper and are members of a number of organizations with secretaries who are unfamiliar with the concepts of “BCC” and members who don’t know how to “Reply” instead of “Reply All.”

    OTOH we’ve been married 48 years, two daughters, a good son-in-law and twin grandkids, so the obvious solution is a non-starter.

    Folks still tell me they’re worried about getting a license to carry because they don’t want to be “on the list.” I tell them there’s only one list, and everybody’s already on it. So #5 as well.

    You don’t need no stinkin encryption.
    Um, Comrade X, the book-cypher IS encryption, dead tree version. Keeping secrets wasn’t invented with the computer. In fact, it just about pre-dates writing.

  29. Ron Johnson
    Ron Johnson April 15, 2017 12:30 am

    I’m just a few steps from giving up on the whole internet-of-things. It’s become so untrustworthy from an information and security point of view that there is no hope of protecting yourself once you enter it. From the first click, you’re on somebody’s list.

    Anyone who really, really, really wants to get into my computer will find a way. As the IRA once told Margret Thatcher: “You have to protect everything everywhere all the time. We only have to get it right once.”

    I’ve come to understand that the mere existence of a computer or smart phone in my house is a threat. I can be heard, seen, recorded, tracked, and screwed with through these machines. Additionally, the information is so untrustworthy and the dangers to our privacy are so extreme that the usefulness of computers to our intellectual lives is questionable. I seriously believe it will someday become the CB radio of the new millennia. (Remember when everyone HAD to have a CB, but it become so overused and misused that it became more of a nuisance than a benefit, so people stopped using them?)

    To make a computer safe from hackers and evil doers, I need to take my framing hammer and bash it to bits.

    Someday I’ll “go dark” by just signing off for good. That won’t be until I stop working…and there isn’t an end of working in sight yet, except when the grim reaper finds me.

    BTW, a couple of years ago I took to writing letters on dead trees and sending them via Snail Mail. That is not completely secure, but less likely to be intercepted than any electronic communications. Ironically, my audience is about as big either way.

  30. John
    John April 15, 2017 1:53 am

    @ Ron Johnson
    Fire, ocean vessel, oil lamp, steel, wheels and skis. Paper and books.
    To make things safe from “hackers and evil doers” wasn’t ever on the option list.

    We can be on the playground and still somewhat limit our risks, as our tastes suit us.

    Young folks might think little of an internet connected refrigerator, toilet, tooth brush or spam can*. I’m not their age any more, and fail to see any utility. I will be annoyed when the implant tracking attempt takes hold. Like to see maybe some push back before that. Not sure though…

    That boiled frog thing, and the realization that liberty has lost the education high ground to State and King.

    I view less than pretty, coming our way, but I’m yet a skeptical optimist. Number of thousand years, liberty passion persists.

    I sometimes think fun, thought to engage tyrant minions open. Some few spies and manservants, may thereby be infected by their invasives. I think the seeds of curiosity and anarchy are in our being. I’ve never been wrong, except,

    I’m an error prone fallible finite empiricist. The rest I do no know.
    And, I did just type this noise.
    ~
    *Yeah, inventory control and tracking. Been there and like utility of that part.
    If I cannot dump the tracking after it is mine, no more spam for me.
    (what if I do not know, is the nightmare I can have tonight)

  31. Jolly
    Jolly April 15, 2017 8:38 am

    Wellll -having my webserver hacked last month, and going on 4 weeks of remediation – I’m kinda in tune with this subject. In my case, an old Word Press site along with incorrect directory permissions allowed hackers to do quite a few nasty things.

    The good news is that I’m finally rid of running email for my clients – something I’ve wanted to get rid-of for 4 years. The bad news is that I’ve clocked over 70 hours fixing stuff, moving websites, re-installing operating systems, SSL certificates, and I’m STILL not done.

    If you want email security – an interesting option popped-up from Switzerland: https://protonmail.com I’m checking it out. I believe it will require both sides to cooperate for actual security. It won’t do any good to email your grandmother and assume it’ll be secure.

    As said above – if the government wants to know what you’re doing – they have the means to do so, and there’s not a whole lot to prevent them. One funny aspect of the whole PATRIOT Act surveillance is that it appears to be used primarily against GOVERNMENT flunkies – so maybe it’s not so bad, eh?

    It’s unarguable at this point that Trump has been monitored since at least 2015. One has to wonder if, say, Chief Justice Roberts was compromised in a similar fashion?

    On practical man-in-the-street level, I try not to use real names. I give out false security information, and don’t say anything meaningful on F**B***K. I use VPN and SSH, SSL, etc., primarily to avoid HACKERS not government.

  32. Kurt
    Kurt April 15, 2017 12:02 pm

    First, you need to determine what threats concern you. There are four basic threats, which you can mix and match to satisfy your particular flavor of paranoia

    o- If you’re worried about random criminals online from gaining access to your computer and the data therein for whatever purpose (mostly financial crimes), that’s fine, and there are countermeasures.

    o- If you’re worried about Google/other commercial entities mining and sharing your data, that’s somewhat different, but requires similar countermeasures to the above, plus some more.

    o- if you’re worried about your stalker/crazy ex, that’s yet another problem, requiring physical security measures.

    o- If you’re worried about government actors, that’s a whole different kettle of fish, requiring not merely computer security measures – it also requires a *lot* of meatspace countermeasures.

    For most people, it’s too late to worry about 2. The amount of data available about you is enormous. If you’re worried about the others, well 1 is fairly easy, and 3 isn’t much different than 1, except for the added physical security, but 4 is much harder.

    So what do I worry about? Mostly 1. And I take care of that with some browser addons – Adblock plus, NoScript and RequestPolicy. If I were worried about 2, I’d start using a disposable/regenerated virtual machine and also would bring up a paid-for VM with a small provider that would allow me run my own mail server in my own domain. But then I’d also have to be WAY more careful about who I emailed, and I’d probably have to stop emailing any number of other people, because they use free email services as well.

    OTOH, I despise FB, and have never and will never have an account. I have a resume on LinkedIn because someday I might need it.

    I don’t use chat, but I subscribe to 20 or so technical email lists, because it makes my job as a sysadmin that much easier, and all of them are archived and searchable, so I’m careful about what I say.

    It’s all about the balance.

    Kurt

  33. larryarnold
    larryarnold April 15, 2017 1:09 pm

    Remember when everyone HAD to have a CB, but it become so overused and misused that it became more of a nuisance than a benefit, so people stopped using them?

    As I remember CB went stale when cellphones (better technology) took over.

    I can’t imagine what might improve on the internet, but in CB-era 1990 we never imagined carrying internet computer/phones in our back pockets, either.

  34. firstdouglas
    firstdouglas April 15, 2017 3:00 pm

    I certainly recognize most of the thoughts being expressed here, holding many of them myself. And as for learning the tech necessary for security, I’m not doubting that I could, but only doubting that there will be much reward for effort spent. Especially since, at best, I might learn how to defend myself from the rogue bad guys, but never from the worst, the three-letter bad guys.

    I’ve installed linux on both of my primary computers, but the one I ACTUALLY run in linux I really only use to listen to lectures and interviews while in bed. Still just haven’t been willing to take the time to learn the first thing about linux yet, really–even though its use amounts to no more than a first step as to security, as far as I can tell. At least, I expect that thoroughgoing use of linux would spare me from many street level vulnerabilities that I’d never learn about using Windows/Apple.

    But I’m writing this on my other machine, using Windows XP. Stopped using Windows 7 when it became clear that 7 was going to get turned into 10, w/keystroke logging, etc., no matter my best efforts to prevent. From the beginning (for me, late ‘80’s) I’ve just operated on the assumption that everything I do online can be seen, despite my best efforts. Yet I pay my bills online, just keep no more in online accounts than I can expect to loose at any moment.

    I do use my own domain for real email, but I also use gmail, yahoo, and so on, for other purposes. And I’m not encrypting, largely because I doubt my capability to influence any single receiver of my email to bother to learn how to decrypt me. But I’m afraid that I’m wrong if I’m using others’ only imagined responses as my reason for going slow on security. I’m afraid that it really is true, that we have to BE the change. That’s the part within my power.

    So I will ,,sometime..get to learning linux and maybe, eventually, to acquiring a VPN, and using encryption. But even if I get going a bit faster on getting some more of this security stuff in place, I’ll do it knowing that I’m at the mercy of my masters nonetheless. The really bad guys can read my entire life, and were it perfect, the bad guys, should it suit them, could still put incriminating material on my machine, or say they’d found such.

    Our reality, or experience, IS what the police state looks like right now, IS how the police state is presently constituted and operating. So many good comments here–at the moment I’m especially liking (and hoping it’s true that) “maybe an enemy, but not worth a bullet.”

  35. Thomas L. Knapp
    Thomas L. Knapp April 16, 2017 6:52 am

    Four, and a partial five, and some not listed.

    4. I have better things to do than constantly obsess over online security.

    5. I am well aware that IF the state in particular takes an interest in my online communications, they have lots and lots of options for monitoring those communications. If I was willing to put an air-gapped computer in a deep hole in the ground with a Faraday cage around it and type/encrypt everything on that computer before transporting only encrypted text to my connected computer, I MIGHT be able to frustrate those options. Maybe. But probably not.

    We also seem to have some different ideas as to what online security is for. While I have started using uBlock Origin to cut down on some of the scripts because they slow my machine down, I have no problem with e.g. Google tracking me and selling what they can figure out about me to advertisers. In return for the ability to do so, they give me an email service I like (Gmail), the browser I prefer to use (Chrome), the operating system on both my machines (ChromeOS), a bunch of online storage space (Google Drive), software (word processing, spreadsheet and presentation), etc. If I had a problem with the deal, I’d refuse the deal and not use their stuff.

  36. Desertrat
    Desertrat April 16, 2017 6:58 am

    Privacy = Face to face, and maybeso snail mail.

    My tracphone is for highway uh-oh; otherwise never used beyond a “Are you home?” query.

    Since I thoroughly enjoy being politically incorrect, I don’t care who’s snooping. If they’re bent out of shape about me, I’ll smile and award them the Royal Order of the Rigid Digit.

    I guess that I’m like the line from the country song “Coca-Cola Cowboy”: “You taught me how to say I just don’t care.”

  37. Mark
    Mark April 18, 2017 5:23 am

    Probably the closest explanation for me from your list is number five, Claire. But not because I am convinced that “they” are looking for/at me (though I have no doubt that they are scooping up all of my data and storing it in their vaults in the desert). Rather, it is because the whole system was not designed for security in the first place. Bruce Schneier (almost always a good read) describes it well here: https://www.schneier.com/blog/archives/2017/04/surveillance_an_2.html.

    After nearly 40 years in this business, I am becoming disillusioned and more and more dreaming of dropping out and joining an Amish community (or trying to start my own Amish-like community). All of this stuff is powerful and wonderful and can be exciting on the one hand. But on the other hand, it dehumanizes, de-secures (made up word, but I think it works) and distances us from one another in real ways even as it increases “communication” between us and makes information (not necessarily knowledge, though) available literally at our fingertips.

    I liken it to motorcycles. I like older bikes because I can, or am learning to, do the work on them myself. Newer bikes are more powerful, have better brakes and handling characteristics, get better gas mileage, etc., but I am then tied to the support industry with knots I cannot undo and independence and self-sufficiency become impossible.

    Not a trade-off I want to make. And increasingly, the privacy and security trade-off is one I no longer want to make.

Leave a Reply