Humankind has outgrown the need to have monsters hiding under our beds. Now we let them hide in our phones, computers and microwave ovens.
Roblimo’s Hideaway
OMG! I think I see a giant camera lens on a long stalk sticking out of my microwave oven! It uses X-rays in addition to visible light, so it can look through the kitchen wall into my home office and watch me type. That’s right. Type. Maybe pet the dog a little or something like that. No contact with the Russian government. No secret conversations with Barack Obama or other members of the Deep State who are bent on overthrowing America’s elected President.
Then there’s the RF (radio frequency) monitor in my office that logs keystrokes from my wireless keyboard and sends them to a gigantic NSA superdupercomputer that decodes its encrypted signals. Zounds! That’s scary!
Except, of course, that none of this is actually happening. Nobody is spying on me because I am boring. Nothing I do is very important in the overall scheme of things. Foreign spies, and even our own government, would learn nothing of interest by keeping a close eye on me.
I know a lot of people who worry about the CIA, NSA, DIA, and other agencies illegally spying on them. In fact, somebody I thought knew better just told me that he’s worried about Gang Stalking. Umm… okay. We’re talking about somebody who is a pretty good tile layer and all-around construction guy, but there is no conceivable reason an intelligence agency would be interested in him.
My gang-stalked friend has been lonely lately, and he was short of work for a while so he doesn’t have much money right now. He’s almost a poster boy for low self-esteem. What if he really is being gang-stalked, whether by a government or a (dare I say it) gang? That would mean someone was taking an interest in him. And that would make him feel a lot better about himself. He might even believe he’s important.
If a national government takes enough interest in you to stalk you or wiretap you, there’s no way you can think of yourself as inconsequential, is there?
If that government — or the One World Black Helicopter Socialist Movement, LLC — considers you important enough to scan your hard drive for secrets, Wow! You must really be somebody!
You do encrypt your hard drive don’t you? Just in case?
You probably have a 72-character Facebook password, too. What about your Gmail account? Two-factor authorization, right?
A brief confession: I do have an encrypted hard drive and I do use two-factor Gmail authentication, but that’s because I do some writing and editing work for a high-end software consulting company, and it’s my duty to make sure any corporate secrets they share with me are reasonably safe. Not totally safe, perhaps (if there is such a thing), but AES-safe, anyway, which is generally considered good enough for most purposes.
My personal data? Other than my debit card number, I don’t transmit a whole lot of confidential information over the Internet — or have any stored on my computer.
Do you? Other than the naked photos of your ex-boyfriend, I mean. And do they really show anything most of us haven’t seen before?
I’m not saying you should be totally security-stupid. You shouldn’t leave your laptop visible on the seat of your car, for example. Or publish your Social Security number on Twitter. But worrying about KellyAnne Conway infiltrating your microwave? Or Donald Trump or Barack Obama (whichever one you feel is more likely) “wiretapping” you?
Ain’t gonna happen, people. And chances are, nobody has hacked your stupid TV and is using its camera (assuming it has one) to watch you watching TV. Your webcam? Turn it off. Cover it with a bit of tape if you like. Ditto the camera on your phone.
But whatever you do, don’t use security fears as a way to overcome the feeling that you aren’t important to anyone. Instead, use the same energy to do some volunteer work or something else that will make the world a better place, which is the real way to be important!
Robin “Roblimo” Miller is a freelance writer and former editor-in-chief at Open Source Technology Group, the company that owned SourceForge, freshmeat, Linux.com, NewsForge, ThinkGeek and Slashdot, and until recently served as a video editor at Slashdot. Now he’s mostly retired, but still works part-time as an editorial consultant for Grid Dynamics, and (obviously) writes for FOSS Force.
>>>>You do encrypt your hard drive don’t you? Just in case?
Yep.
>>>>You probably have a 72-character Facebook password, too.
Don’t use Facebook, don’t like being The Product, same reason I don’t have a G+ account or Google search, or Bing or Yahoo, for that matter.
>>>What about your Gmail account? Two-factor authorization, right?
The Gmail account exists so I can provide an email address when posting to places like FOSS Force. So I don’t give a rats arse about 2 factor authentication. If anyone wants to hack into it, they will probably find a shitload of spam.
I don’t keep personal data on my computer, never have. Yep I keep the Camera covered, and the microphone blocked with an open circuit jack in the Microphone socket.
Don’t use smart devices or IoUT devices, because the fact is some corporate database IS storing any and all personal information.
Maybe someone’s interested in me personally, probably not, but if they are I like to make it so they have to work at it. In any case it’s my private life, and I prefer it stay that way.
The fact is, though, whether or not Governments, Corporates, or Criminals are interested in me personally is moot. Governments and Corporates are certainly interested in me impersonally. Why should I make it any easier for them, by believing “If you have nothing to hide, you have nothing to fear”, which is, in fact, the Bullshit you are peddling in this article.
Robo, thanks for the article. I did have a laugh. Yes we need to wear our security hats all the time.
As Linux Coord for our local computer club, I stress this alot.
This article isn’t very impressive. While I don’t think the NSA is after me as I’m an uninteresting person, I know that others are.
I keep a server on my network to handle email and a wiki so that I can access it remotely. The script kiddies pound on it continuously. They think I’m interesting for some reason; most likely as a bot on their net.
This article asks that I do some volunteer work to make the world a better place and, otherwise, put my head in the sand. I’m volunteering to keep my CPU cycles from participating in the next Gbps DDOS attack.
Yeah, really. I’m a bit disappointed. I didn’t expect such an “head in the sand” article from Robin “Roblimo” Miller.
Even with tongue in cheek Robin, you should know better!
Oh well, guess everybody needs to be wrong from time to time! ;P
JohnN, your message takes me back. I used to have a server running on my office computer (this was a LONG TIME ago) so my students could use their random secret numbers I assigned them to look at a table of scores on exams and homework. The log showed it got hit as many as a dozen times a day. It was before script kiddies got their stuff automated and people were having to try to type it all in manually.
Bizarre and totally impossible to fathom now is it was on my office daily driver computer running Windows 98. Somehow, everybody trying to get in was looking for a more serious Windows directory structure. The directories they wanted just weren’t there.
I did it for at least two semesters and somehow it never got penetrated. However, it didn’t take long before I decided that server wasn’t a good idea. About the same time, the university IT folks decided it wasn’t a good idea, too, and plugged my hole in the firewall so students off campus couldn’t get in.
In a more mature time–after I retired–I ran a public website on an old computer on my home network. Used a serious (but free) Linux server to share a database registry of certain Farmall tractors only built 1951-54. Sixty years later, you won’t be surprised it wasn’t a large database. I felt honored to have it probed by IP addresses from several cities in China. I checked it occasionally and don’t think anybody ever got in or used it for a bot.
Head in the sand? No, I advocate taking reasonable security precautions, which is not the same as worrying about robot cockroaches sending images of your living room to ISIS.
You’ve heard the expression, “Perfect is the enemy of good.” Therefore, be aware of security and do basic things, but don’t obsess, and don’t puff yourself up by believing you are more important than you really are.
And NEVER forget physical security basics. Don’t leave your laptop visible in your car while you run into the convenience store. Who would do that? I live in a part of Florida where people leave babies and dogs in their cars “for a minute” all the time. And laptops, which routinely get stolen out of cars around here.
Also, lock your doors. Especially car doors. People go up and down the street (or more likely through a parking lot) looking for unlocked cars and grabbing anything valuable they see within 30 seconds. Believe it or not, a *lot* of guns get stolen this way.
If you run a server of any kind, *of course* you should secure it. Where did I say you shouldn’t? But once again, stay rational. Guard against the root kit crowd and others likely to try to mess you up instead of spending your time worrying about the Glumps from Alistair III who use deep space psychic techniques to get into your computers — and your brain. Take THAT energy and use it for some volunteer work. Really. It will do you and the world more good than worrying about nonexistent threats.
@Roblimo: The problem, as I see it, is that you’re lumping things that *are* happening in with things that are fanciful. Take this, for example:
“And chances are, nobody has hacked your stupid TV and is using its camera (assuming it has one) to watch you watching TV.”
This is a misleading statement. Yes, it’s true that your TV probably doesn’t have a camera in it. However, TVs are *absolutely, unambiguously* being used to spy on users. That’s not tinfoil-hat conspiracy stuff like your “robot cockroaches sending images of your living room to ISIS” comment; it is a thing that is definitely happening. Vizio just settled with the FTC to the tune of $2.2 million, and is *still* facing a class action suit on top of that. Whether or not it is likely that the CIA is using your Samsung TV to spy on *you, personally*, the mere fact that there are TVs with an exploitable vulnerability bears serious consideration. I wouldn’t advise connecting a TV to your wifi at all.
And that’s the tip of the iceberg in terms of IoT security, which is totally abysmal.
While it’s unlikely that anyone reading this is being *personally* targeted by a three-letter agency, it’s highly *likely* that their data is caught up in mass surveillance efforts targeting everybody. Some of those efforts come from the government; others come from advertisers.
I think that at this point, running uBlock, Privacy Badger, and HTTPS Everywhere is just plain due diligence. Something like NoScript is a way bigger hassle, and I wouldn’t recommend it to most people, but personally I use it on my main machines.
And yes, of *course* I use a password locker. At this point, if you’re not using a unique, pseudorandom password — not necessarily for every account, but at least for the accounts that you don’t consider to be throwaways — then you’re putting a target on your back.
And you don’t have to use 2FA everywhere, but you really should use it on your bank account. And if, like most people, you carry around a phone that’s tied to an account (either Apple or Google), you probably want to use 2FA there too.
I think your overall point is that we need to keep perspective and not overreact. I think that’s good advice. But keeping perspective also means not *underreacting*, and I think you veer too hard in that direction. There are serious issues with digital security and online privacy. They need to be addressed. That’s not a conspiracy theory; it’s common sense.
And that episode with the mechanical alien cockroaches was dumb, but man it sure had some great dialogue. Sure, it may be the weakest Darin Morgan episode, but even the weakest Darin Morgan episode is still pretty good.
> “No, Evil Hackers Aren’t After You”
Ha ha ha. If you believe that, I have a bridge to sell you.
(Note: I realize this tag is added to the story and is not from the author as was made clear in a previous story.)
That said:
I hate, hate, hate the old “I have nothing to hide, therefore I don’t care if they spy on me.” bullshit. Mainly because it is used as an example that you too should not care, or that caring makes you weird, lacking in self-esteem, paranoid, and/or unpatriotic. That is a complete and utter load of absolute crap.
Yes you do (or should) care, and yes *they do spy on you.
* Who’s they? Everyone…hackers, governments, even corporations.
Everything on the modern web is designed to collect information on you. Even without the spectre of malware injection from three-letter agencies the amount of information collected is beyond staggering. The full impact isn’t noticed by people because they don’t realize or understand the sheer amount of correlation of that information that is being performed behind the scenes or the power it gives those in possession of it. If you think it is only used to target ads at you, you are naive.
Failing to take basic precautions in handling your personal data weakens EVERYONE’s privacy…not just yours. Failing to take the matter seriously weakens the case for meaningful legal reform to protect individual liberties, including the right to privacy.
Not putting personal data on a computer or using outdated tech in hopes of avoiding the issue does NOT help and only aggravates the problem in the long run. It is not sustainable and only serves to marginalize the voices of those who would otherwise care about control over their own data.
I would suggest to anyone serious about security and/or privacy on the internet: Ignore this article and look for ways to help make us all secure, either through donating to the EFF, pushing for legislation that benefits individuals’ right to privacy, or contributing to a FOSS project committed to helping maintain our individual security and privacy. THAT’s the real way to help.
I’d also like to recommend the Firefox add-on “RequestPolicy Continued” in addition to those mentioned by Thad.
I run it in addition to the others. By default it prevents ALL communication outside the direct site in the URL bar. This means scripts can’t call home, load files, set cookies, etc.
One thing I really,really like about it is that you can whitelist each destination individually based on the site in the URL bar. This means for example you could whitelist cloudflare or some other CDN being access from a specific site, but disallow it when called from all other sites.
I absolutely wish NoScript had this feature. I dislike that whitelisting a script in NoScript means it can automatically run from any site that calls it. RequestPolicy Continued give much finer grained control (which works well in conjunction with NoScript). It removes a lot of the power of ad networks even without an ad blocker, and doesn’t need constant updating. I still recommend using an ad blocker in conjunction though.
I know that to most people (aside from my friends and family) I am not all that interesting. BUT that is not the point. The point is that I will take reasonable precautions to guard what privacy that I can maintain in todays world. I don’t believe that the NSA, CIA, FBI etc are trying to spy on me or on most people. However, corporations do try to spy on just about everyone to collect personal data that they can then sell. The lack of security of most IoT devices make them prime suspects in this regard, as are “smart” TVs, especially those that have a built in mic and camera!
What I do in my own home and on my own computer (even when web surfing) is no one’s business but mine! I don’t use Fakebook, TWITter or other data mining sites. I do read the privacy policy of any web site before I give them any information at all.
I will not be spied upon if I can avoid it.
If a corporation has your data, then it is being handed to and/or collected by government agencies on a regular basis as well.
Congress is currently trying to destroy your right to privacy: https://www.eff.org/deeplinks/2017/02/congress-contemplating-making-it-illegal-protect-consumer-privacy-online
Combine this with the continued collection of tons of unnecessary data by corporations during every little interaction we have with them and you have the recipe for a disaster.
It is time to fight back.
End dragnet government surveillance of entire populations and the wholesale harvesting of information from co-conspirator corporations.
We need a real change in policy that respects individual liberties over some pseudo-security promises that our surrendering of privacy and anonymity will protect us from terrorist boogeymen.
Man, many are going to hate you for pointing at the elephant in the room. I am sure that those clowns who claim all that nonsense feel very important to be the target of so much attention from the government.
As I was saying about leaving your laptop in the car…. http://www.nydailynews.com/new-york/laptop-trump-tower-floor-plans-stolen-secret-service-article-1.3001078
CORRECTION: Worse than leaving a laptop in your car is *leaving it on your motorcycle.* Oy!
One further point, my Government IS spying on me and every other Australian Internet user. ISPs are required to keep logs of every customer’s Internet use for up to 2 years. Which is why I also use a VPN, paid for in an untracable manner, for all Internet access.
They are doing this mostly to appease the Copyright Maximalists, but also “Because Terrorists”, but whatever their reasons, they ARE invading the privacy of every individual who uses the Internet.
I for one gave Microsoft the “finger” a long time ago…(when XP was just released) I turned to Linux because of it’s secure features. From SELinux and RKHunter, to CLamAV and the manipulation of firewalls and IP addresses using iptables. I don’t have any “smart” devices in my home, nor will I ever purchase them. My laptops are “blinded” with masking tape, and I don’t use my phone for accessing my bank account, only my desktop and laptops at home. I don’t believe in being relaxed when it comes to securing your private data, nor do I go about granting websites access to it. I have 6 (six) dummy email accounts for signing up to websites, and I don’t access any of them from my phone or even from my desktop at home. Just from the “single purpose” laptop that runs Debian Linux. I think security is just like beauty, “..in the eyes of the beholder..” you want to be protected from malware, spyware, viruses, and trojans? perform due diligence and do the things that will protect you and your loved ones while online. Too many people are content to believe that just because they have nothing to hide, they shouldn’t fight for their privacy, well that’s fine and dandy when you do nothing but shop online or just chat with a friend on Skype from Hawaii, but what happens when “accidentally” one of those devices turns on while your daughter is undressing?…or while your wife is having a “private” conversation with you in the living room? Enough is enough, if we don’t stand for our right-to-privacy now?…then the future will be the totalitarian, myopic lifestyle written about by George Orwell….where “Big Brother” has a hand in EVERY aspect of your life…..from what to eat….to what you watch….where you go…what you drive…how you speak…how you dress….yeah….wake up America!
@tracyanne
Right, some coutries are doing this right out in the open. The U.S. isn’t quite there YET, but is headed that way.
One hting you need to be aware of is that even with a vpn, it is possible for DNS queries to “leak” to your ISP with any OS. There are a couple ways this can happen, but the practical result is that unless you take extra steps to avoid it (VPN kill switches are NOT effective), some DNS queries may escape the VPN and be sent to whatever DNS server you have configured for use when not connected to the VPN. Even if this is not your ISP’s DNS server, those queries are sent in plain text and easy for your ISP to log.
For some awesome information on VPNs and privacy/anonymity look here: https://www.ivpn.net/privacy-guides
For the best honest comparison of VPNs check here: https://thatoneprivacysite.net/
Here’s hoping that having two URLs in a comment isn’t enough to get caught in the spam filter…
This is a lamentable article that ridicules the sad reality of domestic surveillance and those of us that are affected by it- that is, all of us. No, most of us don’t have people personally monitoring our communications or trailing us. That isn’t what this is about. It’s about the NSA, CIA and other government and corporate agencies recording a large amount of our personal communications, storing it, and linking it all together automatically. This is now known and verified FACT. This violates the U.S. Constitution and the right of every person to their privacy. And yet you continue to lump it in with unreasonable conspiracy theories as if it was all the same.
You think you’re safe because you’re “boring”. But just think about what that really means for a moment. It means “I don’t interest the big powerful guys because I’m not a threat to them.” So, you are essentially taking a submissive role towards government. You are saying that everything is alright as long as you don’t ruffle their feathers- legality be damned! But there are perfectly law-abiding citizens who do ruffle their feathers- like human rights lawyers, judges, investigators and reporters. So what about them?
God forbid you ever decide to become “one of those people”. They’ll be able to access basically all of your history and use it against you if needed. And if it affects those people who make a Constitutional democracy work, then we’re all in trouble.
No one should live their life in fear that they are being watched. But we ARE being watched. We need to change our response if it leads us to misery, not to whitewash the reality of the situation.
Most people are way too lax about securing their data, their privacy or making this enough of an issue to get these highly illegal and immoral activities to stop. And yet you ridicule the issue as if we should take it even less seriously.
This is a huge issue that will ultimately bring down free society if it is not remedied. I am saddened to read this on a FLOSS blog, where an air of freedom usually abounds.
I have less concern about governmental intrusions than the more omnipresent collection of information about me. Couple this with AI, and this is what’s going on, and we have to become suspicious of any unsolicited email or phone call. We have a constant stream of emails from pretend locations and phone calls with spoofed IDs.
No one has an answer to this.
@Mike
Yes I’m ware of DNS leaks. I check for those regularly (yeah I use IVPN), and I also don’t use my ISPs Domain Servers on any of my computers, I haven’t for along time, even before I started using a VPN.
My VPN provider is a zero knowledge provider, they don’t keep logs. The account can be created without the need to provide any personal information (that includes not having to provide a mobile phone number), you can also pay by anonymous means such as bit coin or cash.
I use a zero-knowledge VPN for some of my online activity, but not for things like chatting about inconsequential crap or sharing music videos with friends on Facebook. I think I need to write another security column, with a better attempt to define “rational,” which may not be the same for everyone.
“Nobody is spying on me because I am boring. Nothing I do is very important in the overall scheme of things. Foreign spies, and even our own government, would learn nothing of interest by keeping a close eye on me.” That’s what I tell my students all the time, Robin! You must have been listening in! LOL!
@Mike: Didn’t notice your post until now, but thanks for the recommendation on RequestPolicy Continued; sounds like the kind of thing I might not give to my grandparents but I’ll be looking into it myself.
@Thad
I’m now also experimenting with uMatrix which seems to have a lot in common with Request Policy Continued as well as some nifty features unique to it.