The end of privacy as we know it

I remember Eric Schmidt saying something to the effect of “if you don’t want something to be publicly known, don’t post it on the internet”. But as we have seen with the deeper proliferation of ‘social media’ on our lives, we can’t stop but share every moment of our lives online. There are specialized channels for us to share different types of content.

I’m not here to rave about how the definition of words ‘share’, ‘like’ and ‘social’ has been perverted changed over the last few years. There are enormous psychological and social effects of social media about which tons has already been written.

This post has been motivated by what we have lately learned about all that has been going on in the past many years unbeknownst to mere mortals outside the high echelons of the government and corporates that we so willingly give all our information to.

The latest revelation regarding what governments are keeping from their citizens was done by Edward Snowden who sought refuge in Hong Kong and is currently in Russia. The US government has charged him with Espionage Act, among others.

Previously, Bradley Manning and Julian Assange, the founder of Wikileaks (also see: The Fifth Estate) have been charged with accounts of passing private information to the enemy.

While I am no one to judge the ramifications of what they have done, I do have one question. What about James Clapper, the head of the NSA, who lied to the Congress about the existence of PRISM, the gargantuan data-collection program which the NSA is using to collect data from various software companies’ servers; which in turn, happens to be data of every individual, US citizen or not, who uses websites and services of these companies.

This week a new incident followed the already snowballing set of activities in this space. The founder of Tor network was arrested after the government agencies intercepted and added malware to the Tor network and Freedom Hosting using infected nodes. The Tor client, which was Mozilla Firefox ESR 17, had a vulnerability which was compromised in this attack.

Here is the source code of the malware.

Apparently this malware was collecting data and sending to an IP which was one of the many IPs assigned to the government agencies. Exactly who was controlling it, is not yet clear.

Security expert Bruce Schneier has this to say about the NSA surveillance.

I used to have a lot of respect for America because of what it stood for. Those values seem to be decaying. The ‘land of the free; home of the brave’ is the one which is now headed to prosecute the people who told the public what their government is secretly doing with their personal data. This sounds a lot like ‘shoot the messenger’ to me. As Carlin used to say, the only American value that has remained, is buying things.

At the risk of sounding clichéd, I will leave you with one word: 1984.

Caput Draconis

[The title is the first password mentioned in Harry Potter books]

I have always been paranoid about security, but in the last few weeks the paranoia has increased, especially since I read how hackers almost entirely erased the digital life of Mat Honan. [Here’s the follow-up articles on how he got (a part of) his data back and then about catching the hacker]

Google has done a great job by providing two-step verification. Here’s how you can use it. I wish more services would provide such security-enhancing solutions.

So today I set sail searching for the best ways to create passwords which are hard to guess and yet easily memorable by humans. I didn’t want to use a software/service for it because it tends to limit the number of places you can use the service to enter the password (apps on phones/tablets, for instance). I understand that they are a much safer way to go, but the dependency was something I wanted to stay clear of. For those interested in such software solutions, please check out roboform, lastpass and gringotts 😀

Instead of trying to explain what has already been explained, and in ways much better than I possibly can, I’ll share the links with you.

  1. Jeff Atwood’s famous post about Passwords vs Pass Phrases
  2. Microsoft’s guidelines and password security checker
  3. Soundpuzzle has one
  4. And then there’s diceware

For those interested in numbers, here’ the analysis of how ATM PIN numbers are spread across the possible 10,000 values (0000 – 9999) Hopefully yours is not one of the top 20.

And here’s an awesome XKCD post about password security 🙂

Be safe. Peace.