Principles of security

I have realised the potential need for a new category of blog post, or at least a new purpose for the blog, namely being an online source of stock answers to common questions. While I should not be intending for people to come here for my opinion on the latest [Slashdot] article, I do occasionally (in IM / IRC conversations) find myself at a loss for the sources or analogies that would make my position more cogent. Particularly in blogging it would be helpful if I could link to something which explains some basic principle I have without having to go off at a tangent to explain it. For that reason I expect to occasionally write little “lemma” blog posts, which can be used later to prove greater theorems.

The most notable issue to speak on so far is that of security. Everyone who uses the net will presumably be somewhat aware of security (or their lack of it, at least in terms of its symptoms). Moreover, anyone who takes their own security seriously should be aware of at least the principles of security, even if they do not follow individual issues. It is also worth noting that security and privacy are closely linked; as the fourth amendment of the Constitution of the United States of America puts it “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated...”. As a case in point, I think most people would have a view on the “The innocent have nothing to hide” debate.

For me, though, the first question after this is “To what lengths should one go to protect their personal safety, the integrity of their computer, and cover their tracks?”. Every different person presumably draws the line differently for each issue. I have heard people say that their computer contains no private data, and arguably it would be simpler for them to reinstall everything than make their computer secure, but nowadays if your computer’s security is breached there is a strong chance that it will be used to send spam, possibly making money for organised criminal gangs. Your responsibility to keep your computer under control is therefore something which should be thought about. Also, more and more people are taking seriously the idea of shredding their post before disposing of it. I have even heard the principle of “Shred anything that has your address on it” applied to envelopes. If someone wanted an envelope with your address on the front, they would merely have to send themselves a letter with the address written on in pencil or washable ink, wait for it to arrive, remove the address and write your address on the front. Are there even any safeguards against forgery of post marks?

Moving on to the less common, what about the security concerns of a blog? Having someone know what you do during a typical week, who your friends and family are, pictures of yourself, online contact details of them and yourself, can easily constitute a potential risk. Of course there are the additional issues of people copying the text of your blog or leaving comment spam but it goes beyond that. My view on privacy in blogging is at least partially based on the realisation that “Anything you publish will be available to anyone in the world, anywhere, instantly, freely, anonymously, from now until at least the end of human beings on this Earth.” Even while writing this post I have censored myself, as I have thought of ways for a determined attacker to breach what I consider to be my deserved level of privacy. I hope this goes some way to explaining why I will not always give details about myself, or the security systems that I use or recommend.

Is there any reason not to be even more cautious? It is entirely possible that my computer could be at risk for lack of some critical but easily implemented workaround. It is entirely possible that at some time in my life someone may gain some advantage against me by using data on this blog. Would you want the whole world to know if you were deathly afraid of jelly? It is entirely possible that Google could turn evil and blackmail you, threatening to give all your email contacts the history of everything you’ve searched for. Is it? There are some who are wary of the amount of data Google stores on us, and I myself have decided that I will not choose to have my email account, search request results, and internet connection come from the same company. I have realised that having one’s email not linked to one’s ISP also avoids lock-in (another reason, apart from the data protection issues, why I avoid customer “loyalty” cards). Also of course, as Google’s site does not use encryption, my ISP could read all my search requests if they so wished, and the content of about 99% of the sites I accessed from the search results.

What is the cost of this “paranoia”? Surprisingly little. One would think that my desire for security and privacy would be kept in check by the prohibitive cost (in terms of time and money) of securing myself. For instance, I refuse to use Gmail and the associated products, and I feel a little constrained by my caution at where my data goes, especially when I sign up to things, but these choices cost me no money, and very little time. I am left with some sort of inverted Cassandra complex, where instead of feeling unable to stop a catastrophe, I feel completely able to stop all sorts of unlikely scenarios.

Regardless of the minimal cost, then, am I actually gaining anything? I would say yes. One can bury one’s head in the sand and say “I’ll react to security holes when I actually fall victim to one.”, but ignorance isn’t really bliss. Google may get bought out by an evil company, they may become evil over time, an evil government could force them to hand over data, a virus could steal the data for some hacker; even a simple administrative mistake could cause unimaginable privacy implications. More generally, I am fairly confident that should I ever find myself in a situation where I need to keep secrets, or I am the target for some new type of attack, I will not suddenly be caught out by my lack of preparedness.

That is not to say I think I am completely secure. One of the things I am acutely aware of is that there is no such thing as “secure”, only “less / more secure” and it must always be assumed that a determined or powerful adversary will find a way. But consider, two security measures I am prepared to disclose my use of are encrypted tunnels / links between hosts (so I do not use telnet or FTP when logging in to company networks, nor would I be allowed to by any competent sysadmin) and more recently Tor. So, in fact, I can access Google without my ISP knowing what I am sending or receiving, whenever I want.

Finally, no talk about paranoia would be complete without the sobering tale of Chip Salzenberg whose home was raided and computers and files seized, purely (we are told) because of false accusations from his employers after he disagreed with their apparently illegal practises. So, if you want a quick way of explaining your seemingly over-zealous protection of your privacy and security, try

“I may have nothing to hide, but that doesn’t mean I want to be victim to some spammer, scammer, phisher, fraudster, identity thiefor, worm, virus, trojan, adware, malware, disgruntled boss, incompetent state, hacker, cracker, bluejacker, slacker, stalker, or loser bunny.”

What’s a loser bunny?