I was planning acroyoga to be the topic for month 2, but my job interfered. It happens that I’m travelling 3 of the 4 weeks (hello from Myanmar) and I won’t be able to attend acro classes. But I had another topic lined up that is partially relevant to travels, so I’m going with it – security and safety. These topics are covered by 2 of the experts – Samy Kamkar, the hacker who can take over your drone in flight and help you be successful on dating website, and Marc Goodman, who moved from working for FBI to found Future Crimes Institute and work for Singularity University.
This will be my paranoid month and I will be focusing on physical and digital security.
“You are not paranoid. They are really watching you.”
I’m not completely new to this topic. This is especially thanks to my friend (and one of my favorite humans) Juraj Bednar who is one of the top experts on security in part of Europe where I come from. And it’s not just about the theory – he co-founded 2 successful companies (Citadelo, Hacktrophy) that take different approach to security. Through him and other friends I was introduced to the beauties and risks of technology, and it’s probably the reason why I’ve been working most of my life in industries where security is a big topic (telco, banking). I’m also a big proponent of freedom and privacy, and see Edward Snowden as one of the heroes of our times.
So I should know a quite a bit about what should be done to protect my identity and privacy. I’ve seen countless posts and articles about how to secure email, use strong passwords, encrypt data, etc. But I am – as most of us – lazy.
The price we pay for security is often not expressed in money, but in effort and convenience.
- Yes I usually cover camera on both notebooks, but sometime I use videocalls and forget to put it back on.
- Yes I use Threema and Signal for secure chats on my smartphone, but at the same time I use Messenger and WhatsApp because not all people are willing to use secure channels.
- Yes I use long phrases as passwords and try to use different one for each website. But I admit that some of them are pretty old.
- Yes I know about RedPhone (secure calls/video calls), but I haven’t installed it on my new phone yet.
- Yes I know about PGP but oh boy it takes effort to start using it.
- I never connect my private phone to any network in China, but I connect my corporate phone anywhere. Even to airport wifi.
- Yes I use fake names, but almost exclusively at cafes, spas and similar places where it doesn’t matter much.
- I still use fingerprint to unlock my phone even though I know that it can be found on any cup I drink from. And now even Indian officials have them and some funny company that collects biometric data for them, which could not even tell me how they protect it.
So next month I will be vigilant and will try to make it a habit to protect myself as much as possible.
This should not be about making myself completely bulletproof to any attempts to hacks. Unfortunately that is not possible anymore.
I know that if someone like Samy Kamkar or Juraj decides to hack into my life, they will be able to do it. And, thanks to Edward Snowden and other whistleblowers, we know that all of us are all being watched, all the time, anything we do. “Minimum viable product” for this experiment is to raise the difficulty (=cost) enough in order to discourage potential attacker from taking advantage of something too obvious or easy.
When I talk to people about privacy, I often hear 2 things that I’d like to address
- “I have nothing to hide, so I don’t have to care”
- If you think you have nothing to hide, please write about your salary, health issues and sex life in comments. And what you think about your neighbors, colleagues and your country’s politicians.
- “Nobody is interested in my data”
- There’s a lot of ready-made tools that can be used by bored/malevolent/desperate people, so nobody is really safe
- You probably know someone who is interesting for somebody else and you can be targeted by attackers to get interesting data about somebody else. Or you work for a company that has competitors.
- You probably have some money. Maybe a credit card.
Please don’t think these threats don’t apply to you.
I’m pretty average person, so I don’t expect that I would be targeted directly. In theory that should mean that I just need to cover the basic threats to raise costs high enough to make it a nuisance. Unless this post triggers someone – probably just by writing about this I’m exposing myself to a bit more attention.
|Titan||Samy Kamkar, Marc Goodman|
|Who is he/she||Samy: Hacker. Marc: Future Crime Institute leader|
|Name||You are not paranoid (they are really watching you)
(aka “Paranoid month”)
|Claim||Being wise includes knowing how to defend yourself. Wise person minimizes risks of threats – both physical and digital.|
|Test||There are many recommendations for both physical and digital security. I will follow at least these
– encrypting all the devices
– more secure passwords
– using fake names more often
– learn how to anonymize myself
– notice potential risks for physical security (esp. when traveling)
|Expected result||If the basic security measures listed in the book are manageable by a “normal person” who is not especially technically trained, the experiment will be successful.|