Things I’m Reading – Information Hygiene: Most People Haven’t Connected Their Dots Are Getting Connected

Information Hygiene: Most People Haven’t Connected Their Dots Are Getting Connected
By Rick Falkvinge

Your refrigerator tells you when milk expires. Your cameras tell you remotely of anything unusual happening in your home. Your wi-fi-connected scale tells you about your BMI and body fat content down to three decimals’ precision. With this just around the corner, it’s imperative we realize that they’re also telling other people the same thing.

A new skill is rapidly emerging: Information Hygiene. The understanding, at a deep technical level, of who else can see your information depending on what you do with it. When you send a mail, it’s open for the world to see. When you’re storing unencrypted things “in the cloud”, you might as well have put it on YouTube. When you’re connecting your home cameras to “the cloud”, you’re inviting any number of unknown people – the point being that you can’t know how many and who they are – to look straight into your home.

When D-Link markets their “cloud cameras”, the point being that you can watch your home camera from your mobile phone, they never mention that a number of technical links are required to make that work – getting the video feed from inside your home, through your ISP, to D-Link’s servers, to your telco, to your mobile phone. And at each and every one of those links, there are people who have access to the same video feed, and who may be coerced to share it.

The dystopias from the 1960s about governments having cameras in our homes were correct. But they were wrong on one crucial point: we installed those cameras ourselves.

In several parts of the world, this is a survival skill. Can your communication be read by an adversary, perhaps a powerful adversary like a tyrannical government? Do they have means to pinpoint your location? If you don’t know the answers to these questions, you may not get to procreate. Ironically, it’s in the worst parts of the world that deep technical understanding literally gives you a stronger evolutionary advantage.

When you’re putting that document on Dropbox, did you take into account that Dropbox employees can read it? Do you know who they are? It doesn’t matter whether they’ve given a pinky finger promise not to – they have the technical capability to do so, and under some conditions, can and will be coerced to open your documents for various three-letter-agency third parties without telling you about it. Basically, don’t put things on Dropbox – or any cloud service – that you wouldn’t put on YouTube.

“There is no such thing as the cloud. There are only other people’s computers.”

Take the Goji SmartLock, for example. An electronic doorlock, unlocked from your phone. Sounds like something that would really help most people – until they mention in passing “and if you’re locked out, our operators can unlock your front door remotely”. That’s when the gadget ceases to be a lock, and becomes something else. The whole point of a lock is that you – and only you – should have control over when it opens. If somebody else can open it for you, that means you’re not the one in control. The distinction is subtle but crucial. A lock that is designed to be opened by someone else outside of your control simply is not a lock.

Understanding this is Information Hygiene.

The next step is the so-called Internet of Things. Lots of small sensors in our everyday dealings are constantly sending updates to servers. Our mobile phone. Our weight scale. Our refrigerator. An adversary with access to this information can quickly connect dots and learn more about you than you can possibly know yourself. Do you know the last thing you didn’t buy, for example? Probably not. But advertising networks know. Do you know the last newspaper article you read, and how you arrived there, and how long it took you to read the article? Servers somewhere know.

Did you buy an anonymous prepaid SIM card for your mobile phone? Good. Did you pay it with your credit card? Then it’s not anonymous anymore.

As all of these small dots of data are collected, they’re also connected. Understanding how that happens will be key to privacy in the very near future.

Privacy remains your own responsibility.

June 29, 2015 at 07:16PM
via Privacy Online News