February 17 2017
End-to-end encryption is the new security mantra, but how far will you go to foil the thought police?
It’s difficult to maintain a healthy level of paranoia when some days it feels like we’re living in a gritty reboot of 1984. Revelations of western security agencies systematically spying on their own citizens have driven many people to embrace personal encryption tools, yet at the same time social media has bred a generation of oversharers who seem happy to trade their privacy for magic beans.
How closely is Big Brother watching you?
Some people wear tin foil hats to avoid government mind probes, while others write their passwords on post-it notes for all the world to see. Most of us sit somewhere in the middle, swinging between vigilance and complacency as we navigate the challenges of modern technology.
Nothing to hide?
It’s often said that if you’ve got nothing to hide then you’ve got nothing to fear, but that’s a dangerous attitude. It downplays legitimate fears and makes it easier for the powers that be to gradually erode civil liberties to the point where we all have something to fear – at which point it’s too late.
So where do you draw your own line in the sand? I think you need to start by defining the problem; exactly what are you afraid of, realistically what’s the likelihood of those things happening to you, and how serious are the consequences if they do? Once you have level-headed answers to these questions you can start to think about the best precautions.
These days the words “privacy” and “security” are almost used interchangeably, they’re closely related but they don’t quite mean the same thing. The way I see it, security is the reason you lock your front door at night, while privacy is the reason you draw the curtains.
You can also break data security into two components; keeping your files locked away so others can’t get them (let’s call this “data security”), and keeping your files safe so you don’t lose them (let’s call this “data integrity”). Data security requires strong locks, while data integrity requires a robust backup regime.
Everything to lose?
To be honest I’m primarily concerned about data integrity, followed by security and finally privacy. In most cases losing a file would be much worse than it falling into the wrong hands. Technical disasters are my biggest realistic threat and the consequences could be significant, which is why I’m so paranoid when it comes to maintaining multiple backup systems.
Backups aside, realistically I’m more concerned about hackers breaking into my computer and data, perhaps as part of a ransomware attack, than I am concerned about government spooks rummaging through my digital life. Keep in mind that spooks don’t necessarily “break” into your accounts, instead they tend to slip in the back door.
You might have different priorities, but I primarily focus on sensible security precautions like healthy password habits and employing extra security precautions such as two-factor authentication and Virtual Private Networks when using an untrusted connection.
If I was more concerned about privacy I’d place a greater emphasis on issues like end-to-end encryption for email, browsing and instant messaging, in order to keep my communications and other activities safe from prying eyes.
Of course poor privacy can be a security threat, and vice versa, which is why I’m starting to evaluate secure communications services. There are plenty of options, from PGP-based email encryption like Witopia’s SecureMyEmail to encrypted instant messaging tools like Signal, which is adding secure video calls.
The trouble is that the person on the other end of the conversation also needs to use these tools in order for you to communicate securely – which is a problem if most of the people that you deal with aren’t as concerned about security as you are. Like communications tools in general, your secure comms ecosystem can become a fragmented mess – perhaps making it more trouble than it’s worth.
What do you see as the most significant threats to your data privacy, security and integrity? What precautions have you taken to stay safe?