cybersecurity: (Default)
[personal profile] cybersecurity
The tradeoff

Cybersecurity always comes at a price: most often, the price is convenience. This is no coincidence. The parties who want your data need to bribe you into handing it over, and convenience is one of the best things they have to offer. So they make all these nifty tools, that make your life so much easier; who wouldn't want that? And the easiest, most default mode is always, always the mode in which you end up exposing yourself more.

Yes, it's inconvenient to avoid Google (more on that later!), to stay off of Facebook and Twitter, to use more different providers to keep your stuff compartimentalized. It's mighty convenient to just use your Google or Facebook login everywhere, to stay logged in to all these services, and not to have to enter passwords all the time. And it's just so convenient to reuse the same password everywhere, and not change it ever.

But convenience, too, comes at a price. All these nifty free tools and services aren't free: you pay with your data. You might say that you don't care and they can have it, and who is interested in you anyway? You are not that important after all. (And out comes the dreaded 'I don't have anything to hide'. But more about that later.)
But you are important. You're oh so very important and interesting. Because you are a consumer, and you buy stuff; building a profile of you that's as detailed as possible allows you to be advertised at in a very precise way. Now you are probably thinking: But I don't respond to advertising, I never buy the stuff I see in ads. I'm afraid that's probably not true. We all respond to advertising; it can't be helped.

You might also say: cool, so they have a profile of me for targeted advertising. That's not so bad, is it? It means I'll see less ads for stuff that I don't care about.
Well, of course that is up to you. But who has access to your profile? You don't know that. It's certainly not you: you don't get to see it. But your government might. Your employer, or a potential future employer, might. Your insurance provider might. Other parties might, and they might not have your best interest in mind. Data can be sold, and it can be stolen. Who gets access to your information, now or in a year or in ten years?

What we can do

So if that makes us uncomfortable, what can we do? Some people say: Nothing. You're on the internet, stop worrying about it because there is nothing you can do. They already know all there is to know about you. But I don't buy that, and here's why.
1) It's fatalistic and we don't know whether it's actually true. Why pick the most depressing option if you have a choice?
2) There is actually a lot that the internet doesn't know about me and I'm sure the same goes for you. I intend to keep it that way if I can help it.
3) Data rots. It gets outdated. We don't stay the same all of our lives; not even our bodies stay the same. We grow thinner, fatter, older, sicker, healthier. Some of us get pregnant, some of us gain disabilities, some of us get surgery of all kinds. We all change all the time and so the best data is fresh data. Even if they knew all about you right now, it would still make sense to stop leaking data now.
4) It's not a matter of all or nothing. There is a whole spectrum between a wide open empty doorframe and a solid steel vault door with ten different locks on it. Just because we can't hide everything from view, that's no reason to give up and not attempt to keep anything to ourselves. Even if there are conveniences we don't want to give up on, there are probably things we can do that make a difference.

So what can we do? Here's a thing we can't do: we can't make ourselves invisible on the internet, not if we intend to keep using it (which I do, and you probably do too). It's not about vanishing from the web. It's about making your tracks vaguer, fewer, more fragmented and harder to follow. And harder to follow means: more expensive to follow. Investigating people is, after all, not free: there are costs involved. There is a limited budget reserved for following us non-notorious folks; what we're trying to do here is becoming more expensive to track. We want to strain the budget, making it impossible to follow everyone, and make ourselves less worth the trouble (= money).

What we'll get in return

As we've seen, there is always a price to be paid, generally a larger or smaller loss of convenience. I feel better about this when I think about it as a choice: a small price that I'm gladly paying in exchange for personal freedom. That's s small mind hack that not everyone may be able to pull off, but it's worth a try.
An example... Since I dumped Windows and switched to Linux, I need to enter my password every time I download updates for my computer. Newcomers to Linux often find this unnecessary and annoying, and ask in the forums how they can get around that. But it's such a small thing really. And it's not that hard to see it as a good thing: I'm entering my password because that helps keep my computer safe. Yay password that keeps my system safe and happy!

The problem with this kind of thing is that there is no tangible reward. Google will never knock on your door saying 'What happened? We never hear from you anymore.' Bill Gates isn't going to send you a Hallmark card that says 'I miss you, let's get back together'.
So that can be frustrating. If we want to improve our cybersecurity, we'll be giving up on certain things that are convenient or fun, and we'll never get any feedback. That's not entirely true because there are some tests you can run... but that's about it.

What we can gain in the short term is peace of mind, and not much else. So if you're not worried, there's not a lot of reason for you to be reading this. But if you are, keep reading, because there's a lot more coming up. And in the long term, you may be saving your own ass.

Go back to the index of Cybersecurity for the Trumped.
Back to Index


cybersecurity: (Default)


I'm from the Internet and I'm here to help. Please feel free to comment, and to ask questions.

Powered by Dreamwidth Studios