Netizen Report: Azerbaijani Bloggers Targeted With Legal Threats, Spearphishing
The Netizen Report offers an international snapshot of challenges, victories, and emerging trends in internet rights around the world. It originally appears each week on Global Voices Advocacy. Ellery Roberts Biddle, Arzu Geybullayeva, Leila Nachawati Rego, and Sarah Myers West contributed to this report.
Azerbaijani video blogger Mehman Huseynov was sentenced to two years in prison on charges of slander over videos he shared on his Facebook page. His page, where he covers a range of topics including working conditions and the wealth of government officials, has more than 300,000 followers.
Arresting, silencing, and intimidating journalists, bloggers, and activists is par for the course in Azerbaijan these days, but Huseynov is the first blogger or journalist to be officially sentenced for slander by a court in Azerbaijan. Prior cases of journalists or bloggers being sentenced typically involved charges like narcotics possession (often bogus), hooliganism, abuse of power, and tax evasion.
Targeted surveillance of human rights advocates also appears to be increasingly common. New reports and technical research confirm that multiple advocates in the country have fallen victim to spearphishing surveillance technologies, which create fake accounts or take over real accounts in order to impersonate other human rights defenders in the country.
According to Amnesty International and other researchers, several activists have reported finding someone had impersonated their emails and Facebook accounts in order to identify and compromise others they communicate with. Dissidents in the country have experienced similar attacks in the past, and Azerbaijan is among the countries that sought to acquire targeted surveillance software from the company Hacking Team—but many fear this is a sign the political circumstances for human rights defenders in the country are likely to get worse.
Censorship is rising in France—is anyone watching?
The number of websites blocked and delisted (that is, removed from search engine results) more than doubled in France in 2016 compared with past years. Under a law passed shortly after the 2015 attacks in Paris, 834 websites were blocked and 1,929 were delisted in the last year, an increase likely tied to the counter-terrorism regulation that enables authorities to order the blocking of sites without the approval of a judge. There is no list of which websites have been blocked or delisted, making it difficult to assess how authorities are implementing the rules, and whether or not any sites have been blocked without legitimate cause. The nongovernmental organization coalition European Digital Rights and the website Islamic News, which was blocked shortly after the law was enacted, have both criticized the policy.
China censors scientists who criticize censorship regime
Yet again, Chinese scientists have spoken out against the country’s web filtering system, the Great Firewall, arguing that the system damages research. Luo Fuhe, vice chair of the national advisory body the Chinese People’s Political Consultative Conference, recently submitted a proposal urging the government to improve loading speeds for overseas websites. As in the past, shortly after local media began to pick up coverage of the proposal, reports started to be taken down by national censors.
Pakistani leaders talk again of censoring “blasphemous” content online
In Pakistan’s National Assembly, multiple officials, including Interior Minister Chaudhry Nisar Ali Khan, have called for bans on social media platforms that allow blasphemy. This is not unprecedented by any means: YouTube has been temporarily blocked multiple times and was banned from late 2012 to early 2016, due in large part to content deemed offensive to religious sentiment. Increasingly, individuals and organized groups use accusations of blasphemy to silence others. Two major TV networks have been embroiled in legal blasphemy cases in the last two years.
Representatives also have linked these arguments with concerns about social media users criticizing government officials online. Local news outlet Dawn said that a statement from the interior minister essentially argued that “no country could allow religious sentiments to be hurt or top state functionaries to be subjected to ridicule under the pretext of freedom of expression.”
Facebook: Developers can no longer use data for surveillance purposes
Facebook announced new prohibitions against the use of its data by developers for the purposes of mass surveillance. Last fall, the ACLU found that Facebook, Instagram, and Twitter sold user data to Geofeedia, a company advertising social media surveillance tools to police in the United States to monitor protesters and activists of color. With Facebook’s latest response, all three platforms now have a clearly stated policy that bans the use of their data, which can be obtained through their platform APIs, for surveillance purposes.
South Africans to government: #HandsOffSocialMedia
South African social media users pushed back strongly against reported plans to regulate social media to counter false narratives and the spread of fake news. Rallying around the hashtag #HandsOffSocialMedia, South Africans have accused the government of seeking to control expression and discourse in the country.
The Philippines moves to accredit bloggers—with strings attached
The Philippine government announced plans to give media accreditation to bloggers and social media publishers. Accreditation will grant bloggers easier and faster access to media passes for government events, but would restrict the use of “offensive, inflammatory, or provocative” language. The proposal would also require that they publish press releases and statements from the Presidential Communications Operations Office. Several prominent independent media workers expressed concern about these requirements at a recent town hall meeting, including journalism professor Danilo Arao, who later wrote that the policy would reduce accredited bloggers to “mere mouthpieces” of the Presidential Communications office.
Why did Russia add a secure app to its “information dissemination organizer” list?
Russian media regulator added the messaging app Threema to its Registry of Information Dissemination Organizers, the first time it has included a foreign app to the list. The list was introduced after a federal law was passed requiring all websites to store Russian users’ metadata and make it available to authorities. Threema claims it offers users full anonymity, though it has not released its full code to the public for vetting that this is the case.
Syrian web developer has been in prison for five years
On March 15, 2012, web developer and human rights activist Bassel Khartabil was imprisoned by the Syrian government in Damascus. Since October 2015, his whereabouts have been unknown. Creative Commons and the FreeBassel campaign are proposing a set of actions that friends and followers can take to express their support for his release.
“Track, Capture, Kill: Inside Communications Surveillance and Counterterrorism in Kenya”—Privacy International
Future Tense Newsletter: What Algorithms Can Learn From a Single Photograph
Greetings, Future Tensers,
Maybe you should think twice before hitting “share” on that photo. As former Amazon chief scientist Andreas Weigend wrote this week, photo-analyzing software has advanced to the point where it can recognize faces, deduce place and time of day, speculate whether you’re in a fancy restaurant or gay bar, guess your emotional sentiments, or even copy your fingerprints. As these algorithms bring us closer to a post-privacy world, he argues, “we need to start thinking about how these images of us might be used to make decisions about us”—and how we might protect against algorithmic discrimination.
Engineers are also creating algorithms with the potential to predict something else significant about us—when we’ll die. But, says end-of-life care researcher Ravi Parikh, that may not be as unsettling as it seems. In their increasingly accurate prognoses, he explains, these mortality-prophesizing machines may actually give us more humanity.
Here are some other things we read between generating Texas oilmen aliases for our all climate change–related correspondences:
Whack hacking claims: Despite some fearmongering reports, the WikiLeaks documents detailing CIA hacking tools do not show that the spy agency has compromised secure messaging apps like Signal. Instead, it shows they found risky, expensive, hard-to-scale ways to hack the phones they run on, writes Yael Grauer. They didn’t “break Signal any more than looking at your phone over your shoulder breaks Signal,” one expert told Grauer.
Dumped, again: Trey Herr explains that though we don’t know who provided the CIA files to WikiLeaks last week, political rivals have taken notice of the damage that leaking their opponents’ espionage tools can do. Expect a lot more of these sorts of dumps in the future.
5 fast facts about Heavy.com: Will Oremus gives us the lowdown on Heavy.com, the site that’s been dominating your Google news search results, in the signature quintet style the site has come to be known for.
Could technology—from high-tech helmets to virtual training to real-time biometric data—make sports safer? And how will it change the state of play? Join Future Tense in Washington, D.C., on March 23 for drinks and conversation with those working to sideline injuries. RSVP to attend in person or watch online here.
Algorithms tell us what to read, where to go, and whom to date, but do we really understand them? Join ASU’s Ed Finn, author of the new book What Algorithms Want: Imagination in the Age of Computing, and the New Atlantis’ Christine Rosen in Washington on March 28 for a conversation about why we need to understand the systems that increasingly steer our lives.* RSVP to attend in person or watch online here.
Bon voyage, Boaty McBoatface,
for Future Tense
*Correction, March 15, 2017: This post originally misstated the location of the Future Tense event about the book What Algorithms Want. It will be held in Washington, not New York.
What Algorithms Want: A Future Tense Book Event
It’s easy to think of algorithms as magical beings, delivering purely objective, admirably efficient, and sometimes startlingly insightful solutions to our everyday problems, but in his new book What Algorithms Want: Imagination in the Age of Computing, Ed Finn reveals them to be more like Captain Kirk than Spock. The algorithm shares roots with Alan Turing and ancient Babylonian mathematicians, but also the boundaries of language, cognition and magical thinking.
How are algorithms changing our lives, from the aesthetics of television shows to the structure of the economy? What, really, do algorithms want from us? Do they have an imagination of their own? An agenda?
On Tuesday, March 28, Ed Finn—the director of Arizona State University’s Center for Science and the Imagination and the academic director of Future Tense—will discuss What Algorithms Want at a happy hour event at the New America office in Washington, D.C. He’ll be joined by Christine Rosen, a Future Tense fellow and senior editor of the New Atlantis, to examine why we need to understand algorithms and how computational intelligence can build (or prevent) an enhanced (human) future.
The reception and registration will open at 5:30 p.m., followed by the conversation at 6 p.m. For more information and to RSVP, visit the New America website.
Can Technology Make Sports Safer? A Future Tense Event.
We’re a nation of sports nuts. We rally around our favorite teams, deify athletes, and sustain a multibillion-dollar industry built to celebrate athleticism and human endurance. As a result, athletes face intense pressure to consistently outperform one another and their own prior outings, often at their own expense. Despite how effortless athletes make their performances look on the field, their bodies are constantly under duress, constantly on the verge of the next injury, often maximizing short-term glory at the expense of longer-term health and well-being. Now technologies like high-tech helmets, mobile virtual players, training robots, and biometric data services are being deployed with an eye toward sidelining most sports injuries.
Join Future Tense—a partnership of Slate, New America, and Arizona State University—on Thursday, March 23, in Washington, D.C., to consider the effectiveness of these efforts to make sports safer, and our relationship as fans to the bravado sports culture that can at times romanticize injuries and view them as an integral part of the game.
The reception will begin at 5:30 p.m., followed by the main program at 6 p.m. For more information and to RSVP, visit the New America website.
Professor of mechanical engineering, biomedical engineering, and macromolecular science and engineering, University of Michigan
Assistant executive director for external affairs, NFL Players Association
Co-founder and CEO, STRIVR Labs
Sports historian, Arizona State University
Executive editor, Slate
Roderick Moore Jr.
Vice president of sports performance, Catapult Sports
Staff writer, The New Yorker
Director, Wharton Sports Business Initiative, University of Pennsylvania
Head coach, Dartmouth Football
Future Tense Newsletter: Space Exploration Isn’t Just About Scientific Discovery
Greetings, Future Tensers,
Nothing gets me in the spirit of International Woman’s Day quite like reading two accomplished female leaders on the future of space exploration. Lindy Elkins-Tanton, director of the School of Earth and Space Exploration at Arizona State University, and Ellen Stofan, the former chief scientist of NASA, continue our March Futurography unit on the “New Space Race” by exploring the role of competition and collaboration in space endeavors. Elkins-Tanton writes that the purpose of space exploration is more than just scientific discovery—it’s about inspiration. She warns that if India or China beats the U.S. to Mars, it would be akin to a military defeat. Stofan says that we won’t get to our next big space milestone without international collaboration, writing, “When you are exploring space, going it alone has never been, and will never be, an option.”
On a more terrestrial note, WikiLeaks has released thousands of new documents detailing the CIA’s hacking capabilities. The document dump shows the CIA’s ability to hack smartphones, computers, and smart TVs—not just your AOL email accounts. (I’m looking at you, Vice President Pence.)
Other things we read this week while testing our reading comprehension before trolling the comments section:
- When A.I. can’t be trusted: Using Google’s Home smart speaker and Uber’s self-driving cars as examples, Will Oremus discusses the consequences of releasing consumer technologies with A.I. too soon.
- Wikipedia’s battle over short articles: If you, like so many, turn to Wikipedia for quick answers, you should be wary of how volunteer editors interpret Wikipedia’s policies in favor of longer articles.
- Cyber extortion: Josephine Wolff argues that no one should pay hackers holding data for ransom unless it’s a life or death situation.
- The origins of the rubella vaccine: Meredith Wadman, author of The Vaccine Race: Science, Politics, and the Human Costs of Defeating Disease, shares the untold story of the aborted fetus that helped created the rubella vaccine.*
- Prenatal testing: Read an excerpt from Bonnie Rochman’s new book, The Gene Machine, on how prenatal genetic testing will change the way we procreate and the ethical dilemmas it raises for us.
Sent from my iPhone,
For Future Tense
*Correction, March 9, 2017: This post originally misspelled Meredith Wadman's last name.
WikiLeaks Says the CIA Can “Bypass” Secure Messaging Apps Like Signal. What Does That Mean?
When WikiLeaks released Vault7, a series of leaks on the CIA’s hacking tools, people who use secure messaging apps were alarmed. The press release accompanying the trove of documents stated that the CIA was able to “bypass” the encryption of secure messaging tools—including Signal—“by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
This led some to believe that the CIA broke Signal, compromising their favorite secure messaging app. But a closer look reveals that the situation isn’t as dire as it seems. The CIA does not have a way around the cryptographic elements of the app. “They did not break Signal any more than looking at your phone over your shoulder breaks Signal,” said Nicholas Weaver, a computer security researcher at the International Computer Science Institute.
The CIA and other government agencies can circumvent messaging apps if they compromise your smartphone. But that’s not something they can do on a mass scale at the push of a button. Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology, says that the kind of bulk surveillance we learned about through Edward Snowden’s revelations is now much more difficult to accomplish thanks to the proliferation of end-to-end encryption (including HTTPS, iMessage, and Signal).
Open Whisper Systems, developers of the Signal app and the Signal protocol used by WhatsApp (and others) wrote a series of three tweets saying as much:
The CIA/WikiLeaks story today is about getting malware onto phones, none of the exploits are in Signal or break Signal Protocol encryption. The story isn't about Signal or WhatsApp, but to the extent that it is, we see it as confirmation that what we're doing is working. Ubiquitous e2e [end to end] encryption is pushing intelligence agencies from undetectable mass surveillance to expensive, high-risk, targeted attacks.
Weaver says the term “bypass,” which showed up in the WikiLeaks press release, isn’t inaccurate, even though it’s misleading. “It does bypass encryption, but it actually means the encryption is good, so this is the only way left,” he says.
No app or tool is foolproof. But Hall both points out that hacking target phones and installing tools surreptitiously is an expensive, risky, and time-consuming process. That said, governments have been known to target both activists and terrorists, and they are definitely capable of breaking into the underlying operating system and capturing information on the device. So it’s not a good idea to share secret information about your plans to overthrow dictatorships on Signal, or to blast out incriminating information when you’re on the run from the state. If a government agency breaks into your device and your phone operating system is compromised, no messaging app or tool can protect your information.
For phones that haven’t been compromised, Signal has a myriad of benefits over many messaging apps. (Learn how to set it up here.) It’s impervious to Stingrays, or cell-site simulators that trick phones into connecting to them and capture the content of their communications. “Signal does not use your actual phone. It’s mimicking a phone in software, and because it’s not using the radio on your phone that’s associated with your cellular network, it can’t be tricked,” says Hall. Since Signal uses your internet connection rather than your cell signal, it bypasses any kind of eavesdropping technique designed for cellular or mobile networks.
Another benefit is that Signal keeps extremely limited data on its users. When Open Whisper Systems received a subpoena from the Eastern District of Virginia requiring it to provide information about two Signal users for a federal grand jury investigation, the only information the company had was the date and time one of the two users registered with Signal, and the last date of that person’s connectivity to the service.
So, should Signal users do anything different in light of the leaks? If you use Signal on an iPhone, Nexus, or Pixel, Weaver recommends looking at your threat model. If you don’t think you’re at risk of the CIA or another government risking a $1.5 million zero-day exploit to access your phone, you can rest easy. But he recommends other Android users toss their phones in the trash. “Most Android phones don’t meet the security requirements of a teenager,” he says. But that’s not exactly a secret. These phones have long been criticized for slow updates and out-of-date software that makes users vulnerable to a whole host of publicized security flaws.
It’s always a good idea for users to update their phones and apps to the newest versions, if possible. In fact, Apple told Tech Crunch that many of the iOS exploits in the WikiLeaks dump have already been patched—and it’s working on the rest of them.
But vendors can only create patches for flaws they know about, and another thing that makes both Android and iOS users vulnerable to security flaws is when the CIA holds onto these vulnerabilities rather than disclosing them. In a blog post, the Electronic Frontier Foundation points out that stockpiling these vulnerabilities rather than ensuring that they are patched makes everyone less safe.
No One Should Give In to Cyber Extortion Unless It’s a Life or Death Situation
In time, we may look back on Russia’s interference with the 2016 presidential election as the good old days of cybercrime and information warfare. Sure, poorly protected computers enabled some fairly dramatic attempts at large-scale manipulation and humiliation—but on the bright side, there was nothing subtle or secret about it. Large-scale dumps of embarrassing political documents on Wikileaks are far preferable to the activity that Bloomberg attributed to Russian hackers this week: demanding payments from liberal U.S. organizations to prevent their stolen data from being released.
According to Bloomberg reporter Michael Riley, at least a dozen progressive groups have been told to make payments ranging from $30,000 to $150,000 or face the public release of compromising stolen emails and files. It’s not yet clear whether the Russian government is actually driving these extortion efforts, and the sums of money demanded in anonymous Bitcoin payments seem far too small to be of much interest to a major national government. But, Riley writes, the perpetrators of these extortion attempts “used some of the techniques that security experts consider hallmarks of Cozy Bear,” the Russian government hacking group.
Whether or not a foreign government is making these particular ransom demands, they’re an important reminder that governments certainly could leverage their ability to compromise computer networks as a tool for demanding money or other concessions from U.S political organizations. Wikileaks dumps are a fairly crude, blunt instrument for manipulation. Targeted blackmail has the potential to be a much defter and more dangerous one.
Online extortion is not new—ransomware has been plaguing victims for years, enabled by the development of anonymous, largely untraceable cryptocurrencies like Bitcoin—and it undoubtedly has a bright criminal future. Extortion eliminates the need for cyber thieves to find customers for their stolen data or risk wading into black market forums where law enforcement officials may be lurking. It allows criminals to wring value out of even the least interesting or commercially valuable information by selling it back to the one person to whom it has value: you.
Furthermore, we’re hurtling toward a future of more and more Internet-connected devices that will perform crucial everyday functions but store very little interesting data. In this world, extortion will give criminals a way to profit off compromising your light bulbs or refrigerator or toaster oven. There’s unlikely to be data of any value to you (or anyone else) stored on those devices, but you’d probably be willing to pay a small ransom to someone who figured out how to make them malfunction in sufficiently irritating ways.
But you shouldn’t. And the groups currently being targeted shouldn’t pay up, either, even if the release of profoundly humiliating—or even compromising—information is at stake. There may be a small number of special, life-threatening circumstances in which paying an online ransom demand is the right choice—at a hospital, for instance, or stuck inside a compromised moving vehicle. But otherwise, it is absolutely the worst thing victims can do both for themselves and for everyone else.
That may seem sort of counterintuitive—obviously there are some kinds of public humiliation that it could be worth $30,000 to avoid. To some organizations, it may even seem easier (and perhaps cheaper, too) to pay off online intruders than to invest in better protections for their computer systems. But an organization that agrees to pay the hush money has no guarantees that the information won’t still end up being released—or, even more likely, that their adversary won’t return a few months later to demand an additional payment. Unlike a kidnapping victim who can be safely returned, or even a hard drive encrypted by ransomware that can be decrypted upon payment, someone who has stolen your data will likely always retain a copy of that data. That means no amount of paid ransom will ever definitively resolve the situation to the victim’s satisfaction.
Paying ransoms and caving to extortion demands just encourages more of the same activity, directed at both previous victims and new ones. The only way to effectively discourage this kind of crime is to make it so fruitless, so unprofitable, so profoundly ineffective that the perpetrators find a new outlet for their energies. And the only way to do that is to stop relying on individual victims and organizations to make these choices themselves and implement policies that explicitly penalize the payment of online ransoms in most circumstances.
Comparable policies outlawing the payment of ransoms for kidnapping victims—and freezing the assets of their families to prevent such payments—have, unsurprisingly, been very controversial. A 2013 study of the 1991 Italian law that froze kidnapping victims’ families’ assets found that the policy ultimately reduced the number of kidnappings in Sardinia as well as the duration of such incidents. Others have argued pretty persuasively that, in the case of kidnapping, when victims’ lives are at stake, an outright ban may be too stringent a policy, leading to deaths that might otherwise have been avoided.
These arguments lose much of their force when transferred to the realm of online extortion where, for now at least, few lives hang in the balance and all hope of tracking the perpetrators by following the payment pretty much disappears given the nature of cryptocurrencies. Most of these payments, including the ones demanded of breached liberal groups, should be illegal—or, at the very least, heavily taxed.
That may seem like an unfair burden to put on the victims of these crimes when it's the perpetrators who are at fault and deserve to be punished. But as is so often the case when it comes to online crime, identifying the perpetrators is difficult—and even if they can be identified, there’s no guarantee they’ll fall within the jurisdiction of U.S. laws. So the onus has to fall on the rest of us, even if it means sometimes sacrificing our pride, our data, and our reputations when we might have much preferred to just spend a little money.
WikiLeaks Has Released a Trove of Documents Detailing the CIA’s Hacking Capabilities
On Tuesday, WikiLeaks released thousands of new documents it claimed were from the Central Intelligence Agency. The documents, which detail some of the CIA’s hacking capabilities, are part of a larger trove of data WikiLeaks says it will continue to release in a series. WikiLeaks is calling the series Vault 7 and has named Tuesday’s dump Year Zero:
Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
“Year Zero,” WikiLeaks writes, “introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits” against vulnerabilities in smartphones, computers, and Samsung smart TVs. The smartphone vulnerabilities reportedly allow the CIA to hack into phones running popular secure messaging apps like Signal and WhatsApp and intercept messages and data before the apps’ encryption is applied. (While some on Twitter have interpreted this to mean that Signal has been "broken,” that isn’t the case.) The dump also reportedly reveals ways in which the CIA has attempted to cover its digital tracks in its hacking efforts and the location of a major base for CIA hackers in Europe.
WikiLeaks says many of the hacking tools described in Vault 7 were made unclassified to skirt rules on posting classified information to the internet—most of the CIA’s malware requires the use of the internet for communication. “This means that cyber ‘arms’ manufactures and computer hackers can freely “pirate” these ‘weapons’ if they are obtained,” WikiLeaks claims. “The CIA has primarily had to rely on obfuscation to protect its malware secrets.”
WikiLeaks says it has elected not to release the actual code for the CIA’s malware and cyberweapons “until a consensus emerges on the technical and political nature of the CIA’s program and how such ‘weapons’ should analyzed, disarmed and published.”
The New York Times reported that a former intelligence officer it contacted has said the some of the information included in the dump “appears to be genuine.” David Kennedy, CEO of the information security firm TrustedSec, told Wired the dump’s information appeared genuine as well:
“From what I can tell, this seems to be legitimate,” says David Kennedy, CEO of TrustedSec, who formerly worked at the NSA and with the Marine Corps’ signals intelligence unit. “It shows expansive capabilities of the CIA and divulges NSA tools as well. But a lot of it seems to be missing, as far as direct codebase used for these.” Wikileaks says it redacted much of that more specific information.
Those redactions, in part, make it difficult to ascertain just how comprehensive the leaked information is. In spite of Wikileaks’ claims, it is only a small fraction of the CIA’s total arsenal.
Futurography Newsletter: Cybersecurity and the New Space Race
Hello, fellow Futurographers,
This month, Futurography is focusing on the new space race, a competition that’s no longer just about the old Cold War superpowers. We’re starting with a conversational introduction to the geopolitics of space that’ll help bring you up to speed about why everyone from India to Luxembourg is heading for the heavens. We’ve also got our usual cheat sheet, laying out key players, further readings, big debates, and other information.
There’s plenty more coming in the weeks ahead, including an event Wednesday event in Washington: “Will Collaboration or Competition Propel Humans to Mars and Beyond?” Even if you can’t attend in person, we’ll be streaming the event online, so there’s no excuse to miss it.
In the meantime, here’s what we published in last month’s course on cybersecurity self-defense:
- Introduction: A basic primer to the themes and questions that we covered in the course.
- Cheat sheet: Catch up on the lingo, pop culture reference points, and more.
- How to Set Up a Virtual Private Network: Want to protect yourself when you log on to public Wi-Fi? This article should help.
- What Cybersecurity Threats Should Most Worry You?: Depending on how you use the internet, there are different things you need to look out for and guard against.
- Practicing Good Personal Cybersecurity Isn’t Just About Protecting Yourself: As Josephine Wolff argues, the way we act online can put others at risk.
- How to Set Up Signal Private Messenger: If you’re looking to make your communications a little more secure, this app should do the trick.
- How to Use a Password Manager: This relatively simple technology will help you stop reusing the same password on every site.
- How to Set Up Two-Factor Authentication: A strong password isn’t always enough. Follow these steps to keep your accounts safe.
- You Can’t Depend on Anti-Virus Software Anymore: Malware has become too sophisticated for the programs that once protected us to keep up.
- How to Understand What Info Mobile Apps Are Collecting About You: Some apps put your data to troubling ends. Lisa Gutermuth explains what you need to look out for.
for Future Tense
What Slate Readers Think About Personal Cybersecurity
Over the past month we’ve published articles about cybersecurity self-defense as part of our ongoing project Futurography, which introduces readers to a new technological or scientific topic each month. We’ve published a lot of practical articles on the topic, but we’re also interested in what you have to say, so we’ve written up the results of our survey on the topic. Meanwhile, Futurography continues with our March course on the new space race.
Futurography readers offered a wide range of responses in response to our question about their relative levels of confidence in their personal cybersecurity. Many claimed that they were somewhere between “moderately” and “very” confident (“My stuff is probably better secured than most people’s stuff,” one claimed), but others were less sure of themselves. “I do a[n] inadequate job, but feel the alternatives are worse,” a reader wrote, and another described him or herself as merely “cautiously alert.” One went so far as to describe him or herself as “helpless,” writing that even trying to read the fine print on smartphone apps “just makes me feel more anxious.”
Whatever their feelings, almost all agreed about the one cybersecurity technology we should all be employing: password managers. While others advocated complex, unique, or frequently changed passwords, most of our readers simply focused in on the value of this relatively accessible security strategy. “Perhaps the best reason is to keep track of your accounts on different apps and services so that you can shut down old stuff you don’t use and so on,” one typical respondent wrote.
That said, a few offered objections to commercial password management systems and proposed alternative solutions. Concerned that password managers “all send stuff over the net,” one such reader explained, “I do have one which does not use the net for anything, so I have to carry it around with me. It keeps my password list in a 128-bit encrypted text file on a USB drive. I only plug this into a PC I know is clean (which is increasingly hard to know.)” Another reader suggested that the old-fashioned method may be the best one, telling us, “I use paper and pen to keep track of passwords, why have PW info anywhere on line if you’re worried about having your PW compromised?”
This approach squared with another reader’s suggestion that “less technology” may be key to our cybersecurity best practices. “Segmenting that technology into specific areas of our lives and keeping control of it should be the priority,” he or she wrote. Other popular answers on that front included setting up two-factor authentication and relying on apps such as Signal that feature end-to-end encryption. And at least one suggested good cybersecurity doesn’t necessarily begin at home, echoing Jamie Winterton’s warning that you should be very cautious about connecting to public Wi-Fi.
When it came to the cybersecurity threats that actually worry them, the majority of readers pointed to ransomware. Many others identified phishing—attempts to trick the unsuspecting into furnishing their passwords or other information—as a prominent concern. A few suggested that this wasn’t necessarily because they thought they would fall prey to some scheme, but because, as one put it, they feared “relatives or others tied to me” might. Similarly, some mentioned that they were troubled by the possibility big data leaks, especially of records from government agencies such as the Internal Revenue Service or the Social Security Administration.
Not everyone agreed with those conclusions, and a few ranked some of those prominent answers among the most overrated cybersecurity threats. Others rolled their virtual eyes at topics such as car hacking, retail breaches, basic computer viruses. To that last one, a respondent wrote, “Those are just toys that some bored kid makes.” Despite that, many of our readers claimed that they do use anti-virus software. Those who said they didn’t mostly identified themselves as Mac users, though a few others seemed to agree with Michael Thornton’s suggestion that you just can’t rely on such programs these days.
One way or another, the majority of our readers seem to be cautious types. Many who wrote in proposed that it’s important to acknowledge all possible threats, however insignificant they may seem. As one put it, “[N]othing is overrated in cybersecurity.”