Hem > english, internets, telecomix > Why I won’t talk to you about security again

Why I won’t talk to you about security again

After some field testing these notes are ready to meet the general public. While most of these ideas are somehow related to my work with(in) Telecomix, they are not an official standpoint. As if we could ever have one, anyway.

First off, security is for webserver admins, programmers, consultants and all those people for whom it is either a part of the job or a cash cow. Now, you can argue that as a citizen journalist, whistleblower or political activist security _is_ a part of your job. But I hope to prove you mistaken. You see, it’s not really about security. Security is about tools, practices, neat tricks and so on. And it is great, really great, but it’s not something people in general have an easy time getting into. Sure there are useful graphical frontends to GPG. OTR is mighty easy to set up and use. And proxies, tunnels and stuff like Tor is really not that complicated either.

But it’s all about tools. In the end, good programming practices and even physical security is all tools. This is why I won’t talk to you about security again: I am not a programmer, nor a hacker, nor a security consultant. And chances are that most of the people I speak to as a Telecomix agent or a freelance educator are even less skilled than I am. So I’ll shut up about security and talk about more useful stuff. Namely, secrecy.

Why secrecy? First and foremost, when you talk about security, and therefore tools, you give people a bunch of stuff to learn and work with. The methods are the framework, the tools become the point. And people might end up misconfiguring stuff, using weak passwords and leaking info all over the place. Or they will take a look at the tools, realize that ”gpg –recv-keys 64E476C6” is a bunch of gibberish (it is!) and either stop caring or get depressed. It’s hard to get the point of using secure tools across when security feels that hard to acheive. But secrecy, not so much. We’re used to keeping stuff secret. Most of us are pretty damn good at it, especially those of us who are hunted by some of the most ruthless intelligence agencies in the world, like a lot of people I’ve met recently.

So in order to make people actually use the damn tools, in the future I will talk about secrecy rather than security. I will tell people about iPhones storing your location in the EXIF data of the pictures you take. And about how encrypted VoIP streams can be analyzed to extract phoneme data. How data from Skype always passes through Skype’s servers and how your Gmail account is a weak point if it has a weak password and you send important information unencrypted. But — and this is the really important part — I will also spend lots of time talking to you about how secrecy is a way of thinking. It’s about not trusting your own computer, your internet connection nor the services you use. It’s about risk minimization in that environment, and being a hard target. It’s about shutting your mobile phone off before you leave for a meeting, and talking about important stuff face to face.
What I find really important about moving from security to secrecy is that it allows us to think about what we actually want to keep secret, and from whom. Because of this, thinking about secrecy is just as valuable for people like me who do most of what I do more or less openly as for the aforementioned people who are hunted by intelligence agencies. While security is often an all-or-nothing affair, since a weak spot can crack the whole system open, secrecy is about managing what information someone can gather about you. Depending on your situation and what you do, that someone might be Google and Tradedoubler, who can gather lots of info without actually trying. Or they might be someone like the belarusian KGB, that try pretty damn hard. You have to ask yoursef what secrets you want to keep. Your name? Your political affiliations? Your online habits, or your network of friends? Once you have those answers you can begin looking at tools and practices. Not the other way around — that’s for server admins and programmers.

The question of moving from security to secrecy is still a work in progress, but I do hope that this can spark some great ideas in other people. How would you go about changing your thinking from ”being secure” to ”being secret”?

Annonser
Kategorier:english, internets, telecomix
  1. 11 maj 2011 kl. 09:56

    Very good idea to work around this critique security thinking and I quite like secrecy as another way of thinking similar things. Trackback doesn’t seem to be working, so here’s a linkback instead: http://commoniser.dk/2011/05/instead-of-security-instead-of-privacy-secrecy-intimacy-and-trust/

  2. SEO
    27 augusti 2012 kl. 03:28

    Excellent weblog right here! Also your site quite a bit up very fast! What web host are you using? Can I am getting your associate hyperlink for your host? I want my website loaded up as fast as yours lol

  3. 16 september 2012 kl. 06:38

    For most up-to-date news you have to pay a quick visit the web and on web I found
    this site as a most excellent web page for most up-to-date updates.

  4. 18 oktober 2012 kl. 11:06

    Hi colleagues, how is all, and what you want to
    say concerning this post, in my view its really amazing for me.

  5. 04 november 2012 kl. 15:26

    We are a group of volunteers and opening a brand new scheme in our community.
    Your website offered us with helpful information to work on.
    You’ve performed an impressive task and our whole neighborhood will be thankful to you.

  6. 12 januari 2013 kl. 22:26
  7. 13 februari 2013 kl. 20:21

    I’m so happy to see a new post, I was going through withdrawals! I love reading your posts, I can’t get enough of it!

  8. 11 april 2013 kl. 12:01

    Simply wish to say your article is as surprising. The clearness in your post
    is simply great and i could assume you’re an expert on this subject. Fine with your permission let me to grab your RSS feed to keep up to date with forthcoming post. Thanks a million and please keep up the enjoyable work.

  9. 04 oktober 2014 kl. 03:46

    I simply such as valuable facts you offer to the reports. I’ll search for your blog and examine one more time listed here regularly.. health care human resources We’re fairly particular I am knowledgeable many new information appropriate here! All the best for an additional!

  1. 12 november 2014 kl. 01:50

Kommentera

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in:

WordPress.com Logo

Du kommenterar med ditt WordPress.com-konto. Logga ut / Ändra )

Twitter-bild

Du kommenterar med ditt Twitter-konto. Logga ut / Ändra )

Facebook-foto

Du kommenterar med ditt Facebook-konto. Logga ut / Ändra )

Google+ photo

Du kommenterar med ditt Google+-konto. Logga ut / Ändra )

Ansluter till %s

%d bloggare gillar detta: