Thursday, September 4, 2014

You poor kids don’t understand the cloud.

OK, well now that everyone’s having a complete “moral moment” about this celebrity hacking thing, you knew it was only a matter of time before ‘the note’ from me. Well here it goes.

While I appreciate everyone’s attention to the issue of celebrity voyeurism, this sort of thing has gone on literally since photography as invented. From paparazzi shots of celebrities at nude beaches published in tabloid magazines, to stolen photo albums, to sex tapes, and beyond, rich celebrities living the nude life are nothing new. What IS new is ‘the cloud’. The current ‘moral storm’ of “Let’s feel really bad for celebrities who make a fuck-ton of money” is noble and all, but let’s get at the root issue, the ignorance most people have of the ‘cloud’ THAT is the subject of today’s lesson. I’ll also try and explain why taking digital nudes of yourself is also a very bad idea (a lesson I learned when I was younger).

What the hell is the cloud?

The ‘cloud’ is a silly name meant to simplify for the user the definition of ‘off site data storage’. You are uploading and downloading your data to a computer owned by a corporation such as Google, or Apple, which allows you to access your data anywhere. Anything from documents, pictures, videos, files, or more can be uploaded to these servers. Once this data is uploaded, companies like Google and Apple actually claim ownership of the material… it’s in their terms of service (which nobody EVER fucking bothers to read).

These servers operate much the same that any website does. You create a user account, a password, and tie this information to your email account so that if you lose your password, you can simply have them send it by email, and you can reset it.

Most services require at least 8 characters of letters, numbers, symbols for passwords, however this is considered extremely weak by today’s standards. Really, a 12-character password is even too short for some ’brute force’ password finders.

That all being said, you also have to rely on the expertise of the company that hosts the cloud space you’re using. For Google’s SkyDrive, or Apple’s iCloud, you’re relying on the system they’re running on to be secure.

Account logins and passwords are kept in databases. A database is a file which runs within another software platform – a database server, which needs constant monitoring, security patching, and probing for vulnerability to keep it secure. And the database server runs on an Operating System (OS; something like Windows, Apple, or Linux/Unix). This of course also needs to be secure, monitored and maintained. And of course, operating systems need hardware on which to run on – the physical server. The servers are typically physically secured in facilities with locking ‘cabinets’, 3-fold identification entry (ID badge, code, and handprint verification) to prevent anything physically being stolen. AND behind all that is a person, an admin, who does all of this maintenance, security, and monitoring. They have access to EVERYTHING.

All that being said, there is a lot that can go wrong with using a cloud service. A lot.
Here are some of the main risks that people who do not understand the Internet, or the cloud will encounter, and many times be harmed by:

1) Your password is weak. Using things like ‘Welcome1’ or ‘Password’ (think you’re being cute or smart? Think again). This means anyone who can find out your email address or login ID will be able to simply guess your password, and gain access to ALL of your data. Once your data has been downloaded by someone else, you have lost control of it, and it can instantly spread worldwide.  But even a strong password can’t protect against bad server management or security. You can always get to the server, and directly download your stuff, if you can get access.

2) Once your data is compromised, consider it out of your control. This is evidenced by things such as the Wikileaks/Julian Assange debacle where diplomatic cables were leaked to the entire world, laying bare the diplomatic process and all the subterfuge it employs, and of course the recent celebrity ‘hack’ (Oh, NOW we pay attention… where are our priorities?) where hackers compromised the Apple iCloud server and downloaded personal photos of celebrities. The entire world now has access to these things, in an instant. It’s a lot different than a physical break in to a house or someone stealing your wallet, as the ‘moral crowd’ likes to keep saying when defending clueless users of technology. No, this is more like if everything in your house could be stolen, instantly and infinitely duplicated, and instantly distributed to all 7 billion people on the planet. This is quite a bit different than you just ‘having your wallet stolen’. Metaphors in this case simply don’t work. This is far, far worse than having your wallet stolen. This is like having your entire life made public record. Even your nudie moments. I hope you’re not modest.

3) You don’t actually own your data on the cloud. Say for example, your business relies on a cloud service like ‘Carbonite’ (an online cloud based backup system). First of all, once you upload that data to the cloud service, it becomes their property! They reserve the right to access, read, audit, delete, or transfer your things as they see fit. And if for any reason they go out of business, they are under no obligation to give your data back to you. So in effect, you’ve already given the company permission to view your stuff, and take it if they want. All it takes is a curious or evil admin to go snooping around account folders, and happen onto your dick pics, or shower selfies, and in an instant, that guy could decide to download that picture and distribute it to the internet. Got company secrets? Not anymore. This enables industrial espionage. Google, Apple, Amazon, etc can get a huge leg-up on the competition by reading corporate strategies you uploaded, client lists, etc. And who’s going to rat them out? You think they self-report? Nope. Once you upload to them, you made a huge mistake. Why do you think a lot of these services are FREE? Hmm?

These are just some of the many dangers of using a cloud service, all for the supposed convenience of not having to back up and restore your data yourself. And really, it’s not that hard to make your data available for yourself, without the use of the cloud, and keep it secure.  But you’re probably too lazy to do it. But here’s what I do:

1) At home, I have an external hard drive. It’s encrypted, which means any time it’s plugged into my computer, it asks for an (extremely long and complicated) password. This means that if anyone were to physically steal the hard drive, they could not hope to access the data. Encryption programs are free, and mostly pretty easy to use. Everyone ought to be doing this.

2) I enable remote access to my PC, so I can transfer any file I need, when I need it. Using programs like TeamViewer, or Remote Desktop, I can remotely control my PC, as if I were sitting in front of it. It’s actually not that complicated to do, and these programs work on my smartphone. This allows me to operate my own ‘cloud’, and have 100% control.

3) Disable all cloud services, and resist attempts by companies like Microsoft, Google, Amazon, or Apple to use them. They WILL pressure you. They will offer you free trials, lay the many benefits of omnipresent music, photos, and videos to you, tell you how easy it is now to switch phones and keep your apps, settings, phonebooks, photos… but you must resist. Syncing even once means that you’ve already made the mistake of giving up all of your private data to a corporation who may or may not abuse, or mishandle it. If you did manage to sync and want to reverse the damage, you have to use a PC/Mac and web browser to log in and delete stuff. It’s backed up though, so don’t think it’s gone. They keep many backups of their servers. Good luck. Even I have made this mistake.
Those are just SOME of the measures you can take to protect yourself. That being said, here comes my so-called ‘douchey’ statement on nude pics.

If you’re going to take nude pics, avoid using digital media. Yes, I know, I’m the douchebag suggesting that if you want something to stay private, use something that cannot instantaneously be sent to every email inbox, TMZ site, or be distributed by shady voyeurs. Yes, I am a complete asshole for suggesting that this is a problem. Except, no, I’m not. The real assholes out there are the people saying ‘It’s not their fault they were hacked’, because they are perpetuating the notion that it is OK for you to remain an ignorant user of technology. IT’S NOT OK. This is a dangerous thought and absolutely wrong. You ABSOLUTELY should become INTIMATELY familiar with the technology in your pocket. Nobody can make you do that but you. And if you’re one of those people who say “Oh, I have no idea why I got an iPhone, I just like the color”, just… stop buying cell phones and stick to land lines… you are in way over your head. If you’re one of those people who say “I don’t understand computers” yet use them all the time… maybe you should take a class and learn what it is you’re dealing with, or ask a guy like me to explain it. I’m happy to help you stay safe.

That being said, if you want to take risque’ photos of yourself, use ANY medium except digital. PLEASE. Use film. Have an artist “…Draw me like one of your French girls”. Heck, use a digital camera that DOESN’T connect to the Internet so that you can store it securely in a locked cabinet. Security starts with YOU. Don’t be so naïve as to think you can simply ‘have a moral conversation with the world, and people will stop hacking’. As vile as it is for hackers to invade the personal data of celebrity skanks and man-sluts, this is the reality we live in. The world and all of its computers are connected, and there are very smart, very evil hackers out there who make a living off of stealing your identities, credit card numbers, Amazon accounts, Apple accounts… fuck, even your World of Warcraft account can turn a nice profit. You think telling a hacker ‘you’re a horrible person’ is going to stop them from doing this? Focus the conversation on what we need to be talking about and stop using this ‘I want to say the most moral thing I’ve ever said, so I can impress my friends with how moral I am’ stuff. Get real.

Please calculate your risks. And stop thinking that companies like Google, Apple, Amazon etc. have ‘the best and brightest security professionals’ working for them. They don’t. 14 year old Russian kids would run circles around their co-called IT experts. Shit, I could school them too. Stop thinking these companies have your desire for convenience in mind. They have one thing in mind. MONEY, and the ability to make infinite amounts of it.

Remember when you were freaking out about the NSA warrantless wiretapping, data monitoring, and meta-data collection? Every day, you allow companies to grab that exact same data, profit on it, and abuse it when you use a cloud service, or anything from Apple, Google, Amazon, etc. You are giving THEM more power than the NSA, and the NSA is actually trying to prevent you from getting attacked by enemies. These corporations are just trying to profile you to make more money. And they’re sloppy as hell when it comes to security. Sure, that needs to be addressed, but in the meantime:

Don’t let the technology you use outpace your knowledge of it. Know what’s in your pocket. Know how to keep private stuff OFF the cloud and OFF the Internet. Your small convenience is not worth the MASSIVE inconvenience of being hacked, and having images of your naked body becoming a matter of public record for perverts to leer at and pleasure themselves to.

Look, this is ‘the future’ we were all warned about as kids. Technology run amok, and outpacing our understanding of it. Yes, your pretty cellphone IS awesome, but you have no idea what it’s doing behind your back. It’s like you invited some charming stranger into your life, but that stranger has sinister motives.

Don’t do anything with your cellphone that you can potentially regret later. The Internet does not forget anything…

No comments:

Post a Comment