Reading over this piece about how the Internet never forgets, you realize that privacy invasions and security risks aren’t just about Facebook.
The online world is very different. Online, everything is recorded by default, and you may not know where or by whom. If you’ve ever wondered why Facebook is such a joyless place, even though we’ve theoretically surrounded ourselves with friends and loved ones, it’s because of this need to constantly be wearing our public face. Facebook is about as much fun as a zoning board hearing.
And how times really have changed.
The degree of centralization is remarkable. Consider that Google now makes hardware, operating systems, and a browser.
It’s not just possible, but fairly common for someone to visit a Google website from a Google device, using Google DNS servers and a Google browser on the way.
This is a level of of end-to-end control that would have caused us to riot in the streets if Microsoft had attempted it in 1999. But times have changed.
Times like this are when I’m glad I use 1Password.
I’ve wondered if part of the reason TSA operatives call out old ladies and children is not because they’re inept, but because they don’t want to appear discriminatory towards any group. They want to promote the idea that anybody could be a terrorist.
If you’re upset about the TSA patting down old ladies and children part of that is because you believe we can do much better figuring out which people would more likely be terrorists. But all we really know about people who are likely to use planes in an act of terrorism is that they’re male and usually muslim.
I believe everybody outraged over these random-appearing screenings is already complicit in profiling. But instead of them coming from the top (let’s screen THESE people) they’re coming from the bottom (let’s not screen THESE people). Ever notice that videos of dark-skinned people being screened by the TSA never seem to go viral? You really think that’s a coincidence?
Harris has gotten some heat about his views here, but he’s just taking TSA practices to their natural, uncomfortable conclusion. I’d be interested to read what happens when he and Bruce Schneier hash this out.
Schneier previously wrote about profiling:
As counterintuitive as it may seem, we’re all more secure when we randomly select people for secondary screening — even if it means occasionally screening wheelchair-bound grandmothers and innocent looking children. And, as an added bonus, it doesn’t needlessly anger the ethnic groups we need on our side if we’re going to be more secure against terrorism.
Daryl Lang on that Zappos email:
There’s a lesson here. If you need to write an email telling your customers bad news, do not be cute. That is, don’t start by saying “First, the bad news.”
The guys behind 1Password1 on how too much security can end up undermining it.
The best real world example I can think of is the practice that IT guys have of requiring large, complex passwords from their users. It needs to have a number, a lower case character, an uppercase letter. I’ve seen websites that restrict the length, so if a phrase unique to you (which is great for a password) doesn’t fit between 8-12 characters you can’t use it. So users end up writing the password down on a post-it note and putting it in their desk.
It’s way easier to go through somebody’s desk than it is to hack their computer.
In response to this story, “US Gov’t plant USB sticks in security study, two thirds take bait“:
The problem isn’t that people are idiots, that they should know that a USB stick found on the street is automatically bad and a USB stick given away at a trade show is automatically good. The problem is that the OS trusts random USB sticks. The problem is that the OS will automatically run a program that can install malware from a USB stick.