SoylentNews is people
SoylentNews
I'm just informed enough about IT security to know that I really know very very little about it. That said, I probably know ten times as much as do 99% of people. I'm an expert in my field, and while I've been a jack of all trades on many fronts, today's threats to privacy and IT security require expert knowledge to combat.
I do not have time.
- For example, I hear that Microsoft added updates to Win7/8 that threaten my family's privacy...yet I have not yet gone and removed the offending updates. I moved myself to Ubuntu/xfce, but my son is still using Win8. I'll get to it eventually.
- For example, java script is a security risk, and I have No-Script, turn off 3rd party cookies, etc, but invariably I have to turn it off for some website (i.e. to pay my bill), and eventually, I stop turning it back to full security.
- I installed Cyanogenmod and Fdroid on my phone. And for the most part its great..and I have very few apps with permissive permissions settings....but my wife is still using an iphone and ipad, with all sorts of apps...with ridiculous permission leaks..and that is a struggle.
The long winded point I have is that it is now just too damn much work to do it all right. I'm tired after a 10 hour workday. I've obviously taken more steps than most, but it is still leaky as hell...
I need a company/organization that I can reasonably trust to manage my information security/property, to manage my computers, manage my vpns, e.g., to isolate my web browser windows over multiple vpns, ... all of it, and it can't be GOOGLE. My data is my property, as long as I can hold it, so it needs to be a company/organization that built in privacy obligations (like lawyers and doctors supposedly do).
-Signed: A Frustrated Tired Old Nerd (with children)
[Ed's Comment: Does such a company exist? Is it even possible to provide such a service? Or have we just identified a niche in the market for some enterprising person to fill?]
(Score: 2) by Appalbarry on Tuesday October 06 2015, @01:51AM
I know where you're coming from AFTN (wc), and suspect that you didn't really need people to tell you things that you probably learned a decade ago. I see little above that was likely to be news to you.
Thinking about it today, I can count three computers (two Windows, one Linux), two smart phones (Android and Blackberry), one "Smart" TV, and two printers in just our home. Plus a wireless router.
Each of these is a vector for problems. Half of them are unlikely to get timely updates for security problems, and some of them will never see a fix.
(Aside: In practice I assume that My Linux box is secure (for some definitions of secure), but honestly I don't know. I assume that most of the kernel, networking, and browser stuff is well examined and safe, but I have no idea about the other hundreds of bits of software, or the much used but lesser known applications that I've added - the ones that are "maintained" by one or two people, or in some cases just abandoned. Am I about to audit my source code? Hell no - I'd have no idea where to start. Can I safely assume that the people who do audit my source code are qualified to properly catch every problem? Hell no! I have no idea who they are.)
Even assuming that all of the hardware, firmware, and software is up to date, there are still lots of ways to get in trouble, not the least of which are the dozens of sometimes very legitimate looking phishing and browser hijack emails that show up every day; the accidents that can happen if you mistype a URL, and the phone calls from "Microsoft" warning that your computer is infected.
We can all sit here feeling smug and superior, but the hard reality is that most of the planet's computer users don't have this knowledge, and all of our technology isn't protecting them. In fact, some of it does the opposite.
I suspect that AFTN (wc) does just about what I do - try to make sure that critical updates happen, at least on the Windows boxes, crosses his fingers and assumes (hopes?) that his Linux boxes and other connected devices are secure; crosses his toes and hopes that neither his printer nor his TV will somehow prove to be the back door through which the bad guys will break in.
And just ignores the smartphones as a lost cause in terms of security.
He probably also has accepted that regardless of all of this, there's pretty big likelihood that one or all of his ISP, his government spy agency, other country's spy agencies, organized crime, eastern European gangsters, the Chinese, and random teenagers will manage to skim and read what he does; archive it all for further analysis; or break into either his local computers, or one of the hundreds of other computers that have some or all of the information about him.
And that's not considering all of the Apples and Googles and Yahoos and Ashley Madisons that are collecting data and meta data with (some form of) permission.
I expect that AFTN (wc) will agree with me that the truth of the matter is this: Anyone who thinks that they can stay ahead of the security threats that exist today is badly mistaken. There are just too many players, and too many holes, to ever shut down every threat.
Like AFTN (wc) I just can't commit the time needed to do even a quarter of the stuff recommended here. Or even an eighth. And I'm someone, like AFTN (wc), who actually cares and is somewhat knowledgeable about the topic.
I don't know the answer, but I'll hazard a guess that if we ("we" meaning people who build and design the software that we all rely on) don't figure out some kind of real and widely practical solution, the governments will step in for us and come down with something seriously draconian.