The popular image of online dangers is scary bad guys trying to steal our stuff. This image is accurate if you remember to include unfettered corporate interests as the scary bad guys.
Our protections against our good friends the telcos and cable companies have never been strong, and now they’re nearly non-existent. Repealing Broadband Privacy Rules, Congress Sides with the Cable and Telephone Industry sums it up beautifully: “Internet providers will be given new powers to harvest your personal information in extraordinarily creepy ways.” And buy and sell it with no oversight or accountability, and law enforcement will get their hands on it as surely as road apples draw flies.
What can we do about it? I believe that the best solution is legislative. I prefer technical solutions for protecting ourselves from hostile and predatory interests, but there aren’t many, and they’re incomplete. Internet access is a requirement for many routine aspects of our daily lives, and even if you avoid going online you have no knowledge or control of the information the vendors and service providers that you use are collecting and trading, or what people share about you on social media. Stores, electric and gas utilities, healthcare providers, tradespeople, private clubs, non-profit organizations, charitable groups, banks, insurance companies, and on and on. They all collect information about you, and many trade it freely. Of course, it’s not fair to assume that everyone is venal, but even when a vendor has a heart of gold they may be lacking in technical competence.
Don’t hold your breath waiting for meaningful laws to protect us. What can you do? You can secure your online communications and your web surfing to a degree with Tails, the forgetful Linux distribution. We’ll get back to this after a brief rant about “helpful” web browsers.
“Helpful” Web Browsers
The good nerds behind Firefox and Chrome try so hard to help us, and the harder they try the more annoying they become. First there were the nice discreet little color-coded padlocks in the URL bar (Figure 1).
I like those. They don’t get in the way, and they tell useful information. Useful, that is, if you have any idea what it all means. And even if you do, how do you know you can rely on it? Root certificate authorities have been hacked multiple times, including bigwigs Verisign and Microsoft.
Then Firefox and Chrome got downright hysterical, and make us jump through multiple hoops to enter sites they think are dangerous. Sometimes these warnings are useful, for example when a site is infected with malware, or has been hijacked. Most of the time they’re simply not SSL-enabled, and then we see something like Figure 2.
I appreciate the effort, but there is already excessive noise in normal computer use, and we are continually swatting away unhelpful notifications and warnings like annoying gnats. Many of these SSL defects are technicalities, like the domain name is not exactly correct. It’s all nutty anyway, because most of us are not security experts and have no idea how to evaluate if these warnings are meaningful.