“Computer security”, has a dark and mysterious aura to it, evoking images of dark rooms with hackers and anti-hackers battling it out on keyboards, of struggle between the powerful and the people.
Maybe the narrative we’ve built up around computer security is actually preventing people from protecting themselves. To suggest that a friend may need computer security, they ask themselves if they are feeling locked in power struggle and conclude, “I don’t have anything to hide.
For all the creative vision of technology entrepreneurs, it’s easy to forget a few basic facts about the world we think we know so much about. I had another reminder of this while chatting with a brilliant coworker from Pakistan today.
1) We assume that a smartphone won’t be stollen. In the parts of the world we’re trying to save, we forget that the value of a smartphone itself exceeds the value of the data on it for thief, or official, under whose eyes it passes.
There is a new Bandwidth Management feature in Chrome on Android that also provides some helpful security properties. When Bandwidth Management is enabled, Chrome encrypts any unencrypted websites and also unblocks any sites that may be censored by a firewall. Turning it on is just a few clicks away:
Open Chrome on Android Click settings Click Bandwidth Management Click Reduce data usage Enable What does it do? Bandwidth Management will take every unencrypted (HTTP) webpage and send it through an encrypted SPDY tunnel to a Google proxy server.
“Secure email” is a misnomer, but it is still important to make sure that your emails are being sent in a not-terrible way. How do you do that? Well, I’ve just discovered an awesome website to help. https://starttls.info/ will verify that your email provider is setup to receive email in the industry standard, secure way called STARTTLS.
STARTTLS is a way for two email companies to send each other mail using encryption so that other people can’t read it before it gets to where it’s going.
Having a password is important, but stealing passwords has gotten so easy that it’s no longer enough by itself. In addition to your secret password stored in your head, many companies are confirming possession of some tangible thing, a phone for example, in order to login. That way if someone learns your password, they can’t use it without also physically taking your phone from you. A win for you. For perspective, 80% of the security breaches in a set of 621 companies in 2012 used a stolen password.
Picking a secure email provider is great first step toward email security, but you need to do your part too. After all, it takes less technical wizardry to take advantage of your security mistakes than it is to break into an email company. Here’s what you need to do to make yourself more annoying to hack than the next guy.
Have password, Turn it ON. You password isn’t doing you any good if you don’t have to actually type it in.
If someone is offering you “secure email”, you’re probably getting a scam. After a number of people referenced their custom email providers claiming to offer “secure” email, I decided to investigate. What exactly were they offering? Turns out that most of these providers are giving a misleading set of security guarantees that, on the whole, could leave you a lot more insecure than you think. Here are four things that won’t make your email secure.
Bring up the word “Security” with indigenous leaders in these countries and they may or may not understand what you’re talking about. They already live an a risk laden environment. Why should they be careful with technology?
Bring up “Security” with expats and they totally get it - to the point of being paralyzed. Is the NSA watching, is the FSB watching? What about phones, what about email? Security is a show stopper rather than an enabler.