localhost exposed

« Previous | Next »

Privacy and security with vaccinations and babysteps

https://www.youtube.com/watch?v=iyFwOnbsJXM

Privacy and security can be overwhelming. A common feeling is that 100% is impossible to reach and thus a sort of depressive nihilism takes over and people end up doing nothing.

I'm here to tell you that every step counts. No one is at a 100%. Build habits to secure yourself and those around you.

This all started as a conversation with former colleagues after we had all read Sami Honkonen's post about his privacy practices as they are quite multifaceted. My friends and I all agreed that those steps did decrease the usability of the whole system, but we disagreed on the amount by which it did so.

For example I did not find the use of multiple browsers a factor since I already use three:

  • work
  • trusted sites
  • everything else

So for me, there is little mental overhead of switching between browsers since it is already a learned behavior, but I can understand why for others it might be an obstacle.

For me just seeing the UI of the browser puts me into the right context: is this work or potentially risky clicks. And I can easily dismiss all personal distractions by just closing the specific browser and focus on work.

Learning it for sure required quite a lot of mental effort. But I am in a niche position in the sense that I am heavily interested in this subject due to my occupation / hobby / passion. That passion fuels my efforts to get closer to 100% security (which is a myth). For others, all of these rules, regulations, guidelines, procedures and limitations can cause security fatigue as found by NIST in a recent article.

Researchers found that the result of weariness leads to feelings of resignation and loss of control. These reactions can lead to avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules.

Or shortly: if you face too many choices, your brains grows tired and defaults back to habits. And it is not the users' fault, but the systems' which cause this overstimulation.

START SMALL.

Privacy and security is like getting vaccinated, except that there are a hundreds of vaccinations instead of a handful of comboshots. (Thanks to Tommi for this apt analogy).

Common thought:
"Can't get to 100% => there's no point in this..."

Counter example from your parents when you were a baby:
"Our child is allergic to tetanus shot => let's forget all vaccinations"?

Surely not!

Every step helps.
Herd immunity is a thing.

I bring up herd immunity, because your privacy/security not only affects you and your data, but it also potentially affects all of your contacts - and vice versa. You might not be a target, but your former classmate on Facebook might be.

Even though everyone should know that security questions are silly, they are still in use. So what happens when your mother has her maiden name on display on Facebook and publicly posts a picture of you as a kid with your first pet at your childhood neighborhood with the text "Here's Billybob and his first pet Yeller"?

Well there goes 3 of your security questions out the window.

Contrived example combining all of those, but not too far-fetched or improbable for it to have happened to someone already. So make sure your parents' privacy settings are getting checked at least almost as often as you do your own.

Best method to handle ever-increasing demand for new things to remember: habits.

Think about learning stick shift on a car. At first you need to mentally be fully aware of every press of the clutch, how does the stick work, all those nuances and the tactile feedback. Then it becomes a habit.

Take one thing now. One thing that makes a positive effect on your privacy/security posture. For example go through your Facebook privacy settings, consider getting Freedome VPN and set it to autoconnect to a server in your country, separate your Google services to their own browser that you use solely for it, start using service-specific email addresses if you have your own domain or use address+alias in Gmail, etc.

It can be however small. Use it until it is a habit, instinctual. Then the next step.

Every. step. helps.

« Previous | Next »