You Have the Right to Remain Visible

Ryan Heaton said...

You may be interested to know about Bruce Schneier’s thoughts on wireless security:

http://www.schneier.com/blog/archives/2008/01/my_open_wireles_1.html

He’s not apparently as concerned about it as you are. Personally, I tend to lean more towards his philosophy.

February 9, 2008 6:09 am #

James said...

My wireless router has the ability to configure two seperate SSID’s, one for my own private network, and one for guest access. My neighbor can log in to the guest access and use the Internet, while I still am on a seperate network! Of course, anyone can setup a simple firewall to protect their home network

Beyond that, I make certain to be careful who I give my credit card number to. Though I don’t worry about it too much. I assume that anything I post or do on the Internet is public information if it is not encrypted (properly, too). If I really want anonymity, I use TOR in (In combinations with encytion- encryption is a MUST for TOR usage!)

-James Lee Vann

February 9, 2008 7:09 am #

alandd said...

Many protections, both for your data and personal information, can be found in the http://www.internetsafetypodcast.com.

I’m highly technical but am still learning from their presentations. They explain technical information in an easy to understand manner. Great to listen to on your commute and then listen again at home while you implement their advice.

I’m not associated with the podcast at all. Just a satisfied listener.

February 9, 2008 8:17 am #

Kevin Schlag said...

>

Bruce Schneier made a good point a few weeks ago about hardening your computer no matter what network it’s on:

“If I configure my computer to be secure regardless of the network it’s on, then it simply doesn’t matter. And if my computer isn’t secure on a public network, securing my own network isn’t going to reduce my risk very much.”

(from http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0110)

There’s also the issue of credit cards. When we use a credit card to pay for a meal at a restaurant, we have no idea what the server does with it between the time they take it from our table and return it to us.

I guess my point is non-digital or digital assets often have the same potential to be compromised. As a recently called bishop, I’m amazed at how much mail I receive from the Church, and I wonder why almost all of it can’t be sent via email. The argument I often hear is that email isn’t secure. But we assume that the regular postal mail is secure.

I think far more people have access to my mailbox out on the street than my own email inbox (we’ve actually had some mail stolen, and sometimes our mail ends up on the ground, or in the driveway). There’s a much greater chance for my kids to open a letter addressed to me than to read my email.

February 9, 2008 8:48 am #

Alex Esplin said...

My home wireless network is secured both by WPA and MAC address filtering. Only my laptop and my wife’s laptop can connect, and only with a very long, very secure passphrase.

If I’m not on my home wireless network, or my work wireless network (both of which I know are secure) I don’t visit any site where I wouldn’t like someone pretending they’re me. No eBay, Amazon, or anything of the sort. If I’m on a wired connection and the site asking me fore financial information isn’t using SSL or some other form of secure protocol for transport of my info to they’re server, I go elsewhere.

The main thing is for those of us who know better to help along those who don’t. I’m working on my parents, and on my wife’s parents, so we’ll see if we can make progress a little bit at a time.

February 9, 2008 12:03 pm #

Tim Malone said...

Hi Joel,

Good post. In it you wrote, “I’m about as technical as the sole of an old shoe.” Oh come on, Joel. You’re saying that as the CIO of the church you don’t have at least some technical ability in this area? I find that hard to believe. Unless working at Microsoft all those years numbed your technical savvy, that must have been written tongue in cheek.

Seriously, you raise a good point. So many are naive when it comes to protecting their personal home computers from the internet. I have had similar experiences in seeing many open computers when firing up my laptop at home or when travelling. It’s just that people don’t know about encryption.

What’s worse is people who have only one computer in their home which is directly connected to the DSL or cable *without* the firewall turned on. They have no clue that their anti-virus expired months ago and that they have become compromised. They wonder why their computer is so slow. It’s because it has become a ‘zombie’ and is sending out tons of spam under another’s control.

I know because I see this all the time. As a computer professional I get calls from people in my ward struggling with this problem in particular. I do not charge for helping them out. I think of the Lord’s admonition, “Inasmuch as ye have done it unto one of the least of these my brethren, ye have done it onto me.” It’s kind of like an extension of home teaching service.

To answer your question about precautions, here is a short list:

1. Use a firewall. Either make sure the Microsoft firewall is enabled on your XP or Vista machine or use an external firewall. Most people who have a LinkSys wireless router have a firewall and don’t know it. Just make sure it is turned on. It is usually on by default so if you haven’t changed it, don’t worry about it.

2. Clear your cache on a regular basis. It is a simple mater to push the button in Internet Explorer or Firefox but again, most people don’t know how. It’s just a matter of education. I find that the kids in the family know all about it because they don’t want mom and dad to know what sites they have been visiting.

3. Keep your Anti-Virus and Anti-Spyware solutions up to date. I know it is a mystery to so many home users but it shouldn’t be. They get that new computer for Christmas but don’t realize that that the Anti-virus software is a subscription based product that is only good for three months. I can always count on getting calls in April from people who learn this the hard way.

4. Make sure that you only use your credit card number online with secure sites. Today, almost all sites that take credit cards use some method of secure encryption. Never transact online business with companies that do not use encryption. If you see the little padlock in the corner of your browser when you are buying something online, then it is probably secure.

5. If you store lists of credit card numbers or other personal information on your computer in a spreadsheet, consider encrypting that particular spreadsheet. It’s not hard to do but most people don’t know how to do it. If you use a popular personal financial program like Quicken or MS Money, you can be sure that your financial information stored in the program is encrypted.

6. If you suspect that your Internet Service Provider is tracking the websites you visit, consider changing to another one that does not. In most American communities there are at least three choices for getting on the internet - cable, DSL and now fiber. There are usually a number of small local ISPs that compete with the cable company or phone company. Check it out.

There are more things you can do to protect your digital assets but these are the most common that any home computer user can do. I wish I knew more about how internet access and security (or the lack thereof) works in other countries but that’s been my experience here in the United States.

Tim Malone, MCSE - Camarillo, CA - 3tcm.net

February 9, 2008 2:27 pm #

Buster Blocker said...

Simple. I use Macintosh - just like the military is starting to do. No adware, no spyware, no virus problems. One scan of Secunia.com shows fewer security worries for Mac than anything Windows based, so that about says it all.

February 9, 2008 7:42 pm #

R. Alvez said...

My home network is double firewalled (meaning, I have a firewall at the router and one at each of the computers in the network), so we could say I do run my systems in “paranoid mode”

Since I do not provide services outside the LAN to the web (I do not need to) I’m 100% invisible to the “outside world”. In my firewall I never use ‘deny’ but ‘drop’ packets, so for scanners my machine does not exist.

As per my WiFi I use the same approach as Alex Esplin (above) using WPA and Hardware address (or MAC address) to allow access to the LAN. i do not use a WiFi router, but an access point. The difference being that the access point is a specific address in the LAN though which any machine trying to access the network has to authenticate and match up 1) ESSID 2) WPA and 3) have a valid MAC address. On top of that I use a feature referred to as “not promoting” by which your router/access point is effectively hiding itself from WiFi scanners. This means that anyone trying to find my ESSID ( required to log in ) has to get it from me.

I think that in therms of protection that is good enough … but I’m considering to encrypt transmission in a not distant future … when I can devote the time out of coding to apply encryption

February 10, 2008 4:46 pm #

Scott Chester » Joel Dehlin: You Have the Right to Remain Visible said...

[…] In response to: Joel Dehlin: You Have the Right to Remain Visible […]

February 10, 2008 11:55 pm #

Dan Peay said...

I appreciate the questions Bro Dehlin poses, because it prompts me to think through areas where I should be more vigilant. I also appreciate the comments. I do have a couple spreadsheets that I should store encrypted. On one hand, knowing that everywhere you go electronically could be publicly accessible might keep me from visiting places I don’t need to be wasting my time on. I also respect privacy laws and practices and with a housefull of daughters, I try to be very vigilant in continually teaching them. A couple of my older children use a popular site where public information is shared. We are very selective in choosing these, and careful about the information, friend connections, and photo’s. (We are NOT myspace fans) I’m linked in as friend and check in from time to time.

Bottom line, let’s remember that all this innovation and access to information is to assist the building of the Kingdom on earth. I try to keep that focus and am grateful for inspired leaders who have embraced technology to do good.

February 11, 2008 10:43 am #

Blaine Wilson said...

I know a number of people who store passwords, pin numbers, account numbers, and such in plain text files on their desktop machines or handheld devices. This never ceases to amaze me.

There are a lot of great tools out there that solve this issue. I worked at an application developer for a number of years, SplashData (splashdata.com), who creates a great product that stores this sensitive info, encrypted, on handheld and desktop machines. So, no matter where I am, I have all my membership numbers, credit card numbers, bank accounts, web logins, family SSNs, and insurance numbers all secure and encrypted on my handheld. SplashID is the name of the product, and it works on Windows and Mac. (Mac version syncs with Palm only. Windows version syncs with Palm/BlackBerry/or Windows Mobile.) You can also use SplashID standalone if you don’t have a handheld device. There are also other products out there that provide similar functionality. (Note: I no longer work for SplashData, so this is not posted to further my interests.)

In regards to Buster Blocker…. Macintosh. That’s what I use as well, and have definitely enjoyed the virus-free life over the years. However, I still end up rebuilding friends’ virus infected XP machines. As Macs become more popular, I suspect we’ll see some viruses appear though…

February 11, 2008 10:55 am #

Mario Hipol said...

I think that with a little research and common sense it isn’t too hard to protect yourself from the hackers that are out there. The truth is the best thing someone can do to protect themselves is ask for help. There is usually at least one or two people in a ward or friends with someone who can secure your network, turn on your firewall and filter your cookie access.

I recommend encouraging your bishop to have someone hold a class or fireside and spread the word. It’s similar to missionary work…nothing gets done until you open your mouth.

February 12, 2008 3:13 pm #

Joel said...

Many computers systems now, especially the most recent technology have some protections ON by default (computer firewalls, browser privacy settings).

Once simple way I protect my home wireless network is by making it ‘invisible,’ i.e., I don’t broadcast my network name.

While I believe being aware of these issues is important, I’d caution against paranoia. Real privacy issues lie with a minor point made in your post - companies legally selling your information (ISPs are only one example, think super market bargin cards, credit reporting agencies, etc…)

February 14, 2008 2:17 pm #

Josef Nielsen said...

One great point I share with everyone is about passwords. Although it makes life easy, you should never use the “one password fits all” approach. I know of many people (and I’m guilty of it in the past myself!) who use the same password for their online banking as they do for their email account, as well as amazon, ebay, and other online vendors.

While there is not as much to worry about with larger vendors, I always use a one-time password with a small vendor, especially if I do not think I’ll buy anything from them again… Some small vendors store your passwords in clear text. An unscrupulous employee can grab your password, phone number, address, CC#, and email account, and start looking like you in no time. I know many people who have had this happen to them, and it has happened to me as well…

Never “sign-up” for an account to buys something if there is a “guest” option, and avoid keeping a CC# on-file with an account if possible. The inconvenience of filling out that silly CC# form again is worth the peice of mind and security!

jn

March 17, 2008 8:49 am #