Educating Friends and Family About Online Security
by BirdPerson
Being tuned into the hard realities of the modern digital surveillance state is a difficult thing.
Like many readers of 2600, you're constantly thinking about how the system works in coercive and suggestible ways to encourage passivity among the population. Every action you take is a measured one, a considered promise to act in a way that keeps you both safe online and invested in knowledge.
Yet I'm sure I speak for many readers when I say that it does, at times, feel like a lonely crusade for digital freedom. It may be true you have found your tribe with hacker communities and Mr. Robot fan boards, but there's a world of difference between distant, asynchronous online friendships versus ones made offline.
Sure, you're quite aware of the fact governments and corporations are keeping closer and closer tabs on you, but convincing friends and family to know these uncomfortable truths - let alone care about them enough to take action - is a tough task.
The fact remains that governments around the world are acting increasingly not just for their own reactive interests, but for the benefit of Big Data companies that really run our world. This is why consolidation of information is so important; there's no prize more valuable among governments than to know all about its citizens and to harvest that data in ways that make ruling institutions ever more powerful.
There's a problem with this theory, though. Where does that leave citizens, the people that make this data-as-commodity? And why is it important for them to care about how their data is being used?
Here are a few handy tips on how to get those people you care about to be engaged in this vital topic of personal freedom in the Digital Age.
They will say to you something along the lines of "I've got nothing to hide, so I don't care about the NSA monitoring emails."
We all know this is inherently false. Everyone has something to hide.
When you're talking to someone who isn't savvy with these issues, you need to place the concern in terms of what is right in front of them: data breaches and ransomware attacks are happening with increasing regularity. Black hat hackers are getting more and more daring in their attacks on ordinary people and are well-aware that the FBI and NSA are ill-equipped to handle all of these cases, much less a local police department. In other words, it is in everyone's personal (and financial) interest to protect themselves online.
What's more is that when someone says "I have nothing to hide," the expression itself is a misnomer: nobody has any personal interest in revealing their financial records, medical history, or pornography-surfing habits to the entire world. It's important to make it clear to people who say these things that personal freedom - along with all the tenets of that freedom - is not fixed in stone. It's a moving target with constantly shifting cultural goal posts, and to assume simply because you don't have a controversial political opinion that you will be taken off, say, a black hat's radar is dangerous thinking.
Don't berate them, but do make it clear that what they do, where they go, and what they spend is of great interest to those with sometimes less-than-honorable goals. Ask people point blank this analogy: would they keep their wallets open in public for people to see? Almost everyone will say no. So why would their Internet activities be any different?
They will say something along the lines of "I'm not interesting enough to be targeted by the NSA or Homeland Security."
As readers of 2600 know, everyone is of interest in some way to SIGINT-level organizations. This isn't because our opinions about President Donald Trump are particularly insightful (or hostile), or that CCTV cameras track our movements on a credit-crushing shopping spree somewhere.
What is different now is not just how much data is gathered, but how that information is contextualized across a variety of sources. What is legal today is not necessarily going to be legal in five years time. What is of no real consequence today in a political sense may be very relevant in the future. This is why Edward Snowden's revelations were so alarming to the hacker community; the real power of data is in how it is packaged to authorities.
In some ways, telling people to "get smart" about personal online freedom is no different than telling a teenager to not smoke cigarettes or binge drink on a Friday night. People tend to think only in the short-term and don't consider the long-term consequences of their actions. Given the culture of busy that the West loves to no end, it's sometimes asking a lot of people to think about online security.
Still, it's important to provide people with these facts and solutions:
1.) Unless you use add-ons like HTTPS Everywhere or Tor, every single URL you visit, email you send, or video you watch is logged somewhere. Far too many people believe they are anonymous online, and that's what the NSA is counting on. Tell your friends and family you'll even help them add on these tools if they're prepared to listen and learn about them. All it takes is some education and will.
2.) Encryption is not just for those dirty, rotten "cyber criminals" that news programs on major networks like NBC or ABC wax philosophical about. Tell your friends and family about why encrypting is really important and why governments have no right to read or intercept your email. Tell them about secure email services, OTR messaging, or Signal. Help them install these tools and show them why it is important. They don't need to become experts, but it has to be as simple and easy as possible for them.
3.) The underlying message of this section is this: people love technology because of how convenient it is. If it wasn't convenient, people wouldn't use a smartphone or tablet. Yet, if you can help friends and family make these security practices a part of their daily rituals and keep it simple, you're already well on your way.
All of this might sound like common sense to 2600 readers. At the same time, we are not in the majority when it comes to how we use technology. Most people want their smartphones to do what they're advertised to do and nothing else. Most people don't know how to fix a computer when it goes haywire or even update their security settings on a PC. This isn't a shot at ordinary folks, it's just a symptom of a culture that doesn't really want people to know computers.
Consider this: there are a lot of people out there who also believe the government is ultimately a force for good (debatable at best, especially in Biden's America) and that hackers are just a bunch of mom's-basement-dwelling criminals. Perception is often aligned against hackers and the tools we use.
We're in a battle not just for the future of the Internet, but also for people's hearts and minds. Ordinary people need to understand why hackers are important, and what we're doing.
If you can help educate your friends and family on these basic skills, we're going to win.
It's not as hard as you think, either.