Who’s the real Threat to your Security? Rogue Hackers vs. the Government
They both want your information, and they’re both willing to do anything, no matter how corrupt, to get it.
It's both of them against YOU.
Luckily, they don't work together, so at least we don't need to deal with them teaming up against us very much.
Instead, we get rogue hackers who want to get your information so that they can steal your identity and make a bunch of money off you. This is certainly troublesome, but they're easy to thwart. They rely on you being ignorant of scams or phishing attempts, or target only one person at a time, if they're going for breaking into an account or something.
Miniscule numbers of people with limited resources, who have a small focus. Hardly a threat to anyone with even a bit of cyber-security skill. A lot of people try to be secure because they fear this sort of hacker, but the main targets of rogue hackers are popular servers or people known to be wealthy. Most people will never be directly targeted by a hacker who’s working alone.
And in contrast, we've got the government to deal with. The government, including organizations like the NSA in the USA or the BND in Germany, want your information for the sake of "security". They want to read your messages, know your plans, see what you're doing with your money, and make sure that you don't step out of line.
Programs like PRISM are designed to monitor people's internet transmissions, rendering us complacent.
How can you complain about government in any real way if you know they're watching you?
You can't even organize a protest without a government knowing everything about it.
This is a severe invasion of privacy, which is truly unacceptable in a sane society.
But that's not the only horrifying problem. What of our only defense, encryption?
Powerful encryption algorithms can stop a rogue hacker easily. They don't have the resources to break through it. A rogue hacker can't spend millions on powerful decryption oriented super-computers, nor can they get organizations to willingly implement backdoors in algorithms.
But the government can. They can use legal force to extract records from server owners, they can convince larger corporations to include a backdoor, in the name of "what if a terrorist uses this service", and can generally do whatever they want to get information. They have the power to convince anyone to do anything.
A server owner can either choose to nuke the server and stop the whole thing, but still risk jail or fines, or they can comply, and give up the data, making all attempts at having kept ourselves secure pointless. What good is encryption if there's a backdoor that the biggest threat to us can use? What good is using a trusted service like a VPN or email server if the owner will cave to government demands? No good at all.
They can track IPs with this power, see who does what, even if they're trying to be anonymous or private, and go to lengths a rogue hacker can never reach. Even VPNs, which could provide security, aren't very effective when it comes to avoiding government tracking. If you pay for them, there's a money trail, be it bank or bitcoin, and even if you use something like TOR to become anonymous, you never really know if it's 100% secure.
This sort of power discrepancy is chilling and nightmarish. It means you can't really know if you're secure. All your emails are tracked, so using your email to sign up for a website, such as Poloniex, means that your email account is now linked with cryptocurrency exchange stuff, which is then linked with your Steemit account, which means that this "censorship resistant" platform is meaningless.
Who would dare radically speak out against a government, or mention certain unmentionable topics, if they know that they're being tracked, and can be "disappeared"?
No one.
And that's the beginning of self-censorship, a form of censorship that no one notices. Unlike a Streisand-Effect occurring, where people suddenly realize something that was there is missing, self-censorship means nothing was ever there. It means you're too scared to even mention a controversial subject.
So in conclusion, when it comes to hackers and creeps on the internet, a random rogue hacker might be a real pain in the butt, but the real threat comes from an oppressive government that wants to record all that you do for the sake of security.
This article is written by @heretickitten. She's a coauthor and 100% of the SBD goes to her. This article is part of Steemit Crypto Challenge. We will post more about the world of encryption and ciphers, so that you are prepared for the puzzles. Don't miss the Steemit Crypto Challenge.
[Follow @heretickitten and remember to upvote.]
A personal reason that I wrote this article is because I know a lot of people who want me to use a more mainstream messaging application. Be it Discord, Telegram, Facebook or whatever, and I just don't trust those!
Some of them have encryption, but want my phone number, some are just unencrypted, which means the government can easily read whatever I write, and some are closed source, meaning I can't verify personally if the encryption algorithms are safe.
Except for Pidgin, OTR and XMPP.
Pidgin is GPL, OTR is GPL and XMPP is an open standard, and my personal server uses Prosody, also GPL. Used together, I feel like I'm actually communicating privately, without much fear that I'm being spied on effectively.
That means I can read the code of all the software I'm using to communicate with people, and personally verify that it's safe, and that there's no deliberate backdoor or other security flaw.
Well those apps are all good. But there is still the issue with metadata. That is even a thing for Tor messenger. I use Ricochet. As far as i know the most anonymous and secure messenger. When i am a place where i am not allowed to use Tor i go for cryptocat.
Great post, you're absolutely right about the government being the bad guys here. The only solution is to create a new, decentralized internet. The guys from Maidsafe are doing just that. I would normally never promote a post of my own in a comment, but I'm going to make an exception for this one.
I explored the different possibilities we have to get rid of internet surveillance and achieve anonymity on the net. I would love your opinion on it as well.
There is a difference. Criminals will steal anything which isn't bolted down and try to get some kind of financial gain. The government, for the most part really doesn't care about 99.9% of Americans data. We aren't that interesting or important!
Yea, I know you all thought you were so important nation states around the world were after you. Well, they are not. You need to get over yourself. Seriously. Set the conspiracy theories aside and just apply logic.
Out of all the threats in the world, those who would harm the people, government, national stability, armed forces, and critical infrastructure of the United States, you think they would waste their time reading your phone bill, tracking your location, or listening to your voicemail? Even if they did have a copy, do you think someone, even some lowly intern would take 2 seconds out of their life to read it? No.
Government, including intelligence agencies, are made up of people too. In the U.S., those people are Americans. Big surprise! If you were in such a role and had the job (with deliverables, timelines, stress, kids, spouse, soccer games on the weekend, etc.) would you be looking at everyday peoples utility bills, blog posts, or video of them shopping at the mall? No.
If you were someone important, a threat to others, criminal, etc. they might. But not you. Not me. So go find some other conspiracy to talk about around the internet campfire.
The reality is that the NSA is actually is spying on the citizens.
That's all there is to it.
They could do something with the information they're recording and saving in servers, or they might not.
Either way, I plan to take steps to prevent them from spying on me. That sort of behavior is unethical, and I won't allow it, no matter if they're actually reading my conversations or not.
That is like saying because I walk through the park or shopping mall, I am spying on people. Nope. Just going about my business. There is a difference.
But you could be. Some crazy people really do walk through the mall with cameras hidden in their buttons, or use their phones.
How do you know the government isn't doing the same? They've been caught many times before. Look at cell site simulators (IMSI Catchers, which I did an article about), in the UK and US they're used without a warrant, usually without any reason to suspect something.
They're watching you, it doesn't matter if you're not a terrorist. Did you not hear about them spying on Yahoo webcams? They found that a stupidly high percentage of the cams were all sex, and ended up having to write software to warn their monitoring people of suspected nudity, and yet they still continued to sift through endless dicks for a long time (and probably still do), and probably found absolutely nothing worthwhile, other than lots and lots of nude men. (if that isn't invasion of privacy, what is?)
Pretty paranoid. Is that really a concern? Just because something is possible or some minute percentage is doing it, does not mean it should really concern you. There is a chance you will get struck by lightning or get zapped from errant telecom microwave transmissions, but it does not mean we should all be wearing tinfoil hats. Again, lets separate 'what could be' from real concerns of risk.
If you really believed the random pervs at the mall may have button cameras or are recording on their cell phones, do you avoid all public places? Probably not. Which means your assessment of the risk (risk of impact) is not sufficient to change your behaviors.
And lets take the Stingray equipment, not that I agree with the practice, but does it really matter to you and I? Those things are crazy expensive, so they don't deploy them all that often. And if you were the police, with limited resources, would you use them on active investigations of criminals or just set one up to browse who people are calling? (doesn't listen to the conversation) Really? Out of all the risks in my day, getting in my car is probably the highest, this does not even rank. I doubt they care anymore than tracking what color shoes I wear.
I am not saying privacy is not being abused, but again we must define like anything else, what is an acceptable risk. Just like getting into my car, drinking scotch, smoking a cigar. Huge risk of getting killed, in comparison to other activities, but I do it anyways knowing and accepting the risk. Same situation here. Screaming that malls and public places are ripe with privacy violations is just as crazy as saying some spy agency is interested in knowing the type of underwear you buy. They could find out if they wanted, but the simple fact is THEY DON'T CARE!
Having your identity stolen is scary but i would be far more afraid of those that can legally imprison you/torture you/kill you
Yeah, if a hacker screws you over, the next step is to use the government to stop them so you can get your identity and money back.
A government's job should be to protect people when they ask for it, and then step back after the crime is solved. But governments don't do this, so... anarchy. >=3
Great stuff my friend :))) its nice to get exposure for her!
She's great and deserves it. Hope this will help her
The government is definitely the bigger threat to cybersecurity. Individual hackers may have far more skill than the people employed by the NSA, but the NSA has billions of dollars in resources. They have whole server farms dedicated to finding TOR exit nodes, just so they know who YOU are and what YOU'RE doing. The best solution, Jabber, secure email such as Sigaint, TOR, VPN, Virtual Machines, Tails OS, and if you insist on using Firefox (as I do sometimes), there are a number of add-on that combine to make your IP address and browser fingerprint virtually undetectable. Is this all something the average person can do? No, it takes knowledge of hypertext, IP addresses and how packets are routed. But with a little persistence, and far less money and time than the NSA spends spying on you, it is possible to become completely anonymous.
Well for the average person it is indeed a little to much to use Tails OS. It is not really for day to day use. Not to promote my own stuff here. But i made a small tutorial a week ago for using Whonix client and gateway in combinations with veracrypt, vpn and more. I know this is the way hackers roam the web. And personally i feel very anonymous in in my whonix vm :)
https://steemit.com/steemit/@disofdis/dod-or-tutorial-or-i-have-nothing-to-hide-but-i-like-to-or-5-steps
Whonix or Tails is kind of a toss up for me, they are both very good and have pros and cons. I just like tails because I keep it on an encrypted flash drive, my PC won't start without the flash drive plugged in. I also have a FF virtual box I created with a basically undetectable fingerprint, kinda like Antidetect but without the cost. Very effective.
Great Points about the current dilema!!!
I tend to agree with you completely governments do tend to be the biggest snoops, facebook and google give me the shivers which is why I do not facebook and I use DuckDuckGo for my searches.
Are you aware that your ISP knows everything about you, no matter what browser you use?