Security on the Net: There's No Such Thing
An email discussion about Privacy with Edith Frost
And you thought rock chicks were helpless? Edith Frost has not only recorded a number of marvelous CDs for Drag City, but she’s also been an internet aficionado for years. She was the first person to challenge Kristin to forget those web software programs and “learn the code” (HTML, that is) and just recently showed Jenny her two computer system. As someone who’s interested in Internet security and other music/tech musings, she’s been nice enough to prep us all by providing us with the basics. Linux fans, take note!
J: You own several computers. There is one that you do not use to access the Internet. Why is that?
E: Well, if you don’t count the BROKEN computer I have laying around, then yes I do have one that I use to connect to the ‘net and another that I use for storing stuff. (They’re only connected by “sneakernet”, i.e. transferring files using floppy disks.) I’ve done a lot of reading about security on the net and came to the conclusion that there’s no such thing. If you connect to the net at all, you’re vulnerable to someone or something breaking into your system. You could spend all your time figuring out how to keep the kiddies away, or you could just make it easy on yourself by keeping your data somewhere else, and shutting down all unneeded services on the machine you do use to connect. Not that I have anything much to hide, but I sure like the idea of privacy!
J: How vulnerable are our hard drives to prying eyes?
E: I’m just a layman, not a security expert, but I would say
that probably 90% of the computers out there are pretty much hanging in
the breeze. The default installation of Windows leaves you with a completely
open system, so anybody who notices your computer online can come right
in (via file sharing) and look around all they want, no password needed.
You won’t know they’re there and you won’t know they’re there using your
resources until you notice there’s no room left on your hard drive, your
computer’s running slower than Christmas, and you get nasty e-mails from
people claiming that you’re hosting a pornography site on your machine!
You have more to lose than just your data, you see. I would recommend
that everybody who’s interested in finding out what they “look like” to
the outside world visit the following URL:
J: What do you think about the Real Jukebox issue where a company said that it was respecting the privacy of its customers and then secretly mined their computers for information?
E: I think it was a bad mistake on the part of Real.com. They got found out, and they fixed the issue immediately, so… it doesn’t help their reputation but at least they admitted what they’d done. I think people may have gone a little overboard in their reactions to this, but whatever, it’s over now. RealAudio has been around since the beginning of the ‘net as we know it. They’ve always given away their players for free and I can certainly support that! I think the problem happened due to an oversight on their part, an ASSUMPTION that was made about what folks want to be told about exactly what their software is doing. I’m sure they won’t make that mistake again!
J: What about computer viruses; have you experienced them?
E: Hmmm… the last virus I know I had was on a work computer in 1993, the “monkey virus”. I found out very quickly how dangerous it is to trade floppy disks with other people. Since then I simply don’t use other people’s floppies, and don’t download anything that I don’t trust. I also never open file attachments that people send me by e-mail. Haven’t had a problem since (knock on wood). Linux, by the way, is much less prone to viruses than Windows! (There you go, another plug for Linux.)
J: Do you purchase items over the Internet using your credit card?
E: I have in the past, though I wouldn’t do it every day. I don’t see it as a super great risk compared to handing your card to a waiter in a restaurant, or giving out your number from a cordless phone. If you watch your statements, and if the credit card company is responsible for paying anything you didn’t charge yourself, then, well… it’s a risk, but what isn’t?
J: What are some easy ways to keep your data safe?
E: If you have something that MUST be kept private, then the only way I know of to protect that privacy is to use strong encryption, as in PGP (Pretty Good Privacy) or a similar scheme. And, make sure the computer you store that data on is protected from prying eyes and wandering fingers. Figure out who you need to protect yourself from (your family? your coworkers? the internet?). Use different passwords so that if one gets cracked, the rest of your system won’t come down with it. PROTECT your passwords and change them regularly. Read up on security and do whatever it takes to reach a level of safety that you can be comfortable with. Life itself is a dangerous business. You don’t walk down a dark alley without being prepared for the possibility that somebody might attack you. People need to take the same attitude when they connect to the internet.
Thanks, Edith!