Fourth rule of the internet


in Economics, Geek stuff, Internet matters, Politics, Security

A somewhat obvious rule of internet security to add to the first three:

  1. Against a sophisticated attacker, nothing connected to the internet is secure.
  2. Everything is internet now.
  3. You should probably worry more about being attacked online by your own government than by any other organization.
  4. Sensitive data about you is largely on the computers of other people who care little about your security.

Equifax is getting lots of attention right now, but consider also Deloitte, Adobe, Stratfor, Blizzard, LinkedIn, DropBox, Ashley Madison,, Snapchat, Adult Friend Finder, Patreon, Forbes, Yahoo, and countless others.

As Bruce Schneier points out, the only plausible path to reduce such breaches is for governments to make them far more painful and costly for corporations.

{ 13 comments… read them below or add one }

. November 11, 2017 at 4:17 pm

Connections like these seem inexplicable if you assume Facebook only knows what you’ve told it about yourself. They’re less mysterious if you know about the other file Facebook keeps on you—one that you can’t see or control.

Behind the Facebook profile you’ve built for yourself is another one, a shadow profile, built from the inboxes and smartphones of other Facebook users. Contact information you’ve never given the network gets associated with your account, making it easier for Facebook to more completely map your social connections.

Having issued this warning, and having acknowledged that people in your address book may not necessarily want to be connected to you, Facebook will then do exactly what it warned you not to do. If you agree to share your contacts, every piece of contact data you possess will go to Facebook, and the network will then use it to try to search for connections between everyone you know, no matter how slightly—and you won’t see it happen.

That accumulation of contact data from hundreds of people means that Facebook probably knows every address you’ve ever lived at, every email address you’ve ever used, every landline and cell phone number you’ve ever been associated with, all of your nicknames, any social network profiles associated with you, all your former instant message accounts, and anything else someone might have added about you to their phone book.

Facebook Shadow Profiles: What You Need to Know

. January 28, 2018 at 5:23 pm

Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company.

The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others.

The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.

However, over the weekend military analysts noticed that the map is also detailed enough that it potentially gives away extremely sensitive information about a subset of Strava users: military personnel on active service.

. May 22, 2019 at 5:58 pm
. December 5, 2019 at 8:37 pm

Evernote Gave Dark Web Dealer’s Notes to the DEA

As part of a dark web investigation, Evernote handed over a suspect’s notes stored on the company’s servers.

. December 19, 2019 at 4:28 pm

LifeLabs users wise to worry about fraud, ID theft after mass data breach say experts

‘Identify theft will invariably arise,’ says former Ontario privacy commissioner

. January 8, 2020 at 7:04 pm

Ring Fired Employees for Watching Customer Videos

“We are aware of incidents discussed below where employees violated our policies,” a letter from Ring obtained by Motherboard reads.

. February 14, 2020 at 7:51 pm
. August 19, 2020 at 10:55 pm

CRA shuts down online services after thousands of accounts breached in cyberattacks | CBC News

. August 19, 2020 at 11:13 pm

Thousands of CRA accounts breached following pair of cyberattacks | CBC News

. October 19, 2020 at 7:50 pm

3 TB of Private Webcam/Home Security Video Leaked on Porn Sites – Slashdot

. October 19, 2020 at 8:06 pm

How smart devices are exploited for domestic abuse – BBC News

. October 26, 2020 at 5:30 pm

‘Shocking’ hack of psychotherapy records in Finland affects thousands

Distressed patients flood support services after hack of private firm Vastaamo

. December 14, 2021 at 3:05 am

Leave a Comment

Previous post:

Next post: