Your Cybersecurity Self-Defense Cheat Sheet

Source: Slate.com | Jacob Brogan| February 1, 2017

What’s a man in the middle attack? Who’s advocating for better consumer protections? And more basics.

Key players

Nathan Freitas: Freitas founded the Guardian Project, which develops security-focused applications for mobile devices.

Eva Galperin: As director of cybersecurity for the Electronic Frontier Foundation, Galperin has researched malware and coordinated security training initiatives.

Matthew Mitchell: Mitchell works to help educate activists, especially in black communities, about encryption and cybersecurity.

Bruce Schneier: A cryptographer and privacy advocate, Schneier has written widely on questions of cybersecurity.

Edward Snowden: Famous for leaking a trove of NSA documents, Snowden has become a prominent voice in conversations about digital security and privacy.

Lingo

End-to-end encryption: A communications technology in which only the intended recipient of a message has the keys to decrypt it.

Man-in-the-middle attack: An approach in which a hacker poses as a user’s legitimate destination in order to intercept communications.

Privacy-enhancing technologies: Systems that block or otherwise restrain surveillance.

Phishing: An attempt, typically wide-ranging, to collect passwords and other sensitive data from unsuspecting users by impersonating a trusted source.

Spear phishing: An attempt to trick a specific individual into revealing compromising information via a targeted email.

Tor browser: A program that enables (relatively) secure and private browsing by passing communications through multiple layers of encryption. TOR stands for “the onion browser”—get it?

Two-factor authentication: A security technology that requires users to confirm their identity by a second means (other than username and password) before logging in to a site or service.

Virtual private network: A system that allows a user to remotely connect with another network, often facilitating encrypted interactions with the internet.

Debates

Corporate complicity: Many of us rely on Google, Apple, and their ilk to protect our accounts and information. Can we be sure that these companies have our best interests in mind when it comes to security and privacy?

Government involvement: As international, politicized hacking grows more common, governments may become more involved in private cybersecurity, potentially threatening individual privacy in the process. How much should we rely on political authorities as we work to reinforce our digital borders?

Human fallibility: Some security experts argue that humans are the “weakest link” in cybersecurity practices, but others counter that technology itself may be making things more difficult for them. Can we develop systems that won’t trip up reasonable, well-meaning people?

Inadequate tools: No one platform or technology is likely to meet all of a user’s cybersecurity needs, meaning that true peace of mind requires cobbling together a variety of awkwardly interlocked tools. Can we develop options that don’t require these clumsy assemblages? Will true cybersecurity remain out of reach for technological novices?

Inconvenience: Many of the most robust cybersecurity technologies also make it harder to use the internet. Can we guarantee our safety without sacrificing the things that make the internet fun to use?

Further readings

“A Cellphone Rights Guide for Trump Inauguration Protesters and Women’s Marchers” by Molly Olmstead: If you’re heading out to protest—whatever the reason—you’d do well to know how to protect all of the information on your phone.

Data and Goliath by Bruce Schneier: In this accessible volume, Schneier discusses the strategies that both companies and governments use to collect information about you.

Dragnet Nation by Julia Angwin: Angwin experiments with some of the techniques that we can use to push back against pervasive and intrusive surveillance.

“Five Best VPN Service Providers” by Alan Henry: Everyone has different cybersecurity needs, but this well-researched list from Lifehacker offers a range of options that will work for most.

“Inside ‘Eligible Receiver’ ” by Fred Kaplan: Back in 1997, the NSA conducted a simulated hack of the U.S. military, proving in the process that it’s disturbingly easy to compromise a powerful organization by exploiting the cybersecurity slip-ups of individual members.

“Surveillance Self-Defense Guide” from the Electronic Freedom Foundation: This comprehensive guide offers instructions for everything from making a secure password to using secure messaging apps.