How paranoid is too paranoid when it comes to privacy and security?

[tao]

End-to-end encryption is the new security mantra, but how far will you go to foil the thought police?

 

It's difficult to maintain a healthy level of paranoia when some days it feels like we're living in a gritty reboot of 1984. Revelations of western security agencies systematically spying on their own citizens have driven many people to embrace personal encryption tools, yet at the same time social media has bred a generation of oversharers who seem happy to trade their privacy for magic beans.

 

Some people wear tin foil hats to avoid government mind probes, while others write their passwords on post-it notes for all the world to see. Most of us sit somewhere in the middle, swinging between vigilance and complacency as we navigate the challenges of modern technology.

 

Nothing to hide?

It's often said that if you've got nothing to hide then you've got nothing to fear, but that's a dangerous attitude. It downplays legitimate fears and makes it easier for the powers that be to gradually erode civil liberties to the point where we all have something to fear – at which point it's too late.

 

So where do you draw your own line in the sand? I think you need to start by defining the problem; exactly what are you afraid of, realistically what's the likelihood of those things happening to you, and how serious are the consequences if they do? Once you have level-headed answers to these questions you can start to think about the best precautions.

 

These days the words "privacy" and "security" are almost used interchangeably, they're closely related but they don't quite mean the same thing. The way I see it, security is the reason you lock your front door at night, while privacy is the reason you draw the curtains.

You can also break data security into two components; keeping your files locked away so others can't get them (let's call this "data security"), and keeping your files safe so you don't lose them (let's call this "data integrity"). Data security requires strong locks, while data integrity requires a robust backup regime.

 

Everything to lose?

To be honest I'm primarily concerned about data integrity, followed by security and finally privacy. In most cases losing a file would be much worse than it falling into the wrong hands. Technical disasters are my biggest realistic threat and the consequences could be significant, which is why I'm so paranoid when it comes to maintaining multiple backup systems.

 

Backups aside, realistically I'm  more concerned about hackers breaking into my computer and data, perhaps as part of a ransomware attack, than I am concerned about government spooks rummaging through my digital life. Keep in mind that spooks don't necessarily "break" into your accounts, instead they tend to slip in the back door.

 

You might have different priorities, but I primarily focus on sensible security precautions like healthy password habits and employing extra security precautions such as two-factor authentication and Virtual Private Networks when using an untrusted connection.

If I was more concerned about privacy I'd place a greater emphasis on issues like end-to-end encryption for email, browsing and instant messaging, in order to keep my communications and other activities safe from prying eyes.

 

Everyone onboard?

Of course poor privacy can be a security threat, and vice versa, which is why I'm starting to evaluate secure communications services. There are plenty of options, from PGP-based email encryption like Witopia's SecureMyEmail to encrypted instant messaging tools like Signal, which is adding secure video calls.

 

The trouble is that the person on the other end of the conversation also needs to use these tools in order for you to communicate securely – which is a problem if most of the people that you deal with aren't as concerned about security as you are. Like communications tools in general, your secure comms ecosystem can become a fragmented mess – perhaps making it more trouble than it's worth.

What do you see as the most significant threats to your data privacy, security and integrity? What precautions have you taken to stay safe?

 

Ref:  < http://www.smh.com.au/technology/gadgets-on-the-go/how-paranoid-is-too-paranoid-when-it-comes-to-privacy-and-security-20170216-guf0h1.html >

 

 

 

[Batu69]

Moved from security & privacy news forum.

[straycat19]

On a business/corporate/government level it pays to be paranoid.  On a personal level it pays to be very security conscious.  The problems encountered in one environment are not necessarily the ones that need to be guarded against in the other.  Private networks can and do establish policies and procedures that alleviate the problems found by common internet users because they control access to websites and software.  Internet users on the other hand have no clue usually to what they are saying yes to, downloading, installing, or what the sites they are visiting may do to their systems.  Most threats to individual users come in the form of malware that they have to be convinced to download and run.  A large source of that is from warez that is spread across the internet.  For that reason a good security measure would be to be extremely paranoid and run anything you download in a clean VM and see what it does.  This includes scanning the VM with several different malware detector/cleaners, rootkit scanners, etc.  That ensures that if you really want to run the software on  your production system (the one you use daily to do normal tasks) that it is clean and will not trash your systems.  It really does pay to be paranoid if you are really interested in the security of your data and system.  If you can afford it, a good NAS that is attached thru the network and not USB that can be protected by a secure login and network restricted access (either by MAC or IP) can provide exceptional secure storage for all your data (account logins, pictures, music, software, etc) .  Nothing is free, so the more security you want the more you have to spend.  But in the end the old adage "an ounce of prevention is worth a pound of cure" will prove to be true.

[steven36]

1 hour ago, straycat19 said:

 If you can afford it, a good NAS that is attached thru the network and not USB that can be protected by a secure login and network restricted access (either by MAC or IP) can provide exceptional secure storage for all your data (account logins, pictures, music, software, etc) .  Nothing is free, so the more security you want the more you have to spend.  But in the end the old adage "an ounce of prevention is worth a pound of cure" will prove to be true.

Did you forget what site you're on again ? most cant afford it. they cant even afford 5  bucks a month for a good vpn to keep there data encrypted . Many come here to download warez and free winders and the giveaways they dont come here to read the news even . 

 

Most non computer savvy people at home have to had been infected a time or two too even get them to use free protection . That's why businesses have such a hard time keeping secure  most of there workers are everyday users and not security experts if you  was too tell most people i know in real life what you just said it would be like speaking in Chinese to them.

 

If everyone was security experts they be no need for IT's at work they could tell any employ too do it . Its not i dont agree that you should be paranoid  its just its not reality to everyday users.  but it' is   to computer savvy people only.  The masses dont care about ether . What us computer geeks find interesting most find it boring.. the masses only want  too pay there bills,  and watch videos and gossip on Facebook witch is very public and not private at all.  I  was a tech in several plants and it took several different kinds of techs that done different things then you had normal workers who were paid less who only know how to work but they could not fix or change a thing .

 

 

Even  the biggest Windows forums there is dont have many people on them at all  compared too the actual  amount  of windows users that only know how to turn a PC on. .