Having The Talk About Security With Your Family
It’s the most painful time of the year, when millions of us go home for the holidays and get accosted by relatives desperate for tech support. Our civilian brethren are going to be looking for advice about security and privacy, and, this year, perhaps more than any other in recent memory, it’s vital that we get the right information to them.
The Internet is full of security advice, 98% of which is pablum. And that’s being charitable. It essentially boils down to keeping your antimalware updated, not clicking on links from weirdos, and creating a complex password. That’s the equivalent of your aunt telling you to take vitamin C and wear a scarf. It can’t hurt, but it’s not going to stop anything that matters. So with that in mind, here’s some recommendations for how to have The Talk about security with your friends and relatives this year. It might be painful, but at least it’s painful.
Q: Should I be encrypting things? If so, which things?
A: Yes. And, it’s complicated. For most people, encrypting files and backups is likely the most important move. (This assumes that you have backups. Please have backups.) But for most of the rest of it, you have to rely on the services and companies you do business with. What you’re really interested in is an encrypted connection between you and the websites you're visiting, like your bank or the retailers you like. Mostly that’s out of your control, because it’s up to the site you’re visiting to enable HTTPS. But there are browser extensions, such as HTTPS Everywhere, that will force a secure connection to any site that offers one. Use that.
Q: Is it safe to shop or bank online? The TV said Russia stole my wallet.
A: Russia didn’t steal your wallet, unless you were actually in Russia. And even then, no. But in general, yes it’s quite safe to bank and shop online. If you’re on an encrypted connection and visiting a reputable site, you should be fine. Attackers can intercept your traffic on unencrypted connections and snag your credit card number, but nearly all legitimate retail or banking sites use HTTPS at this point. If an attacker goes after a retailer or a bank and gets your information, you’ll be reimbursed or compensated. Take precautions with your own habits and you’ll be fine.
Q: I heard someone can read my texts. Is that true?
A: No one wants to read your texts. Can they? It depends. On iOS, texts are encrypted from end to end and Apple does not hold the key to decrypt them. So, even if the government comes knocking on the door with a warrant, the company can’t turn over your texts. If you’re on an Android phone, it’s more complicated. Normal texts are sent in the clear, unencrypted. But there are plenty of options for encrypted messaging. The best one is Signal, the gold standard in secure text and voice apps. The system uses a proprietary protocol (which is now used by Facebook and WhatsApp, among others) that encrypts texts and voice calls from end to end. Like iMessage, Signal’s architecture dictates that no third party has access to users’ messages. The company even offers the ability for users to set expiration times for their messages, from a few minutes to a few days. Use it.
Q: What about all these data breaches?
A: What about them?
Q: Don’t be a smart aleck. I’m still your grandmother.
A: Sorry, Nana. There isn’t a lot you can do about data breaches. Once a company has your data--and they all have it--they have the responsibility for securing it and preventing hackers from getting to it. As you know, most companies aren’t so great at that. What you can do is minimize the amount of personal information you give to companies, be vigilant about watching for weird charges on your cards and your bank accounts, and report anything that looks off.
Q: So should I start buying Bitcoins then?
A: Uh, I think my Uber is here...