Note: I originally wrote this in a Facebook note in March 2012, long before any of the recent leaks. I figured it'd be of interest to a wider audience so I'm re-posting it here.
There's been a lot of
hullabaloo lately about Google's new privacy policy etc so I decided to
write up a little article describing my personal opinions on the
subject.
Note that I'm describing defensive policies which may
be a bit more cynical than most people's, and not considering relevant
laws or privacy policies at all. The assumption being made here is that
if it's possible, and someone wants it to happen enough, they will make
it happen regardless of whether it's legal.
RULE 1: If it's on someone else's server, and not encrypted, it's public information.
Rationale: Given the ridiculous number of data breaches we've had
lately it's safe to say that any sufficiently motivated and funded
person / agency could break into just about any company storing data
they're interested in. On top of this, in many countries government
agencies have a history of sending companies subpoenas asking for data
they're interested in, which is typically forked over with little or no
question.
This goes for anything from your Facebook profile to medical/financial records to email.
RULE 1.1: Privacy settings/policies keep honest people honest.
Rationale: Hackers and government agencies, especially foreign
ones, don't have to play by the rules. Services have bugs. Always assume
that your privacy settings are wide open and set them tighter only as
an additional (small) layer of defense.
RULE 2: If it's encrypted, but you don't control the key completely, it's public information.
Rationale: Encryption is only as good as your key management. If
somebody else has the key they're a potential point of failure. Want to
bet $COMPANY's key management isn't as good as yours? Also, if $COMPANY
can be forced/tricked/hacked into turning over the key without your
knowledge, the data is as good as public anyway.
RULE 3: If someone can talk to it, they can root it.
Rationale: It's pretty much impossible to say "there are no
undiscovered bugs in this code" so it's safest to assume the worst...
there is a bug in your operating system / installed software and anyone
with enough time or money can find or buy an 0day. Want to bet there are
NO security-related bugs in the code your box is running? Me neither.
If your system isn't airgapped assume it could have been pwned.
RULE 4: If it goes over an RF link and isn't end-to-end encrypted, it's public information.
Rationale: This includes wifi (even with most grades of WEP/WPA
encryption), cellular links, and everything else of that nature. Sure,
the carrier may be encrypting your SMS/voice calls with some proprietary
scheme of uncertain security, but they have the key so Rule 2 applies.
RULE 5: If you have your phone with you, your whereabouts and anything you say is public information.
Rationale: This can be derived from Rule 3. Your phone is just a
computer and third parties can communicate with it. Since it includes a
microphone and GPS, assume the device has been rooted and they're
logging to $BADGUY on a 24/7 basis.
RULE 6: All available data about someone/something can and will be correlated.
Rationale: If two points of data can be identified as related,
someone will figure out a way to combine them. Examples include search
history (public according to Rule 1), identical
usernames/emails/passwords used on different services, and public
records. If someone knows that JoeSchmoe1234 said $FOO on
GamingForum.com and someone else called JoeSchmoe1234 said $BAR on
HackingForum.com it's a pretty safe bet both comments came from the same
person who's interested in gaming and hacking.
No comments:
Post a Comment