#Internet #Expert #Debunks #Cybersecurity #Myths #WIRED
– It is vitally important that your password not be the same across different platforms, because when platforms get compromised, the usernames and passwords sometimes get dumped and passed around among hackers. Hi, my name is Eva Galperin. I work for the Electronic Frontier Foundation where I am the director of cybersecurity,
And I’m here to debunk some myths about cybersecurity. [bright music] – The government is watching me through my camera. It is possible to remotely trigger somebody’s camera if you install a remote access tool on their device. That is something that hackers do. That is something that criminals do. That’s something that governments do,
But in order for the government to install the software that they need to do in order to track you through your camera, they need a warrant from a judge. It is more likely that you will be watched by hackers, or if you’re a student, by your school,
Than it is that you are going to be watched by the government. Since it is possible for someone to turn on your camera without the little green light going on, if you would like to make sure that when that happens that they don’t see anything,
Then it is recommended to put a sticker over your camera. Most people aren’t targeted with this stuff, and usually you don’t have to worry. What I recommend that people do is that they download antivirus software from pretty much any antivirus company and just run a scan on the highest setting.
The dark web is a scary place full of illegal activity. The dark web is a network of websites that you have to use something like Tor browser or any of the other sort of guaranteed-to-be-anonymous browsing applications in order to get to. And it can be any kind of website.
This is not necessarily just used for selling drugs and trading child porn. For example, Facebook has a dark website. They have .onion site that you can only get to if you are logged in using Tor. Tor and other applications like it are not just used by criminals.
The other people who frequently need anonymity online: journalists, activists, people who are talking to journalists, and of course, people in authoritarian countries who are very worried about their government spying on their social media use. Tor browser, originally funded by the US Navy. The government needed a way
For people to be able to go to websites and maintain their anonymity and not have their digital footprint seen by the people who were running the websites. Privacy is dead. If privacy was dead, governments and law enforcement wouldn’t have to keep trying to kill it by proposing new laws
And talking about all of the stuff that they can’t possibly get into. But most importantly, privacy is not about living as a hermit on a mountain by yourself, never communicating with anybody. Privacy is power over your information. Understanding what kind trail you leave behind enables you to limit that trail,
Or enables you to limit who can see that trail. The kind of security and privacy advice that you give to people really varies person by person, but there are a couple of things that are good for everybody, like eating your broccoli and taking your vitamins. You should have long, strong, and unique passwords
For all of your accounts. And you turn on the highest level of two-factor authentication you’re comfortable using. Take your software updates. This is how you benefit from the work of the security team. And finally, that you actually sit down and you think about your threat model. You think about what you wanna protect
And who you wanna protect it from. Google reads all my Gmail. Google actually does read all of your Gmail. Google is storing all of your email if you are using a Gmail account. They automate scripts which read the contents of your mail and who you’re mailing back and forth to.
What they do not do is read your email and then tell the government what’s in it. Google has extremely strict privacy rules internally, and if a government or law enforcement wants to get their hands on this data, they have to show up with a subpoena for the metadata or a warrant
For the actual contents of your email. But there is a difference between protecting your data from hackers, protecting your data from advertisers, from governments and law enforcement. A strong password protects you from hackers. This is partially correct in that a strong password is one of the things
That you need in order to secure your account. It is vitally important that your password not be the same across different platforms, because when platforms get compromised, the usernames and passwords sometimes get dumped and passed around among hackers, and hackers will do what we call credential stuffing,
Where they try to get into your account using these old passwords from other platforms. You should also be very careful about your security questions. Your security questions are usually things about you that a person who knows you relatively well knows. A person who knows you well might know the name
Of the street that you grew up on, or the name of your favorite teacher, or your favorite breed of dog. And so instead of answering those questions truthfully, I recommend answering them as if they are simply more passwords. So now you have a different, long, strong, unique password for every account,
And trying to remember them all is a pain, and this is why I recommend using a password manager, which you install on each of your devices and will generate new passwords for you. That way you can make sure that you never forget your password as long as you remember the single password
To your password manager. So how often should people change their passwords? Sometimes programs or companies will require you to change your password every 30 days or every 90 days. This is actually not helpful at all. It turns out that users create shorter and more memorable passwords
When they have to change them all the time, that they don’t change them very much, and therefore you’re not actually getting a big gain in security. Your best bet is what we call Diceware, where you use somewhere between five or six randomly generated or randomly chosen words.
That way you get a very long, very difficult-to-crack password that is also fairly easy to remember. Encryption will keep my data safe. Encryption is scrambling the data or the metadata so that it is not possible for somebody who sees it to read the information that you are sending.
Encryption is used in two very different ways on the internet. One is called encryption in transit. Encrypting data in transit is if you look at your browser and you see the URL at the top of your browser, you’ll see that it probably starts with the letters HTTPS.
The S at the end there stands for security. It means that the information which is being sent between you and the website that you’re going to is encrypted so that anybody else who is sitting on the network, somebody else in your coffee shop, the IT manager at your office,
Whoever it is that runs the network at your school, all of those people can only see that you are going to the website and they can’t see specifically what page you’re going to, and they can’t see what it is that you’re doing there. For example, they can’t see what pictures you’re downloading,
Or they can’t see what password you’re entering. The other kind of encryption is end-to-end encryption. When you encrypt something in transit, you are trusting the person who runs the website, but no one else. And when you are doing end-to-end encryption, you don’t even have to trust the person who runs the website.
The only person that you’re trusting is the person that you are messaging, and that is because you have an encryption key, and the person that you’re sending a message to has an encryption key, and that is how these things get locked down. The good news is that there’s a lot of powerful encryption
That’s being used to protect you every day, and you don’t even know it. WhatsApp, for example, has more than a billion users all over the world, and their messages are end-to-end encrypted. But what’s most important is to understand where your data is going, who has access to it,
And what they would have to do in order to access it if you did not want them to. Public wifi is safe. Back before the majority of the web was encrypted using HTTPS, it was extremely easy for anybody who was sitting on the same network as you,
Including somebody sitting on the same public wifi as you, sitting in a cafe with you, to not only see everything that you were browsing and everything that you were typing in, but also to inject false information into that stream so that you would, say, type your password into a website
That the hacker controls, and now the hacker has your password and they can log into your stuff. It used to be extremely unsafe, and it was really common for hackers to hang out on public wifi. This is less true now that the web is mostly encrypted. A lot of people recommend using VPNs.
VPN stands for virtual private network. It is just a way of creating a tunnel between you and wherever your VPN is in order to protect your browsing or your internet activity from whoever is running the network that you’re on. For example, if you are in a hotel and you use hotel wifi,
And you log into work using your VPN, the hotel can only see that you logged into the VPN. They can’t see what your traffic looks like. But work can see all of your traffic, and so you need to be able to trust them. Cyber attacks are the new warfare.
Most of what we think of as cyber warfare is actually cyber espionage, and in the cases where there is cyber warfare, that’s extremely rare. Probably the most famous example of that is Stuxnet, when the US and Israel worked together on a piece of software which broke the centrifuges
That the Iranian government was using in order to refine radioactive materials for their nuclear weapons program. But really, it almost never happens. What is important is that governments are not the only threat actors out there. For the most part, if you are an ordinary person,
You are more likely to be targeted by criminals, by hackers who want your money. A lot of what people think of as hacking is actually security research, people who are trying to break systems for the better in order to inform both users and the people who make the systems about these vulnerabilities
Before bad people take advantage of them. The hacker mentality can be applied to anything. Hacking is not about being a bad person. It is about understanding systems and subverting them. Understanding the limits of surveillance and of hacking is really important in order to build out a place for yourself
Where you can feel safe and where you can understand where your information is going and who has access to it.