Watch TidBITS Presents “Protecting Your Digital Life”
Our third TidBITS Presents event on 22 August 2012 was a bit different from the previous two, more a panel discussion than a solo presentation. Rich Mogull and Joe Kissell joined me to talk about the well-documented case of technology writer Mat Honan having his digital life hacked (for a summary, see our intro at “TidBITS Presents ‘Protecting Your Digital Life’ on 22 August 2012,” 20 August 2012). But instead of zeroing in on the specifics of Honan’s situation, we used it to recommend the best practices for protecting your online identity from evildoers. We’re not so much concerned with what he did wrong as with what you
can do right.
In particular, we focused on the problem of reusing passwords, the importance of protecting your primary email account, the best way of dealing with security questions, what information about us is available online, the absolute necessity of backups, and who is most likely to suffer from hacking. If you have an hour to spare, check it out!
Where our previous TidBITS Presents events drew about 200 live viewers, this one was more sparsely attended, with 65 people joining us. Perhaps our promotion for this event was too close to the actual event, or perhaps security is just one of those topics that people don’t want to think about. I suspect that most people need to implement better security practices, but it’s easy to believe that you won’t be targeted. Unfortunately, as Rich pointed out in the discussion, anyone who participates in an online community can end up as a target. Plus, many instances of hacking are related to password disclosures that are no fault of your own — if some large company’s password files are stolen, you could suffer if you don’t take
If you chose not to watch this TidBITS Presents (and particularly if you did watch either of the previous ones), please let us know why in the comments. We’re very much feeling our way into this world of live online presentations, and we’re happy to receive constructive criticism about what we could do better. In this event, for instance, we intentionally kept the presentation to about 45 minutes and then took questions for another 15 minutes at the end — much tighter than the last one, which exceeded two hours. We’re still working on what to do for the first few minutes, since we don’t want to start until people have had a chance to load the video, and they can’t do that until I click the Start Broadcast button.
A few products and services were mentioned in the presentation — here’s a list so you don’t have to hunt them down manually. TidBITS members can save 25 percent on 1Password and 30 percent on “Take Control of Backing Up Your Mac.”
Well probably wont make much difference but a more friendly time for people not in the US might help. :)
Yeah, that's hard. :-) We already had Rich in Phoenix (Mountain time), me in Ithaca (Eastern time), and Joe in Paris (whatever his European time zone is), and I didn't want to start before 9 AM anywhere in the continental U.S.
The reason I didn't watch the presentation was that it ran during lunch time here. (Eastern Time Zone). If it had been earlier or later in the day I would have watched. I am glad you have provided a link where I can go watch after the fact.
For the record, I give a lot of corporate webcasts and they usually request they run over lunch.
Looks like some of you actually leave your desks during your breaks? Now *that's* a compelling idea :)
I was unable to watch the presentation in real-time for the same reason as already stated by others. I did watch the you-tube delayed-time version and thought it had a lot of useful information.
I watched your presentation on YouTube and want to thank the three of you for the wealth of information and the reasonable advice.
Since other people may not have an hour to spare to watch the video I wonder whether you plan to concisely summarise your recommendations.
One further point: I missed in the discussion how to protect yourself against illegal access from the internet, for instance using tools like LittleSnitch and VPN.
Glad you liked it, Norbert!
We certainly could summarize the video in text, but I'd have to think about the goal of doing that - we're doing the videos in the first place because we think the topic lends itself to in-person explanation better than straight text for one reason or another. And if the goal is to encourage people to watch the videos, summarizing them makes it all the less likely they would.
As far as protecting yourself from access via the Internet, that's a very different topic, in fact. For the most part, standard Network Address Translation in gateways like the AirPort base stations is more than enough, and people who know enough to port map through NAT likely understand that they are opening that port up to the entire Internet. That's far, far less common than the kinds of problems that Mat Honan experienced, and which any Internet user could suffer from.
Did I understand Rich Mogull correctly when he said that he generated the "paper copy" of his most important passwords on an iPad because "it is my safest machine"?
If yes, why is that so?
Rich can chime in with details, but at the moment, iOS is simply a more secure operating system than Mac OS X, thanks to sandboxing, very limited multitasking APIs, and what it's capable of. Rich's specific point was that files on the iPad don't end up in system-wide caches, get backed up unknowingly via CrashPlan or Time Machine, and so on - if it's made on the iPad, printed, and then deleted from the iPad immediately, it really is gone as far as I'm aware.
Yes- iOS is more secure and the apps are all sandboxed, so it makes it nearly impossible someone could, for example, hack your iPad and pull the passwords out of cached storage.
Adding to the comments above, time conflict was my issue. Suggestion: record a "presentation" and post it for comment. Take the Q&A from that and run 2 more sessions, spread across some major time zone split. That allows technical issues to be smoothed out as well.
I think we'd need full-bore paid subscriptions to the presentations to justify anything near that kind of work, Edward. :-)
And I'm not really sure what the big win of having subsequent live presentations is, if they're going to be substantially the same as the recorded one, especially since people can always ask questions later here, or on the YouTube video, or on the Google+ post.
My wife and I just watched this presentation. Good job, everyone. We look forward to a Take Control book on this subject. :)
Since Honan's hack demonstrated that a physical/street address is not hard to find, what about using a PO Box for credit card billing addresses rather than a street address. Would this be a good safeguard?
Not really- remember that credit cards are pretty well protected as long as you check your statements. Adding another address won't really impede the attackers much, and to be honest it isn't that big a deal to you as an individual if your card number *is* hacked. That's why we focused more on the "digital life" as opposed to financial fraud, since losing your online identity is far more damaging (potentially).
Dropping from 200 to 65 viewers is not surprising to me. Beside the various reasons given I would add that fooling around for the first 15 minutes or so is annoying, as is laughing at each other's humor. Raise your production values; bring them in line with your excellent books.
I'm perturbed about the start of these things, and I'm open to suggestions. The problem is that people cannot see anything until we make it live, and then it takes a few minutes for people to collect. In this one, we waited 5 minutes (not 15!) for the attendance to settle down, and then we started. The alternative is to start exactly on time and know that nearly everyone will be missing some what's said in the first few minutes. Perhaps we'll try that for the next one, since waiting a few minutes clearly isn't working perfectly.
As far as laughing at each other's humor, I don't think I can mandate that people don't react to each other in a panel discussion. Certainly, it would be preferable if the audience could be seen reacting, but that's just not possible with Google Hangouts On Air (or any other live videoconferencing solution I'm aware of).
I wonder if part of the confusion is that these truly intended to be and are live events, and should be viewed as such, and NOT as carefully planned and recorded presentations that take place under controlled conditions and with significant post-production. They aren't off the cuff, but they are live.
If you pay hundreds or thousands of dollars to attend a conference, you'll get very much this sort of experience. There's a room you go to at a particular time, and usually you arrive a few minutes ahead of time to get a seat. If there's a single presenter, he'll be on stage, pacing around, checking mic position and getting slides set up and the like. If it's a panel, they'll be sitting on stage, chatting with one another. Obviously, starting on time isn't a problem there, since the room can be open early. And as far as laughing at each other's jokes, I've been on a ton of panels over the years, and I can assure you that everyone does this.
Does that make sense?
Like many it's a work scheduling conflict for me. I'm perfectly happy to watch the recording after the fact though.
You were wondering why I (and others) didn't attend. In my case, it's not because of a lack of interest: it's all about time constraints. I can get the same information in a podcast in <10% of the time from a written article. And indeed, I've done so from several sources, not just TidBits.
The larger problem is that no matter how responsible *we* are, we're still dependent on the security of the Web sites we visit. If they can't keep our information secure, then our best efforts are useless -- well, to be correct, less useful.
It is true that we're dependent on the sites we use to keep our information private, but it is up to us to make sure that a breach one of them doesn't open us up to breaches at others.