Tuesday, September 13, 2016

Technology : Damned if you do...

It's your phone, tablet, PC etc  secure? What about 'the cloud', and whether we should use that? Should we use Apple, Android, Windows, Linux or something else? Why?

People sometimes ask me whether they should use Microsoft products, Apple, Facebook and other products & services because they are concerned their personal information can be compromised. So here's an 'off the top of my head' quick commentary whilst I've got it on my mind...

First, we must understand that computing technology is like a layer cake. There's one layer built on another, that's build on another and so on. In many instances , there are perhaps many tens of layers at play when you are using a device, and the more layers you have, the susceptible you are to the app you see being compromised by something in a lower layer.

One common breakup of layers might be looked at as:
1. Hardware
2. Firmware
3. Operating system
4. Virtual machine
5. Window kit
6. App

And if your app is connected to the cloud somehow, you might be interacting with multiple servers that have something like :
1. Hardware
2. Firmware
3. Operating system
4. Virtual machine
5. Service Interface (that talks to your app)

With all this (fairly simple scenario) going on, there's an awful lot at play!

Thought #1. If you are writing something you want to keep confidential due to IP or other reasons, there are a few basic things you can do :

1. Make sure your device (pc, tablet or whatever) has antivirus software installed, running and up to date.
2. Make sure your operating system is up to date too
3. Don't have things you don't need on the device. The more apps, the more risk.
4. Consider encrypting & password protecting your files / documents
5. If it's really sensitive, disconnect from the Internet ; or get to secure your Internet use.

Thought #2. Using the Internet securely.
1. Choose some cloud storage that some may hand over all your files. I use Mega (mega.co.nz) for personal files for this reason.
2. Don't use federated logins. What I mean here is don't use your Facebook, Google, Microsoft is other 'generic' login to access what got want to use as a secure service. May use am email address and password.
3. Consider a separate email address for more sensitive information, so you can keep it more separate from higher use, more social stuff.
4. Don't use cloud based facilities such as Google Docs, Office 360 etc, as they will read your files in the cloud. The safest way is just to STORE your files in the cloud.
5. If you need to connect with someone else, once again ignore the big players and look for safety. The thing that started new writing this post was actually a new secure product for Android. This one's called Zyptonite. I've watched cloud storage become more secure, them browsing online through HTML with a web browser, then use of pictures by encrypting a whole web page. If it's progressing .
6. Use https instead of http (if a site allows it) The 's' means secure. It encrypts the page contents.
7. Consider the TOR project and browser for security purposes. This encrypts your data for you and also hides where you are coming from by passing the requests through a cooperative network of servers.
8. If you need secure video, it's mostly not there yet. Not as streaming from a web site anyway. You can try to download files over a see is link, that's a good idea. If you want secure video conferencing, like Skype (which is now part of Microsoft) but with security, have a look at Zyptonite. If encrypts video chat.

Thought #3. Comments are welcome, and I should add to this if I get inspiration and time to do so!

Thought #4. Android does logging at the operating system level. Android was started by Google, so have strong links to the New World Order. Facebook had funding from a CIA cover company to get going, with the deliberate aim of using social infestations for intelligence. Apple has stood up against the government once or twice, but don't be fooled, I have a hunch they are cut from basically the same cloth.

The bottom line : don't trust the big names or even startups. Look for facilities that prove they encrypt directly instead of through the operating system, which can be like a nosey post office worker reading mail going either way before passing it on.

Lastly: This is not definitive, and may not even be up to date, so don't make decisions straight from it thinking you'll be secure. Please do your own homework 😀.