There’s no such thing as perfect security. To a security expert, this sentence is a reminder of why working in security is so much fun. To everyone else, it sounds like a threat.
The more personalized content becomes on the web, and the more tightly our ‘real’ identities are tied to our digital logins, the more we’re swapping privacy for convenience. As we build this more ‘convenient’ web, we have a responsibility to make sure it’s also more secure, by tying security and privacy as tightly to this as we can. We make a better web by making security a habit.
For most people, even relatively technical types, security is a separate function, even an afterthought. Their primary exposure to security issues is in the form of terrifying news stories about hackers, data breaches, and deliberate privacy violations. When they go looking for information, so much of what’s out there is too technical for non-experts or too scaremongering to actually act on.
How do you convince people to take a little more care without confusing them into inaction, or driving them to avoidance tactics with terrifying scenarios? In order to get motivated to do something, people need to understand the risk, feel a little bit challenged, and have enough information to be empowered. That’s where Zen and the Art of Making Tech Work for You comes in. Last winter, 50 human rights and internet activists gathered on the German-Polish border to discuss privacy, threat modeling, and what they could share with other people, primarily women and trans persons, to help everyone take control of their data and privacy. What resulted is this draft, a living document of practical information and tactical steps, aimed primarily at women, to do just that. It’s realistic, accessible, and not prescriptive – it’s open about the pros and cons of a range of approaches to personal data, security, and privacy.
It outlines some of the terminology (most people really do need a good, clear explanation of what metadata is and why it matters), and has sections on:
- Managing online identities
- Creating new online identities
- Diversifying your machines
- Safe spaces and activism
- Combating harassment and trolls (including using bots) Options for online community formation in more privacy-friendly forums
- How to establish a baseline level of knowledge of security and privacy (keep your devices clean and healthy, dammit!)
Until December of this year, the document remains in draft form, and they’re looking for interesting tools, processes, readings, and case studies that they can put into the final version. There’s a link to a feedback form at the bottom of the document if you want to contribute. This guide is incredibly useful, whether or not you’re an intersectional feminist. What we like best about it is not that it’s non-technical and useful – it is those things – but that, rather than a set of defensive actions done out of fear, the tactics and information help non-experts see that a security and privacy habit can be an opportunity to get creative and inventive.
All of a sudden, your non-expert friends will see why ‘there’s no such thing as perfect security’ makes you downright happy. Maybe they’ll start building security into their lives, and they might even decide they think it’s fun.
PS: If you haven’t heard the 99% Invisible podcast’s episode on perfect security, you should listen to it ASAP It’s the original Go Hack Yourself!