ProHoster > Blog > Administration > I have nothing to hide

I have nothing to hide

How often do you hear this simple, at first glance, phrase from your friends, relatives and colleagues?

As the state and giant companies put into operation more and more sophisticated means of controlling information and spying on users, the percentage of misguided people who take the statement that is quite obvious at first glance that “if I do not break the law, then I have nothing to fear."

Indeed, if I did nothing wrong, the fact that governments and giant companies want to collect all the data about me, emails, phone calls, webcam images and search queries, does not matter at all, because they are all still won't find anything interesting.

Because I have nothing to hide. Isn't that right?

I have nothing to hide

What's the problem?

I am a system administrator. Information security is very tightly integrated into my life and due to the specifics of my work, as a rule, the length of any of my passwords is at least 48 characters.

I know most of them by heart, and at the moments when a random person accidentally observes how I enter one of them, he usually has a reasonable question - “why is it so ... voluminous?”

“For security? But not as long! Here I am, for example, using an eight-character password, because I have nothing to hide».

Recently, I have been hearing this phrase more and more often from people in my environment. What is especially depressing - sometimes even from those who are more connected with information technology.

Okay, let's rephrase.

I have nothing to hide because...

… everyone already knows my bank card number, its password and CVV/CVC code
… everyone already knows my pin codes and passwords
… everyone already knows the size of my salary
… everyone already knows where I am at the moment

And so on.

Doesn't sound very plausible, does it? However, when you once again say the phrase “I have nothing to hide”, you mean this too. Perhaps, of course, until you realize it, but the truth does not depend on your will.

It is important to understand that this is not about concealment, but about protection. Protecting your natural values.

You can hide nothing if you are absolutely sure that there is no threat to you and your data from the outside

However, absolute security is a myth. "Only the one who does nothing does not make mistakes." It would be a huge mistake not to take into account the human factor when creating information systems that are closely related to ensuring the safety and security of user data.

Any lock requires the presence of a key to it.. Otherwise, what's the point in it? The castle was originally conceived as a means to protect property from interacting with strangers.

You will hardly be delighted if someone gains access to your social network account and starts spreading obscene messages, viruses or spam on your behalf. It is important to understand that we do not hide the facts.

Indeed: we have a bank account, email, a Telegram account. We do not hide these facts from the public. We we protect above from unauthorized access.

Who did I surrender to?

Another equally common misconception, which is usually used as a counterargument.

We say: “Why does the company need my data?” or “Why would a hacker hack me?” not taking into account the fact that hacking may not be selective - the service itself can be hacked, in which case all users who were registered in the system will suffer.

It is important not only to follow the rules of information security yourself, but also to choose the right tools that you use.

Let me give you a few examples to make clear what I'm talking about now.

They had nothing to hide

  • MFC
    In November, the 2018 personal data has been leaked from the Moscow multifunctional centers for the provision of state and municipal services (MFC) "My Documents".

    Many scanned copies of passports, SNILS, questionnaires indicating mobile phones and even bank account details were found on public computers in the MFC, which anyone could access.

    Based on the data obtained, it was possible to collect microloans or even access the funds in people's bank accounts.

  • Sberbank
    In October 2018 years there was a data leak. The names and email addresses of more than 420 employees were made public.

    Client data was not included in this upload, but the very fact of their appearance in such a volume indicates that the thief had high access rights in the bank's systems and could gain access, including to client information.

  • Google
    A bug in the Google+ social network API allowed developers to access data from 500 users such as logins, email addresses, jobs, dates of birth, profile photos, etc.

    Google claims that none of the 438 developers who had access to the API knew about this error and could not use it.

  • Facebook
    Facebook has officially confirmed the data breach of 50 million accounts, with up to 90 million accounts potentially affected.

    Hackers were able to gain access to the profiles of the owners of these accounts thanks to a chain of at least three vulnerabilities in the Facebook code.

    In addition to Facebook itself, the services that used the accounts of this social network for authentication (Single Sign-On) also suffered.

  • Again Google
    Another vulnerability in Google+ that led to the data leakage of 52,5 million users.
    The vulnerability allowed applications to obtain information (name, email address, gender, date of birth, age, etc.) from user profiles, even if this data was private.

    In addition, through the profile of one user, it was possible to obtain data from other users.

Source: "The Biggest Data Breach of 2018"

Data breaches happen more often than you think

It is fair that not all data leaks are openly declared by attackers or victims themselves.

It is important to understand that any system that can be hacked will be hacked. Sooner or later.

Here's what you can do now to protect your data

    → Change your mind: remember that you are not hiding your data, but protecting it
    → Use two-factor authentication
    → Don't use easy passwords: passwords that may be related to you or found in a dictionary
    → Do not use the same passwords for different services
    → Do not store passwords in plain text (for example, on a piece of paper taped to the monitor)
    → Don't tell your password to anyone, not even to the support staff
    → Avoid using free Wi-Fi networks

What to read: useful articles on information security

    → Information Security? No, haven't heard
    → Educational program on information security today
    → Fundamentals of information security. The price of a mistake
    → Friday: Security and the Survivor's Paradox

Take care of yourself and your data.

Only registered users can participate in the survey. Sign in, you are welcome.

Alternative voting: it is important for us to know the opinion of those who do not have a full account on Habré

439 users voted. 137 users abstained.

Source: habr.com

Add a comment