Slashdot Mirror
How to Convince Non-IT Friends that Privacy Matters?
mmtux writes:
"As technology becomes more advanced, I am increasingly worried about privacy in all aspects of my life. Unfortunately, whenever I attempt to discuss the matter with my friends, they show little understanding and write me off as a hyper-neurotic IT student. They say they simply don't care that the data they share on social networks may be accessible by others, that some laws passed by governments today might be privacy-infringing and dangerous, or that they shouldn't use on-line banking without a virus scanner and a firewall. Have you ever attempted to discuss data security and privacy concerns with a friend who isn't tech-savvy? How do you convince the average modern user that they should think about their privacy and the privacy of others when turning on their computer?"
Funny? I would call that insightfull.
Don't fight for your country, if your country does not fight for you.
"'I've Got Nothing to Hide' and Other Misunderstandings of Privacy" by Daniel J. Solove
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565
A clever man learns by his mistakes. A wise man learns by the mistakes of others.
Watch someone else pee on the fence. Point, laugh, never do it yourself.
Get your own free personal location tracker
any open router could record everything including passwords and perform man-in-the-middle attacks to bypass SSL
It's that sort of misinformation that makes it hard to take valid privacy concerns seriously. How exactly would a router bypass SSL?
You could spoof DNS to redirect all requests to your own HTTP server, and you could dynamically fetch pages from the far end to convincingly fake the remote website. And while you could generate SSL certificates on-the-fly to make it HTTPS, those certificates could only be signed by a certificate authority you control, which is not one that's particularly likely to be present in the target's list of trusted authorities.
It's almost like the people designing SSL thought that the entire route between the two communicating hosts might be insecure -- including the first-hop router -- and therefore provided verifiable, end-to-end encryption and authentication that did not rely (at least at communications time) on resources beyond what is stored or can be generated on those hosts.
Beyond that, any authentication and encryption technologies that would commonly be considered secure by knowledgeable users -- SSH, Kerberos, most VPNs, etc. -- can provide similar guarantees. They all provide verifiably-secure authentication from any endpoint, even if the entire route is hostile, and even if the endpoints have bad DNS, untruthful routes, or totally fake traffic.
It's worth time teach someone the difference between HTTP and HTTPS, but pretending that SSL only works over trusted routers is counter-productive at best; if people feel there's no safe way they can use in the Internet they'll either give up on the Internet or give up on safety.
The hypocrisy of someone posting this as AC is just incredible.
An interest only loan will make them -more- money, not less. Perhaps the financial problem was caused by 'financiers' who subscribe to the BVis school of economics.
Not Meta-modding due to apathy.
Tell the father of a friend of mine that SSL is 100% secure. The exact hack you're saying can't happen did.
This friend set up his laptop so it appeared to have a stronger signal than the access point his Dad was connected to. This had the effect of making his Dad's computer route through my friend's laptop. He than ran a man in the middle attack, like you describe, and stored all the info of the transaction. I can only imagine how shocked his Dad was after he had finished his banking when his son told him his bank password and all about the transactions he had just made.
The moral of this story - don't trust wireless for sensitive data. Also check the certificates.
i find that after a person is a victim of identity theft, they are far more likely to take privacy seriously.
A good friend of mine used to never wear his helmet when we'd go mountain bike riding. I tried in earnest twice to convince him that he was really pushing his luck. He continued to ride sans helmet. Then one day as we were riding home, he hit some railroad tracks at an angle and went down hard. On his head.
It took a while for the ambulance to arrive. The pool of blood around his head was fairly expansive. He got a serious concussion. Not good.
He now rides with his helmet.
As others have suggested, sometimes people won't figure things out until they feel the pain. But just as important is the net effect of seeing other people getting hurt. The bike helmet trend didn't take off until people realized that a lot of people were getting injured or killed on bikes, and that many of those incidents could be mitigated through the use of helmets.
There was a painful outcome, an easy solution to reduce the probability of the painful outcome. Right now online privacy is not seen as a threat because hardly anyone actually knows someone else who has been bitten by lax online privacy. But that's starting to change, slowly. Now what we need is an easy (for those people in the world who are not inherently fascinated by computers and privacy) mechanism for managing online privacy. I don't expect the latter to come into being any time soon, given the political climate in the United States, where there's simply too much money telling the government to look the other way as companies gobble up more and more personal data.
Read the EFF's Fair Use FAQ