Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Convince Non-IT Friends that Privacy Matters?

Posted by Soulskill on from the you-can-trust-the-internet dept.

mmtux writes: "As technology becomes more advanced, I am increasingly worried about privacy in all aspects of my life. Unfortunately, whenever I attempt to discuss the matter with my friends, they show little understanding and write me off as a hyper-neurotic IT student. They say they simply don't care that the data they share on social networks may be accessible by others, that some laws passed by governments today might be privacy-infringing and dangerous, or that they shouldn't use on-line banking without a virus scanner and a firewall. Have you ever attempted to discuss data security and privacy concerns with a friend who isn't tech-savvy? How do you convince the average modern user that they should think about their privacy and the privacy of others when turning on their computer?"

3 of 373 comments (clear)

  1. Re:Some are actually opposed to privacy by Anonymous Coward · · Score: 5, Informative

    "'I've Got Nothing to Hide' and Other Misunderstandings of Privacy" by Daniel J. Solove
    http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565

  2. Re:not much really by caluml · · Score: 4, Informative

    A clever man learns by his mistakes. A wise man learns by the mistakes of others.
    Watch someone else pee on the fence. Point, laugh, never do it yourself.

    --
    Get your own free personal location tracker
  3. Re:Wireless by profplump · · Score: 4, Informative

    any open router could record everything including passwords and perform man-in-the-middle attacks to bypass SSL

    It's that sort of misinformation that makes it hard to take valid privacy concerns seriously. How exactly would a router bypass SSL?

    You could spoof DNS to redirect all requests to your own HTTP server, and you could dynamically fetch pages from the far end to convincingly fake the remote website. And while you could generate SSL certificates on-the-fly to make it HTTPS, those certificates could only be signed by a certificate authority you control, which is not one that's particularly likely to be present in the target's list of trusted authorities.

    It's almost like the people designing SSL thought that the entire route between the two communicating hosts might be insecure -- including the first-hop router -- and therefore provided verifiable, end-to-end encryption and authentication that did not rely (at least at communications time) on resources beyond what is stored or can be generated on those hosts.

    Beyond that, any authentication and encryption technologies that would commonly be considered secure by knowledgeable users -- SSH, Kerberos, most VPNs, etc. -- can provide similar guarantees. They all provide verifiably-secure authentication from any endpoint, even if the entire route is hostile, and even if the endpoints have bad DNS, untruthful routes, or totally fake traffic.

    It's worth time teach someone the difference between HTTP and HTTPS, but pretending that SSL only works over trusted routers is counter-productive at best; if people feel there's no safe way they can use in the Internet they'll either give up on the Internet or give up on safety.