If there were ever a security story that raises complex questions about intersections of morality, technology and privacy, it’s the Ashley Madison hack.
With a pair of suicides possibly connected to the leaking of over 30 million online identities connected to the infidelity website, we should not forget that there are very human consequences to the things we do and are done to us online.
“The most concrete fear for users listed in the database is that they’re now framed as cheaters, whether they actually did it or not,” our Mikko Hypponen told Bloomberg. “We have to remember that they are victims of a crime.”
This crime exposes the victims to whims of scammers and has the very possibility of destroying families and lives.
The excellent service Have I Been Pwned? has taken the extra step of requiring email verification before disclosing whether an email was part of the hack. Site owner Troy Hunt has been documenting what he’s hearing from Ashley Madison members and a story like this in the comments (hat tip to @BrianHonan) make much easier to ignore the “puritanical glee” that accompanied much of the initial press coverage.
If our browsers could talk to the world, there likely would be very few of us who would not end up ashamed. Knowing that, you likely take all the steps you should to secure your privacy online: updated system and security software, a VPN from a provider you trust, unique passwords….
But you could have done all that and still ended up being exposed as a victim of the Ashley Madison hack, which is the second biggest breach of all time, according to Have I Been Pwned?.
The owner of Ashley Madison Avid Life Media will face massive legal claims, which should act as encouragement for all sites to pursue better security — or to at least not brag about their security, taunting hackers.
Is that enough to calm all your nerves? Probably not.
The truth is your privacy in other’s hands once you pass your information on. But there are some things you can do to try to keep your privacy.
1. You can start by not using identifiable email addresses — and definitely not your work email! — when you sign up for a site that promotes activity many frown upon. Some people use what they call “burner” accounts that provide disconnection from your real life identity and other benefits.
2. Never leave your computer or mobile devices unlocked.
2. Get smart about your security questions. Don’t ever use answers that can be guessed or figured out through your social media accounts. Consider using fictional answers that you save in a password manager.
3. Never save the passwords to any site you don’t want to be discovered using. You shouldn’t do this in general — a password manager like our Key is much smarter.
4. Identity protection is an extra but imperfect layer of protection that might protect you finances, but not your reputation in a case like the Ashley Madison hack.
5. Ultimately and ironically, trust is the most important factor. Stick with sites, services and providers that you trust.
Moral perfection is not something we should expect from internet users. But we should demand as close to perfection as we can get from those who promise to protect our data.
Whether that trust can be rebuilt, remains to be seen.
[Screenshot via Ashley Madison]
Helsinki will play host to the first summit between Vladimir Putin and Donald Trump, two…
July 12, 2018
F-Secure invites our fellows to share their expertise and insights. For more posts by Fennel, click…
April 18, 2018