1) The person who took the images from their supposedly secure cloud server committed a number of federal crimes. 2) The person creating and storing legal pornography of themselves was probably not committing a crime. 3) It is also good sense to not create or distribute pornography if you do not like the possible ramifications of doing so. You should know your risks. 4) Per 3, no online storage is 100% secure (well nothing is short of complete non-recoverable destruction, but this deserves saying). 5) I still don't understand the celebrity worship involved.
As a celebrity you are a target for hacking. As such you should take greater care of your life and reputation. The main takeaway at this point is also that you need to properly secure everything you put online, especially if those things run counter to your professional image.
From the new information released it appears that the "hackers" used social engineering to break into the accounts. The celebrities used well known information for their security questions (what high school did you graduate from) and hackers did password resets to gain access.
Some of this could also have been avoided if iPhone owners (as a general rule) were not so technologically. Illiterate. One of the benefits of Apple products is also its biggest weakness., the "it just works" feature. It is very likely that the celebrities involved did not even know that the images were in the cloud at all.
There is no security via obscurity when you are a celebrity.
Some of this could also have been avoided if iPhone owners (as a general rule) were not so technologically. Illiterate. One of the benefits of Apple products is also its biggest weakness., the "it just works" feature. It is very likely that the celebrities involved did not even know that the images were in the cloud at all.
We can say that people should know that technology is fallible from our Ivory Tower of computer wizardry, but I think it's fair to say people can assume that a service they pay for is secure, especially one that works in a way they (generally) don't understand.
The service still appears to be secure. The insecurity appears to be on the User end based on poor choices of security questions. Basically any security question that can be quickly answered via imdb or wikipedia should not be used or should have an alternate answer substituted.
Indeed... I'd also throw in that people shouldn't be uploading uber-private data to the cloud willy-nilly unless you pre-encrypt it (and use good, strong keys/passwords and algorithms for your encrypted data). The first thing anyone should do when they get a new smartphone or update the software on an existing smartphone is peruse the backup/privacy settings and make sure to turn off cloud syncing for anything they truly want to keep private.
Indeed... I'd also throw in that people shouldn't be uploading uber-private data to the cloud willy-nilly unless you pre-encrypt it (and use good, strong keys/passwords and algorithms for your encrypted data). The first thing anyone should do when they get a new smartphone or update the software on an existing smartphone is peruse the backup/privacy settings and make sure to turn off cloud syncing for anything they truly want to keep private.
It's much simpler than that. You should not digitize any information you do not want to be shared with the entire world. Period.
Indeed... I'd also throw in that people shouldn't be uploading uber-private data to the cloud willy-nilly unless you pre-encrypt it (and use good, strong keys/passwords and algorithms for your encrypted data). The first thing anyone should do when they get a new smartphone or update the software on an existing smartphone is peruse the backup/privacy settings and make sure to turn off cloud syncing for anything they truly want to keep private.
It's much simpler than that. You should not digitize any information you do not want to be shared with the entire world. Period.
But the flip side of that is what about data that is already or inherently digital? I suppose you could print it out and put it in a fire safe, but then you lose whatever digital advantages you'd have for it.
For example, if you absolutely don't want the world to see your digital nude photographs, well, don't take digital nude photographs. That's easy and obvious.
However, let's say you use some sort of digital personal finance software to manage your bank accounts. Okay, granted, you could theoretically manage all that using pen and paper, but it's a pain in the ass compared to doing it digitally -- especially since your bank already has all that data in digital form anyway, so you're not really gaining all that much by using pen and paper to manage it. Sure, it may be somewhat more secure (at least from digital hacking) on your end, but what if the bank itself got hacked? Hopefully, your bank has good security to minimize the chances of that happening, but it is a possibility.
The amount of information that you can keep private by not digitizing is getting smaller every day since the vast majority of stuff out there already exists in digital format.
Heck, even keeping things analog may not be totally beneficial. Let's suppose that you still want to take nude photos but instead of using a digital camera, you bust out an old-fashioned Polaroid instant camera to avoid digital leakage. A determined stalker could still, hypothetically, break into your house, swipe those Polaroids, scan them, and post them wherever. At that point, it becomes a question of which security is better -- your digital security or your analog, meat-space security? Admittedly, meat-space security for most people is probably much better than digital, but nothing is a panacea.
I think a much less ridiculous way of putting what Apreche is trying to say is something like:
Don't do things you wouldn't want everyone in the world to know about.
It really doesn't have anything to do with digital. Have integrity. Accept what you are and what you do and stand behind it. Personal transparency.
Obviously it runs into real world problems of practicality when what you stand for conflicts with what someone else stands for. Like if you live under Putin and you don't approve of his involvement in Ukraine, then the world makes it very difficult for you if you are actually transparent. But all other things being ideal, have integrity.
The service still appears to be secure. The insecurity appears to be on the User end based on poor choices of security questions. Basically any security question that can be quickly answered via imdb or wikipedia should not be used or should have an alternate answer substituted.
A side discussion to this - one that's always on my mind - is the nature of celebrity and the way we treat people that we idolize.
I remember once, standing in line in the supermarket, that I really took in a bunch of headlines from those bullshit gossip magazines. They were all talking about the British royal family, speculating about when William and Catherine would have their first baby. There was something about the people "demanding an heir."
That's kind of a fucked up sentiment, right? Like, just because you're famous, now the public gets to dictate what you do with your body? Pressure from the populace can make people do crazy things, and these are still people after all. Shouldn't they get to dictate their lives without having to capitulate to a bunch of people they don't know?
On the other hand, isn't there a sort of social contract that comes with celebrity? Sacrifice some of your own privacy to gain the spotlight? In a way, celebrities create a persona that the public can do with as they please. Your duration as a celebrity is wholly dependent on how your audience receives you. They control your fate.
Not that this somehow justifies stealing someone's supposedly confidential photos and distributing them. Perhaps in the case of the royal family specifically, there is a greater deal of social responsibility that comes with one's station. There's a lot less pressure on an actor or actress.
Still, that pressure exists, and so does that social contract. The concept has existed long before this technological reality. It used to be the case that one could, with effort, keep one's private and public life very separate. This is less and less the case, and really alters the environment in which this social contract exists.
Just musing. Overall, it's pretty fucked up and wrong that someone's supposedly private photos were stolen and distributed to legions of people who have created some kind of sexual idol from these women, but I can't help but think about the danger one is already in when one is intentionally standing in public view trying very hard to get as much attention as possible.
There is a middle ground... Smart use of technology such as encryption can at least bring back some of the lost privacy. There are people much, much smarter than us working on ways to use cryptography to bring back some of the privacy that has been lost.
Will we ever be as private as we once were in a pre-technical age? Probably not. Can be be more private than we appear to be now? Almost certainly.
Some investigation shows that it may not have been a hack, as it were, but a series of hacks over a very large period of time, with photos being shared around various underground groups for fun, or for money/bitcoin. It's not "Anonymous" as such, more that the whole horrible damburst simply started on 4chan.
It also suggests that the initial release was from someone newer to the scene, who just threw some of it out in public for unknown reasons, while various other members of the group have taken advantage after the fact, primarily to scam horny assholes out of money, though some have backed up what they've said.
A few years ago I used to frequent a forum with some dubious characters on it (scammers, spammers, etc). One of the guys who showed up kept bragging about his awesome computer skills and everyone kept clownin' on him because he was sorta a doofus. So, I assume to try and prove himself, he ended up doing this. That explanation just made me think of that. Could just be some stupid kids trying to be cool.
You know you're a nerd when instead of doing your AP Gov classwork, you work on your Jacksonian letter to Eric Holder about enforcing a law you disagree with.
Question for Non-British/irish/scottish Europeans - If someone calls an article a "review", what does that imply to you - Opinion(like, say, The Verge, Rock Paper Shotgun, Polygon, whatever), or fact(like Consumer Reports, CHOICE, or other consumer advocacy publications)?
I would say opinion. It might list facts, like specs for a camera, but I would assume the article is opinion based, hopefully with reasoning behind their opinions where necessary.
Comments
2) The person creating and storing legal pornography of themselves was probably not committing a crime.
3) It is also good sense to not create or distribute pornography if you do not like the possible ramifications of doing so. You should know your risks.
4) Per 3, no online storage is 100% secure (well nothing is short of complete non-recoverable destruction, but this deserves saying).
5) I still don't understand the celebrity worship involved.
Meanwhile, in Ukraine...
From the new information released it appears that the "hackers" used social engineering to break into the accounts. The celebrities used well known information for their security questions (what high school did you graduate from) and hackers did password resets to gain access.
Some of this could also have been avoided if iPhone owners (as a general rule) were not so technologically. Illiterate. One of the benefits of Apple products is also its biggest weakness., the "it just works" feature. It is very likely that the celebrities involved did not even know that the images were in the cloud at all.
There is no security via obscurity when you are a celebrity.
Would the news be much more than a blip?
Would it just centre on the fact that there is weak security on certain accounts?
Plus I agree with this so much.
For example, if you absolutely don't want the world to see your digital nude photographs, well, don't take digital nude photographs. That's easy and obvious.
However, let's say you use some sort of digital personal finance software to manage your bank accounts. Okay, granted, you could theoretically manage all that using pen and paper, but it's a pain in the ass compared to doing it digitally -- especially since your bank already has all that data in digital form anyway, so you're not really gaining all that much by using pen and paper to manage it. Sure, it may be somewhat more secure (at least from digital hacking) on your end, but what if the bank itself got hacked? Hopefully, your bank has good security to minimize the chances of that happening, but it is a possibility.
The amount of information that you can keep private by not digitizing is getting smaller every day since the vast majority of stuff out there already exists in digital format.
Heck, even keeping things analog may not be totally beneficial. Let's suppose that you still want to take nude photos but instead of using a digital camera, you bust out an old-fashioned Polaroid instant camera to avoid digital leakage. A determined stalker could still, hypothetically, break into your house, swipe those Polaroids, scan them, and post them wherever. At that point, it becomes a question of which security is better -- your digital security or your analog, meat-space security? Admittedly, meat-space security for most people is probably much better than digital, but nothing is a panacea.
Don't do things you wouldn't want everyone in the world to know about.
It really doesn't have anything to do with digital. Have integrity. Accept what you are and what you do and stand behind it. Personal transparency.
Obviously it runs into real world problems of practicality when what you stand for conflicts with what someone else stands for. Like if you live under Putin and you don't approve of his involvement in Ukraine, then the world makes it very difficult for you if you are actually transparent. But all other things being ideal, have integrity.
I remember once, standing in line in the supermarket, that I really took in a bunch of headlines from those bullshit gossip magazines. They were all talking about the British royal family, speculating about when William and Catherine would have their first baby. There was something about the people "demanding an heir."
That's kind of a fucked up sentiment, right? Like, just because you're famous, now the public gets to dictate what you do with your body? Pressure from the populace can make people do crazy things, and these are still people after all. Shouldn't they get to dictate their lives without having to capitulate to a bunch of people they don't know?
On the other hand, isn't there a sort of social contract that comes with celebrity? Sacrifice some of your own privacy to gain the spotlight? In a way, celebrities create a persona that the public can do with as they please. Your duration as a celebrity is wholly dependent on how your audience receives you. They control your fate.
Not that this somehow justifies stealing someone's supposedly confidential photos and distributing them. Perhaps in the case of the royal family specifically, there is a greater deal of social responsibility that comes with one's station. There's a lot less pressure on an actor or actress.
Still, that pressure exists, and so does that social contract. The concept has existed long before this technological reality. It used to be the case that one could, with effort, keep one's private and public life very separate. This is less and less the case, and really alters the environment in which this social contract exists.
Just musing. Overall, it's pretty fucked up and wrong that someone's supposedly private photos were stolen and distributed to legions of people who have created some kind of sexual idol from these women, but I can't help but think about the danger one is already in when one is intentionally standing in public view trying very hard to get as much attention as possible.
Scott says you must essentially eschew the benefits of the modern digital world to achieve privacy. Luke points out that this is not practical.
The underlying truth is that privacy cannot exist in a meaningful way in a technologically advanced society.
We are at a horrific nexus where privacy is eroding rapidly, but where society as a whole is not evolving quickly enough to deal with that erosion.
Will we ever be as private as we once were in a pre-technical age? Probably not. Can be be more private than we appear to be now? Almost certainly.
It also suggests that the initial release was from someone newer to the scene, who just threw some of it out in public for unknown reasons, while various other members of the group have taken advantage after the fact, primarily to scam horny assholes out of money, though some have backed up what they've said.
Also, a whole bunch of y'all should watch this video. Though, less for the point about the overuse of the term "SJW", and more for the rest of it.
http://www.reddit.com/r/GetMotivated/comments/2fve3w/image_picard_wisdom/ckdabxx