'Don't Take Nude Selfies' Is Not Good Security Advice (Op-Ed)

[Jill Scharr]

Don't say, 'She shouldn't have taken them.' The people who stole and leaked actresses' nude photos are the ones at fault.

'Don't Take Nude Selfies' Is Not Good Security Advice (Op-Ed) : Read more

 

[DarkSable]

I came here to post a rebuttal arguing that while it's poorly phrased, the advice is sensible when it boils down to: "Don't put something you don't want found where it could be easily found." It's a concept of physical security and digital security; if it's stored on the cloud, you're trusting someone else's security, not just your own.

That being said, this article wasn't arguing the points I thought it was going to, and makes perfectly valid points. Surprisingly strong, well-argued content for Tom's Hardware; keep it up, Jill.

 

[Christopher1]

Thank the author for writing an article like this. The 'shaming' of a woman who did what numerous people do is sickening to me, it sounds like a bunch of Puritanical BS like we had during the 1700's from the actual Puritans.

 

[skit75]

I'm not trying to blame the victim here, either, but you know you did backup or store your data online or in the cloud. From what I hear and have read, it looks to be more of a targeted attack against the user accounts themselves. Still, the data would still be theirs if they had chosen a safety deposit box or even a shoe box in the closet. Nothing online is private, or secure.

 

[CaedenV]

Do whatever you want, but if it is stored on the internet or goes through a network then just know that there is a very real chance that SOMEBODY will be looking, and if that something is particularly interesting then SOMEBODY will share it to the greater public. Not saying it is right, because it certainly isn't, but it is a fact of life that everyone has to deal with on one level or another. If you are going to do something meant to be private then store it on private local machines, and distribute it over private media (CDs, flash drives, SD cards, whatever).

These are things that nerds have had to deal with for 20+ years now, and if the general public is going to play on our turf, then they get to inherit the concerns of nerds too.

 

[bwcbwc]

I'll write off the phrase "moralizing, condescending and puritanical" as authorial hyperbole to make the point hit home. I can certainly agree that a lot of the reaction to this "scandal" is a) emblematic of our ongoing societal double-standard when it comes to sexuality expressed by men and women and b) symptomatic of the misogyny in the tech community. But maybe we should take "she shouldn't have done that" as a technical recommendation rather than a moral one - in other words, if you don't want to risk it being hacked, don't connect it to the internet in any way, shape or form. Obviously we're looking at some statements from completely different points of view - such a technical recommendation can easily be interpreted as "blaming the victim". But we don't leave our homes unlocked anymore and our cars have several layers of locks instead of open sides and an ignition button. From my POV, unless "she shouldn't have done that" is actually followed by a "moral" argument against public nudity, it's more 20/20 hindsight about security precautions than blaming the victim. Which, in retrospect, is still pretty condescending. So I'll give on that one.

 

[maban]

I really didn't care to read the rest of the article as opinion pieces are generally bullshit. But I would like to disagree on the notion that using a weak password is not the user's fault. While that user isn't actively instigating a "hack" they are not protecting themselves in a manner that anyone would consider proper. The official Apple release says that the "hack" was due to a "very targeted attack on user names, passwords and security questions." In other words, it was partially the user's fault for using a guessable password/security questions. I would like to use the analogy of leaving your car unlocked and it being stolen but it's more like permanently parking it in a crime-ridden part of town.

 

[fkr]

or you can setup accounts so that when a non trusted computer logs into your account it must have a onetime password entered that is sent to the account owner by sms. this is an old story about a fool and his money

I feel for those who get hacked and such but really if you make millions of dollars but you do not have the common sense to hire somebody to help you with your sensitive information you only have yourself to blame.

 

[Necr0v]

The first section in this article "It's your fault for not using a better password" and "Most people would find the first three assertions ridiculous.".

Is it ridiculous to say that if I picked using qwerty or password as a password then it's not my fault? That I shouldn't have my emails hacked because it's up to me to choose my own password and that's a fundamental right of mine?

I'm pretty sure in the last 6 months I have read more articles on here than I can count about using strong passwords and perhaps 2-step verification for accounts that matter (which I would assume includes email).

Not arguing that it's ok for people to hack others email accounts, but if you leave yourself so blindingly open to such things what do you expect?

 

[drapacioli]

Look, I'm not saying a victim is to blame for this sort of stuff, but what I am saying is that cloud security is NOT up to par. Yes, the people that stole it (yes, STOLE, not leaked!) have committed the crime and the celebs are not to blame for these, but there are steps people can take to avoid this situation entirely. Is it your fault that you might not know that your data isn't secure? Well, no you can't be faulted for it, especially if the company hosting your cloud content touts their security as a main feature. The big problem is that even today's best security is being rapidly overwhelmed by hackers and thieves. Remember all the credit card fraud articles from at least 2 dozen retailers this year? Yeah, you're not at fault for shopping there either, but the people/company in charge of making sure those transactions are secure aren't doing everything they can to stop these. Why are we still using encryption that can be cracked on the fly with modern technology? Why are card readers and registers still running on windows xp? These aren't secure at all, and neither is cloud storage if the people in charge are using outdated security protocols.

So yes, the criminals need to be caught, but the companies also need to be more proactive in making sure their services and systems are secure. I'm annoyed at the people that have the nerve to steal such private information and then distribute it, but I'm even more ticked off that companies just don't seem to care enough to spend any real money on fixing the underlying problems with their security. THAT is what I take from all that has happened recently. Also, the internet is still immature, but maybe it's getting slightly better?

 

[drapacioli]

Also I would like to point out that having a bad password is not a good idea regardless of whether or not the theft is "your fault," because it just enables others. If your password is 16+ characters with numbers and symbols and it's still cracked, there was nothing you could do. But if your password to your intimate photos was "password" well you kind of did leave that wide open. It's like writing down the safe combination and putting it on the fridge for a burglar to read if they decided to break in. You are still the "victim" but you aren't exactly helping yourself either...

 

[kapitalistas]

english is not my native language,nude picture ha.i just check one of many consider porn magazines and nude pictures quality there was terrible(if we judge taking naked selfies)if the picture was very bad quality (original picture its not published)im guess it was all on purpose.

 

[ricksun500]

This is the degraded state of feminism in the year 2014: if a woman does anything naive, unsophisticated, or outright foolish, which then injures her or causes embarrassment in the most spectacular way-- hey, it doesn't owe to her behavior, don't you dare point out what she could have done differently, Because Patriarchy.

When a woman crashes her Volkswagen into a roadside obstacle it's the fault of the male traffic engineer & construction worker as well as whoever invented trees

 

[scolaner]

As the news editor for Tom's Hardware, let me say that 1) I wish I had written this article myself and 2) Jill did a better job on it than I would have.

 

[Christopher1]

I'm not trying to blame the victim here, either, but you know you did backup or store your data online or in the cloud. From what I hear and have read, it looks to be more of a targeted attack against the user accounts themselves. Still, the data would still be theirs if they had chosen a safety deposit box or even a shoe box in the closet. Nothing online is private, or secure.

Except that these companies say on a regular basis that the things online are safe and secure and if someone points out that they really are not? They are sued for slander.
To be blunt, online stuff is about as secure as you are going to get in the real world. Just as someone can break into your home and crack your safe, someone can break into your online vault.
We should stop blaming the victims (yes, these people are truly victims) and start blaming the criminals who do these things.

 

[hajila]

You may not consider it 'good' advice, but it is the 'only' effective advice. These systems will never be secure. Don't digitize anything you don't want everyone to have access to.

 

[youDontGetMyEmail]

In my opinion, the fault is 90% at Apple for having horrible security practices, and 10% on the victims for blindly trusting in Apple..

Why on earth did Apple decide to not make any anti brute-force measures/warnings on their iCloud system? Did they even make any kind of security audit? I'm pretty sure any half-decent security expert would find such a major flaw in no time..
But of course, security audits costs money, and we all know that the money is better spent on bonuses and raises to Apple execs..

 

[Shin-san]

I'm with the "Don't take nude selfies and upload them" crowd. However, another commenter beat me to it. Don't post anything you want to get out. I do blame the victim a little bit, but at the same time, yes, it's hacking job.

Part of it is education. Would the general public expect some of these large companies to get data leaked out? Sony? Target? Home Depot? Microsoft didn't point fingers and go "Ha ha!" at Sony when they get hacked because they know that it could happen to them!

And holy shit are companies getting hacked left and right. At the same time, holy shit are companies we know are getting hacked are getting hacked. There's probably more that we don't know that are. Some of the hacks aren't because of an IT department or a developer missing a check. They are because someone sabotaged some equipment.

There's a story on Reddit where a teenager sent out naked pictures of herself because it made her feel sexy. She says later, as an adult, someone contacted her saying something like "You don't want those images to get out, do you?" It turns out that the boy got charged with child pornography. The woman still felt terrible from the ordeal.

The stuff you upload is on a server. Even if the data on the server gets encrypted, there is no guarantee that it would stay that way. Software has a ton of layers, and each can be breached. Companies can only try their best

 

[Solandri]

Let me get this out of the way: I believe that misogyny exists, that the pervs who pulled of these hacks are criminals who should be prosecuted to the fullest extent of the law, that if said hacks were assisted by poor security at a cloud storage service then they should be liable, and people who value their privacy but are downloading these pics are shamelessly practicing a double standard.

That said, I completely disagree with the premise of the op-ed that:

"Virtually no other type of breach provokes this kind of blame-the-victim response. "She shouldn't have done it" isn't actually sound technological advice. It's moralizing, condescending and puritanical. "

Virtually every type of technological breach provokes a blame-the-victim response. You've heard the phrase ignorance of the law is not an excuse? Well ignorance of how tech works is not an excuse.

Credit card numbers stolen from POS terminals? Blame the store for poor security.

You game account hacked and your virtual items stolen? Blame the victim for re-using the same password for his game account as on a low-security website forum.

Your computer gets a virus? Should've been running current antivirus.

Your computer gets encrypted by malware? Shouldn't have blithely clicked that link in that phishing email.

Your hard drive crashes? Should've had a backup.

Whether you choose to take nude pics of yourself is totally up to you. But if you're going to be upset if they get leaked, then it is completely your responsibility to learn and understand what happens to the pics on your device and on any network it connects to. Ignorance of how tech works is not an excuse. If I burn myself because I don't understand how batteries work and I connect the positive and negative leads while trying to jump start my car, you do not blame the car or battery manufacturer. You blame me for failing to take the time to understand the dangers involved with the equipment I was using.

If you don't understand what risks there are with storing data on an always-networked device like a phone or a cloud storage service, then take the time to learn the risks. If you don't want to, then that is your perogative. But don't take nude pictures of yourself and store them on that device/service and expect not to bear any blame. If you want to remain ignorant of how the tech works but still want to take nude pics of yourself, then isolate the pics from the pieces of tech you don't understand. Buy a standalone digital camera, take your nude pics, and never remove the memory card from the camera. Better yet, talk to a tech geek (yes, I know, beneath you if you're narcissistic enough to take nude pics of yourself) and have him/her teach you how to use an encrypted filesystem so you can store the photos in encrypted form.

 

[jdwii]

well duh