Ashley Madison hack just the latest to shatter online privacy illusions Melanie Baker September 3, 2015 Columns, Featured, M-Theory The Ashley Madison hack in July (or was it?) and subsequent release of tens of millions of user account records is ugly no matter which way you look at it. It’s a horrendous breach of privacy. A glaring example of how little people understand about sharing personal information online. It’s led to predatory practices by unscrupulous people manipulating those already afraid and desperate. It’s produced car-wreck pop-culture fascination and gossip-site fodder par excellence. It will likely disproportionately punish those already most marginalized, up to and including execution. It’s resulted in vicious, puritanical glee by those chucking rocks out the windows of their own glass houses. Oh, and your fridge has really crappy security. (That was not a total non sequitur. I’ll get to that.) This data breach is getting the most attention because it’s the juiciest, and those affected have a lot more to lose than having to change passwords or replace credit cards. There was a data breach at Adobe in 2013 that affected 150 million accounts. Do you even recall it? Regardless of which of the above groups you might fall into, whether you feel righteous or wretched, or how confident you feel that none of those scenarios would ever happen to you, you’re pretty much delusional. A data breach will happen that will nuke your perceived sense of privacy, safety and online comfort. It’s not if, it’s when, because you are not in control. And you don’t know other people’s agendas, let alone have influence over them. Wait, what? No way! You stopped using your dog’s name as a password ages ago, delete every email from a Nigerian prince, and have never even created an online dating profile, let alone waded into the sordidness of something like Ashley Madison. Doesn’t matter. Credit card companies tend to be pretty damned awesome at fraud detection and management. Why? Because fraud is common as dirt. Barely a day goes by that I don’t see someone trying to register domain names with some variant of PayPal, Amazon, Facebook, big bank names, etc., most with obvious phishing intent, and usually with stolen credit card numbers. I have lost count of the people who have used my email address to sign up for everything from kids’ puzzle sites to loan applications to adult “friend” finder sites, either due to typos or because they don’t understand how Gmail reads punctuation marks. (My email address was not used for an Ashley Madison account, and frankly, I was surprised.) As plenty of hackers will tell you, some of the most fruitful hacking doesn’t even need to go near a keyboard. Just a voice on the phone or in person. We are social creatures, and we want to help. This makes social engineering near impossible to eradicate, and incredibly effective. If that article about the Ashley Madison data breach being an inside job has any substance, you also need to worry about your own company’s employees. All it takes is one unhappy person with an agenda, or just someone out for lulz, and you can ruin, even end, lives. That’s a lot of power for no one to control. Those of us in tech pride ourselves on being, well, techy. We use password managers and encrypt our email, maybe. But how many of us are hackers? How many of us would know how to access Tor and download a torrent of the Ashley Madison data, then be able to clean and organize it into something that can be parsed and analyzed? Even if many of us could, we don’t care to bother. But hundreds of thousands of people do. Which is worse: being targeted because someone hates you, or because your data was just in the wrong place at the wrong time? Contact info, personal communications, intellectual property, credit card and purchase data, medical information, assorted media… what don’t we keep online these days? Syncing to this or that cloud has become so frictionless, so seamless, so convenient, that we’re trusting our lives to entities and systems many of us would be hard pressed to explain. At least when people had nudie Polaroids in a shoebox in the back of the closet it would have been really, really difficult to share them with half the planet. We’re also giving away our privacy for the aforementioned convenience, or, to use governments’ favourite word, for “safety.” What hackers can do technically, we enable governments to do legally. But if it enables milk delivery before we’re even aware we’re almost out (stupid online fridges…), or if it catches a suspected terrorist here and there, isn’t it worth it? It’s human nature to be more optimistic about the future than is logical based on past data and experience. Unless your life has already been turned upside down by identity theft, a leak of naked celebrity photos, the sordid internal dealings of your studio being splattered all over every gossip tabloid known to man, or your credit card number and sexual preferences showing up in the data of a site that tries to guarantee the facilitation of adultery, you won’t get it. You can’t. Even people I know – smart people – who’ve had credit or debit cards compromised more than once, don’t become hyper-paranoid cash-only types. Because we trust the system. It’s always worked for us. And when we read the headlines, they’re about them, not us. Will it ever get as bad as dystopian books and films would have us believe? Where advertisements are beamed directly into our brains, crimes are prosecuted before they’re committed, and all who are left fighting the good fight are a rag-tag band of scrappy misfits. Would a single conventionally attractive hero be enough to wake us from our pleasant delusions and topple the oligarchy/technocracy/protectorate oppressing us? I don’t know. But they will come for you. If you’re really, really lucky it may just be the login to some fluffy pop culture website they get, with a password you never use anywhere else (yeah, right). If you’re not, it may be divorce, estrangement, shaming, ostracism, suicide. And as has been proven over and over, what they find doesn’t even have to be real, or true, or contextual. Online lynch mobs aren’t known for their thoughtful analysis before they raise their pitchforks high and get doxxing. We live online, and we hand over so much of ourselves day after day. There are those who want to exploit that, for fun, for power, for profit. And shy of unplugging everything forever, there’s not a whole lot you can do about it. Unless you have no secrets. Unless every pixel of your existence is public record. C’mon. We all have secrets. But, to paraphrase Anonymous: expect them. (Side note, this site enables you to see if your email address has been compromised in any of a number of data breaches, including, but not limited, to Ashley Madison. If you have an account with Adobe or Gawker, for example, it may be useful.) Photo: matrix by Gamaliel Espinoza Macedo is licensed under CC BY-NC 2.0. M-Theory is an opinion column by Melanie Baker. Opinions expressed are those of the author and do not necessarily reflect the views of Communitech. Melle can be reached @melle or email@example.com.