Congratulations! You have just read an entire book on computer security! I hope I managed to teach you some things you didn’t know, in a way that wasn’t boring. More than anything, I hope I’ve convinced you of the importance of computer security and helped you to implement some basic safeguards to protect your computer castle. Before I wrap things up, I wanted to share with you a few last thoughts.
Keep Calm and Carry On
While the picture this book paints might seem bleak, I don’t want you to go away feeling overwhelmed or despondent. Armed with the tips and techniques in this book, you can protect yourself and your family against the most of the common threats out there. Imbued with this knowledge, you should feel confident about using your computer, your smartphone, and the Internet. These tools have already changed innumerable things for the better, and we have truly only just scratched the surface of the potential.
Back up your files.
Keep your computer and smartphone software up-to-date.
Use strong, unique passwords for important sites.
Turn on two-factor authentication where you can.
Surf the Web safely using a good browser with security plugins.
Don’t open unrequested/unexpected attachments or links.
Do those things first. Do the rest when you can.
The Case for Optimism
In the past decade or so, as the bad guys have turned to the Internet for their nefarious deeds, computer and software makers have been forced to focus more on security and privacy. However, with the revelations from Edward Snowden and all the massive data breaches at big-name companies in the last few years, security and privacy concerns have increased exponentially. Google and Apple in particular have kicked things into high gear. Google is using its dominance in web search and cloud services to push web sites into adopting secure communications by default, as well as creating tools to make it easier and cheaper for them to do so. Apple has already included some great tools on Mac OS for encrypting your data and securely backing it up, but in the wake of recent events, they’ve taken effective steps to lock down their mobile devices against prying eyes, as well. Global companies like these and others need to be able to sell their products worldwide, and that requires convincing their customers that they are willing and able to secure their data. There are already multiple competitors cropping up to fill this need. This competition should light a fire under the existing corporations to get their respective acts together. Or maybe they’ll just end up buying up some of these security-focused startups. But either way, we should be seeing a lot of innovation in the area of security, and this will benefit everyone.
While there have certainly been some colossal security breaches lately, this is causing people to wake up and take notice. Unfortunately, things often need to get worse before they can get better. I don’t think we’ve bottomed out yet—it takes time to implement security changes at large corporations and in computer products—but I think things have already gotten bad enough that we’re on the road to recovery. While the U.S. government seems incapable or unwilling to protect the privacy of its citizens, the European Union is taking bold steps with the General Data Protection Regulations that will benefit all of us. Furthermore, the private sector has profits to protect, and they won’t be waiting around for legislation. We’ve already seen this happening, and I expect to see a lot more in the next year or two. The case involving the FBI and Apple that hit in early 2016 is a prime example. When these high-profile security incidents occur, they will force us to finally debate these issues and take action. So, while we are not out of the woods yet, I think we’ve turned the corner.
Don’t Take This Lying Down
Despite the market pressures that are driving increased security, there are still plenty of places where maximizing corporate profits does not directly align with maximizing consumer protections—particularly in the area of privacy. For this reason, it’s absolutely essential that regular people like you get educated and get involved. If consumers and citizens don’t demand security and privacy, then corporations and governments will be free to put their own interests first, protecting their profits and power.
Regardless of what you believe is the proper balance between freedom, privacy, capitalism, and democracy, you can’t really participate in the debate or make informed choices unless you understand the underlying issues. I don’t mean you have to understand all the deeply technical details, but you need to know enough to evaluate different products and different policies. I’ve tried to give you a good foundation with this book, but I urge you to seek out more information and stay informed. See the previous section of this chapter for some ideas.
I encourage you to take it one step further, however. Don’t just get educated; get involved. I’m not encouraging every reader to put down this book and put up a protest sign (though that would be wonderful). There are many simpler ways you can make a difference. For one thing, you can pay others to do it for you. That is, you can donate to groups that are already fighting for your rights and putting pressure on corporations and governments to do the right thing. You don’t have to donate a lot, either—even a little money can make a difference, if enough people do it. Just being a member of these groups helps to give them more clout; it gives them a long list of everyday people who made a point to say, “I agree with what these guys are doing; please listen to them.” Again, see the list at the end of this chapter for some ideas.
You can also spread the word to others (maybe give them a copy of this book). As these issues inevitably hit the news, discuss and debate them with co-workers at the water cooler, at home with the family over the dinner table, or with friends at the next party or sports event. It doesn’t have to be confrontational—keep it friendly and informative. But it’s essential, as a society, that we address these issues. We can’t ignore them any longer.
Of course, in a representative democracy, the people who are supposed to be your advocates are the people you elect to represent you in the halls of government. However, with campaign finance laws being what they are, these folks are unfortunately much more likely to listen to the needs of their largest donors. Nevertheless, you cannot let that stop you from trying. The real problem in the United States is that people have given up. Voter turnout in this country is abysmally low. I think people are just tired of the mudslinging and backroom dealing. To paraphrase an old hippie mantra, they’ve tuned out, turned off, and dropped out. The problem with disengaging is that it leaves the more extreme factions and wealthy people in charge. Security and privacy are not partisan issues; they affect us all, no matter what your particular leanings may be. I encourage you to stay involved and to vote every chance you get—not just in national elections but in local ones, as well. If we could get just 5 percent to 10 percent of the people who have given up on voting to get back out there, it could easily turn the tide.
Finally, as you see companies trying to do the right thing and bringing new products to market, support them with your pocketbook whenever you can. We need to shift away from an Internet economy that is based on advertising. That’s going to mean paying for things that used to be “free.” Also, when given the choice, we need to favor products that do a better job of protecting our privacy and enhancing our security.
Similarly, you should support politicians who stand up for individual privacy and stand against the rampant, unregulated gathering of personal data by corporations. The first step is awareness—these companies simply must be 100 percent transparent about what data they collect, what they do it, and who they share it with. Once we understand the true breadth and depth of this campaign to hoover up all our highly personal data, I think we’ll find the political will to make necessary changes.
Going Further
There are several other ways for you to make a difference and gain further knowledge. In this section, I’ve gathered together some key resources for going beyond the tips in this book. You can use these resources to continue your education and get a different perspective on the topics I’ve covered in this book. I’ll also tell you about organizations that you can support that are out there working hard to protect your rights.
Books
Data and Goliath by Bruce Schneier (W. W. Norton & Company, 2016). Schneier literally wrote the book on cryptography but in recent years has become a leading voice on public policy. He’s testified many times before Congress. His (recent) books are easy to read, extremely insightful, and compelling. If you like this book, you might also try Beyond Fear.
No Place to Hide by Glenn Greenwald (Metropolitan Books, 2014). Glenn Greenwald was selected by Edward Snowden to manage the release of highly sensitive information regarding warrantless NSA mass surveillance. This book chronicles this engagement and helps to explain the importance of Snowden’s bombshell revelations.
The Code Book by Simon Singh (Anchor, 2000). If you find the concept of cryptography as interesting as I do, this book traces the history of ciphers and cryptanalysis in an engaging and entertaining way.
Little Brother by Cory Doctorow (Tor Teen, 2010) (fiction). If you prefer to be entertained while you learn about cryptography and why it’s so crucially important to democracy and society, this is a must-read. This book talks about a not-too-far-fetched future where law enforcement agencies overreact to a terrorist attack and trample civil liberties in a quest for “security.” Seriously, just read it.
Documentaries
Terms and Conditions May Apply: This is about online privacy and what sorts of things you’re signing away in end-user license agreements (EULAs).
CITIZENFOUR: This is about Edward Snowden and how his initial information was given to reporter Glenn Greenwald.
Frontline: The United States of Secrets: This is a great two-part show from PBS.
Code 2600: This is a great film about the humble beginnings of the hacker culture and how cybersecurity has become much more serious with the advent of the Internet.
Blogs and Web Sites
Firewalls Don’t Stop Dragons: My blog! I will be pulling info from many sites, so by following me, you will automatically get some of the rest of this stuff. See https://www.firewallsdontstopdragons.com .
Naked Security blog: This is a great source for security info, written in accessible language. See https://nakedsecurity.sophos.com/ .
Spread Privacy blog: This is another great blog that’s very accessible, put out by DuckDuckGo. See https://spreadprivacy.com/ .
Schneier Blog: Bruce Schneier has a wonderful blog that provides truly insightful analysis of current events, looking beyond the immediate impact and giving much-needed long-term context. See https://www.schneier.com/ .
Microsoft Digital Skills: Microsoft has an extensive web site, full of many resources for security and privacy. See https://www.microsoft.com/en-us/digital-skills/online-safety-resources .
Podcasts
My podcast! It’s also called Firewalls Don’t Stop Dragons, and you can find it on my web site (on the Podcast tab) as well as the usual podcast outlets (iTunes, Google Play, Stitcher, etc.). The show comes out once a week on Mondays and runs 30 to 60 minutes. See http://www.firewallsdontstopdragons.com .
Security Now! This is where I really got into security, and I listen to this podcast religiously. While it can get a little technical sometimes, it’s always fun—and full of random other fun stuff like sci-fi books and movies. It comes out once a week, usually on Tuesdays, and runs at least two hours. See http://twit.tv/show/security-now .
Fighting the Good Fight
Electronic Frontier Foundation: https://www.eff.org/
Electronic Privacy Information Center (EPIC): https://epic.org/
Center for Democracy and Technology (CDT): https://cdt.org/