9 Things I Learned From a Month in Not-So-Safe Cyberspace

Governments participating in mass surveillance are unhappy about Apple and WhatsApp efforts to make their messaging highly encrypted, which is the trend.

One of the big reasons why you should use private communication tools isn’t for your own good—do it to protect the masses and the people who are really vulnerable. The more users on encrypted platforms, the better their individual protection is from mass surveillance. This is one of the reasons why Andy Isaacson of Noisebridge, who led a Cryptoparty at swissnex San Francisco, runs a Tor exit node.

It is impossible to completely protect yourself from targeted spying. If an organization knows who you are and wants to tap into your computer, they can add a keylogger that sends them every key you ever press on your computer, making privacy software useless.

Why don’t we just add artificial traffic—noise—to encrypted networks, generated by computers? Because these so called noise generators can be easily detected and removed by skilled data scientists.

Whenever you access a website, your computer tells it what resolution your browser window is at in order to give it the proper content (mobile, wide, thin). This information can be used to track you down as you access different webpages from the same device, sending the same resolution out every time.

Adding security to anything will always come at the expense of at least a little bit of convenience. We heard this over and over again. But startups are working on reducing the amount of inconvenience by focusing on design and usability first in their solutions. One such solution is Signal, by Open Whisper Systems, which was designed on iOS by Christine Corbett, a speaker at swissnex San Francisco who received her Ph.D. from the University of Zurich.

Cybersecurity is part of an extremely asymmetric warfare, as Mahendra Ramsinghani pointed out during an event at swissnex San Francisco called Ensuring Safety for the Future of Cyberspace. Hackers only need a laptop and time, of which they have plenty, to prepare and execute one successful attack, whereas companies must spend billions of dollars to get their security right—and it is expected to work with zero down time.

One problem with solving cyberthreat issues is that most companies, who are targets, are unwilling to share their IT security data, which could help track attacks. Typically, one company after another is attacked within a few hours using the same method. This is why we need more open data and sharing in this field.

Symantec, one of the world’s largest cybersecurity companies, used to receive between 10 and 15 viruses per day on floppy disks via mail, handled by Carey Nachenberg in the early 90s. Today, they get 10 threat reports per second.