[ Home | Articles | Account | People | Projects | FAQ ] The "I Have Nothing to Hide" Fallacy
A common pattern we hear on the Internet in regard to privacy or security is "I have nothing to hide" - no one will want to target me because they'll gain nothing from doing so. Today let me tell you a story that shows why this is not true.
A few years ago, I was using the same easy-to-remember password (which was only 6-letters long) on most of the sites I had accounts on. One day, I received an email from Freshmeat.net asking me if the fact that I had changed the description in the record of Freecell Solver there to "Freecell Solver is a useless 100% ANSI program that automatically solves games of Freecell", indicated that it was not worthy of inclusion there. This surprised me because I naturally didn't modify it like that nor intended to.
After talking with the admins of Freshmeat, I realised that someone logged in to my account, and submitted the malicious update for inclusion. They ended up giving me his IP, which was in Israel's Netvision ISP (while I'm subscribed to a different ISP). Now, this change was pretty innocent, but naturally, now that he knew my shared password, the possibilities for him were endless. As a result, I went on a concentrated spree of changing that password to new, different ones in all the accounts I created on the Net with it. I made a smarter use of my password manager and eventually discovered the auto-remember-passwords feature of browsers such as Firefox and Konqueror, and solutions such as OpenID.
There's no good excuse to compromise on security. Do you have a bank account and access it online? If you're not careful enough, a malicious attacker installing spyware on your PC might empty it. So you say to yourself: "What does he have to gain from me? I only have $10,000 there.". Maybe you do, but if he empties hundred or thousands of accounts like that by writing a robot, he'll become rich, so he isn't likely to not to target you.
And some people are keen on doing random vandalism with your online presence, like the one I mentioned, who may have also been trolling my blogs. Therefore, make sure you're as safe as possible. This incident was all I needed to become more careful, and I hope you now realise that, as well.
FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.
Keep up with the latest Advogato features by reading the Advogato status blog.
If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!