Personal Privacy & Security for CISOs
Probably need to circle back to this article a few times. Definitely review the original. There is too much information to simply highlight here. Security and privacy must work together. But, even then, would that be effective without significant infrastructure, contextual, and philosophical changes.
When it comes to privacy, the question becomes, ‘What is the threat model?’ or as I like to phrase it, ‘How paranoid was I?’ The spectrum ranges from trusting no one to trusting everyone. Being at the ‘trust no one’ end is unrealistic unless you’re willing to live in the woods, which certainly wasn’t an option for my family. (View Highlight)
- Tags:: lunchandlearn,
Note:: I think this entire article will be beneficial for a single, or possibly a series, of lunch-and-learns. I wonder how far the average user would go in this list? The list seems almost exhaustive to me and I live this stuff. It seems especially exhaustive in the US where business or corporation surveillance is ubiquitous. Activities listed here seem plausible if I were an EU citizen where privacy laws would be in my favor. This reminds me of the Gizmodo journalist who tried to “hide” from the big 5 tech companies, which she found out was virtually impossible.
This is the thing…this is a massive amount of effort. One slip, one time of not turning on a VPN, or blindly accepting cookies, or in the author’s case of picking up a car from the shop exposes everything. Not to mention how easy it is to dox people with OSINT.
So what then? Do we just punt? Say whatever and throw privacy to the wind. There must be a better way. Is Web 3.0 the answer? Doubtful.