Understanding Hostile Cyberspace
Making sense of various online threats to privacy and security.
To make deliberate decisions to improve one’s own privacy and security, one must make sense of cyberspace itself, and how it can be weaponized. With the benefit of hindsight, it is quite easy to see the traps that were set out for the public. The great news is that there is a phenomenal amount of territory to be reclaimed when people take action. Even a relatively simple shift to offline-first workflows will do wonders to secure control over one’s information. Of course, not all applications can be carried out entirely offline. For a variety of reasons, one must make use of the Internet and online services built on top of it. This piece will help people learn to discern the various risks related to hostile cyberspace, to better choose what to use and how.
Cyberspace Fundamentals
What makes computers amazing is that they can talk to each other. Software you use can connect with software running on other machines to do all kinds of fascinating and interesting things. Cyberspace is any and all connected machines, including the services and apps running on them. These apps, services, and websites will all have various features and functionality. Unfortunately not all of this functionality is harmless. Spying, censorship, and even manipulation can be omnipresent threats on various websites and apps. One of the more un-intuitive network security problems is that these machines can lie to each other which is the root of many serious concerns. Setting aside some of these more advanced concerns, we’ll explore how cyberspace is structured.
There’s No Place Like Home
Home is the machine you’re running. Provided you’re not infected with malware, this is your kingdom. You can decide which services to run, what to do with files, and whatever else suits your needs. With enough knowledge you may even be able to modify the device itself to change fundamental behavior. There are many ways for programs to share data on your own machine if you wish, and a great deal that you can do without connecting elsewhere.
Generally, you’ll have a web browser installed on your device so you can reach the world wide web, and the variety of services on it. This is often where most users will spend most of their time if they have not yet been assimilated into a wide variety of cloud-based services. The browser is a very sophisticated program that loads web sites from all over the Internet, but also has many advanced features for web applications. Ensuring that your browser itself is not vulnerable to intrusion, or giving away unnecessary information is vital to your own privacy online.
Other applications can also interact with online services. Using programs to load data from the web is fairly common, but can also have many of the same concerns as using a browser. Since browsers can generally be uniquely identified by their fingerprint, specialized software may be designed to access online information without divulging as much information. Some information leakage is unavoidable. By accessing an online resource it is inherently impossible to hide the fact that you’ve reached a particular service. The moment your request leaves your own network, it is now under control of the remote operators, and potentially others in-between.
Reaching Out
To retrieve information from the Internet, your request has to be routed across the world. The server may be next door, or all the way across the ocean. To make this happen, various routers will forward along the request to others towards the destination. Once the request is received the response is then forwarded all the way back to your system. Without any issues on the part of the service you connect to, it’s entirely possible for traffic between you and your destination to be copied, spied on, censored, or even manipulated. This is why the web uses encryption (HTTPS) to ensure that you have a secure connection to a server. Keep in mind that there are ways this can be overcome. Network security is it’s own challenge when it comes to these problems.
Assuming that your connection to the service isn’t being interfered with or abused in any way, it is unfortunate that the service itself can betray your trust in all kinds of unintuitive ways. The phrase “If it’s free, you’re the product.” certainly applies. Unfortunately, being a paying customer is no inherent defense from malicious activity. Beyond merely selling your data, the service itself can expose you to malware through advertizing or even require you to install dubious software. One of the major contributors to the death of the web is search engines driving traffic to hostile web pages that make browsing the web it’s own challenge. To make matters worse many services are hostile to users using privacy enhancing technologies like Tor or those connecting from proxies. By requiring users to reveal their real IP address, they are exposed to having their location, or even identity potentially uncovered.
Far, Far Away
That is not the end of potential troubles. The online services you use could be reliant on other services. These distant providers may have undesirable implications for the service itself and your use of it. These third-party services are generally responsible for many privacy risks, but for a high-value target they may even be a security concern. This risk is so serious that many governments are questioning how it can impact their own data sovereignty. This is a much more difficult problem to resolve because such information may not be readily available. For the more surface-level technical details a service like Built With may help, but for some services you’ll never have a complete (or honest) picture.
Defining “Hostile Cyberspace”
Hostile cyberspace is any and every online site or service that engages in malicious activity such as:
Harvesting data
Manipulating people
Sharing or failing to secure user data
Censoring or manipulating content
Provides features at the expense of dependence (vendor lock-in)
Distributes malware or serves ads that do
This includes a vast majority of the Internet. The most blatant examples would be mainstream social media, many smartphone apps and cloud productivity software. An un-intuitive example of hostile cyberspace would be sites and services that abuse your trust with bad practices. The root of hostile cyberspace is making use of storage/bandwidth or computing power that isn’t entirely under your control, or that of those you trust. Trust, in this circumstance, means more than congeniality, but responsibility, stewardship, and competence.
People Farming
The line between corporate data-harvesting and state surveillance gets ever blurry. The more and more people relying on a single giant organization the more value there is in exploiting and subverting the users and their information. This unfortunately creates a feedback loop where large services can use power gained from large user counts to capture or leverage against other people. Selling user data for profit is one such feedback loop, but there are many others.
In our time it is not simply about money, influence over minds, especially large numbers, can easily be converted back into money or other forms of power. Profiting off people’s online activity aligns incentives to ensure that people are encouraged, or even addicted to being constantly online for the sake of being online, to their own detriment. Taking control of your own mind requires making deliberate choices about what online organizations and systems you allow to influence or even govern your information and activity.
Shields Up
When one knows that they are interacting with hostile cyberspace there is a variety of measures that can be taken. The most basic but also very efficient measure is to use ad-blockers or other protections like disabling scripts and remote resources. By “locking down” your browser you limit what can ultimately be used against you. On the network side, you can proxy your requests through a remote server or anonymizing software like Tor. This is useful in situations where you don’t want either your location, or precise network details to be known. Using random or otherwise false personal information to fill out forms is one of many ways to work against active data collection.
None of this, is a silver-bullet however. The more one interacts with hostile cyberspace the more opportunities are presented to compromise the user, thus raising the complexity of proper countermeasures. It can be easy to overlook particular technical details that undo all the work of protecting oneself in hostile cyberspace. It is always about a cost-benefit between what you’re willing to do to prevent bad outcomes. The most efficient means, is to merely avoid hostile cyberspace by making use of personal or offline alternatives where possible.
Avoiding Hostile Cyberspace
While the majority of the Internet is hostile to your digital autonomy, it would be a mistake to believe that it is entirely so. A non-trivial portion of the web includes many sites that merely provide information and don’t engage in the wide array of nefarious practices. Unfortunately in many cases they do not get the same amount of attention due to not usually being commercial ventures. There are rare services and online communities that do value and take responsibility for protecting user information and providing beneficial tools.
For example, databases of valuable or detailed information aren’t necessarily something someone wants to download entirely just to look up a few items. It makes sense for an entity to provide a means for the public (or customers) to have easy access to specific information. This only becomes nefarious once users themselves become a means to a different end than providing information as a service.
Another example would be cloud services that make use of open standards and Free Software. Taking proper measures to protect user data (such as encryption under control of the user, and good security practices), much can be done to run a service or platform quite responsibly. Useful features like being able to export data or media, as well as run your own instance can provide people the means to try new options before they’re ready to commit to maintaining them themselves.
Ultimately, simplicity is the key. Over-complicated or ambitious solutions can fail in bizarre or unexpected ways. Reasonable expectations, and a pinch of caution can go a long way to make better choices.