In The News‎ > ‎

Data Privacy, Celebrities and You

posted Sep 4, 2014, 7:55 AM by Craig Cox   [ updated Sep 8, 2014, 7:15 AM ]
As has been breathlessly reported all over the web, several big-name stars have had embarrassing photos taken from their iCloud accounts and published.  In contrast to some previous "leaks" that had every appearance of being carefully orchestrated, these photos were unambiguously stolen.  Here is a detailed, fairly technical analysis of the people involved and their process.

As this CSID blog points out, the celebrities involved are regular technology users themselves.  While we hope that no one is going after our own data with the persistence they showed in the celebrity data breach, we should still take reasonable precautions with our data.  The linked article gives several good tips, which I would like to amplify here.

(The most obvious and tempting advice, not mentioned in the linked article, is not to take risque selfies to begin with, but it has been asserted that this amounts to blaming the victim.  I will therefore leave the risk assessment to the individual reader, and merely point out that the more private the data that you create and store, the more effort you should put into its defense.)
  • CSID's tip 1 about never using public WiFi can be modified to say "unless you're using a VPN product".  I explain and link to VPN offerings in the Travel Precautions resource page.
  • Tips 4 and 5, Have Complex Passwords and Size Matters (about passwords) are the two most-given pieces of advice that are the most difficult to implement.  This October I will be visiting each campus, giving a revised presentation about passwords and password management.  I encourage everyone to attend these presentations; if you miss the one on your campus, please contact me to arrange another presentation.  Security Awareness presentations are offered at no charge to any student, faculty or staff group.
  • Tip 9, being careful not to post answers to your security questions, might be modified to "lie about the answers to your security questions."  The true answers might be beyond your ability to keep confidential.  The trick, of course, is writing down that false answer you used and keeping it safe so you can repeat it later if needed.
  • Tip 14 is mostly aimed at students living in dorms.  For students at a non-residential college, consider keeping a fire safe at home.
(Update 9/8/2014:  A malicious Android app, pretending to be a "flappy bird" game, downloads pictures behind the users' back.  Tips to defend against this one:  First, try to validate that your download is the legit app and not a knockoff.  Second, make sure your app doesn't have permissions to resources it doesn't need.  No video game should need to access your photos.)

And for those who are considering downloading the trove of stolen images, here's a couple of tips for you:
  • Some of the images originally posted were taken when the celebrities were underage.  That makes those images (a limited subset of what has been released) child porn.  Possession of child porn is a crime that can get you put on a reputation- and career-killing offender registry for the rest of your life.  At least one distribution site is trying to purge those images, but their warnings indicate they don't have complete control over the content.
  • It would be typical for scammers to use the promise of more pics -- perhaps of different celebrities -- to lure you into clicking a link that would infect your computer or smart phone.  Ironically, click bait is how some of the celebrities' iCloud accounts got compromised and their contents copied out.
Is the thrill really worth the risk?