SYNDICATED COLUMN: Security Is Ruining the Internet

Image result for no radio sign car

Another major cyberattack, another wave of articles telling you how to protect your data has me thinking about European ruins. Those medieval fortresses and castles had walls ten feet thick made of solid stone; they were guarded by mean, heavily armored, men. The barbarians got in anyway.

At the time, those invasions felt like the end of the world. But life goes on. Today’s Europeans live in houses and apartment buildings that, compared to castles of the Middle Ages, have no security at all. Yet: no raping, no pillaging. People are fine.

Security is overrated.

The ransomware attack that crippled targets as diverse as FedEx and British hospitals reminds me of something that we rarely talk about even though it’s useful wisdom: A possession that is so valuable that you have to spend a lot of money and psychic bandwidth to protect it often feels like more of a burden than a boon.

You hear it all the time: Change your passwords often. Use different passwords for different accounts. Install File Vault. Use encrypted communications apps. At what point do we throw up our hands, change all our passwords to “password” and tell malicious hackers to come on in, do your worst?

I owned a brand-new car once. I loved the look and the smell but hated the anxiety. What if some jerk dented it? Sure enough, within a week and the odometer reading in the low three digits, another motorist scratched the bumper while pulling out of a parallel parking space. I was so determined to restore the newness that I paid $800 for a new bumper. Which got scratched too. That was 13 years, 200,000 miles and a lot of dings ago. Still drive the same car. I don’t care about dents.

I’m liberated.

The Buddha taught that material attachments bring misery. He was right. During the 1980s crack epidemic addicts stole car stereos to finance their fixes. To avoid smashed windows, New Yorkers took to posting “No Radio” signs on their cars. But the really smart drivers’ signs read “Door unlocked, no radio.” It worked.

Hackers, we’re told, are ruining the Internet. I say our reaction to hack attacks has ruined it. It’s like 9/11. Three thousand people died. But attacking Afghanistan and Iraq killed more than a million. We should have sucked it up instead.

Security often destroys the very thing it’s supposed to protect. Take the TSA — please! Increased airport security measures after 9/11 have made flying so unpleasant that Americans are driving more instead. Meanwhile, “civil aviation” flights out of small airports — which have no or minimal security screenings — are increasingly popular. So are trains — no X-ray machines at the train station, either. Get rid of TSA checkpoints at the airport, let people walk their loved ones to the gate so they can wave goodbye, and I bet more people would fly in spite of the risk.

It’s not just government. Individuals obsess over security to the point that it makes the thing they’re protecting useless.

For my 12th birthday my dad gave me a 10-speed road bicycle. I still have that Azuki. It weighs a ton but it runs great. It’s worth maybe $20.

Bike theft is rife in Berkeley and Manhattan, but I tooled around both places on that banana yellow relic of the Ford Administration without fear of anything but the shame of absorbing insults from kids on the street. I often didn’t bother to lock up my beater. Never had a problem.

In my early 40s and feeling flush, I dropped $2400 on a royal blue Greg LeMond racing bike. Terrified that my prize possession might get stolen, I only ride it to destinations I deem ridiculously safe or where I’ll only have to leave it outside for a few minutes. So I hardly use it.

I’m an idiot.

Nice things are, well, nice to have. But they’re also a pain in the ass. In college one of my girlfriends (who I am not suggesting was a “thing,” obviously, and whom equally obviously I never thought I “had” in any ownership-y sense) had dazzling big blue eyes and golden blonde hair down to her waist and was so striking that guys literally walked into lampposts while gawking at her. Being seen with her was great for my ego. But every outing entailed a risk of violence as dudes catcalled and wolf-whistled; chivalry (and my girlfriend) dictated that I couldn’t ignore all of them. I sometimes suggested the 1980s equivalent of “Netflix and chill” (Channel J and wine coolers?) rather than deal with the stress. (We broke up for other reasons.)

So back to the big ransomware attack. What should you do if your ‘puter locks you out of your files unless you fork over $300? Wipe your hard drive and move on.

Back up regularly, Internet experts say, and this threat is one reason why. With a recent backup you can usually wipe your hard drive and restore your files from a backed-up version that predates the virus. Take that, villains! But no one does.

Meanwhile, our online lives are becoming as hobbled by excessive security as the airlines. Like the countless locks on Gabe Kaplan’s Brooklyn apartment door in “Welcome Back Kotter,” two-step authentication helps — but at what cost? You have to enter your password, wait for a text — if you’re traveling overseas, you have to pay a dollar or more to receive it — and enter it before accessing a site. Tech companies force us to choose a new password each time we forget the old one. Studies show that makes things worse: most users choose simpler passwords because they’re easier to remember.

The only thing to fear, FDR told us, is fear itself. What if we liberated ourselves from the threat of cyberattack — and a ton of work maintaining online security — by not having anything on our Internet-connected devices that we care about?

This would require a mental shift.

First, we should have fewer things online. When you think about it, many devices are connected to the Internet for a tiny bit of convenience but at significant risk to security. Using an app to warm up your house before you come home is nifty, but online thermostats are hardly worth the exposure to hackers who could drive up your utility bills, start a fire or even cause a brownout. Driverless cars could be remotely ordered to kill you — no thanks! I laugh at the Iranian nuclear scientists who set back their nation’s top-secret research program for years because their desire to cybercommute opened their system to the Stuxnet attack. Go to the office, lazybones!

The Internet of Things needs to be seriously rethought — and resisted.

As for your old-fashioned electronic devices — smartphones, tablets and laptops — it might be time to start thinking like a New Yorker during the 1980s. Leave the door unlocked. Just don’t leave anything in your glove compartment, or on your hard drive, that you would mind losing.

(Ted Rall (Twitter: @tedrall) is author of “Trump: A Graphic Biography,” an examination of the life of the Republican presidential nominee in comics form. You can support Ted’s hard-hitting political cartoons and columns and see his work first by sponsoring his work on Patreon.)

37 thoughts on “SYNDICATED COLUMN: Security Is Ruining the Internet

  1. I often think of the happy days when moving meant putting all of my stuff into the trunk and backseat of my car, driving off and never having to look back.

    “It is even part of my good fortune not to be a house-owner.”— Nietzsche

  2. Some systems require very long passwords with uppercase, lowercase, numbers, and punctuation marks, and require you to change them every month. Some people have complex passwords they use for years. A properly complex password can’t be cracked by brute force hacking. But if your password is stored as cleartext, all the systems administrator have your password for their site (so hackers got every Yahoo password in cleartext).

    In the film War Games, the school computer on which teachers entered grades required frequent password changes. So they wrote down the password and pasted it on the computer. You could see the old passwords (paper, chalk, board) with all but the latest one scratched out. I think people could remember a password like paper, but a 17 character password with no recognizable words, numbers, and punctuation marks that has to be changed monthly means you’ll have to write it down where anyone can read it.

    Apple Safari creates a different unbreakable password for every site and stores them all (you never even see them). As long as you have that Apple, you can be sure you can enter your bank accounts, e-mail accounts, etc., safely: one systems administrator has no access to your other sites. But if your Apple crashes, you lose all access to everything.

    The Wannacry starts with an e-mail that looks very interesting and also like it’s from someone you know. Click on the attachment and it installs the virus, which can spread to an old Windows Server computer, and from there to every vulnerable computer (any version of Windows not updated April ’17) on your office LAN. The British NHS was using Windows XP and Windows Server 2003, for which Microsoft stopped security updates in 2012.

    Other idiots turned automatic updates off, so even a copy of Windows 10 with updates off would have been vulnerable.

    It’s hard to run a business without storing your data on some computer somewhere. And the infected NHS hospitals closed and could not see any patients until they rebuilt the information systems for the hospital, so several days without that hospital.

    I have no idea what the answer is. Mr Rall’s Buddhist answer, ‘Don’t get attached to anything on this earth,’ is one solution, but it’s not clear who can stand to follow it.

  3. I bought a new laptop on January 22, 2013. It came with Windows 8, which I hated, so I took the laptop to my local computer guy and had him install Windows 7 over it.

    In the process, he installed Deep Freeze software (Faronics) that prevents any changes to your hard drive unless you turn off the program temporarily. (Before I learned to turn it off when wanting to install new software, it was very frustrating, because the new software would not be on my laptop the next time I fired it up.)

    However, no viruses have taken hold in the interim since January 2013. They might “install” but Deep Freeze keeps them from changing the hard drive on the next startup. You might want to check it out.

    • A tech guy at The Intercept gave instructions on how to run a different operating system in a virtual machine running in RAM.

      His article explained that that’s how viruses, etc. are diagnosed and ways of removing them are found.

      Malware infects the operating system in the virtual machine and when work is completed, the infected operating system running in the virtual machine is deleted, leaving the native operating system untouched.

      Deep Freeze seems similar, in that it lets you run programs in RAM without affecting your hard drive.

      Thanks. Interesting.

      • @ Glenn –

        I should also mention that there is a special folder, “Save Files Here” that is reserved for those items that you want to download and keep. Unless saved to this special folder, they will be lost.

      • That doesn’t help, Glenn. Think about it. If you do everything in a Virtual Machine then the VM is the system you don’t want compromised. All you’re doing is running your system under a hypervisor, which slows it down.

        Yes, it’s great to be able to do anything you want and then use a time machine to pull your computer back from yesterday, unchanged. I use a VM to read the New York Times as many times as I want for free. They do a great job of identifying your computer so you can’t read more than 30 articles a month, but it all goes away when you reset the VM.

        I also use it to explore dark, bad places on the internet using the TOR (untraceable) browser. It’s like Alice’s Restaurant: you can get anything you want. You pay using bitcoins (untraceable digital money) and use an escrow serrvice (the seller doesn’t get paid until you get your shit). Fake IDs, computer virus kits, heroin, machine guns, cyanide, stolen electronics, explosives, non-fake vids of 13 year-old girls enthusiastically fucking their dads—anything and everything that you men like.

        When you wipe up the cum and switch off your PC , all the evidence of where you’ve been disappears long before the Security Police kick down your door.

        But if you do anything that lasts more than a day, like writing a book or home accounting, you have to save the machine state. The ATF, the FBI, and the Feelings Police ARE smart enough to start up the VM and peek in to see if you’ve been doing anything the government doesn’t like.

        I know because I’m a grad student in Computer Forensics and Security. I’d never help the cops and I don’t care if I graduate. I’m just curious how everything works. Like, everything.

        My reliable advice is to use full-disk encryption. That way, the worst they can do is lock you in a cage with scary, angry negroes for two years—the penalty for refusing to tell your decryption password to the State. A single naked pic can get you more time than that.

  4. Sadly the poor are targeted by thieves because they are close by and look like easy targets.
    If I was doing well I could handle a few dings but when you just above empty it really hurts when things go badly.
    Silicon valley is odd place, high, low, sweet, needy all reside in this place. Ted’s old beater bike would taken by the homeless or thieves looking for scrap metal.

    Been flying low since I retired from the Air Force after two foot operations with 60% disability (they lower your retirement and then add disability dollars, the benefit is saving a small amount on income tax)
    2008 sucked us down, after hundreds of job applications, some interviews and some offers that were cancelled when programs lost funding after living in the car at the rest stop I started classes on the GI bill and we lived in hotel. The car blew out, got a used bike and a bus pass, got a $1000 junk car someone cut the lock and stole my $100 used bike (pedaling is far less painful than walking). Someone stole my toolbox and backpack with my graphing calculator and bent my antenna for spite. Someone found my pack ( minus the calculator) open and spilling out papers by the freeway on ramp and brought back to the hotel. The hotel rate when through the roof but finally our credit had cleared enough to get a studio apartment.
    Graduated with a 3.6 GPA but after asking why my application to become a certified teachers was rejected again the acting chair of the science teaching program texted that there was very little I could do to get in the program, a lawyer we knew said it was clearly age discrimation but he didn’t handle that type of case. Couldn’t find anyone that wanted a non work related case.
    Had to borrow from my mother and she was almost in tears when the VA found me a job as a lab technician…makes ends meet now I just need a promotion to pay my student loan for ten years,
    Latest news
    After a year living in the studio my new 1995 Honda with a bent door (the old car blew its head gasket) was stolen out the apartment parking lot with jimmy key…luckily the cops found it the same day. Lost several cd’s the thieves didn’t want the books. I just like the feel of a good book.

  5. The most interesting part to me is that attack was based on an exploit discovered by the NSA

    By law, they are supposed to inform the vendor when they find something like that. They didn’t. Time & time again, they’ve been told that any back door a white hat can use can also be used by a black hat. They didn’t listen, and so the agency charged with keeping us safe has demonstrably made us less safe. The gubbmint uses computers too, and expects them to be secure as well.

    Such is the hubris of the lawman. “This is too powerful to fall into the wrong hands” … I agree – and their hands are the wrong ones.

    • Lucky for all of us they only launched weaponized software instead of hardware.

      I understand tactical nuclear weapons deployed in Europe have safety codes to prevent unauthorized use, but officers fear that the nukes would be destroyed by a first strike before the code could be entered and the trigger activated.

      So the codes are normally entered to activate the weapon’s trigger while deployed in the field.

      This is the kind of security we pay for.

  6. Wow – What a bunch of wasted “advice”! I’m with Ted. Just make regular copies and backups of what you don’t want to lose. Then, if the darn computer stops gets corrupted or simply breaks down (which happens more often), you simply start over like Ted advised, or buy a new one and transfer all your saved stuff to it. You are more likely to be in a simple accident or get a debilitating disease than all the crap that everyone wants you to worry about.

  7. Another thought; I’ve read SF my entire life. I absolutely love the idea of self-driving cars, HAL running my household and voice-activated devices.

    The *idea.* The reality, not so much. I don’t tend to use voice devices: keyboards are more accurate. I do NOT like the idea of my house or my car getting hacked. I work in high tech – but at heart I’m a Luddite, I can program a smart phone, but I don’t carry one.

    I was either born a hundred years too early, or a hundred years too late. I haven’t decided which.

    • Which brings me to ask the question: Why the hell can’t seniors get a god-damned cellphone that works as a telephone?

      My wife bought one of those whatevers (I don’t know if it’s a “smart-phone” or an “out-of-your-world phone.” I won’t even touch the son-of-a-bitch.

      She has missed calls because the damned thing switches itself overnight to “silent” and “vibrate,” all on its own. She now checks each and every morning to make sure the ring-tone is on and at maximum volume.

      Neither of us can figure out how or why this shit happens.

      • I rarely use ‘LOL’ because I rarely laugh out loud at a post, but I did this time. eh-hem “LOL” Thank you.

        I can’t even hear the damn high-pitched beeps without my hearing aids and I hate my hearing aids.

        I do see ads for various phones-that-are-just-phones, but I have no idea whether any of them are any good. (in Parade and AARP magazine for instance. Probably TV Guide and Reader’s Digest, but I don’t read those old-people magazines. Assuming they still exist)

      • Must be somewhere on settings that has it do that. Another thing I hate about cellphones is poor sound quality of phone calls. No one seems to care about the poor quality of digital sound.

      • «Which brings me to ask the question: Why the hell can’t seniors get a god-damned cellphone that works as a telephone?» Alas, mein verehrter Lehrer, the problem lies not only – or not mainly – with manufacturers, but as much or more with consumers. Here in Stockholm, I always recommend those members of our IT-interested group of retirees (we’re about 500 in number on my little island), who don’t already own a mobile telephone, to purchase one that is only a telephone – several good robust models with large easy-to-use buttons and which only cost a couple of hundred crowns are available on the market. Alas, my advice is almost always disregarded ; instead they purchase so-called «smart phones» which have screens which are far too small for their failing eyesight (I just installed a 27″ 4K monitor here at home, so I’m OK) and which, with few exceptions, are too complicated for them to use – and which have the added virtue of costing 20-30 times as much….

        But of course, the lure of the latest and greatest is hard to resist. We must be grateful for the technological «failures» that are vouchsafed us – imagine the carnage that would have ensued had those «flying cars» that have been predicted as coming soon for as long as I’ve been alive become a reality !…


      • ► Neither of us can figure out how or why this shit happens.

        Then ask someone who does, you Alzhammered old Luddite.

        One thing that pisses me off is angry stubborn people who pointedly, ostentatiously ignore the open front door while complaining that they’re trapped in their on-fire house.

        Then when it’s all over, they blame someone else.

      • Luxiwhoma:

        “Then ask someone who does, you Alzhammered old Luddite.”

        Now Luxiwhazza, one should always show respect to one’s elders. You wanna show your hacker chops come get some. My IP addy is

      • @ LuxiTurna –

        “Then ask someone who does, you Alzhammered old Luddite.”
        That’s the main reason I posted to this thread, in hopes that someone could explain this to me. (N.B. – There are some experts here, known to me to exist.)

        Thanks for your assistance. 🙂

      • «Then ask someone who does, you Alzhammered [sic !] old Luddite.» If the above is an example of the sort of «help» you had in mind, «LuxiTurna», it’s rather easy to understand why unser verehrter Lehrer, doesn’t turn to you for advice….


        PS : You yourself might care to ask someone who does know how Alois Alzheimer spelled his surname…. 😉

      • @ mhenriday –

        “You yourself might care to ask someone who does know how Alois Alzheimer spelled his surname….”
        Actually, I assumed “LuxiTurna” was insinuating that I might be “hammered” when I post here. Truth be told, I often am!

      • «Actually, I assumed “LuxiTurna” was insinuating that I might be “hammered” when I post here. Truth be told, I often am!» Don’t give away all your secrets for free, mein verehrter Lehrer, make people ask the NSA instead – hopefully it will slow their operations down !… 😉


    • With you all the way on this one, CrazyH – here the reality has proven to be far more dystopic than the fiction….


      • Hey Henri – despite all our petty bickering, I still figure our goals are more in alignment than not. It’s just more fun to discuss where we disagree than where we agree.

        “I agree with Ted’s cartoon”
        “I agree with Joe’s agreement with Ted’s cartoon”
        “I agree with Fred’s agreement with Joe’s agreement of Ted’s cartoon.”


      • «Bo-o-o-o-o-oring!» Sorry to bore you by agreeing with you, CrazyH, but I’m still constrained to agree with your comment above to the effect that our current technological dystopia was more pleasant to read about in SciFi than experience in reality (whatever the latter may be)…. 😉


      • In that case, Henri – you leave me no choice but to disagree with myself.


      • «In that case, Henri – you leave me no choice but to disagree with myself.» As Emerson observed, «a foolish consistency is the hobgoblin of little minds»…. 😉


      • I’ve watched you guys give tit-for-tat (I prefer tits) and wondered what-the-hell? You basically say the same thing with small variations. But this recent agreement between you two might just drive me up the wall!


      • «But this recent agreement between you two might just drive me up the wall!» Just remember, mein verehrter Lehrer, to take care not to knock down der Spiegel (and I don’t mean the journal, which you can knock down all you want according to me) in that case !… 😉


  8. Sign me up as part of the resistance to The Internet of Things. Hoping that not too many gadgets will be made IOT. I really don’t see why this “cool new technology” should be adopted without questioning.

  9. The ransomware in question was developed by the NSA. It was “clever” enough to create it but, apparently, not clever enough to keep it from being stolen:

    • Once again, those charged with making us safe have made us demonstrably less safe. Maybe they learned their lesson this time. And maybe we can all get on our unicorns and fly off to candyland!

      • «And maybe we can all get on our unicorns and fly off to candyland!» Just make sure your visa’s up to date and that your unicorn isn’t overbooked…. 😉


  10. «The Internet of Things needs to be seriously rethought — and resisted.» Indeed. The so-called IoT – the latest technological paradise promised us – is a security disaster waiting to happen. Coupling one’s refrigerator to the internet is not a good idea….

    (Aside from the IoT, other obvious things to be avoided are, for example, using a Microsoft OS on one’s computers – but that’s another story…. 😉 )


  11. I totally agree that the internet and computer security groups are obsessive with backups. Not only is it that you have to backup your own computer, you now need a backup for that backup!

    I keep it simple, installed Rollback Rx Home (Free) and get it to run a daily snapshot. I delete ones couple days old so I have a solution in place, but if it goes or my entire system gets destroyed in a fire then who cares? There’s only so much you can feasibly do, after that you just have to wonder if you’re going too far.