"Personal Internet security" is a team sport

My latest column in Locus magazine, Security in Numbers, looks at the impossibility of being secure on your own -- if you use the Internet to talk to other people, they have to care about security, too.

If you’re just getting to this stuff, welcome. Seriously. We need everyone to be worried about this stuff, and not just because it will help us get governments to put a leash on the spies. More important is the fact that security isn’t an individual matter.

A really good way to understand this is to think about e-mail. Like many long-time Internet users, I was suspicious of Google’s Gmail and decided that I’d much rather host my own e-mail server, and download all my incoming mail my laptop, which is with me most of the time (I also have a backup or two, in case I lose my laptop), but over time, lots of other people started using Gmail, including a large slice of the people I correspond with. And they don’t host their own e-mail. They don’t pull their mail off the server and move it to a computer that’s with them at all times. They use Gmail, like a normal person, and that means that a huge slice of that ‘‘private’’ e-mail I send and receive is sitting on Google’s servers, which are pretty well maintained, but are also available for mass surveillance through NSA programs like Prism.

Effectively, that means that I’m a Gmail user too, even though I pay to host and maintain my own mail server.

Security in Numbers

(Image: Cardiff City Huddle, Jon Candy, CC-BY-SA)