Security 01 – Pilot

Welcome to our podcast on security. Our goal is to take complicated issues and break them down for the average person. On our first episode of inSecurity, we discuss what it means to have your buddy list and address book shared with the NSA. Next we tackle what is meant by Glen Greenwald with “The worst is yet to come.” We finish up discussing Tom’s talk on security should be shiny.

1 thought on “Security 01 – Pilot”

  1. Excellent pilot, it is great to see a new security podcast! I have a few suggestions/ideas for you, no offence if these are really what you want to cover though just throwing them out there:

    1. **How do I get my mum to use a password-manager?** I ask this as I have personally tried to get my mum to use LastPass yet she keeps going back to using a Word doc (conveniently called ‘passwords.doc’). I am sympathetic of her frustration. I think part of the problem is apps like LastPass can’t integrate as tightly on mobile devices (for example on my mum’s iPad) as it can on desktop browsers. My mum needs to open LastPass.app (which has pretty terrible UX by the way), find and copy the right password, go back to Safari.app, paste it in and it is just perceived as a major hassle compared to simply using her ‘usual password’ or checking the Word doc. I know it has a built-in browser, but this is even more confusing, “why aren’t my bookmarks here?”, “I signed-in but now it is asking again” (opens link in Safari instead of LastPass). And yes, I also know they have bookmarklets, but these are very difficult for most users to install and is not an elegant solution, it is more of a hack. Even on desktop browsers, password-manager integration can be pretty confusing and frustrating for non-technical users. A simple example would be a website you want to sign-up to, and it one of those bob-awful sites that filter password input and tell you no more than x characters or you can’t use special characters etc. I often find generated passwords are not accepted, but LastPass still prompts you to save it even though sign-up was not completed. It’s a real mess. understand I am not blaming LastPass, they are trying to do a job with little to no standards involved and where there is no real communication between the site and the password-manager. My personal thoughts are that passwords as a security measure are just broken for most users, they simply don’t care enough about security to go through the hassle and will default to ‘password123’ or some other awful password everywhere, we need a better solution (perhaps something like SQRL).
    2. **Your thoughts on open-source vs closed-source, particularly in relation to security. Should everyday users even care?** Disclaimer, I am on the open-source side of the fence and believe users should care at least enough to know the difference. I use and advocate open-source as much as possible.
    3. **Convenience versus security or “why should I care about being secure, I have nothing to hide”.** When I try to get friends and family to see the value of basic privacy, or reasons why we should care about things like encryption for example PGP, they either start to develop glazed eyes or simply say they don’t really care because they have nothing to hide. This is a difficult argument to counter, I mean of course I care personally but should I feel entitled to try and convince this person that it matters?
    4. **Decentralised data A.K.A “reclaiming the cloud”.** I feel this is at least tangentially related to security as the location of user data has become a serious issue with recent revelations. It is clear that companies like Google, Microsoft, Apple, despite the often wonderful services they offer, can no longer be fully trusted with respect to user data. How do you feel about this, have you made any moves to take data off these online services, have you tried any alternatives to online services such as BitTorrent Sync* etc?

    Thanks and look forward to more episodes.

    * Unfortunately this is closed-source, but a truly awesome product.

Leave a Reply

Your email address will not be published. Required fields are marked *