Eternal vigilance app for social networks: treating privacy vulnerabilities like other security risks


Security practitioners do not speak of privacy as an aspect of security. We generally discuss confidentiality, integrity and availability of data and when we discuss a vulnerability we speak of how it affects those aspects.

Moreover when speaking of risk we must quantify that aspect as risk does not equal threat or vulnerability. See Richard Bejtlich’s post on how to differentiate these words and their meanings.

In this case @doctorow seems to have conflated a pair of key terms which is potentially misleading as they are not equal at all.

1 Like

You know, when a subset of the population warps the meanings of common words and destabilises the potential of those words to communicate clear meanings to the general public, you have a definite sign of meaning inbreeding with a determinative, whether deliberate or not, vector of obfuscation, for whatever purpose.

I tire of these side-swipes at @doctorow. It’s wearying. It’s trolling. It’s ongoing. What is it - a game? Diss the headline?

To the point, which is clear and harmonised between the articles and Cory’s headline, the general population are sitting on a spectrum of concern about privacy issues ranging from “what are they?” to “stop freaking watching everything I do you aggregating bastards”. Cory is speaking to that population.

So please. Cut the crap.

Your points are perhaps valid, although your approach deters me from any interest in them, but also indicate to me that security practitioners, who seem so very clever with their subtle flavour of linguistic distinction, have little influence or care or understanding over the ethics of data and what it is they’re potentially able to protect, and hence, they abstain knowingly from participating in influence over the issue.


Using words for what they mean in stead of in a Humpty Dumpty-esque fashion is now trolling?

As for me I’d hope that those who blog about security would help educate that same general population as to what is what rather than using words indiscriminately and incorrectly. Maybe even coach them on how not to over share and thus protect their privacy instead of creating inadvertent scare headlines.

An automobile design engineer can tell you about the stability of a car at certain speeds and driving conditions. The ethical question of if one should drive or not is quite different. There are those of us who work in security who are deeply interested in the ethical aspects of how data may or may not be used but we generally differentiate between the discussions.

For example, there was a discussion a while back about personal use audio/video data recording devices to help those with short term memory problems. Perhaps you were to visit someone’s home who used one of these yet you consider the visit itself or the nature of the visit to be private. You may be rightly concerned about device and or data security in this case. Whose ethical need is greater here? Your desire to not be recorded or to be “forgotten” within a short time or the need of the person who relies on the device to manage their life? This assumes of course that the device was designed with a forgetting feature in the first place. Are device designers ethically obligated to consider including such features?

None of this is quite as simple as rating the ability of a device to maintain data availability, that the data won’t be corrupt when needed or that access controls are in place around the data.

Now to bring that back to the matter at hand. Cory has a much bigger voice and public visibility than many if not most security professionals. This blog gets lots of readers, he writes for a major newspaper in England, etc. Functionally he is famous. Is a famous writer perhaps ethically obligated to help the masses understand these issues properly?

Understanding isn’t the issue for the masses. Protection is.

I’m a relatively sophisticated user of these systems, and blow me down if they don’t get cleverer at digging into me every day.

You must understand the nature of specialised meanings within cultural subsets, and the opportunity for linguistic arbitrage that creates to avoid confronting issues like this.

Oh cool. Another meta topic. Okay to post something about privacy?

A big part of the problem which the authors do not address is that the vast majority of Americans (and presumably others) just don’t give a damn about online privacy. Not only would they turn off those annoying warnings, they would go merrily on showing their private parts to strangers.

This is not a technical problem, it’s a problem of culture.


This topic was automatically closed after 5 days. New replies are no longer allowed.