Skip to content

How much security is ‘enough’?

July 7, 2012

Another area from the recent conversation I had with my friend was how much security is enough?  Obviously, that begs the question – what are you trying to protect against?

Luckily for Privly, the answer is protect against casual eavesdropping, automated cataloging of information and ‘non-determined’ attackers.   What do I mean by this?  If someone has hacked into your wireless network (or you post via a typical coffee shop free internet connection) and can monitor your packets you should be protected.  Further, the posted data should be protected in such a way that web crawling indexers for search engines can’t glean any sensitive information.  Finally, if a company in competition with yours, or a jilted lover tries to break in to see what you’ve posted you should be OK.

So what doesn’t this include? – mostly three letter agency type attacks, or others with similar dramatic resources, and motivation to attack your encryption.  Chains break at the weakest link.  By the time you move from casual or even serious attacks, to adversaries with dramatic power (both computing and real world) it’s a different game entirely.  Surveillance of you (watching over your shoulder as you enter passwords), physically accessing your computing device and modifying it to report to them, physical or legal coercion on you or any of your recipients are all very possible attack approaches that could be taken – that Privly or any software cannot address.

Note that encrypting everything means that extra-ordinary measures would need to be taken to index your information even if it was gathered.  So if you are concerned that a government agency is monitoring all internet communications and recording them and storing them for later analysis, using something like Privly would mean that your data would show as encrypted, but further detail wouldn’t be available without more work.  As long as enough people encrypt enough content, and as long as there is no other reason for you to be ‘noticed’, your content itself won’t flag you anywhere.

Bottom line – there’s no point putting a $5,000 lock on a $20 door.



Comments are closed.

%d bloggers like this: