Government official gives practical security advice - shock horror

When I heard that Andy Smith’s eminently sensible comments at the Parliament and the Internet conference yesterday had gone viral I feared he had suffered a Ratner moment. I have just taken a look at the comments responding to the BBC news cover of the story and how they hjave been rated by those reading them: a massive vote of confidence in Andy. I had long known that the strange age profiles on many social networking and e-commerce sites were commonly because of false ages but had not previously appreciated how many users simply give April 1st as their birthday.

Last January, when I blogged on the great LinkedIn leak, I commended the East European approach to Internet Security: “never tell the truth on-line unless there is a good reason to do so” – sooner or later what you have posted on-line will be collated and used against you.  The big differnce between them and us is that they fear a new Stasi. We fear organised crime impersonating us and stealing our savings or destroying our credit ratings and leaving us stranded with our cards blocked. Our children have more fear of on-line bullies or the copyright police.

I have also described why it is that new neterati discover before puberty that they need at least three on-line IDs: one their parents and teachers can read, one for their friends and one for their best friends. Around puberty they discover the need to be able to trash any or all of them: when they fall prey to bullies or their best friends become their worst enemies. Shortly after Facebook introduced its timeline I listened to a group of under-graduates discussing whether it was easier to trash their Facebook profiles and start again, or to work out how to use the new privacy routines, with the risk they might have missed something.

This morning I was received yet another e-mail covering the latest nonsenses in the ongoing saga of expensive displacement activity that passes for Government (US, EU, HMG etc.) electronic ID policy. This evening I have just received the draft minutes of a meeting on Monday on how to enhance trust in the on-line world. First we have to consider the meaning of trust, how it is earned and how it can be restored once lost. The comments in reply to the BBC news cover for yesterday’s comments reveal just how comprehensively it has been lost.

Hence the importance of going back to basics – for example using the opportunity of the transition to IPV6 to clean up Internet addressing routines (splitting as far as possible between those which are verifiable and those which are intended to genuinely anonymous). Hence my comments on the importance of the current Nominet  consultation.   

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.