Sunday, October 20, 2019

NCS Month 2019 #3: Perpetual Connectivity

Welcome to week three of National Cyber Security Month. Week 1 covered passwords, Week 2 covered responsible program alternatives. This week, we're going over a few of the problems arising from our culture of perpetual connectivity.


EDIT: A lot of the information on this entry comes from out-of-data knowledge. Sorry. Take what you read here with a grain of salt. I am not a security expert, but I do my best. For Week 3 of 2020's NCS Month post, I'll be correcting the mistake, straight from the mouth of someone who is more of an expert than I am. When it's live, you can find it here.

In the meantime, let it be a lesson: don't take somebody at their word alone. Do your own homework.


We're always connected to the internet, these days. You go to work, internet. You go home, internet. You go on vacation, internet. You go to your favorite coffee shop, internet.

Except what you don't always realize is the networks you're connecting to aren't inherently trustworthy. I like to think that most people these days who live with a computer in their home and a smartphone in their pocket know how to identify a secure website. You make sure it's HTTPS, you make sure there's the green padlock in the corner, maybe you even scroll to the bottom of the page and look for the Verisign logo.

Except that doesn't cover everything. All that really means is that the website itself isn't leaking your data, but what you haven't accounted for is what happens to your data between leaving your device and arriving at the destination website.

There exists a tool that makes it so you shouldn't have to worry about how the signal gets where it's going, and that's called a VPN tunnel. I'll go over that in a second. First though, you need to know a few things:

Your data can be compromised simply from using a strange charging cable or wifi network.

The deal with smartphone charging cables (does not apply to charging pads, as far as I'm aware) is that they can transfer data as well as power. They're designed to do that. So if you use a charging station at an airport or other public venue, either carry a little dongle that specifically blocks the wires used for data transference (something like this, and no, it's not an Amazon affiliate link) or carry your own power (I recommend Anker powerbanks; you can find cheaper ones, but it's largely you get what you pay for). While most smartphones have an option to disable data access through the power cable, it would not surprise me to find out someone had found a work-around.

As for the wifi network, anybody who is in control of the network itself can snoop on all data, encrypted and unencrypted, passing over their network. Encrypted data is, of course, encrypted, but depending on the encryption level, the ease of cracking the code can vary.

And that's what a VPN tunnel does. It does end-to-middle encryption (not terribly dissimilar from what an app like Signal does), except instead of depositing your data directly to the receiver, it releases the data wherever they have a server presence. Many VPN services have multiple server presences, spread out across multiple geographic locations, which can sometimes be handy for getting around location or country restrictions (though some of the services that do the sort of test to find out where you are coming from also tests to see if you're using a VPN).

However, be aware that not all VPN tunnel service providers are created equal. Key things you want to look for when shopping around include
  • don't go for a free option (they're making money somehow, and if it's not off membership fees, you have to wonder what else they're selling...)
  • look for something that doesn't store or monitor your data
  • look for a company that has been subpoenaed for data and did not release any
  • multiple servers worldwide, at least 2 in the US and at least 1 in another country
  • accepts alternative payment options, including cryptocurrency or gift cards
The companies that meet all of these criteria are those that are familiar with sheltering people who need the highest level of security for their data transmissions, so you can be assured that your low to moderate need for security will be handled with the same degree of care.