Nude photos of various celebrities were leaked to all corners of the Internet a few short days ago. You already know that by now.
Thank you iCloud????
— Kirsten Dunst (@kirstendunst) September 1, 2014
As we wait impatiently for the rest of the gory technical details surrounding the compromise(s), many in the security echo chamber have been debating how we ended up here and whether the celebs themselves shoulder any of the accountability. While some people are tweeting about the world we want to live in, others are more interested in discussing the world we actually live in. Both are relevant and interesting, but too often the conversation devolves into people talking past one another, unaware they've started with two completely different premises. Briefly, here are the two main themes:
Let's break this down a little. Long term, as consumers, we should certainly demand that corporations do a better job. This is a challenging but worthy goal. Settings should be secure by default. UX should be intuitive. Security features should be put in place to mitigate simple attack vectors like brute force attacks. Many tabloid-worthy hacks -- from Paris Hilton to Sarah Palin to Scarlet Johansson -- would have been prevented by two-factor authentication (2FA), provided those accounts had the feature enabled. (Apparently, that wouldn't have helped this time though; remember how I said companies make mistakes?)
@matthew_d_green Might be worth Apple considering an "incognito camera" mode as well that doesn't upload private photos to cloud.
— Pwn All The Things (@pwnallthethings) September 1, 2014
Day-to-day, however, we shouldn't put the entire burden on others to protect us. Some accountability belongs to us. You wouldn't leave a pile of cash on the seat of your car, right? Let's be clear: nobody deserves to be victimized. But as a user, there are choices I can make in order to reduce my exposure. Here are a few.
The thing is, we already know that we assume the responsibility for our actions. That's why we give our teenagers practical advice rather than shielding them from reality and pretending they will always get the privacy they deserve.
Which advice would you give your kid? "Be careful what you put on the Internet" or "You deserve privacy, therefore you'll always have it"?
— Chris Eng (@chriseng) September 1, 2014
@chriseng assume your Mother and I will see everything.
— Alex Hutton (@alexhutton) September 1, 2014
— Andy Ellis (@csoandy) September 2, 2014
Let's not pretend we are just helpless victims. Let's acknowledge the realities of the world we live in and the technology we have today while simultaneously working to improve things where we can.