Yahoo breach exposes naked truth about online security

The umpteenth violation of our Internet privacy proves once again the dearth of common sense among us Web users

The hits just keep on coming. Yesterday's news that Brit spy mongers recorded the video chats of 1.8 million Yahoo users over six months left me numb, as if I had inhaled a frosty Slurpee full of Novocain. Yahoo claims no knowledge of the theft -- yeah, I said it, because that's what it is -- but that declaration is worthy of more than a little skepticism. And hey, look: This morning's news headlines show that British firm, Hold Security, stumbled across the biggest caper in cyber pillaging history: around 360 million accounts and up to 1.25 billion (with a "b") email addresses. I read it, but I can't get my head around it.

But more than this being yet another nail in the coffin of our privacy is the question of why do we keep enabling this crap? I don't mean legally. There are plenty of lawyers looking to tilt at the NSA windmill. I mean on a technical level -- or we could call it a plain, everyday, commonsense level.

[ It's your data, dummy: Make every day Data Privacy Day | For a humorous take on tech industry shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Sign up for InfoWorld TechBrief, your source for quick, smart views on the news you'll be talking about. ]

For example, according to all the newsies who carried the Yahoo story yesterday, among the stolen chat data was a lot of nudity. In case Pammy reads this, I'm no expert, but based on available evidence, it appears the nudity is an extension of the popular sexting trend, translated to video.

Shocked at the Yahoo affair? You and the endless string of celebrities who feign amazement when one of their naked phone photos or sex tapes wind up on the Web. If you put a raunchy romp on anything digital today, it'll eventually wind up on the Internet; that's a law of nature, like gravity or Windows flaws.

Lacking in Logic 101

Common sense here would dictate that if you're going to show your twigs and berries on a medium frequented by billions of users, maybe you want to at least try for security. For example, some webcams support SSL, and nothing is stopping you from doing a direct-to-cam connection rather than running through a chat service. Sure, it requires a little technical knowledge, though not much.

If that's your problem, I'd still point out that in this day and age everyone knows someone at the geek level, whether it's the 8-year-old next door or a pay-for-nerd from Geek Squad. Ask one of them to help out. If you're embarrassed, tell them you're setting up a nanny cam.

But we don't go that route. Yahoo, Skype -- they're easier. If you think the world's intelligence services only targeted Yahoo, please go outside and set yourself on fire. If Yahoo was cracked like a soft-boiled egg, you can bet that other video chat services have been compromised, too. And if 1.8 million vid chats were collected over six months, how many have been collected over the last year? Or two years? And by how many spy agencies, marketing companies, and Nigerian data pirates besides the GCHQ's James Bond wannabes?

Frankly, I doubt there's any way to stay completely secure using Web communication of any kind. Ars Technica caught Skype in a security lie over its text chat service just last year. For all its billions, you know WhatsApp and its ilk didn't invest in end-to-end encryption and undoubtedly have no intention of doing so. That might cut into the party budget or derail their moron plans for a six-state lawless geektopia. Your stuff is floating around out there, basically in clear text.

1 2 Page 1
Page 1 of 2