For whatever reason, I had an odd thought today while listening to a recent No Agenda Show. I don’t remember the exact statement, but Adam (website | twitter) and John (website | twitter) were discussing the potential bogativity of Snowden and the whole NSA Spying Scandal.
For years security experts such as Steve Gibson (website | twitter) have been prodding us to secure ourselves on-line. Use https wherever we can, don’t click on links in e-mails, don’t open attachments we didn’t ask for. Don’t give out passwords on the phone, or send them via e-mail.
The internet has also gotten a whole lot scarier too, with new attacks such as crypto locker, plus an increase in scams being done in, going by the press reports, places like the Philippines, China and Russia.
So what if the NSA / Government has decided to pull some reverse psychology on the public? After years of reportedly warning people, with little results, maybe the powers that be thought business and citizens simply weren’t getting mad enough to take action. Thus comes the crazy plan: let’s take things to the next level and convince everyone the US Government is spying on its own citizens.
Sure, I agree, perhaps it is far fetched. But it sure has produced results. Companies like Google are ramping up their security. For example, they are now encrypting the communications that flow between its data centers. Other web providers are following suit.
Private citizens have taken their rage and learned how to use more secure communications. I’m seeing an upshift in the use of e-mail encryption tools like PGP/GPG. I personally now use a great VPN service called proXPN to secure my communications so that local snoopers in coffee shops and hotels can’t see my communications.
Many companies are now implementing https by default on their sites. If you aren’t familiar with it, a site that has just http in your browser’s address by doesn’t encrypt their communications between you and the site. This means that the guy at the table next to you in the coffee shop could be spying on what you are doing between your PC / tablet / phone (using wi-fi) and the website.
Now, for some sites like say this blog for example, that is perfectly fine. There is no need to secure it because there’s no sensitive information between this site and your browser.
For many sites though, you do want to protect your connection. When website encrypts the communication between your browser and their site, you will see https in browser address bar. Any site that needs a password, should have its communications encrypted. While your bank comes to mind, other sites like Twitter and Facebook should (and are) moving to https being used everywhere. But I’m diverging.
I’m not sure I totally believe the concept my brain came up with, namely that the NSA is using reverse psychology to trick us into protecting ourselves better. However their actions have had that very effect. Further, it is not any more of a wild theory then the story that a low level contractor was able to remove a multitude of classified documents from a secure government site, one run by an agency with Security as its middle name.