Warning: Expect No Privacy In The Cloud

Warning: Expect No Privacy In The Cloud

Wesley MurchisonWednesday,10 September 2014

The Snap:

A cache of naked pictures was stolen from the smartphones of female celebrities, most notably Jennifer Lawrence and Kate Upon. The details of the hack are up for debate as hard evidence is still lacking and mostly being inferred by the contents of the heist itself. Through analysis it looks like the photos all came from their owners’ iCloud accounts, which led many to speculate a system-wide security breach. Apple was relatively quick to respond, claiming that “after more than 40 hours of investigation,” they had concluded that the targets were the individual accounts and not iCloud as a whole. However, many tech websites discovered a vulnerability to brute force, a generic hacking technique that equates with busting down a door. Apple has since corrected the vulnerability but not before a sparking an online debate over privacy in this Internet era of the cloud.

The Download:

The dimensions of debate around celebgate is variegated. It ranges from gender politics to who-done-it cybersecurity politics. Initial reactions elicited prudish and unsolicited advice to the victims: if you don’t want naked pictures online don’t take naked pictures of yourself. (Who’d of thought that today’s most attractive celebs might have vibrant sex lives?) Nick Bilton of The New York Times tweeted: “Put together a list of tips for celebs after latest leaks: 1. Don’t take nude selfies 2. Don’t take nude selfies 3. Don’t take nude selfies.” The backlash was quick and cogent. For those who aren’t past their prime know that in the heat of the moment or the thralls of a new relationship anything goes. But the idea that our sex lives would enter onto the digital plane shouldn’t surprise anyone. Instead, our outrage should be reserved for the technology companies that have pushed use to share more of our lives without a thought to those moments that might require absolute privacy and extra security.

Google’s Photos app for Android phones is tied right into Google Plus. In the case of Celebgate, I wonder how many of the victims realized that their photos were included in automatic backup. And over at The Unofficial Apply Weblog, Michael Rose exposed the lack of privacy protection from Apple’s two-factor authentication:

“After installing the iCloud Control Panel for Windows (as seen above), I logged in with my iCloud credentials and checked off the options to synchronize bookmarks and photos with my new, never-before-seen PC. Within a few minutes, my photo stream photos downloaded neatly into the appropriate folders and my bookmarks showed up in my Windows-side browser, and nary a 2FA alert to be seen. I turned to my iCloud email account to wait for the obligatory ‘Your account was accessed from a new computer’ courtesy alert… which never arrived.”

What’s the point of a second layer of security if the second factor authentication doesn’t activate on a new computer? If the big technology companies want users to put more of their lives in the cloud, they need to do a better job of convincing us it is safe. While comedian Ricky Gervais was decried for making a similar point as Nick Bilton’s when he tweeted: “Celebrities, make it harder for hackers to get nude pics of you from your computer by not putting nude pics of yourself on your computer.” Better advice would be to not put your nude pics in the cloud. The problem is that a lot of smartphones are set to upload online by default. If these default settings aren’t going to be removed, then the least developers can do is include a privacy mode for our phones and our phone’s camera app like all major Internet browsers. In such a privacy mode, pictures taken will be encrypted if uploaded or not uploaded at all.

Take Action!

Hat Tips:

Slate, TUAW, Image Credit: Cage Skidmore on Flickr

Subscribe to get updates delivered to your inbox