security | Paul Wallbank - Communications Professional

Spotting a security charlatan

The tell tale signs of technology and web falsehoods

Google’s Open Source Programs Manager, Chris DiBona recently pointed out how IT security industry charlatans keep making false claims to push the sales of their software products and consulting services.

“If you read an analyst report about ‘viruses’ infecting ios, android or rim,” says Chris, “you now know that analyst firm is not honest and is staffed with charlatans. There is probably an exception, but extraordinary claims need extraordinary evidence.”

Sadly, the computer press tends to accept these extraordinary claims at face value and allows the charlatans to repeat their snake oil pitches without subjecting them to critical analysis.

Fortunately for those who care about the security of their home and business IT systems, there are ways to spot the charlatans and their dodgy wares.

The Big Target theory

When you read a claim that the Windows malware epidemic of the early 2000s was due to Microsoft being a big target as opposed to the tiny market shares of Apple and Linux, you can be sure they are the words of someone who is at best clueless selling a dubious product.

This theory is nonsense, as I’ve explained previously, and anyone who genuinely believes this has no experience in dealing with the poorly secured operating systems that were Window98, Me and the early versions of XP.

If you are confronted by somebody making this claim ask them why, now smartphones are outselling desktop computers, where is the widespread malware promised for mobile systems? It doesn’t exist for exactly the reasons Chris gives in his Google+ post.

Real Soon Now

The other key indicator is the “real soon now” claims – that a virus is about to burst onto the scene that will rub the smile off the face of smug Mac and Linux users.

Invariably the hysterical headlines are backed up with claims, almost always taken from a vendor’s press release, that a security company’s researchers have identified a threat that is about exploit wilfully clueless users.

Daring Fireball’s John Gruber has done an excellent job of dismantling this rubbish in his classic post “Wolf”.

His post was provoked by the ‘news’ that a wave of Apple malware was on its way. That was six months ago and we’re waiting. John tracked similar stories back to 2004, none of which came to fruition.

The modern snake oil men have an advantage in that tech journalists are desperate for page views and in many media organisations they no longer have the resources to critically analyse PR claims.

Sadly there are real security issues that home and business users need to be aware of. Of course, much of the solution for this doesn’t sell dubious antivirus or expensive consulting services.

In some respects, the proliferation of these stories is a reflection of the decline of the mainstream media business model.

As more ‘news’ stories become lightly rewritten PR spin, the less readers take those outlets seriously and once trusted journals of record become little better than online gossip rags.

Important issues, like information security, deserve more than repeating the lies of those who profit from fear, uncertainty and doubt.

Avoiding industrial nightmares

How we can harden our computer networks from hacking attacks

The Iranian nuclear program is crippled by a virus that infects their control systems while a hacker claims a Texas waterworks can be accessed with a three word password.

Any technology can be vulnerable to the bad guys – obscure systems like office CCTV networks and home automation services can be as vulnerable as the big, high profile infrastructure targets.

While there’s good reasons to connect our systems to the web, we need to ensure our networks are secure and there’s a range of things we can do to protect ourselves.

Does this need to be connected?

Not everything needs a Internet or network connection, if there’s no reason for a device or network to be connected then simply don’t plug it in.

Keep in mind though that threats don’t just come through the web, both the Iranian malware attack and the Wikileaks data breach weren’t due to hackers or Internet attacks.

Get a firewall

No server or industrial system should be connected directly to the public Internet, an additional layer of security will protect systems from unwanted visitors.

All Internet traffic should go through a firewall that is configured to only allow certain traffic through, if the router or firewall can be configured to support a Virtual Private Network (VPN), then that’s an added layer of security.

Disable unnecessary features

The less things you have running, the fewer opportunities there are for clever or determined hackers to find weaknesses.

Shut down unnecessary services running on systems – Windows servers are notorious for running superfluous features – and close Internet ports that aren’t required for normal running of your network.

Patch your systems

Computer systems are constantly being updated as new security problems and flaws are found.

Unpatched computers are a gift to malicious hackers and all systems should be current with the latest security and feature updates.

This is a lesson the Iranians learned with the Stuxnet worm that was almost certainly introduced through an unpatched system – probably one running an early version of Windows XP or even 98 – which was vulnerable to known security problems.

Have strong passwords

Passwords are a key part of a security policy, they have to be strong and robust while being different to those you use for social media and cloud computing services.

It’s also important not to share passwords and restrict key log in details and administrator privileges to those who require them for their work.

With online services like social media, cloud computing and other web tools becoming a part of business and home life, we have to take the security of our systems seriously. Hardening them against threats is a good place to start.

Password protection

Our passwords are valuable, how should we protect them?

The suspension of eighty students from a suburban Sydney high school once again illustrates how careless we often are with passwords and the access to our computers. In an era of Internet banking, online shopping and social media sites holding our personal details, we have to take web security seriously.

In many ways the teacher who let their password slip to their students was lucky. In the United States, authorities haven’t always been so forgiving these sort of mistakes, and in this case the kids and the system administrators were a lot more adult and responsible than their Connecticut counterparts.

What the incident does show is how the weakest points of our technology networks are ourselves – the most secure systems, toughest passwords and best anti-virus protection won’t help us if we don’t take care.

We looked at protecting organisations in an earlier post, Protecting your data, and here’s some steps on how to take care with your personal details.

Shut down computers

When you’re finished working, make sure you log out of email programs, secure sites, social media services and shut your computer down.

In an office context, this is very important if you’re going away for a meeting or a break as people have been known to use co-workers computers to access prohibited sites or sensitive information.

Should you be using Internet cafes, hotel business centres or airport lounges you should be doubly careful to make sure you’ve logged off completely before walking away from the shared computer.

Hide your passwords

As the teacher at Prairiewood High found, your password is gold. Do not divulge it under any circumstances.

Often doing so is almost certainly a breach of your organisation’s Acceptable Use Policy and sometimes this can mean disciplinary action or dismissal from a job. With your online banking, disclosing your password or PIN can mean you won’t be compensated if money is stolen from your account.

Even a seemingly trivial social media site can cause trouble for you if crooks can get onto it.

Having a complex password is good and we look at a neat little trick for memorable but tough passwords in our Protecting Your Data post, it’s worthwhile making sure your logins are both easy to remember while being secure.

Understand your AUP

An AUP, or Acceptable Usage Policy, is part of the conditions of you using a computer or online service. Many government and corporate networks have a box pop up forcing you to agree every time you login. Take time to occasionally read this.

Should you accidentally give away your password, say to a site that’s fooled you that it’s your bank or a social media site, the AUP will usually have a clause or a sentence on what to do in that situation. Understanding this will give you piece of mind if something does happen.

We’re now in an age where our personal information is more valuable than ever before and we need to guard what who has access to it. Passwords are going to be part of protecting our data for some time to come so understanding how to use them properly is essential.

The Lulz are on us

What can we learn from the recent wave of security hacks?

Last weekend’s announcement that the LulzSec group of jolly hackers was breaking up was met with bemusement at what has been one of the most mysterious, albeit entertaining, chapters in the information wars of 2011.

It’s quite clear that 2011 is the Year of the Hack with organisations ranging from electronics company Sony who now appear to be the joke of the online security world through to major banks, the FBI and even Google’s Gmail service being the subject of serious online attacks.

That many of these attacks were successful is a reminder to all of us how important online security is and it is our responsibility to protect our customers’ and staff details by taking basic precautions.

Take security seriously

Many of the business hacks appear to have been because of slack security practices including out of date software and default passwords being used.

Even if you don’t have a server yourself, make sure your computers have all current updates installed and that strong passwords are in place.

Password Security

A basic precaution is to have robust passwords. A combination of letters and numbers is the best.

One nice little tactic is to use a phrase as a password and separate the letters with a character, for instance using “mary$has$a$little$lamb”, although you might want to choose a more intimate phrase.

Keep in mind too that strong passwords aren’t much help if an incompetent corporation leaks them onto the web, along with your banking details. So use a layered approach where critical passwords for bank accounts are different to those that you might use for an online game or social media site.

Restrict access

The real risk to our security lies with our own staff, many “hacks” are actually employees erasing or give away data, which could be deliberate or accidental.

Don’t give passwords or access to people who don’t need them, keep the business accounts away from your sales staff and lock employment records away from the IT folk. Private client information shouldn’t be shared around the office and particularly not with outside parties.

Backup, backup, backup

The DistributeIT debacle, which one is hesitant to describe as a “hack” as their complete loss of hardware, client data and backups sounds more like an internal problem than an outside attack, shows how important it is to keep your own backups.

As we move our businesses to online and cloud based services, we have to put a lot of trust into those who provide those products. It’s good insurance to have easily available copies of mission critical data in case a problem.

Invest in technology

We’ve all heard CEOs and ministers claim they will save millions in outsourcing their IT departments. Those savings come from somewhere and information security is one of those corners that’s cut when reducing operating costs.

Experienced tech workers have plenty of examples where management cries of “we’ve been hacked” have actually been hardware failures or staff mistakes bought on by poorly trained staff working with inadequate equipment.

Sony appear to have fallen for this, having reportedly sacked many of their security specialists before the hacks began.

Make sure you are making sensible investments in your technology and not going for the cheapest, or free, option simply to save a few pennies.

Obey standards

Nothing is more embarrassing than losing clients’ confidential data, particularly banking details.

If you are taking customer payments, make sure you are complying with the DSS-PCI standards for card payments by giving the work to a reputable payment gateway.

Have a contingency plan

“There but for the grace of God….” is a good phrase to keep in mind when you see another business affected by a hacker, hardware failure or any of the millions of other unfortunate things that could stop your business.

Even with the best planning in the world sometimes dumb luck just doesn’t go your way. You need to have a fall back plan to keep your business running if the unexpected happens.

Be honest

One thing that jumps out in a number of the stories is how some organisations are simply not honest with their customers.

The process starts with misrepresenting how they secure and protect customer data. When an outage hits, they hide behind a call centre and often lie, or at least understate, the effects of the problem.

In an age of social media, blogs and user forums trying to spin your way out of trouble is not the answer. If customers are going to trust you, they need to have confidence you won’t mislead them.

As consumers, the various data breaches we’ve seen so far this year should make us pause before we give valuable personal data to businesses. It’s quite clear that some don’t deserve our trust.

For businesses we need to show that we are worthy of our customers’ trust. The first step of that process is taking their privacy seriously.

LulzSec, anonymous and all the other various hackers, anarchists and general troublemakers on the web are reminding us that we need to take our online responsibilities as seriously as any other others.

Make sure you’re protecting your own business and your customers’ data.

How safe is your net connection?

It pays to be careful on the web when travelling.

Reports last week that foreign “hackers” had intercepted emails between Australian government officials and miners raised the issue of email security, just how private are our online messages?

When the media uses the word “hacking” it’s always worth taking a step back and finding out the facts. Often a security breach is the result of a simple setup mistake or the information and passwords have walked out the building with a disaffected, lovestruck or just plain dumb employee.

That’s not to say hackers aren’t a risk organisations should to be conscious of, it’s just that often the security risks are more mundane than we would expect. A good example is the simple matter of logging onto a wireless or hotel network.

We assume when we log into our networks that the data is secure though often the user names and passwords are exchanged in “clear text”, which anyone with access to the network can view your passwords with the use of a “packet sniffer” that reads each bundle of information sent across the internet.

Poor security isn’t just a feature of unprepared computer users, every year the world’s leading hackers and security experts gather at that Las Vegas DEFCON conference which since 2001 has featured the Wall of Sheep, an embarrassing display of user information captured off the convention’s network.

This is a surprisingly common security problem made more frequent with the rise of unencrypted wireless networks which can be sniffed by anyone who can be bothered logging on, this is a common problem when you’re connecting onto free wireless networks at the local coffee shop or fast food restaurant.

The answer to all of this is to use Secure Socket Layer encryption, which creates a secure link between your computer, mobile phone or iPad and the servers. For email use, your system administrator can set this up or if you use the popular web mail services it’s a matter of ticking the box.

A similar service works when you’re browsing the web, on visiting a secure site the address should start with https instead of the usual http, the “s” on the former stands for “secure”. A padlock symbol will also appear – in the bottom left hand corner of Firefox or beside the site address at the top of both Chrome and later versions of Internet Explorer.

Before logging onto any secure service, including social media platforms, both the https address and the padlock symbol should appear before you enter passwords or sensitive information like credit card or banking details.

Sadly, the secure websites are not always foolproof as sometimes the site will use a secure connection for your password details then once you’ve logged in, return to an unsecured version. This is how the Filesheep program that was released last year works by sniffing cookies and other stored information from unsecured websites.

It’s surprising how many tourists and backpackers get caught out while doing online banking, checking their email or using social media while on the road.

Without logging into a network securely, then logging out when finished and making sure their details haven’t been saved, it’s quite common to see travellers getting their details stolen.

Assuming you’re safe because the network belongs to a high priced hotel or resort doesn’t always work either; a few years ago passengers on a major cruise liner had their bank accounts compromised when one of the crew was stealing data passing through the ship’s Internet cafe.

You don’t need to be a mining executive in China or Julian Assange to fall prey to the Internet snoops, whole industries and criminal organisations are built around using your data so it’s a good idea to be making sure your information is secure while taking a little bit of caution and using some judgement before logging onto a network.

Email turmoil

What the Epsilon email breach means to you.

The massive email breach at Epsilon, the World’s biggest email marketing services company, has rightly caused headlines as it appears customer addresses from many of the world’s largest brands has been leaked to spammers and crooks.

Epsilon looks after the email services of major brands, including Tivo, Marks & Spencer, McKinsey and Dell Australia so the breach has exposed many people’s email addresses.

What does this mean?

The breach has not exposed passwords or credit card details, so there’s no direct threat from the breach.

However, having your name, email address and a company you’ve dealt with means a phishing attack, where a crook poses as a business you’ve dealt with and tries to get your passwords, will be more effective.

Normally these messages are a give away as they aren’t addressed personally to you and are often from organisations, usually foreign banks, you’ve never dealt with.

However a scammer who knows the organisation along with your name and email address can now launch a pretty convincing fake email campaign directing you to a site pretending to be say a competition or a security warning that asks you for your password.

Given many people use the same passwords for all the secure sites they visit, there’s a reasonable chance the bad guys will get a large number of live accounts and be able to access victims’ bank accounts, email services and social media sites.

What should you do?

The first thing is to be careful, don’t respond to any suspicious emails and if you are uncertain call the organisation’s support line from a number although do not use any numbers or other contact details shown on the suspicious email.

If you are concerned you have fallen for a trick, then change all your passwords immediately, we’d also suggest following the instructions on the IT Queries website and having a layered approach to security where sites which don’t matter have simple passwords.

We can also expect a wave of fake email and social media messages as peoples’ personal pages and accounts are hijacked and the scammers try posing as other people.

Backing up your online calendars and contacts

It’s important to have a backup of your web data

Online mail services like Hotmail, Gmail and Yahoo! Mail are great for the small business owner and anyone who is often on the road. Having a central website containing all your emails, contacts and appointments makes life a lot easier when you don’t spend your time sitting in an office.

There is a downside though, if your account get hijacked or inadvertently closed down then all of those contacts, appointments and emails may be lost. So it’s a good idea to have some backup in case disaster happens.

Hotmail

The best solution for Hotmail users is to use the synchronisation tools included in Windows Live Mail. Download Windows Live Mail from the Microsoft website, install the program then Sign In to your Hotmail Account using the button in the top right hand corner of the screen then click the Sync menu and select everything. This will save a copy of all your Hotmail details onto your computer.

Yahoo! Mail

If you’re a Yahoo! user, you can backup your contacts by clicking on the Tools button that appears in the top centre of the contact screen above your contact list and select either export or synch. Synch will synchronise your data with devices like iPhones and computers although this varies on what equipment you use, while export will save a file to your computer which you can then import into whichever program you use. If in doubt choose the Comma Separated Value (.CSV) option as most programs can read that.

For your Yahoo! calendar, click Options on the right hand side of the screen and select Synch, the following page will take you through the steps of synchronising your calendar with various programs. That page will also explain how you can subscribe to a calendar from a different account which will then let you save.

Gmail

In Gmail you can export your contacts by opening the Contacts page, clicking on the More Actions button on the centre top of the screen then selecting Export. You’ll then get options for Google, Microsoft and Apple contact lists. If stuck, choose the Google option.

For Gmail calendars, at the bottom of My Calendars on the left hand side of the page click Settings. Under the Calendars setting tab, click the Export button which should appear under your list of calendars. This will then download a backup of your calendars.

A nifty tool for Gmail users is Backupify, a free service if your data weighs in at less than 2Gb, this can automate backing up your Google and Facebook settings.

Mobile phone applications

If you have a mobile phone, you’ll find the software that came with it may have a function to synchronise your emails, contacts and calendar. It’s a good idea to set this up if you have the opportunity.

Data is the most important thing on your computer and things do go wrong with technology so it’s essential you back it up on a regular basis.

Alternatives to Internet Explorer

There’s a number of different web browsers to Microsoft’s built in program

This week’s announcement of a serious security flaw in Internet Explorer should be a warning to anybody using Microsoft’s web browser that they should move to an alternative program.

Internet Explorer, the web browser built into Windows, is particularly prone to security problems mainly because of the way Microsoft have integrated it into their operating system.

So it has always been a good idea to use one of Internet Explorer’s competitors to avoid various security issues. Luckily there are plenty of options which are not only more secure but faster, more flexible and reliable.

Mozilla Firefox

The most popular alternative browser is Mozilla Firefox. You can download a free a copy from the Mozilla website. One of Firefox’s big attractions is the vast range of add-in applications that make it a very useful tool.

Google Chrome

Google’s web browser is gaining acceptance across the market. It’s fast but it does do things a bit differently from the others with a vary spartan layout. You can get this free from Google’s website. Like Firefox it has a wide range of plug ins.

Opera

One of the longest established alternative browsers, Opera tends to be the cutting edge browser, while it’s not for everyone it’s fast, stable and is also a free download.

Apple Safari

If you use a Mac then the Safari browser is included with your system. Windows users can download a free version from Apple.

Of the four, Mozilla Firefox is the most popular with Google Chrome gaining acceptance.

All of these alternatives are perfectly good for general web browsing. It’s best to try each and use the one you find works best for you.

Unfortunately you can’t completely get rid of Internet Explorer. Not only is it a integral part of Windows, but some web sites won’t work properly on anything else.

Most notably for business users is the Outlook Web Access function, part of the Microsoft Exchange service, only works properly in Internet Explorer.

While we can’t ditch Internet Explorer, we can be sparing in its use. Consider the options and choose what works best for you.

Diversity is good in many fields. A variety of programs is good for your desktop.

Protecting yourself on Facebook

Some basic tips on guarding your online data

Social networks are great way of keeping in touch with friends, family and colleagues. With 500 million users, none is a more effective tool than Facebook.

Keeping in touch with friends and relatives though does have a downside, sometimes you might give away more than you intend to. When you share with friends on a social service, everyone in your network can see what you are doing.

To make things worse, many social media businesses will give away their customers’ private information to make a few dollars as the controversy over Facebook’s recent changes to their privacy settings and the company’s subsequent backdown shows .

Because this information is valuable, organisations are prepared to pay for it and the bad guys are eager to trick it out of you. Given the risks of identity theft, stalkers or all manner of Internet crazies finding you online, it’s important to guard this information.

Facebook don’t make it easy to protect yourself, but you can hide key information.

Take off personal data
The first, simple step to protecting yourself is to move as much data as possible off your profile – home address, phone number, relationships, sexual orientation, birth year – are a few things that simply don’t need to be online. Take off everything that could potentially cause problems, you may need to use some judgement on what you’re comfortable sharing with your online contacts.

Birthdays are a good example of where you should use that judgement. Facebook’s quite a good tool for reminding you of birthdays, but your birth date is also an important part of identity theft. If you do want to share a birthday, never put your birth year in – your relatives and friends have a good idea of how old you are – and you might want to consider putting the date a day or two earlier than the real day.

To change your Facebook profile information, click on the Profile link on the right hand side of your Facebook home page, you can edit all your details from there as shown below. Remember to click Save Changes after making each change and move between the different categories to ensure you’re only sharing what you’ve comfortable with.

Set your privacy
Facebook makes assumptions about what you want to share with your network of friends. This is not always in your interests and you should regularly review what your settings are as Facebook have a habit of changing how the privacy settings work.

To enter the privacy settings, click Account and Privacy Settings as shown below. Once you’re in the Privacy Settings, click on Custom option and Customise Settings. You can then set your details to only be accessible to you or your friends. The following example shows a recommended configuration which may be suitable for you.

Choose your friends
Many people treat Facebook and other social media services as a competition to gain as many friends, connections or followers as possible. This isn’t the point and on Facebook in particular it opens you up to a number of risks.

Once someone is your Facebook friend, they are privy to any information you choose to share and much of what your other friends post on your wall. The main risk is that new Internet is not quite as stable or honest as you thought. By accepting friend requests from people you don’t know you increase the risk of letting risky individuals into your life, your family and your group of friends.

Another danger lies in the Facebook places feature which allows your friends to check you into locations. A malicious “friend” or a practical joke could see you being advertised as having checked into a place you really don’t want to be associated with.

If you decide that is an acceptable risk, then revise the above recommendations on your profile information. If you are promiscuous in who you befriend online then be very careful about the information shared with them.

Be careful which applications can see you
Facebook applications are one of the reasons for it’s success. These applications – or mini-programs – allow you to play games, enter competitions and sign up with other services quickly.

The proposed change in January 2011 to the information Facebook gives out to application owners would have allowed a lot of your personal information to be shared with third party developers. As it is quite a few of these applications “scrape” information from the various services you subscribe to. A good example is with Twitter where private, non-public, messages can be seen by some of these services.

You should only allow applications to use your Facebook connection details if you absolutely trust them; right now, there are few services people can or should trust.

If you have been allowing Facebook to connect your subscriptions to other websites, then you may want to review who you’ve given trust to. To do this, click Account then select Privacy as shown above. In the Privacy page click Apps and Websites and the page shown below will appear. By clicking Edit Settings you can then delete applications or change what they are allowed to do on your profile.

Despite the risks of stalkers, identity theft and various privacy issues, Facebook is a valuable tool for millions of people who want to keep up to date with their friends, relatives and colleagues. By being sensible in choosing your online friends and what you share with them, it is a great website for keeping in touch with people you might otherwise lose track of.

Password safety

Taking a layered approach to online security is the best policy

Online news and gossip publisher Gawker Media was hacked last weekend with nearly 200,000 usernames and passwords released to the world.

The Wall Street Journal’s Digits Column tabulated the results and listed the top 50 passwords used by Gawker’s subscribers.

At first view, the reaction is to think what sort of idiot would use a password like 12345678 and would only confirm most IT and security professionals’ view that most computer users don’t protect their online details very well.

But on reflection, is using a weak password on a site like Gawker so bad? Most of the users listed have only created accounts to make a comment on one of Gawker’s websites, they aren’t using their Gawker account for anything vital and should their Gawker account be accessed the only thing the bad guys can do is post under the account name.

So if we assume that most of the 3,000 odd people that used the password 12345678 only do so for “disposable” accounts like the Gawker comments stream, then they probably haven’t risked anything at all.

In fact it makes sense to do so rather than to use a strong password which also happens to be your banking login or work account.

On my IT Queries site we suggest using a layered approach to passwords where services like Gawker, where it doesn’t really matter if the password is compromised, get a simple and easy password while sites where there are serious consequences like your online banking get strong and secure passwords.

We should always keep in mind that accidents do happen and that there are a lot of clever bad guys out there who are keen to exploit weaknesses when they see them. So security mistakes like Gawker’s will occur from time to time. The best we can do is to arrange our security so that when bad luck strikes us, the effects can be contained.

The real moral for all of us from the Gawker password hack is to take security seriously and not to use the same password on every site we visit.

What the Internet doesn’t know about us

Can the web know all about us? Should we care?

In October 2010 Newsweek’s Jessica Bennett asked the the team behind the Internet service Reputation Defender to find all they could about her.

The results were startling, within half an hour they had found her US social security number and a few more hours digging revealed her address, hometown as well as many other private details.

But ultimately the picture of Jessica’s life was wrong. The team made mistakes about her personal habits, sexual orientation and the time she spends online.

The fact the profile was incorrect shows how difficult it is for computers, or people, to understand an individual based on a series of data points.

Most of us understand that making a generalisation based on single data point – say race, gender, appearance or sexual orientation – is usually incorrect, but when we add more data points things become even more difficult.

Once we get more than one data point, we have to start weighting them. Would Jessica eating at McDonalds twice a week outweigh her exercising every morning in the eyes of an insurance company assessing her risk?

That problem could be called the Google effect where a formula, known as an algorithm, becomes so complex that it becomes bogged down under the weight of its own assumptions as we saw with Tony Russo’s gaming of the search engine’s ranking system.

All of us as are steadily revealing more about ourselves onto the web, whether we know it or not. Every time we like something on Facebook, subscribe to a newsletter or make a comment on a blog post, we are giving a little something about us away on the publicly accessible Internet.

Over time, anyone can build a picture of us. However it may turn out that nobody will want to know about the detailed, complex and multi dimensional portrait each of our lives would be.

As information about all of us becomes more available, we may enter a modern version of the Mutually Assured Destruction doctrine of the Cold War as each of us find that everyone around us has enough information to bring our careers, relationships and status crashing down.

But equally we hold equally damaging data about all our peers as well and to bring anybody down based on this information we have would be to invite the wrath of many others who know about our intimate details.

We may even find that because all of us, being human, have some damaging traits and history that employers, insurers and governments only care when you start hiding them. Today we see this with security vetting procedures which are more concerned about what we hide rather than the specifics of our foibles and indiscretions.

The assumption of those security agencies is that a self admitted gambler, alcoholic or philanderer is a manageable risk while those hiding such secrets from their families and employers are the genuine threat to an organisation.

So we come back to a society where a tacit agreement exists between us all that this dangerous power is only used when someone has acted illegally or hypocritically.

Perhaps that is the future we are heading for, where the Internet knows all but we simply choose not to access it. Which assumes it’s all correct anyway.