Wake up: The celebrity nudes hack is everyone's problem

Wake up: The celebrity nudes hack is everyone's problem

Summary: OPINION. The celebrity nudes 'hacking' scandal is a wake up call about security and human nature.

SHARE:
TOPICS: Security
96

The celebrity nudes hacking scandal is a good reminder that a "just say no" approach isn't going to stop anyone from sexting anytime soon.

This issue isn't a story about "right" or "wrong" ways of thinking about privacy -- it's a wake-up call about security and sexuality.

However, this could have been a story about any app, or any of a zillion privacy breaches in the past couple of years.

This issue isn't a story about "right" or "wrong" ways of thinking about privacy -- it's a wake-up call about security and sexuality. ... The amount of private data theft going on right now is insane.

The amount of private data theft going on right now is insane.

Until the online revolution, our private spaces were our bedrooms and bathrooms, our homes, sex clubs, our phone calls and our inner fantasy worlds.

Now, our private spaces for adult playtime include texts, emails and direct messages to trusted friends or family members, and especially photos. But that's only true if we really trust the person we share them with.

The problem we face now is that not everyone understands or agrees what constitutes a private space online. Online, private spaces include our email inboxes, chat rooms, IRC, social media profiles and their not-public messaging systems (Twitter DMs, Facebook chat), dating websites, message boards. Private space now includes all the places that our personal information resides.

It’s not just celebrities who've had to deal with a disaster after racy photos of them went public. In one instance, a Christian schoolteacher lost her job in 2013 after nude selfies of her were stolen off her phone, and linked with her name.

On CNET

The guide to password security (and why you should care)

The guide to password security (and why you should care)

Find out how your password security can be compromised, and how to create and manage secure passwords.

In the same year, a female firefighter in Manchester (UK) lost her job for posing in lingerie for a shutterbug friend – even though her male firefighter co-workers had posed for racy firemen calendars.

This stuff happens to guys and people of all genders, too – but not as much as it happens to women. It happens to us a lot, because our gender makes us a target. Being "online while female" isn’t fair, but it’s a fact.

People do evil things. Websites and apps get maliciously hacked. Creeps steal our purses and keep our ID cards. What could happen to men is bad, but it carries a far smaller risk of pervasive, disruptive or violent targeting than it does for women.

The sad fact is that women have more reasons to be concerned about online privacy than men do, because women are at greater risk for physical violence, and women are directly targeted more often.

This scandal has been a green light for prudes and people who like to shame women for expressing and exploring our sexuality on our own terms. Of course, they're saying we shouldn’t take nude selfies at all if we don't "want" this to happen to us, as if taking a photo of ourselves naked is some twisted way of asking to be punished for it.

In the celebrity nudes aftermath this week I've seen tweets -- even from security professionals -- saying things like, "she shouldn't have spread her legs for an iPhone."

What BS. As if we deserve to lose our jobs, our friends, custody of our kids, our personal safety, our emotional well-being, or our mental health because we did what lots of people do voluntarily on Twitter every week (or what a million creepy dudes do on Tinder every day with their own "dick pics"). That’s stupid and just plain wrong.

When someone takes our personal photos and posts them online, it's not a joke.

It is a violation. It drives some women -- especially young women -- to suicide.

Suggesting that the violation of our consent is our fault is harassment.

Violating a woman's consent by publicizing intimate photos of her damages her professional (or school) life, increases her vulnerability to sexual violence, causes emotional harm, ruin her reputation, and it sends the message that targeted individuals are inferior, sexual objects.

These acts communicate to the world that it's okay to devalue us, and invites others to participate in harassing, humiliating and hurting us.

Make the Internet wear a condom

This whole thing is a wake up call for each and every one of us who have trusted our most intimate aspects of privacy into the hands of companies like Apple, Google and Yahoo -- companies that take our consent away with their Terms when we sign up.

Humans are going to do things like take compromising photos no matter how much they're shamed not to, so why can't we collectively admit this and demand better security from companies like Apple?

We all know that Steve Jobs hated porn so very much that he banned anything erotic from Apple's app store forever and ever, so does that mean they'll care any more or less about taking steps to specifically protect intimate photos ripped from a woman who's not a celebrity?

Or will Apple just quietly fix another security problem, and pretend like a lot of women weren't just completely violated because Apple might've made security an afterthought on a couple of their products?

The real answer is to do something conservative sex hysterics can't face, which is admitting that people are going to do this, and giving them information about safer ways to do it so that they can mitigate any damage if they get hacked (and their consent gets taken away).

Here are ten steps in the right direction:

1. A popular app or megacorporation isn't necessarily safe. On Snapchat, anyone can actually save your "disappearing" photos. Don't trust your sensitive pics to any apps; most are made poorly and leak your privacy like there’s no tomorrow. Even apps from the biggest companies or from the most trusted app stores should be considered suspect.

2. Put your phone on lockdown. Activate the password lock on your phone, laptop and tablet. Never sign in on someone else’s phone, computer or tablet -- your login information can be recorded if they've been hacked.

3. Delete it for real. Don’t just throw your old phone, tablet or computer in the trash. In 2014, a Sprint worker was caught sending around nude photos off of a customer’s phone, and it was one she turned in as a trade-in when getting a new phone. Before you dispose of a computer, get rid of all the personal information it stores. Use a wipe utility program to overwrite the entire hard drive. You’ll look in the Settings menu for terms such as "erase all content and settings," "backup and reset" or "factory reset."

4. Don’t open files, click on links, or download programs sent by strangers: this is the most common way malicious hackers get "into" your phone or computer and steal your photos. Getting you to click on fake links, or visit a realistic copy of a website, is one way criminals transmit viruses to your computer or phone. Once you do the action of clicking, it can actually trigger an invisible function where a virus is put on your computer that steals your passwords. 

5. What if instead the link is in a text message? It’s a text; how can a text hurt your phone? Texts open a link up in your mobile browser, which can cause just as much harm with password-stealing malware as in your computer’s browser. Mobile browsers are subject to the same sorts of bugs, and it’s possible to spoof a mobile website as well.

6. Beware of using public Wi-Fi. If you snap that panty shot in the nightclub's bathroom and send it over the Wi-Fi, you're allowing the photo to travel through a connection that could have a malicious hacker scooping up anything people are sending.

7. Don’t link major accounts. Some apps want you to put your Facebook, Twitter, Flickr, Instagram, and other accounts into one account through their app. So if someone hacked into that, they’d have access to what's in all those accounts. And think twice before linking important stuff like Google with Apple.

8. Tape over your webcam. We women are worth more on the black market for seedy things like hacked webcam access, which is way more common than you think.

9. Keep your sex life separate: If you, or anyone you engage in adult activities with takes intimate photos of you, use a "burner" phone. Tie it to an email address that is in no way connected with your everyday life. Keep sensitive files stored offline.

10. Don't send intimate images at work or school. Your workplace or school is monitoring your internet use and emails on its Wi-Fi network, and it’s legal – so don’t do anything private, or sensitive in nature (like banking) on a work or school network. In most countries, employees have little if any privacy protection from monitoring by employers.

If you enjoy sex or explore sexually using technology, it’s your own experience. Only you should be able to decide what it means. Only you get to decide if you think it was a good or bad thing to do for yourself.

Just as importantly, you should get to decide if that experience -- whether it's sharing intimate photos, talking dirty by phone or in voice chat, sexting, having any kind of online sex or just disclosing something on a sexual topic -- gets shared with anyone else.

Telling victims that they "shouldn’t have done it" or "what did you expect" is pointless. Instead of blaming and shaming, how about some information people can really use to help them make the decisions that are right for them, and equipping them with tools to mitigate, minimize and even possibly avoid damage if something goes wrong?

Intimate photos of us girls, ranging from swimsuit shots and selfies with cleavage, to the photos and videos that are only meant for the eyes of the person we trust in the hands of someone who doesn’t care about us or our safety, or worse – someone who gets off on hurting women – is disastrous, no matter how proud we are of our bodies, how sex-positive we are, or how comfortable we are with being sexy and strong at the same time.

Remember: Wanting to keep your private information and your private life private means that you have something worth protecting.

Notes and disclosure: Most of these tips are in my book The Smart Girl's Guide to Privacy, as well as further guidance and resources for surviving extreme privacy violations such as the ones discussed in this article. I am also an Advisor for Without My Consent, a non-profit organization that helps women who are victims of revenge porn find support and legal paths to justice.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

96 comments
Log in or register to join the discussion
  • Everyone's?

    I can't imagine many hackers want to see Loverock and Owl-net naked. And the more discerning ones may not reckon they can sell photos of me for more than a couple of dollars.

    More seriously, you could could sum up the advice as "Use your common sense". No need to encourage paranoia - there's enough of that about already.
    Heenan73
    • Don't give terrorists ideas!!

      nt
      Jean-Pierre-
  • This is the problem with consumerizastion

    The consumer does not have enough information to know what needs to be done for security. They trust the supplier. Suppliers have been taking advantage of this and cutting corners to pump up profits. For some, security is an afterthought and only after something goes wrong.
    happyharry_z
    • Security is simple

      If you don't want it public, don't let it touch the airwaves. The fact the FBI got involved in this celeb link is outrageous. EVERYONE is responsible for their own data and imagery, not the government. There is no theft is it can be made available. That is why it is wrong to consider hackers thieves, they are just able to show what total idiots some people are in respect to their own self security.
      Fubar4fun
      • nonsense

        You do not have the right to interfere with other peoples' computer and mobile systems. The end.
        Mac_PC_FenceSitter
      • In other words....

        blame the victim.
        sissy sue
        • I do not blame the victim...

          ...for the fact that there are evil creeps out there who want to do nasty unauthorized things with their private information. I don't write them off as "deserving it" if they have their information stolen. I want said creeps to be caught and punished regardless of how they got their hands on the goods or how careless the victim was in making it available.

          I DO, however, expect people to take some responsibility for securing their own private property, to the extent that it's reasonably possible. All questions of morality, blame and what is deserved or undeserved aside, when you take a sensitive photo and store it on a device connected to a network, the mathematical probability that it will wind up somewhere you didn't intend jumps from zero to a number which is not zero. It shouldn't, and in a perfect world it wouldn't, but we do not live in such a world.

          So yes, I think it's fair to say, if you would absolutely not want something to fall into the wrong hands (and it's not something that NEEDS to be there,) don't create it in the first place. Or failing that, don't share it. If you choose to do so, accept the reality that until a foolproof way is found to stop all evildoers from accessing the Internet, you are exposing yourself to some risk. If something bad happens, it doesn't mean you're a bad person deserving of punishment, but it does mean you made a mistake, and there is nothing wrong with acknowledging this.
          Ginevra
          • RE: I do not blame the victim..

            I do. " I don't write them off as "deserving it" I do.
            Retterdyne
      • The dedicated camera is not dead yet!

        Since the cameras on smartphones and tablets are so much easier and handier (we do not normally carry a "camera" unless we are on vacation) than dedicated digital cameras, their sales have dipped somewhat. But cloud security concerns may bring them back (out of the closet, and later off of store shelves).

        What do I mean? There are plenty of uses for digital photography that should never leave the memory chip on the device, yet all camera apps in the two major OS's FORCE a cloud backup of whatever pictures are taken (Google and iCloud). But old fashioned (!) stand alone cameras do not connect to anything else unless a connection is made with a cable, for example to a PC.

        Aside from sexting (which is a stupid thing to do REGARDLESS of your relationship with the recipient; remember, your monogamous partner has already SEEN all of your "naughty bits" and does not need a picture), there are reasons to take pictures for short term use that do not need, and ought not to have, a cloud backup:
        -> photographing your car's VIN just before going to the DMV or insurance agent;
        -> photographing each step in the disassembly of any machine you plan to repair, as a way of remembering how to reassemble it;
        -> photographing a body part (intimate or not) to preserve information for medical use, UNTIL it has been shown to a doctor;
        -> photographing a white board as a means of taking the contents elsewhere, such as grocery shopping.

        For some of these uses, it would be nice to have a camera app on your phone or tablet that would NOT back up to any cloud. Combined with truly encrypted email (hopefully, your doctor's web site provides secure internal email capability) for SELECTING the images to transmit, but not putting them in the cloud-by-default storage areas, this would provide more security for taking pictures with a phone.

        But lacking such a "private camera" app on the phone, the safest way may be just to dig the old camera out of mothballs and use it, even carrying it to the doctor or grocery store if necessary.

        While we're at it, does anybody make a flip-open lens cap for phones and tablets, so that even if malware gets onto the device, it cannot take pictures on either camera without the user's knowledge? Any phone protective case that adds this feature would have a good selling point, especially if it also allowed a flip open "earplug" to block sound from reaching the mike!
        jallan32
      • You're a fake, right? Just trolling, right? You obviously aren't serious

        as that would make you too simple minded to be able to exist on your own.

        Maybe we should apply that to everything - Car thieves are actually hero's, they are just showing us what total idiots people are for spending so much money on a vanity item like a brand new Corvette Stingray.
        William.Farrel
    • I agree with your reply.

      Well stated.
      kstap
    • Big Business hurts security

      "6. Beware of using public Wi-Fi. "
      That's why a number of ATT devices don't allow you to disable wifi when out and about unless you physically disable all wifi each time you leave your abode. This is not OS specific either. If you have an ATT device and wifi is enabled, your device will try to connect to any ATT "certified" wifi.
      Not sure if other providers do this.
      rhonin
  • ...afterthought ...

    You can attack the big corporations as much as you like, and I'm sure it gives you a buzz. But in this case, dig deeper.

    99% of 'leaked photos' are leaked because the victim:
    1. didn't take advantage of provided security (using 'password' as a password is an obvious example) or
    2. trusted the wrong person and was sold out by a 'friend'

    In this case, who knows ... but you'd be a fool to assume it's 100% Apple's problem. Oh wait - you did.
    Heenan73
    • RE:...afterthought ...

      Victim blamers like you are true cowards. They had a password, that scum criminal had ZERO business trying to breaking to someone else account. Apple waited until AFTER peoples accounts were broken into. Remember coward, they still had to GUESS what the password was apple security bug allowed the hacker hundreds of guesses. That makes it APPLES fault. Also at fault the buttmunch who published the working exploit to the web he gets 95% of the blame.
      Stop being a coward, blame the real persons at fault.

      Its never the victims fault ever so grow up child
      Stan920
      • What scum criminal?

        The phone belongs to the phone company when it is on the contract. The phone is not supposed to be a repository for sexual imagery, if that is your thing. You are responsible for your own privacy. Until such time as people realize it is themselves that are creating this phenomena, then it will never be resolved.

        Keep your personal data away from social media; FB, Twitter, Cell Phones, Tablets, anything wireless... and it will be secure.
        Fubar4fun
      • wahhh victim blaming

        Your eagerness to put 100% of the blame on the supplier is wrong. Failure to follow some common sense infosec methods puts you at farther risk. Sorry, you're a moron if your password is password. Further, I can't guarantee a strong password prevents a hack, but I can guarantee if you use a polaroid camera no one will see you naked when they crack your icloud or dropbox.
        jasona93
        • Finally!

          Somebody mentioned Infosec! Welcome to the thread brother ;-)
          Fubar4fun
      • Coward?

        Definition: "a person who lacks the courage to do or endure dangerous or unpleasant things."

        Stan920 - You seem dedicated to labeling people you do not know. In my experience, that has never won an argument nor convinced an opponent.
        SlimSam
      • Victim?

        If you are plastering nude photos of yourself with no precautions, you aren't a victim, you're an idiot.

        Do you leave your house door open?
        Do you leave your keys in your car?
        Do you leave your purse on the table when youre alone in a restaurant and you go to the washroom?

        Yes to any of them, and you're an idiot. I don't - and never did - absolve Apple or whoever (READ my post), but if you do not take basic, common sense precautions, you are NOT a victim, you are an idiot. Get out of the pool.
        Heenan73
    • When you do not know - do not post!

      This was most likely an "inside job" - a sysadm that wants some bitcoins for other activity, and collects (from where ever he finds them, most likely NOT the iCloud). There is always the weak link, you can build a 40 feet concrete wall around, but there will always be those, that presented with sufficient funds are willing to do it. It is plain capitalism, without morality or ethics. All has a price.

      So take to your senses and encrypt so that whatever they pinch will have restricted value.. Encrypt files you care about, and assume that whatever is placed up in the sky can be exposed to "everyone", it may be an accident, but 'shit happens"!!!
      knuthf