Monday, March 1, 2010

Security vs. Privacy

I was just having a discussion with someone on freenode (my username there is [mharrison]) about security vs. privacy. When they joined the channel, I mentioned that they were from Massachusetts (given their Comcast hostname), and they immediately asked how they could hide that. I asked why that was important, and they cited the usual - they didn't want any creepy Internet stalkers knowing where they were.

So what did I do? I volunteered my address and invited them to come visit. I've already sacrificed my privacy online, as most of us have. But I maintained my security. There's a big difference between the two. If I wanted privacy, I would have taken steps to hide my IP, name, and address. But why would I do that? What would this person have to gain?

Even after sacrificing privacy, I maintained my security. This person knows nothing of my passwords. They know nothing of my banking institution(s), my logins or passwords, nada. They know nothing of my physical security either - what's in my apartment, who lives around me, who I REALLY am, etc.

So why am I so secure in giving out my address? I'm confident that this person doesn't have either the motive or the interest to launch an attack on me, electronic or physical. 99% of the population doesn't care who I am or what they have to gain from me. And in the off-chance that this person WAS in the 1%, they're the ones going into an unknown situation - not me.

If you'd like to learn more about security and privacy, I highly recommend Bruce Schneier's blog.

No comments: