Digital Security HOWTO: Protect your Data, Communications, and Activities, & Painlessly Integrate Teaching Simple Security Into Classes

Digital Security HOWTO: Protect your Data, Communications, and Activities, & Painlessly Integrate Teaching Simple Security Into Classes

Jonathan Poritz suggests, “Think and talk about security all the damn time.” This session was on why/how.

Speaker: 

Presentation:

Introduction

It was like having a meeting with my Edward Jones financial advisor. I walked in with very minimal knowledge on the topic but eager to learn more. The information was presented in a way that was accessible, relevant, and interesting. I walked out feeling like I had learned a ton.

But now that I need to explain it to someone else, I find that I can’t. I need repeated exposure to the topic in order to make sense of it in my mind. Maybe a year or so from now, I can attend another talk by Jonathan Poritz to learn a little more.

The Slides

Jonathan’s presentation contained the stereotypical “don’t do this,” overly wordy slides that we are warned to avoid, at risk of losing our audience.

But they were humorous and quirky and I liked them anyway. They were especially fun to go back to after the presentation and digest a little more closely. Highly entertaining.

For example,

“GUIs are like bashing orcs with a magic sword, while working on the command line is like speaking the words of a spell which causes peace quietly to arrive in a troubled land.”

Below, you can see the first 4 slides. See the PDF link above for the entire thing.

See what I mean?

In his own words, here’s what the point of the presentation was:

“It’s about what we can teach our students about, and put into practice ourselves [on our DoOO sites or other Internet places where we have any agency], about security, in response to the infernal circles 5 [computer crime] and 4 [surveillance/censorship], above. To discuss this topic, we must understand some basic cryptology, because without understanding, everything we do is empty pointing-and-clicking, full of sound and fury, signifying nothing.”

He then proceeded to describe basic cryptology to us so we could have a basis of understanding the hows and whys of digital security. But…

“The other problem with crypto is that it is fairly mathy.” Understatement of the conference.

Example of "mathy" crytology
Example of “mathy” crytology. It made sense at the time.

I used to be good at math. I took AP Calculus in high school and jumped into a higher level math class at a demanding engineering university as a freshman. But that was the last math class I ever had and this goes way beyond anything I’m comfortable deciphering.

Recommended Reading

Jonathan suggested that we read an online textbook he wrote, called “Yet Another Introductory Number Theory Textbook” for more. After the conference, I took a look at it. And laughed. Hard. But then I reviewed my notes and saw that he recommended reading chapter 4, which went more into the history and is quite interesting even if you have to skip over the math stuff.

That is what I recommend to you as well, if you want to learn and understand a little more.

1. Read http://poritz.net/jonathan/share/yaintt.pdf, Chapter 4, starting on page 55 (63rd page of the PDF document).

He goes over some terminology so you can sound smart in talking about this stuff, and then some history of the first confidential message tool called the “scytale.” Who knew?

What's a Scytale?
What’s a Scytale?

Fascinating!

2. Another resource he recommended that is much more accessible to the average user (ah-hem! me) is the “Nuts and Bolts of Encryption: A Primer for Policymakers,” by Edward W. Felten. You can find it here: http://www.cs.princeton.edu/~felten/encryption_primer.pdf. It gives an overview of encrypted communication and encrypted storage so you understand the difference and how they work.

3. Finally, there is a book called “Between Silk and Cyanide: A Codemaker’s War, 1941-1945,” a memoir of a top codemaker in WWII that sounds extremely interesting. You can find it on Amazon here: https://www.amazon.com/Between-Silk-Cyanide-Codemakers-1941-1945/dp/068486780X

How Can I Protect My Data, Communications, and Activity, Evelyn?

Uhhhh.

This is where I am still a little hazy. I’ll let Jonathan’s final slide speak for me for a second.

How to Model Good Security Practice
How to Model Good Security Practice

He showed us how we might make our own public/private key in gmail to encrypt our email communication with people we know. I liked learning it, but I don’t know how realistic that is for the average user. (And I don’t remember how to do it, just that it’s possible.) Check out this site for more: https://www.mailvelope.com/en.

Reclaim Hosting offers free SSL. Here are the directions for how to do it:

  1. Installing Free SSL Certificates: https://community.reclaimhosting.com/t/installing-free-ssl-certificates/325
  2. Force HTTPS for Your Site: https://community.reclaimhosting.com/t/force-https-for-your-site/239

The rest requires more research on my part. At the very least, he convinced me that this is important stuff to know and spend time on. I’d definitely be interested in learning more, and would jump at the opportunity to attend another talk by Jonathan.