[
<picture>
<noscript class="loading-lazy">
<source media="(max-width: 640px)" srcset="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah.7462_tw.jpg" />
<source type="image/avif" srcset="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah.7462.avif 1x, https://cdn3.brettterpstra.com/uploads/2017/02/benelijah@2x.7462.avif 2x" />
<source type="image/webp" srcset="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah.7462.webp 1x, https://cdn3.brettterpstra.com/uploads/2017/02/benelijah@2x.7462.webp 2x" />
<source srcset="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah.7462.jpg 1x, https://cdn3.brettterpstra.com/uploads/2017/02/benelijah@2x.7462.jpg 2x" />
<img data-original="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah.7462.jpg" data-at2x="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah@2x.7462.jpg" width="225" height="225" src="https://cdn3.brettterpstra.com/uploads/2017/02/benelijah.jpg" title="Ben Elijah headshot" alt="Ben Elijah" />
</noscript>
</picture>
<figcaption>Ben Elijah headshot</figcaption>
</figure>][iab]I have a guest post from Ben Elijah, author of The Productivity Habits. He writes at Ink and Ben, and you can also find out more about him by listening to Systematic Episode 155, where he was a gracious guest.
Now I’ll turn it over to Ben and let him talk about security of the tools we use every day.
The Snowden leaks made me question the trustworthiness of the systems and services we all rely on. Oh, of course there is the usual retort of the authoritarian; “if you’ve got nothing to hide you’ve got nothing to fear”, though I rather think that those who argue this point ought to defecate in the street and tattoo their passwords on their foreheads.
The thing is, my brain sucks. I find it difficult to hold pieces of information in my mind for long periods of time. A long time ago I decided that I wasn’t going to accept these limitations. Methods like Getting Things Done helped enormously, as well as the ideas which found their way into The Productivity Habits. Task lists, note-taking apps, knowledge managers, collaboration services; gimme gimme gimme!
I’ve learned to rely on services and infrastructure which we now know are under pervasive surveillance. Working with information outside my head is as important to the way I live my life as any habit or belief. I’m sure almost all of the services I might use have good intentions, but unless I encrypt my data, properly, before it leaves my computer with a key that only I have, I can safely assume that I’m sharing it with the NSA and GCHQ. I believe that privacy is essential for creativity, and consequently, so are privacy-respecting tools. I cannot use untrustworthy tools to make things. Mass surveillance has motivated me to find alternatives.
I’m not going to give you a litany of surveillance counter measures; there are fantastic resources online which offer practical advice and useful recommendations. Each individual will have different needs and priorities. Someone who doesn’t feel as deeply about surveillance as I do would probably worry less than I do about, for example using commercial cloud services.
When I talk about information security people often go into what I call the “hedgehog mode”: curl up into a ball, frightened by everything; feeling under threat from all sides because they don’t know where the threat is coming from. Sometimes they end up locking themselves down so much that they can no longer work effectively. We should avoid that. It’s better to rationally assess your security needs and identify the specific threats that you need to counter.
But how?
In the world of corporate IT, a sensible security person will conduct a procedure to identify vulnerabilities in their systems, and the threats that could exploit them. This will help them to decide where to put their resources. This procedure is called “threat modelling”. It’s equally useful for individuals too. I’ve developed a simple method for personal threat modelling which will help you to understand the particular threats you face based on the way that you work, and the risks associated with them. Then, you can build a workflow that keeps you safe and productive.
Let’s start with a scenario I hope you’ll be able to relate to. A writer, interested in hot political issues, who travels across borders fairly frequently, with good technical skills, and commonsense enough to backup their data correctly.
Data Flow Diagram
Brett is a writer and developer living in Minnesota, USA. You can follow him as ttscoff on GitHub, Mastodon, and elsewhere.
Sign up for the email newsletter, and keep up with this blog by adding it to your favorite news reader, or following it on Bluesky or Mastodon at @brettterpstra.com@web.brid.gy.