When Idiots Design Security

security shieldI can remember the days when an internet company provided a service that was designed to hold your identity intact unless you chose otherwise. Personal security wasn’t an issue because identity was well contained by proper security design. All you had was a username and password to access the service. There were no easy-outs, email identities, password hints, security questions, or user names that were identical to your email address. All of these so-called features were added because of the numerous complaints by idiots losing their usernames and passwords. Some of those were legitimate idiots and some of those were asshole hackers socially engineering information from customer support. This was the beginning of a trend in security schemes that would slowly destroy online anonymity and security. It is the progressive agenda.

I control sixteen email addresses. Most require different passwords but there are chunks of emails that use similar low security passwords. I use those low-security emails on low security sites for registration. This way, I’m not compromising anything I care about. Keeping up with all these email identities can be difficult so I have a password file; written in code and encrypted with a passphrase. I’ve accumulated these addresses over the years because the idiot agenda to make everything easier for users was compromising proper security practices. Every time I would encounter a service that demanded I use my email address for a login, I would go create a new email address. Using your only one identifiable email address as a login for some stupid service you may only need to use a few times is like throwing your identity information into a low security den of thieves. That service, which may even be compromised, is going to want a password too. Since you’re already supplying your email as a login, it’s not a far stretch for users to supply the same damn password that they would if they were logging into their email. Boom, an instant security nightmare. It might be easier for the user, but it’s also easier for a hacker to relate and compromise your account when they’ve already got your email address and you’re throwing around your password across low security services over under-encrypted channels. So use a different password. Fine, but people still know that you use that service because your one and only email address is the login information to their database; there is no anonymity.

My issue with security questions is that they’re just another password field, but a low security password because they give you hints that often relate to public knowledge. “What is your mother’s maiden name?” Are you kidding me? My mother knows that information! My friend knows that information! Hell, the DMV knows that information! Hackers compromise more accounts by answering stupid public knowledge questions than any other way. Idiots came up with this giant security hole. “What was your first car?” Ridiculous. The best way to deactivate this often forced security hole to an account you’re setting up is to supply a string of random characters (another password), but make sure to write it down somewhere. By all means, do not use truthful answers to these questions! It’s a welcoming mat for anyone with a bit of knowledge of your past, and the Feds know it all. Again; designed by idiots or assholes.

How about linking your personal phone number to your email address? No. I’m not doing that. Like I want the Feds, or anyone else, to have that information, know that it’s linked to that online identity, and use it against me somehow. If you’re someone I care about then you know my real name and you probably have my number. Otherwise, you can look it up in one of the many third-party databases that I have not given permission to use. Good luck with that. There is no trust relationship with the services you sign up for. Read the terms of service! They are not liable for any information you supply. Your data is in their servers, they own it, and they will do whatever they damn well please with it. They word agreements as if they care about your privacy, but they have to say those things otherwise users wouldn’t trust using their services. It has always been this way. Why would you think it would be better than this? It always gets worse.

biometric thumbBiometrics are really good at keeping people out of your account, but it absolutely ties your personal identity to that account. So you will not want to use biometric security on an account that you use as a dead drop for questionable material or anything the government may in the future deem illegal or questionable activity. These may not be concerns the average idiot has, but I’m reading the signs of what’s around the corner and I want nothing to do with biometric verification schemes.

It’s becoming increasingly difficult to stay anonymous on the internet. There is a whole generation of people who “have nothing to hide”, and have embraced the ultimately stupid practice of connecting their accounts together. Democracy is majority rule, and sadly the internet is populated by idiots and assholes. They make the rules. They are the ones that will implement the “no-security” scheme of future systems. I can understand them making this mistake, they’re young and naive idiots. They have no security or privacy, and they probably don’t believe they deserve any; the poor programmed and restricted youth. These are people who believe liars, people who vote, people who vote for Obama; such an obvious liar. That is sad. I have plenty to hide. I’m very security-wealthy and I enjoy privacy. I don’t want my every idea and tweet geo-located. I use encryption and Tor, travel around, buy questionable items on the internet, and visit places I wouldn’t want people to know I visit. And I do all this using aliases because I watched the idiots implement this false-security model for over two decades.

I’m not in this to win a popularity contest. I don’t care about followers. I’m not an egotist, however, I do value reputation and honor. It’s worth protecting because it can’t be physically removed from you. The internet is a tool, not a community. A lot of people don’t realize this and fall victim to the trap. They believe it’s a safe environment that’s very accepting, kind of like another parent. It’s not your mama or dada, folks! It’s a series of systems interconnected transmitting electrical patterns. It’s a solid environment of silicon, silver and gold; but it may feel like a community because of all the like-minded idiots using the systems.

You have to take control of your identity and security or someone else will. They will sell you down the rabbit hole until there is nothing left that is truly yours. Identities are commodities; traded like every other commodity. Change your methods. Don’t embrace the idiot agenda and don’t trust assholes.

The paramount worst security nightmare of an email service is Yahoo. From Yahoo’s increase in so-called security measures, it’s resulted in locking legitimate security-conscious people out of their accounts, even when they supply the password. Yet they allow trivial easy access for anyone to accounts of people who supplied accurate responses to security questions.

When Yahoo first implemented the security question scheme, it was for people who forgot their passwords. Since I was never going to forget my passwords, and I realized this was a security hole; I supplied a string of random characters as the answer to their questions. I would never have to remember that information because I would never forget my password. A few years ago, Yahoo began asking those security questions, even if the correct password was supplied. That is a break in their original agreement. I argued this point with their support staff and they hung up on me because they’re liable for breaking their own security scheme, and they know it. They ask for your security questions if they “don’t recognize the device you’re signing in from”. Well, I travel around. The result: A security-conscious individual like myself gets locked out of two of his low-security Yahoo accounts because he doesn’t have the string of random characters written down for his security questions.

Even if you know your password, if you do not know your security question password; you’re locked out. In fact, all you have to know is the answer to a security question and you’re in. That is why Yahoo is the worst email provider ever, and known for the worst security on the net. They punish security-conscious individuals, while allowing idiots or assholes trivial access to everything. It’s a very “progressive” agenda designed to allow easy access to accounts for federal spying programs from legislation like the Patriot Act and NDAA. But progress toward idiocy isn’t positive. If you don’t have the option of privacy, you don’t have freedom.

Update: I have since recovered both my locked low-security Yahoo! accounts with a mixture of statically setting my IP to a previous address, hacking an exploit in their authentication schema, and socially engineering information from poor English-speaking support staff outside the Americas.

-Jeremy Edward Dion


2 thoughts on “When Idiots Design Security

  1. Very good article and I exactly do like yourself, except I don’t write down every password let alone security questions answers. recently yahoo started asking me for security question on one of my accounts, even though I’m entering the correct password. what kind of idiots do that? let’s not forget their recent decision of recycling inactive accounts . I don’t want to give my real information, and I don’t want to use my primary account on services like say yahoo answers, where simple unintentional violation may lead to suspension of account. let’s not forget the constant changes that may reveal your real name on the account

    1. Agreed. I can’t stand the reversal in service that happens when the idiots try to implement “ease of use” alongside heightened security. Both can be had, but they don’t know how to implement it. Their idea is tying everything to your actual identity, so if anyone knows just a few things about you, your account is compromised. It’s a pseudo-security model designed to be easily infiltrated by entities that know everything about you. For example: the feds.

      None of this surprises me. I warned many people about tyranny and its effects. Honest men aren’t electable in our current system, but the fools just keep on voting. Now we’re in the middle of Nazi 2.0. No more secrets. Those that trespass on liberty must perish or step down. I have no preference.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s