WASHINGTON, September 3, 2014 — Naked images of 101 celebrities were stolen from Apple iCloud, and some are being distributed around the internet. The photos first appeared on 4chan, including pictures of Jennifer Lawrence, Kirsten Dunst and Kate Upton.
Pictures of Kim Kardashian, Selena Gomez and Kate Hudson were supposedly taken, though they haven’t yet been shared online.
British comic Ricky Gervais tweeted, “Celebrities, make it harder for hackers to get nude pics of you from your computer by not putting nude pics of yourself on the computer.” The tweet raised a huge backlash, forcing Gervais to remove the tweet and apologize. He wrote in a subsequent tweet, “Of course the hackers are 100 per cent to blame but you can still makes jokes about it. Jokes don’t portray your true serious feelings on a subject.”
The hackers are of course entirely in the wrong, but this incident underlines a point raised by the Edward Snowden’s revelations about NSA spying activities: If you want it private, don’t put it online.
Internet privacy does not exist. Most users, including celebrities, do not have the technical savvy or interest to keep their online data encrypted and protected from a serious hacker. Very few people can even be bothered to create a password more difficult to remember than a pet’s name and a phone number. “1234ABC” will probably get you into e-mail, bank and medical records all over the world.
The problem is exacerbated by the services we use to store data. As turned out to be the case with iCloud, many of them have glitches that can be exploited to gain entry to user accounts. In iCloud’s case, the hackers apparently found a flaw in the “Find My iPhone” feature of Apple’s iOS for iPhone, iPad, and iPod touch.
Even worse, iCloud can suck up information from user devices without them instructing it to do so. It will store pictures, documents, and any other data automatically from Apple devices, putting them on other devices when they are “synced.” The data are encrypted to only be available to the user, but hackers are able to get user IDs and passwords.
The NSA is storing your e-mail and your phone calls, and they can look at your naked pictures whenever they please. And so, it seems, can some motivated hackers.
While outraged feminists may be hating Gervais for implying that the fault rests partly on the victims, he made a point that everyone should remember: If you don’t want anyone to see your data, don’t put them online. If you put data online, you can take steps to make them harder to break into, but you can never make them perfectly secure.
“Girls Gone Wild” was a line of videos featuring unclad, often inebriated young women, often from college campuses. Some of them learned to their regret that all sorts of people might see those videos, and that snippets might even be maliciously sent to parents or to employers. Young people aren’t known for thinking through long-term effects of their behavior, and alcohol makes it worse.
People put photos and embarrassing comments on social media for all the world to see. In some high-profile cases, this has cost people jobs. In others, as with Ricky Gervais, it has forced them to deal with angry electronic mobs. Once something goes on social media, you might take it down, but if it has been shared, it remains on the internet.
Social media are one thing; data saved to private accounts are something else. There’s no presumption of privacy on social media; there is when you store documents in the cloud. But the difference between them is one of degree and intent, not of kind. Kirsten Dunst is angry at Apple, tweeting, “Thank you iCloud” with some unfriendly emoji. She has every right to be angry at Apple, at the hackers, and at anyone pathetic enough to spend evenings looking at stolen pictures of naked celebrities. What she doesn’t have a right to be is surprised.
If you put naked pictures of yourself online, you have no more right to be surprised when they show up in your parents’ inbox than do the girls gone wild. Once it’s out there, it’s out there and beyond your control.
You can, however, make things harder for people who want what you’ve put out there. When it comes to the security of your data, you are the weakest link.
Start with your passwords. Most of us have far too many accounts to remember separate, hard-to-guess passwords for each one. But you can start with one secure password. Rather than use the names of your children (too easy) or a random string of 16 numbers and characters (too hard), think of your favorite line of poetry, for instance, “Twas brillig and the slithy toves.” Eliminate the spaces, then replace some letters with characters in a systematic way, say “0” for “o” and “#” for “e”: Tw@sBr1ll1g@ndTh#Sl1thyT0v#s
That’s too long for a password, but it can be split to make two passwords, each with 14 characters. Neither is easily guessed, but both are easily remembered. Most systems will rate the security of these passwords as high, with a combination of upper and lower-case letters, numbers, symbols, and length. They are certainly more secure than “Mom123.” If you use them for multiple accounts, they will still be relatively secure. If you can remember which one goes with which account, just keep generating passwords from the same poem.
Many people are unwilling to use long passwords, even if they can remember them. It’s annoying to have to type in 16 characters every time you want to use your e-mail. Which do you prefer, convenience or security?