back to article Americans fear their data isn't safe, yet do little to defend it

Approximately 28 per cent of Americans are "not confident at all that the federal government can keep their personal information safe," the Pew Research Center reported on Thursday, while also noting that many Americans fail to observe security best practices when online. White House Press Secretary Sean Spicer appeared to …

  1. Oengus

    That low...

    Approximately 28 per cent of Americans are "not confident at all that the federal government can keep their personal information safe,"

    With all the news of data breaches from the US government I would have thought the percentage would have been much higher.

    Also, with the focus by the TLAs on "backdooring" encryption the expectation of being able to keep data safe has to be further eroded.

  2. Mark 85

    Safe Data in the US?

    Hahahahahahahahaha....... For all the posturing and hot air from the certain politicians and certain TLA bosses "safe data" is an oxymoron.

  3. John Smith 19 Gold badge
    Coat

    America, land of the free...

    collection of personal data for fun and profit.

    And with security like this most Americans devices and accounts it always will be.

  4. Whitter
    Meh

    Public wifi networks

    I never link my phone to public wifi due to basic security concerns (like most El Reg commentards I assume). Which rather calls into question why they exist at all. Is it even possible to design a safe one? (assuming that it wasn't an actively miscreant honeytrap for the unwary).

    1. Charles 9

      Re: Public wifi networks

      No, because Gene and Mallory can perfectly masquerade as Trent. IOW, there's no system of trust that can defeat the perfect masquerade, and since we're talking an encounter between two assumed strangers, First Contact applies, meaning there's nothing in common between them, which according to First Contact means no true trust is possible.

  5. Gray
    Trollface

    House without locks

    This article reeks of putting down users for failing to compensate for a paradigm that's been pure crap since the earliest days. Essentially the entire industry, hardware and software, has profited from building the equivalent of houses without locks; then sanctimoniously demanding that the purchaser become their own locksmith. Even so, the 'standard' solution is equivalent to a hasp with a hair-pin clasp.

    Passwords? Inadequate from the very get-go, and the explosion of internet commerce, personal finance, and social sites exponentially scaled up the problem.

    Let's blame Microsoft which failed to provide a human-engineered personal security solution into their product. It would have been very easy to implement a secure PW generator and storage utility, with UI prompts to manage a suite of secure passwords. Additional security should have been provided on the hardware side, with a random PW generator chip that worked as a unique authentication code to accompany the user's PW. Additionally, the software would automatically remind the user to trigger PW changes/updates at frequent intervals.

    In short, the users should NOT have to tell the damned computer to implement security; an intelligently designed computer system would remind the user that automatic and personalized security measures are in place, with reminders to backup and refresh. As for turning the damned thing on in the first place, a personal key or inserted card or other lock/unlock device would make a helluva lot more sense, security-wise.

    No... we were brain-washed from the very beginning by lack-wit, cost-cutting, inward-focused providers who brayed that "passw*rd" was sufficient security, and it was the user's obligation to think it up, memorize it or write it down and then all would be safe enough. And don't forget to buy and install this year's latest AV nagware.

    Amazing! 200 million people in the USA aren't frickin' home-educated computer security experts! And the US government is proving to be the biggest Dodo of all. So we wonder why it is that we've accepted shite for security because from the earliest days we were given fuck-all for security by the builders... houses without locks!

    1. Doctor Syntax Silver badge

      Re: House without locks

      "Let's blame Microsoft which failed to provide a human-engineered personal security solution into their product."

      If they had would you have actually used it or gone for an independent solution? Telemetry anyone?

      1. Anonymous Coward
        Anonymous Coward

        Re: House without locks

        It's Microsoft, you wouldn't of had a choice but to use it. Fast forward Microsoft 35 years, you don't have choices, surely not where security is concerned because that's covered solely by the choices of Microsoft. So I guess in the end, Microsoft made the choice for you, but it just happened to be the wrong choice.

        Of course there is the mythical "Windows 9: Choices ME"

  6. Tom Paine

    It's true!

    When even a system administrator can exfiltrate gigabytes of data by walking out of Fort Meade with a USB stick in his pocket, then hand it all over to the papers, damn right they can't protect personal data!

    They didn't do a terribly good job at the OPM, either, did they. Hey, perhaps that's why Russia are rolling up all those US intel networks and assets -- perhaps it's not actually Trump handing over data to his handler, maybe they've just blackmailed some senior spook through what they found in the OPM data.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's true!

      There isn't any way to protect against these types of insider threats, except for 'two in a box' style admin practices, which are obviously a lot more costly.

      As for the OPM hack, it sounds like it was a typical case of "using a product full of holes, like they all are, and not keeping up to date on patches, which few do". No matter who Trump put in charge of 'cyber security' these things will keep happening, because businesses everywhere are getting hacked and it isn't as if the government has some special sauce to prevent such hacks. If such a thing existed, Apple, Google, Microsoft et al would already be using it. Given the US government is an attractive target, it has to defend more attempted hacks than most as well.

  7. The Dark Side
    Mushroom

    Oh What New Here, Same Old same Old

    This does not surprise me one bit, With my own experiences. Some Americans have this attitude `we`re American they won`t hack us cause we know what we`re doing`. Yeah right that`s why spend so much time sorting out company security policies and getting told by directors and VPs that there too strict and restrictive. They just don`t get it!!!, more like American`t.

  8. drouel

    as if

    Americans have the skills or knowledge to defend cyberthreats. now, how do enable full encryption on my iphone?

    1. Tikimon
      FAIL

      Re: as if

      As if your countrymen know any better, whoever they are?

      Bigoted attacks don't help the debate, folks.

  9. Tikimon
    Facepalm

    Safe Data anywhere, anyhow? As if!

    Fine. Let's all use 2FA, retina scans and random gang symbols to secure our accounts. And what then? An endless list of government agencies are intercepting our comms. Another endless list of unethical companies are tracking our every page view, message sent, or purchase made. The government bodies share our personal dossiers among themselves, private business sells them to anyone for pennies.

    This happens regardless of any security that 98% of the world will have at their disposal. Ed Snowden ripped the curtain away years ago. Instead of scaling back the spying, the spooks just made their misdeeds legal and ramped up their efforts. Companies are working to make their spying more pervasive, not less. And somehow a secure login process will defeat any of this?

    Stop blaming the users, wherever they live! When the very governments tasked to protect us and the companies making the tech we buy are all destroying our privacy as fast as they can, what the HELL is the end-user supposed to do?

    1. Charles 9

      Re: Safe Data anywhere, anyhow? As if!

      "Stop blaming the users, wherever they live! When the very governments tasked to protect us and the companies making the tech we buy are all destroying our privacy as fast as they can, what the HELL is the end-user supposed to do?"

      Elect an honest government. Consider how most of these got in the first place. Like someone said, Hitler was elected.

  10. ecofeco Silver badge

    I've said it before and I'll keep saying it

    The average user knows fuck all about computers and does not care and the IT industry needs to stop thinking they will ever care.

    It is the kind of arrogance you see in so many industries that eventually leads to their downfall. It is NOT the retail customers responsibility to understand your product. It is your responsibility to educate them. If that is not practical, then you need to simplify and improve your product.

    It is not the users fault that IT is so fucking insecure, it is the manufacturers. Stop being arrogant assholes and stop making shit products. Because it WILL eventually come back to bite you in your ass.

    1. Charles 9

      Re: I've said it before and I'll keep saying it

      "It is the kind of arrogance you see in so many industries that eventually leads to their downfall. It is NOT the retail customers responsibility to understand your product. It is your responsibility to educate them. If that is not practical, then you need to simplify and improve your product."

      And what if that's not possible. What if the most complicated design the market will tolerate is not secure enough to be practical? Like the most they'll tolerate is pushing their finger against a sensor, yet fake fingers are easier than that? What happens when the market demands unicorns?

  11. Bucky 2
    Coat

    Fairy Princess Management

    I manage my security by complaining loudly to my friends, usually in public, making sure my voice is loud enough for all strangers within 100 feet or so to hear my every word.

    I use the same password everywhere, too. It remains safe by wishing.

    Happy Friday, everybody.

  12. robertcirca

    Living outside the USA is not so bad

    At least all your data will end NOT end up at government agencies. That is what large US cloud companies try to tell us.

    The agencies are not allowed to get at MacroSoft, HairBook and Boogle information stored outside the US.

    If you give your data to BodyBook, SemiSoft or Mooble anyway, everyday, on any occasion, it is YOUR problem.

    If you want that your agencies can do a decent job (catch the bad guys) keep all your private stuff out of the internet.

    1. Charles 9

      Re: Living outside the USA is not so bad

      Until you realize that simply means the government WHERE YOU RESIDE will just do the same, laws or no laws.

      PS. How do you keep your private stuff off the Internet when the government is injecting PII into the Internet FOR YOU?

  13. Anonymous Coward
    Anonymous Coward

    Safe?

    Spicer can't even keep his own passwords safe, keeps tweeting them.

  14. Anonymous Coward
    Anonymous Coward

    Hello

    Government access to my data is my biggest security risk.

    My login password to 40 + characters...just saying. Device set to auto wipe everything, on X failed attempts.

    My banking and email passwords, meet all the complexity requirements + some.

    I don't use Twitter or Facebook... I've never figured out why people want to give out personal information about themselves. I'll read about idiotic public figures posts in the news.

  15. sirtsebe

    "Experts tend to recommend password management..."

    Well, in that case, I also recommend Pixelock,a password manager that let's you generate secure passwords through pictures. So for those in fear,try it out :)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like