[MUSIC PLAYING] DAVID MALAN: Security. Let's start off with some scary stories about how your data and your devices are under constant threat, even if you don't necessarily realize as much yourself, and then consider how we might defend ourselves against some of these threats. Let's start, for instance, with privacy, keeping folks from seeing data or things that you don't want them necessarily to see. And specifically, let's consider this. If you've got some desktop computer, or some laptop computer, those devices alone are the most insecure thing you might have, and maybe even the device in your pocket that you even leave lying around, because at the end of the day, whether it's a laptop or desktop or phone, these are computers, and computers have on them data, and data is just a fancy way of saying, like, files. So files, of course, are just collections of zeros and ones, and in those zeros and ones, odds are, are numbers like financial information, or photographs that you've taken on vacation, or maybe it's financial documents that you've typed up on your computer. So suppose that you're already in the habit of trying to keep your data secure, because anything you don't want someone to see, you maybe are in the habit of deleting it. But let's consider first what it means to be deleted. Recall, after all, that files are generally stored on hard drives, or SSDs. And in fact, a hard drive is just a physical device, something like this. And there's magnetic particles on this particular device that represent our data. So what does it mean, though, to delete a file? On Macs and PCs and the like, when you delete a file, it simply disappears, typically, from your desktop or folder. But what's really happening, especially when at the end of the day, those files are on a physical device like this? Well, turns out the files are stored on a computer, and on a platter, if it's a hard disk, that might look something like this, although ideally it would be a perfect circle so that it can spin properly. And anytime you store a file, you might allocate some part of this disk, maybe that part of the disk, or the platter, so to speak, for all of your zeros and ones. And I'll just go ahead and draw some random zeros and ones up here. And what those zeros and ones are completely depend on the file. Maybe it's a Word document. Maybe it's an image. Maybe it's a sound file or a movie. Who knows? And then elsewhere on the platter-- and recall that there might be multiple platters-- will there be any number of other files. And even if it's not a platter, if it's instead a solid-state disk, electronically, are there still these zeros and ones, thanks to the tiny little devices that store those binary values for us. But what does it mean, now, if a file exists in your operating system, and your operating system is storing it, ultimately, on a physical device, whether a platter here in a hard drive, or electronically in an SSD? Well, somehow, your computer, specifically your operating system, needs to keep track of where these files are. And so an operating system typically has kind of the equivalent of, like, a little cheatsheet, or an Excel file, that keeps track of where files are. So for instance, one column might be the name of the file, and another column might be its location. But location, in this sense, is the physical location on disk. So if I've stored, for instance, my resume somewhere, and that might be at location 123, where this happens to be location 123 on the hard drive, specifically, byte number 123, because operating systems are going to store my data either at specific byte addresses, or maybe in certain cluster sizes. You might actually take collections of bytes and write files to those clusters all at once. But this table, then, of course, has other values as well, one value for every file that I have on my computer. So what does it mean, then, to delete a file? Well, graphically, it tends to disappear from my screen. And I know what you might be thinking. Wait a minute, it goes into the so-called recycle bin or trash can. But the funny thing about the recycle bin or trash can is what? Especially if you have maybe a nosy roommate or family member. It's not really sufficient to leave deleted files in the trash bin or recycle bin, because what can they do? They can, of course, just double click on the thing, drag the file out, and then hang onto it and actually see what was there. So oh, no, no. You're more security-conscious than that. You're in the habit of emptying your recycle bin, or emptying the trash. And it maybe makes a cute little sound, and then the little icon of trash disappears from the lid of the can. And you might think, whew! Got rid of that file. No one can now see it. But consider what might be happening underneath the hood, so to speak. Well, it turns out what a computer typically does, whether it's Windows or Mac OS or some other operating system, is it does nothing to the physical device over here. Instead, it just forgets that entry from this table. It just forgets where my resume is. And therefore, it knows implicitly, and thereafter it can continue using location 123. Sure, there are still zeros and ones from my old resume there. But no big deal, because the computer can just rearrange those zeros and ones into other ones and zeros in some other pattern and store some other file, so long as that new file is added to this table. But the implication, then, is that even though you've deleted a file by dragging it to the recycle bin or trash can, and you've had the wherewithal to empty the recycle bin or trash can, the computer really is just forgetting where that file is. It's not actually physically destroying the data. And so if you have the right software, or you have a sophisticated enough adversary who can write software, you can theoretically recover data from a hard drive or SSD just by looking for familiar patterns of bits that might represent a Word document or a JPEG photograph or something else altogether. So what's the implication? If this is the threat, and if you've got some really sensitive tax information on your computer and you really don't want other people to be able to see that, because it's personal, it's not sufficient, it seems, just to even empty your recycle bin. You need to somehow securely erase this file, so that programs like Norton Utilities and other tools can't recover the data subsequently. So what could you do? What would the approach be? Well, you might think that you maybe open up the file and then just start typing random numbers or letters into the file, resave it, and that might overwrite some of those same zeros and ones. But the operating system, frankly, might just use a different part of the disk to save that new data, especially if there's some kind of auto-recovery feature built into the file format itself. So that might not be secure. Really, you need to scrub-- or wipe, as people say-- these zeros and ones. Maybe they should be changed all to ones, or all to zeros, or maybe just random zeros and ones, so that no matter what was there is absolutely now no longer there. And for that, frankly, you need special software. And there do exist both commercial and free tools to do that, either to securely delete individual files or to do it to an entire hard drive, especially if you're selling it or simply recycling it, getting rid of it, and you don't want all of that data to remain around. Why do computers seem to have what seems to be this sort of fatal privacy flaw? Well, it's actually kind of a good thing, right, because if you're like me, odds are you probably accidentally deleted something before, or maybe you-- or someone else has deleted it on you. And so it's actually kind of a nice thing that computers don't actually, by default, necessarily scrub the information altogether, because that means we can recover files as well, if that's indeed a good thing. And frankly, years ago, for efficiency, it just made sense for computers to forget where the file is, rather than bother with this, because if you ever do try to securely delete a file or wipe a drive, you'll find that it actually takes quite a while, because you have to touch so many of the locations on that physical disk. But it's not just your files, and it's not just your computers themselves that are vulnerable to disclosures of private information. There's also your browser. And odds are you spend a lot of time on the worldwide web using Chrome or Edge or Firefox or Safari or some other browser altogether. And odds are you've heard of a little something that might be a little scary-sounding, as you've heard it, but cookies, pictured here adorably with Cookie Monster being a little surprised that his computer wants to delete cookies. What are these cookies, and how do they too threaten privacy in some sense? Well, it turns out, when you visit a website, these days, most every website frankly that is dynamic and interactive uses something called cookies. Cookies are a features supported by HTTP, hypertext transfer protocol-- that's the protocol that web browsers and servers speak-- and cookies are used to remember a little something about you. Often, they're used to remember that you've already logged in. Right, consider that when you log in to Gmail or Facebook or outlook.com or something else, generally you just type in your username and/or password once, then you see your inbox or your homepage or your news feed, and you don't have to log in on every subsequent click. Indeed, it would be infuriating and downright unusable if every time you followed a link, you had to reprove to Google or Microsoft or Facebook who you are by logging in again. And so cookies are these little files-- or really values, numbers or letters-- that a web server puts on your browser, saves inside of your browser, to remember that you've been there before. So if I log in with my username to some website, and I log in with my password, and then hit Enter, essentially the web server, upon responding to my authentication, is going to plant a cookie on my computer, either in RAM temporarily or maybe even on disk, on my hard drive or SSD, to remember that David is somehow authenticated. And that cookie hopefully doesn't actually contain my name or password or anything else that's personally identifying. Instead, it probably just contains a really big number, a really big value, that's also stored on a database, because the way HTTP works is every time I visit that website again, unbeknownst to me, at least until now, the browser is supposed to present that so-called cookie-- that value, big numbers, big letters-- to the web server to remind the server who I am. So if I log in to Gmail today, check my mail and maybe even close the window, and then tomorrow I come back and open up Gmail, odds are my browser is not going to make me log in again. The browser, or really the website, is going to remember that I logged in reasonably recently, and it's not going to pester me to log in again. And that's because my browser is, unbeknownst to me, sending that same cookie value that was planted there a day before to remind the server, this is David. You know him. He's already logged in once before. So how do the mechanics of this actually work? Well, consider this. This is a very simple HTTP request that might go from a browser to a server. Get slash, so get me the homepage using HTTP version 1.1. The host I'm visiting, in this case, is just example.com, some website. Now, typically, a web server is going to reply, hopefully with a HTTP 200, OK, all is well. But it can also reply with some other values in those so-called HTTP headers. For instance, a web server can reply not only with that 200, OK, all is well, it can also reply with another header below it called set-cookie. And then inside of that is a value, a key-value pair-- the name of the key, which in this case is Session, which is commonly used, but could be anything, equals, and then some big value. So when I said earlier that a big random value, numbers or letters, are planted on your computer, it looks a little something like this. This is just a really long, sort of standardized format for generating big random values that happen to contain numbers and letters, and also, it turns out, some hyphens. But that number, theoretically, uniquely identifies me. The server is not going to send that cookie to any other customers or users. It's just going to me. And my browser, by nature of understanding HTTP, knows how to look at that, knows what to do with it, and knows on every subsequent webpage I visit on example.com to send that value back to the server. So on every subsequent HTTP request, my browser is going to send a little something like this-- not just get slash or whatever the page is, not just host example.com, it's also going to send cookie. No Set, because Set came from server to browser, but just cookie colon, and then that same exact value. So if you've ever been to a club or an amusement park where you kind of want to come and go during the day or evening, those places might sometimes put a little ink-based hand stamp on your hand, so that they don't have to check your ticket or who you are every time you go in and out of the park or in and out of the club. You simply show your hand stamp, thereby reminding the bouncer, whoever is taking tickets, that you've actually gone through this process before, and don't have to be re-authenticated, so to speak. So that's all that's going on underneath the hood, and cookies make this possible because they've planted these values on your computer, thanks to the server. But where's the threat to privacy, then? Well, we're here looking at these HTTP headers on the screen, and you can't really see, like, Wi-Fi things going across the air. But if you have the technical savvy, you could certainly sniff all of the wireless traffic going between computers and phones and other devices in this general area. And that's a little worrisome, because if you have the technology and the technical know-how to do that, what if an adversary, a hacker, could actually see values like this, and could essentially see my hand stamp as I'm presenting it to a server? That hacker could, theoretically, if he or she knows how, pretend to be me by duplicating my cookie value, sort of doing this, like you might have tried at a club, and then presenting that stamp as his or her own to the same server. And indeed, this is what would be called a session hijacking attack. It is a way for a hacker to have access to a value like this, steal it as his or her own, and then send it, using the right software, to the same server, so that if you have already logged in to Google or Facebook or Outlook or some other site, you've essentially given this hacker keys to that same account, because he or she can just pretend to be you by sending the same value. So how do we protect against that? Well, there is a mechanism, thankfully. And most websites, including all three that I keep mentioning-- Facebook and Google and Outlook-- are just three of many, many websites that these days, thankfully, encrypt this information, scramble it, so that even someone sniffing wireless traffic wherever you are can't actually see this. It looks completely scrambled. But more on that in just a bit. There is, of course, with your browser, though, other some privacy concerns. Right, if you walk up to Edge, or you walk up to Chrome or Firefox or Safari or Opera or whatever, odds are, if you start typing in the URL bar, what do you see? You see maybe some search results. But for convenience, you also see your own what? Browser history. So there aren't just cookies on your computer that effectively are little breadcrumbs as to where you've been on the internet, like things like this, that do have to be saved somewhere in the computer's memory or on the computer's disk. But there's also the very websites you've visited. And so another threat to your privacy, frankly, is just walking away from your laptop or desktop, letting a roommate or a classmate or a family member just walk up to that same computer and just start poking around your so-called browser history. And browsers today are pretty powerful. I mean, they'll remember everything you've done, everywhere you've gone. And this is a good thing in some sense, because it means it's easier to get you back there. If you start typing the first few letters, your browser might remember where you've been. You can search your history. So if you're like, oh my god, where did I see that widget I wanted to buy online yesterday? You might be able to search your own history and find, among the websites you visited, what it is you're looking for. But the counterpoint here, of course, is that so can anyone else. So how do you defend against those threats to privacy? How do you defend against those threats to places you've been and breadcrumbs you've left lying around? Well, you could clear your cookies. Any browser, typically under the Preferences or Settings menu somewhere, has a way of clearing your browser history, and often clearing with it the cookies that have been planted on your computer. So what's the upside and what's the downside of that? Well, the upside, of course, is that all that information is thrown away, though, frankly, maybe not securely. To our point earlier about how files are deleted, odds are, even your history is not securely scrubbed. It just makes it harder for a bad guy to actually get at it, if he or she knows how to actually look at bits that were once on the computer's disk. But if we're really not worried about those kinds of threats, we're really just worried about people walking up to our computer and being a little too nosy, clearing your browser's history will address that. But it will also clear all of your cookies. And so what's going to happen if suddenly all of your cookies are deleted? Well, somewhat annoyingly, any website you've recently logged in to, or maybe even ever logged in to, is effectively going to forget that you have. And all of those cookies that were temporarily stored on your computer are just going to be thrown away. So the next time you visit Google or Facebook or Microsoft, they're going to prompt you again to log in. Not a huge deal, and it's better than just letting anyone see your own account, but that is an implication. And so if you're one of these people who opens lots of tabs, uses lots of websites, doesn't even quit your browser very often, let alone shut down your computer, odds are it might actually be annoying to have to delete all of your cookies in this way, because effectively, it's like washing your hand so that any hand stamps you had on your hands are completely washed off. So what's an alternative? Well, Chrome and Firefox and other browsers often have a sort of private mode, or incognito mode, as Google calls it. And this is simply a mode in your browser where you can open up, typically, a different-colored browser window, and in Chrome's case it's actually kind of a creepy guy with a little creepy hat on. We can kind of pull this up here. If I open up Chrome, for instance, and I decide I don't really want any of this ending up in my browser's history, I want my history to be automatically thrown away without affecting all of the other places I've been, I can actually go up to File, New Incognito Window, and ooh, spooky. I've gone incognito. "Pages you view in incognito tabs won't stick around in your browser's history, cookie store, or search history after you've closed all your incognito tabs. Any files you download or bookmarks you create will be kept." So essentially, this is just automating the process of letting you do your thing online and then automatically deleting it once you've deleted-- or once you've closed this and any other such private or incognito windows. So that's an alternative when you know you don't want something to end up in your browser history. And frankly, technical people also use this a lot, not so much for privacy's sake, but for technical sake. When you're building a website, or you're writing software that uses the web, sometimes you don't want the browser to remember past pages that your software has generated. So using incognito mode too is just a handy technical thing, because it means the browser is going to remember less, and therefore you won't accidentally see some of your oldest handiwork. But all of these scenarios rather assume that I've logged in to my computer first. Right, it should kind of go without saying these days that if you don't have a password on your laptop or desktop, or you don't have a password or passcode on your phone, or a fingerprint sensor these days on your phone, probably aren't practicing best security practices. Right, it's all too easy, then, for a nosy family member or a roommate or whoever to just walk right up to your laptop or desktop or phone and start poking around, which may not be a very good thing. But also, even if you're not really worried about the people around you you trust, you know, that laptop might leave your home or apartment pretty often. And certainly that phone is going with you, most likely, when you step out of the house or home as well. And so what if you just lose a device like this? If you don't have a password or passcode on your phone, and therefore you never authenticate, prove to the device who you are and that you know that password, let alone username, well, then anyone off the street, literally, can pick up that device and start going through your emails or your text messages or really pretend to be you, if you're logged in to various things. In fact, if you've ever seen friends of yours post sort of obnoxious posts on Facebook, might very well be your friends. But it could also be friends of your friends who have intentionally walked up to their phone or laptop or desktop and posted something on their news feed, so to speak, without them actually knowing. And that's just because they weren't requiring authentication. So it should go without saying that on your Mac or PC or iPhone or Android phone, you should have some form of authentication, some kind of prompt that challenges you to know something before you can proceed. And what you know is typically a password or passcode. On a phone, it might simply be a few digits. Unfortunately, using something like a few digits isn't necessarily the best idea, because if you only have a four-digit passcode, as was the default on iOS for iPhones for some time, it's not all that secure, right? Because if you think about a four-digit passcode, there's four possible values, and each of these values is 0 to 9. So this has 10 possible values-- 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, so 10 possible values there. Another 10 here, another 10 here, another 10 here. So the total number of possibilities here is only 10,000 passcodes total, specifically passcode number 0000 through 9999. Now, that's indeed a lot. And frankly, it's going to be pretty damn tedious for a hacker or a nosy family member to guess your passcode if he or she has to try as many as 10,000, or at least half of that many, on average, to just guess what your passcode is. Plus, a lot of devices today, iPhones included, will insert delays. So if you guess your password wrong, even if it's you who've forgotten it temporarily, maybe three times or five or 10 times or some small number of times, the phone is actually going to say, slow down. You're going to have to wait a minute or so before you can try again. And this is a good defense mechanism, because if the search space is relatively small, the number of possibilities is relatively few, you can at least increase the cost of hacking into the device through this brute force method, where you just try all possible codes, by just slowing down the bad guy. Make every code take a full second, or five seconds, to type in. Make him or her wait maybe a minute before they can try again, because by then, hopefully, you'll have realized, oh, shoot, where did I leave my phone? And you can go chase it down and chase away the person who's trying to access it. Or, you're going to come home before that nosy neighbor or roommate has actually finished guessing all possible values to get into the device. Of course, there's a more effective way. Don't use four-digit passcodes. Maybe use a fifth or a sixth or a seventh. Or don't use numeric codes at all. What if, for instance, we introduce letters of the alphabet? If we introduce letters of the alphabet, even if we just have a four-digit passcode, that means, if this can be not just 0 through 9, but A through Z, and better yet, how about capital A through Z, and lowercase a through lowercase z, that gives me, what? 52 letters and 10 numbers, 0 through 9. So that's 62 possibilities. So that's 62 times 62 times 62 times 62, and already this is starting to add up. If I pull up a fancy black-and-white calculator here and go ahead and just run the math, we know from before, it was 10 times 10 times 10 times 10, which is, of course, 10,000. And 62 times 62 times 62 times 62, meanwhile, is much, much bigger. In fact, that's 14,776,336. So just by using more possible digits-- not just numbers, but letters, capital and lowercase-- we've really increased the cost for an adversary. And as such, we've effectively increased the security of my device, because now it's a lot harder to get into. And better yet, don't use four characters. Use five. Use six. Use 12. Use 20. There's just a price, ultimately, you pay. Right, if you were trying to be really secure, and you know therefore you shouldn't use four-digit codes, maybe even five or six, so you have a 20-digit passcode or password, why might that actually not be a good thing? Right, because according to that logic, why not have a 50-character password or 100-character password? No one is ever going to guess that, surely. Well, one, nor might you remember it, if it's that long or that arcane. Two, it's just going to be damn annoying to type in again and again and again. And so that alone is sort of downward social pressure on having passwords that long. So what's the best rule of thumb? There's not necessarily one fits all. But short, bad, longer, good. But it's only good so far as you can remember that password. And it's not, say, a very popular word or phrase or sentence, because the other thing bad guys will do is they're not just going to guess all possible values, like 0000, and 0001, and 0002, and so forth. Soon as you introduce letters of the alphabet, they're not just going to try AAAA, and AAAB, and AAAC. Odds are, they're going to start trying words. So in fact, if your password is "password," that's probably not a very good password, because it was the first thing I thought of, too. Or if your password is 123456, odds are, that's not too smart either, because it's also the bad guy's first thought as well. And now, tragically, while tongue in cheek with these kinds of examples, it turns out that these kinds of passwords are more common than you might think. So in fact, let me go ahead and pull up a list, as of 2017, some of the most common passwords in the world. The number-one password, according to one study online, was 123456. And odds are, the website's requiring this, or required at least six-character passwords. The number-two password this year thus far has been 123456789, so more secure in that it's longer, and that then you have to kind of guess more tries. But it's not all that hard to guess 123456789. "Qwerty," brilliant. That is literally the first five or six characters on top of the keyboard on the first row. 12345678 came in a close fourth. So that's brilliant. 111111 is coming in fifth. 1234567890, 1234567, you can see the pattern here. "Password" came in, surprisingly, at number eight. 123123, someone's thinking they're a little clever. And then the reverse, 987654321. And if you go online and just google "most common passwords of 2000 whatever," you can see the most common passwords from any of the most recent years, thanks to security studies and websites like this one here that have been done online. So pro-tip-- if you see your password anywhere on this list, let alone in the top 20 or the top 100 or more, time to start changing your password. Because if you're using it, odds are a bad guy is going to know to try that password as well. And even though most of these aren't even actually words, it turns out that adversaries, hackers, certainly have access to dictionaries, like a Merriam-Webster dictionary, and so he or she could certainly write software that tries not only these common ones, but tries all the words in the dictionary. So if you think that, you know, you're being clever by putting "umbrella" as your password, because that's a pretty random word. Why would anyone use it as a password? Well, the problem is it's in a dictionary. And if it's in a dictionary, an adversary can write a program to try all possible words in the dictionary, and it will eventually get to "umbrella," at which point he or she now knows how to log in to your account. So not so good as well. So what's the takeaway, then, here, for the security of your accounts and your computers? Well, maybe you should use completely random passwords. Right, if words are bad, and patterns of numbers are bad, let's just go random. So bang, bang, bang, bang, bang on the keyboard, and see what comes out. Now, unfortunately, when you register for websites or set a password, you're going to have to bang, bang, bang, bang, bang out the same exact thing multiple times to confirm you actually know it. And frankly, if it is a really weird-looking random set of characters and numbers and punctuation symbols, honestly, I don't know if I'm going to remember it as well. So sometimes people think they're being clever. So instead of saying an L in a password, they might use a number 1. Or instead of an A in a password, they might use the number 4, because they all kind of look the same. But again, any heuristic like that, even if you think you're being clever, well, the adversary, the hacker out there, can also be just as clever as you, and try those things first before he or she even bothers trying the completely random ones. So generally, thinking of some nonsensical phrase, introducing some disparate capitalization, some upper case, some lower case, toss in some numbers there, some letters, so it's not entirely random, there is still some implicit mnemonic that allows you to remember what it is, is a better approach than choosing patterns of numbers like this, or words that you might think of off the top of your head, or even actual words. Introducing deliberate misspellings, or weird punctuation or capitalization, all lends itself to that. Of course, none of this matters if you're one of these people, and odds are you could walk around a lot of offices in the world and see a whole bunch of monitors on people's desks with one of these on the display. So if you're also one of these people, you're not a good person if you're putting your own passwords on a post-it note on your monitor. Or frankly, we don't have to put the entire blame on you. Maybe your company or your university's security policies are such that they're not really that reasonable. Maybe your company makes you change your password every three months, or every six months, which frankly, might be a net negative. Indeed, increasingly are people challenging this practice, which feels very intuitively reasonable. Like, make people change their passwords once in a while, just in case they've been compromised. This way, at least the bad guys out there only have a limited amount of time-- three months, six months, whatever-- to actually use that exploit. But the problem is, if you make me change my password every three months, or every six months, especially for websites or tools that I might not even use that often, thereby making it harder, and in some sense, more cognitively expensive, for me to remember your password, well, frankly, I'm going to probably start choosing easier and easier to remember passwords, or repeating some pattern in the past, so that it's not as hard for me to remember these ever-changing passwords. So in that sense, it might actually be a net negative. If you're accidentally conditioning your team members to lower their threshold for security by choosing easier passwords, maybe they should just pick one really good, really hard-to-guess password at the get-go, and never change it, or change it years later, not so frequently. So if you're doing this, though, minimally, take these down and address the crux of the issue, not just the symptom. But there's also other issues that arise with passwords and authentication. Now, odds are, you have, if you're like me, forgotten your password to at least one website. And that's often not such a dealbreaker, because what can you do? You've forgotten your password. You haven't logged in to some site in a while, or you're using a new computer and you don't really remember it. So you can reset most passwords. You can click a link on most websites that's literally called, like, Reset Password, or Forgot Password, or something like that. And what do they do? Well, they typically ask you, then, to type in, if you haven't already, your username or your email address. And then what do they do? Well, typically, you'll get an email, hopefully within seconds, maybe a few minutes, maybe it ends up in your spam folder, so you should check there too. And it contains a link. And that link is like your password reset link. And generally, if you look close at the URL, it hopefully goes back to the same website, so example.com or whatever. And then odds are it has a really big, seemingly random value, not unlike the cookie we saw earlier. So using random values in computing, especially for security, is generally a good practice. So it has a big, seemingly random value. You click that link. You're led back to the same website, but a different screen, and it asks you to choose a new password. And you type it in once, probably twice, hit Save, and your account is now updated. So what just happened? Well, when you clicked I Forgot My Password, or Please Reset My Password, the website probably has a database. It generated some big random code, stored that in a database, and made essentially a mental note for a computer, let David reset his password. How does it know that I'm David if I don't know my password? You almost have a sort of catch-22 situation there. Well, if David still has access to the email account with which he registered for this website, which is pretty much the assumption being made, well, let's send him a special link containing that really big code that we also stored in the database, and let's assume that anyone who can log in to David's email account is probably David. So let's let that same person choose a new password for this website, example.com. So you're trusting, to be fair, that I am indeed the David who's supposed to have access to that email account. But if that's really the only way, because odds are you don't want to incur the expense or the complexity of, like, having David call up and say, hi, I'm David, and then prove this by giving you personal details about me or values or information that I might only know, you can at least trust with some probability that only I have access to my email account. And that big random value, meanwhile, is checked on the website when I follow that link. And then you realize, oh, we know that the person who just followed this link is David, with high probability, because the only one in the world to whom we sent this big random value via email a moment ago was malan@harvard.edu, or whatever your actual email address is. And so you reset your password and you're back in business. Now, sometimes, you've wanted to know what your password is. But most websites don't do this. And if you call customer service-- not that most websites even allow this-- typically, the technical staff can't even tell you what your password is. Even if you prove by telling them who you are, where you were born, and everything about yourself, they cannot tell you, technically, what your password is. And that's a good thing, because odds are that means there's certainly good security practices in place. But odds are it means too that your password, even the old one you don't remember, is encrypted in some form-- or hashed, more technically-- somewhere in their database, so that even the IT staff cannot see it. All they see is some seemingly random value in their database. And that's not your actual password. It's a hash thereof, a scrambled version thereof. But some websites are really bad. And in fact, I can think of several times over the years when I've gotten a password reset email, and oh my god, in the email, is my password. And so that's fine. At that point I remember, oh, yeah, of course, that's the password I used. And I can just copy and paste it and go about my business. But what does that mean? If the company was able to email me my password, odds are it means it is not encrypted, or hashed, or scrambled, on their database, which means any one of their employees, or a hacker who steals their database, could see my password, log in to, and pretend to be me, whatever the website actually is. Moreover, they just emailed out on the internet, and odds are, partly wirelessly, if I'm on my laptop or phone, what my password actually is. And if my email server is not using encryption, as is not always the case, they might have just let anyone in the local Starbucks or airport or lecture hall that I'm in actually see what my password is. So bad, bad, bad, bad practice to not actually scramble passwords on a server. And yet this happens, tragically, more often than you might like. So keep an eye out for this. And frankly, there's not much you can do, other than really decide, I am not using this website anymore, because they don't really seem to have their act together when it comes to security. So what's one last threat when it comes to authentication? You know, odds are, if you're like me back in the day, though not so much anymore, you might get a little lazy. You might have kind of a favorite go-to password that maybe you use on your email, maybe your social media accounts, maybe, god forbid, your bank account, or more. This too is bad. If you are in the habit-- and it's understandable, but still bad-- of using the same password on different websites, what's the threat? And what's the upside? Well, the upside is just it's convenient, right? Why remember 10 different passwords for 10 websites if I can use one password on all of these websites? It's just convenient for us humans. But what if one of those websites is hacked? Or what if a bad guy figures out, by guessing, maybe your child's birth date, which happens to be your password, what your password is on one website? Well, he or she might get a little curious, a little greedy, and try using that same password on all other websites that they know you visit to see if you're also lazily and insecurely using the same there. So this is alone a good reason to use a different password on every website. But here too there's this theme of trade-offs. Right, it's now becoming more expensive cognitively for you, just in terms of remembering all this darn stuff, if we're making you then have one password for every website. And we visit, we humans these days, probably way more than just 10 websites. It might be dozens, if not hundreds, over time, that we actually have accounts on. So surely you can't expect me to remember 100 different passwords. Well, there are tools. There's software, free and commercial alike, that you can install, that are generally called password managers. And these are tools that store, on your own phone or hard drive or SSD, all of your usernames and all of your passwords. But, if they're good software, they encrypt it on your hard drive. So you choose, when you install this software, one main master password, something that's ideally really big, really pretty random, still memorable. And maybe here, just to be super safe, you write it down somewhere and tuck it away somewhere super secure, like, physically in a safe deposit box or into a vault, somewhere that's not a post-it note on your monitor. And then, you store all of your usernames and passwords in that software, and protect all of them with just this one master password. So in this way, you can literally have a completely different and even a completely random password for every website you visit, because these password managers not just let you copy and paste your password from them into a website when logging in, you can often use keyboard shortcuts, so you don't even have to remember your username or password. You just hit a keyboard shortcut, and voila, the password manager logs you into websites for you, so long as you have logged in to the software itself, as you would typically do once a day or every time you wake up your computer. So this is amazing, because now it means I can have 20-character, 100-character passwords, if websites allow it, on any website. And frankly, these days, I don't know most of my passwords, because I let the software generate something big and random and therefore more secure, theoretically. But there is a big, big, big gotcha here. If, god forbid, I forget or lose that master password, I have very, very securely encrypted all of my accounts, none of which I can now access. So that's that one password you just cannot forget. And so I literally mean it when I say you should probably write it down, tuck it in a bank vault, tell it to someone you really, really trust who needs to have access, because you've just kind of moved the threat to a different location, to your own recollection thereof. So trade-offs to be sure, but on the whole, probably much more secure than the passwords you're currently using. Now, there are some better defenses. Not all websites support this, but increasingly are they doing so, even apps on phones as well. So not too long ago, this was the primary form of something called two-factor authentication, where two-factor authentication refers to having not just one factor, but, surprise, two factors. So what does this mean? Well, the first factor, and the factor we keep talking about, is a password or a passcode. It's something you know. And historically, we have used something you know to authenticate you to a device or a piece of software or to a website. I am malan@harvard.edu, and here is my 123456 password, something theoretically only I know, at least if it were a better password. But that's not that great, because, of course, passwords can be stolen or guessed or posted on post-it notes. So slightly better than one factor is two factors. And that second factor should be something that's fundamentally different. Not something you know, like a second password, which is at risk for the same exact threats, but something you have. So this thing here is literally something you would carry around on your keychain, made by a company called RSA, and it's got a battery and a little computational device, that shows on the screen a number, six-digit number in this case. And that number changes every minute or so. And it does so on a schedule. So theoretically, it stays synchronized with a server. Indeed, there's a server somewhere else that knows what the unique ID of the device is, and you can usually read that off of a sticker on the back or something like that. And it knows that that sticker, that device, is currently showing 159759. And a minute later, it knows, the server, what new number this device is showing. So theoretically, they should stay synced, and there's ways to help them stay synced over time. But what's nice now is that if I have an account that's protected with two-factor authentication, or two-step authentication, then it's not just something I know that I have to use and type into the screen. I also have to pull out my keys, in this case, read off the number 159759, and type that in as well. So if an adversary gains access to my password, or just guesses what my password is, it's not a huge deal, because he or she is then going to be prompted for something they have. And so long as they also haven't stolen my keychain, they don't have this. They therefore don't know the number to type in, and they don't have the second factor. And they can't get past that second gate. So it really raises the bar. It does not stop a hacker from taking or guessing my password. And it certainly doesn't stop them from physically going after the device I have on me. But it does raise the bar. And at least I'm a little less worried about the people in this room than I am about millions of random potential hackers on the internet. And thankfully, this technology, two-factor, is getting even easier. You don't need a physical device like a company like RSA used to have to send you. You don't need your bank, for instance, to send one of these dedicated devices. You can actually use software. So Google Authenticator exists. There's something called Duo Mobile, that's a commercial alternative there too, that allows you, on your phone, Android or iOS, to just hit a software-based button, see what the code is, and type it in. So Gmail supports something like this, as do many other websites these days, increasingly so, especially banks. Right, and there, too, I would encourage you to consider these various trade-offs, and to consider which accounts are really the most vulnerable. Which accounts do you worry the most about? Maybe you don't really care all that much about one of your social media accounts. But maybe you care a lot more about your bank and your savings amounts and so forth. And so maybe you should be thinking about which websites to enable two-factor on, if it supports it. And frankly, maybe you should even be choosing websites or banks based on which of them support these kinds of defenses, because it only raises the bar. And they don't even require special software. You can actually use the SMS app on your own iPhone or Android device. And what companies can increasingly do is they'll send you a text message with a code that you then have to type in. So now those two factors are something you know and also something you have already, something physical, like this. All right. So what about the network itself? We've talked really about physical, proximal threats thus far. But what about the security of the networks we actually use, especially when so many of the networks we use these days are wireless-- my phone, my laptop, other devices in my home too, all somehow use wireless especially. So typically, you can pull up a little menu on your computer, whether it's Windows or Mac OS, and see all of the wireless networks in proximity. And odds are, by now, you've been conditioned to look for free Wi-Fi in some form. Right, one of the icons that does not have a padlock on it. And you choose that one, whether it's Harvard University or some other SSID, as it's called, the identifier for a wireless network. You connect to it. And then usually a little icon kind of blinks and pulses. And then hopefully, within a couple seconds, you're connected to Wi-Fi. Now, sometimes it doesn't work. And sometimes, even though a network doesn't have a padlock and it seems to be free, just doesn't work for any number of reasons. One, it might not be working properly. Two, it might require that you pre-register the device on that network. So there's different reasons that it might not work. But sometimes it does, especially at Starbucks and airports and hotels. Sometimes you have to pay for it. And indeed, sometimes the first time you visit a site, you're prompted to pay, or at least tell them your room number, in a hotel. But otherwise, it just works. But the problem is, in all of those scenarios, even if you pay for that Wi-Fi, if there's no padlock on the wireless network to which you've connected, it's insecure by definition. It's not encrypted, at least not by the network in the room that you're in. Now, you might still visit websites that start with https://, that are using secure connections and encrypted connection. And that's a good thing. And that mitigates this issue. But maybe your email doesn't use encryption. Maybe a lot of websites you visit don't use encryption either. They start with http://, and so that means, on insecure wireless networks that have no padlock and therefore no built-in encryption, everything you do on the internet can in fact be seen, or sniffed, so to speak, by someone else in the nearby area, let alone elsewhere on the internet. So if you see some creepy person on their laptop, you know, Mr. Robot there in the corner, he or she might actually be on their laptop sniffing all of the wireless traffic in that Starbucks, and anyone who is not using HTTPS-based websites, for instance, he or she might see everything that's actually happening. And what can you do then? Well, one, don't use that particular network. Or two, maybe use something like a VPN, a virtual private network. Now, not all people have access to these. Sometimes, if you work for a company, or go to a university, you can actually install software that allows you to connect to a VPN, a virtual private network. And what this means is that your connection to the internet is indeed encrypted. So for instance, if this is you here on your laptop, and here we have the internet, and here we have some websites inside some company's building that you're trying to connect to, typically, if you're using insecure Wi-Fi, your zeros and ones might go here through the internet onto that company and then back in the other direction, completely insecurely, which means anyone in Starbucks near you over here, anyone theoretically with physical access to the wires and such on the internet itself could access that data, if it's all unencrypted from the get-go. But what you could do, especially if you're worried about Mr. Robot in the cafe in which you're sitting, if you do have a VPN at your company or university, like this one here-- we'll call it Acme-- where you work or go to school, you can first establish an encrypted connection here, where "encrypted" is going to mean scrambled in some way. It's not just text and numbers that you see. It's sort of random permutations thereof, because of an algorithm that's being used. And now you can let your company or university do all of the talking with the rest of the internet. So you're essentially tunneling, so to speak, all of your internet traffic through your own company or university by way of this thing called a VPN. There's still a flaw here, though, and you can kind of see it in the picture. VPN is between you and, like, your company, or university, or frankly, there's third parties you can pay these days some number of dollars a month so you can actually have a VPN connection somewhere else in the world, even. But there's still an insecurity here. Where? Well, I've only labeled this channel of communication back and forth as encrypted. And that's because odds are, if you're just visiting an insecure website that's just http://, well, it might actually still be insecure once it leaves your company. So here, too, there's a trade-off. You've increased the security around you, but you've really just pushed the threat away. There's still a threat. It's just now random people on the internet. It's not Mr. Robot in the very same cafe that you're in. So maybe that's OK, because maybe you're really only worried about nosy people here, and not random people on the internet. Or-- but, rather, you've paid another price. Turns out that any time you do something more to a process, as we're doing here, odds are you're increasing the cost involved. Right, I don't know much about encryption right now in the story. But I do know it's something I wasn't doing earlier. So surely, doing something must take more time than doing nothing, to put it simply. And so by encrypting my data, by doing whatever algorithm is necessary to scramble my zeros and ones, must be taking some amount of time. And indeed, it might somewhat slow down your connection, to use a VPN, which might be a trade-off, especially if you're on a plane or something like that, where your network connectivity is really quite limited. So a trade-off there. Now, fortunately, companies, and even personal computers, have special devices, or special software, called firewalls, that I'll depict there. And even your own laptop, in some sense, has turned on, or most likely has turned on, its own firewall. And I'm drawing it as a physical line, as though it's a physical wall. It's not. It's just software. A firewall is just, in the physical world, an actual wall. So if you've got, like, a strip mall with lots of little companies and lots of stores, one of which might catch fire for some reason, historically, a lot of these kind of setups would have physical walls, special layers of bricks or other material, in between the stores, so that if there's a fire in one store, it might still get hot, but hopefully it does not pass through into the next-door store, because of that additional insulation between them, firewall. Now, in the software world, it's kind of the same idea, but it's all digital. You might have software running on your Mac or PC over here at left, or your company is going to have some kind of special software running on the periphery of their network, where the routers typically hand off data to other networks altogether, or other ISPs. And those firewalls look at things like the IP addresses to which you're sending, or from which you're receiving data, the TCP port numbers that are being used. And these firewalls can help keep bad guys out and help keep internal data inside. So there's that additional defense as well, which is just yet another piece of the puzzle. Now, if you're running Mac OS or Windows, odds are you just want to check if you're actually enabling that on your computer, so that when you are on a public, especially insecure network, unencrypted, to be sure that no one can really be hacking into your computer with this high probability, because at least your computer is kind of keeping them at bay. But what does it mean to encrypt data? Right, I've just kind of been taking for granted that you can encrypt information in this way. Well, what does that actually mean? Well, suppose that I want to send a message to someone, like, the message, "Hi." But I don't want anyone else in the room, anyone else in the cafe, to know whom I'm saying hi to, or that I'm saying hi. I might want to scramble this message. So how might I scramble it? Well, you know what? Rather than send "H-I," I'm going to send "I-J," because that is not English, and that makes no apparent sense. So I'm going to send that in a message, or that in an email or a text message or some other digital medium, from me to some other person. Now, why did I choose "I-J"? It's deliberate. It's a little stupid. It's not very secure. But it's an attempt to be more secure. "H-I" is the message I want to send. "I-J" is what I'm actually sending. But I've just used a simple algorithm here. I took a letter that I want to send, and I changed it by one. So H became I, and I, coincidentally, became J. So I send "I-J," and I send that message to someone else in the cafe, or across the internet. What does he or she have to now do? Well, he or she has to know that the secret algorithm I'm using is to not only rotate letters by some number of places, but they need to know the key. The key to this algorithm is the number of places that I'm shifting letters by. So he or she has to know that it was just one. And that's why I say it's kind of dumb, because one is not that hard to just guess. I could just try one, and oops, there it is. Hello. But they have to know to unrotate these letters by one place. So I now becomes H again, and J becomes I. So this, then, was my plain text. This, then, is my so-called cipher text. And once decrypted, becomes my plain text as well. Now, it turns out this is an example of something called a Caesar cipher, a rotational cipher. We could make it a little more interesting by rotating by two places, or three, or 13, or even more. But it's not all that secure if it's pretty easy to just guess. Right, even a bad guy who intercepts this message could just try rotating by one, rotating by two, rotating by 25, and figure out, just intuitively, and a little methodically, what it is I'm actually sending. So rotational ciphers, not really used on the actual internet. There's more sophisticated means. But there's also another glaring flaw here to encryption, which is, my friend to whom I'm sending this message apparently needs to know what that key is. He or she has to know that the secret was, in this case, one. Now, that's kind of a chicken and the egg problem. Right, because for him or her to know what key we're going to be using, we have to agree upon it in advance. So how do we agree upon it in advance? I can't just send them a message and write the number one on it and send it, because it would be unencrypted. And if I even wanted to encrypt it, I can't, because he or she doesn't know how many numbers of places to rotate it yet. So maybe I pick up the phone. I use a different technology, and I say, hey, let's use a key of one! But at that point, the story is kind of stupid for a different reason. Why don't I just tell them "hi" at that same time? Right, so if I'm already talking to them via some other channel, just give them the message. Don't worry about a key. And this is absolutely the case when you visit a website. Like, I don't really know anyone personally at amazon.com who can sell me a book. I don't really personally know anyone at Gmail who can send me my emails. I know the website gmail.com. I know the website amazon.com. And my computer certainly doesn't know another computer there. It just knows its domain name and maybe its IP address, eventually. So it turns out, what we just described, rotating characters one place, is what's called secret key cryptography. So secret key cryptography is predicated, of course, on keeping that key, the number one or 13 or 25 or something else, secret. But there's also something called public key cryptography that satisfies this issue of chicken and egg, where you need a secret, but you can't establish a secret before you have a secret. Public key cryptography addresses this as follows. Whereas in the secret key scenario, you have just one key, in the public key scenario, every person has two keys. One key is private, and one key is public. And it turns out, there's a mathematical relationship between these two values, public and private, so that you use the public key to encrypt information, but you use the private key to decrypt it, which is to say that if I have two people here, let's say Alice and Bob, Alice has her private key, we'll call it A, and her public key, public A. And Bob, meanwhile, has his private key, B, and public key, B. And so when Alice wants to send Bob a message, she sends it from A to B. And she uses Bob's public key. Bob, upon receipt of that message, uses what? His private key to decrypt it. And again, for now, let's just stipulate there's a mathematical relationship such that algorithmically, Bob's private key can undo the effects of Bob's public key. Meanwhile, if Bob wants to reply, let's consider what Bob uses. Bob wants to send a reply to Alice. So Bob uses Alice's public key. Alice receives the message and uses what to decrypt it? Alice's private key. And by nature of public, these keys, A and B, can literally be posted on the internet. They can be read aloud on the phone. They can be sent in an email or a text message. They are public because mathematically, they are meant to be divulged to anyone who wants to know it, but especially the person who's going to use it. The private keys, though, meanwhile, Alice and Bob have to keep private. They can't reveal that. They can't email it out. And all of this happens automatically in today's browsers. In fact, when your browser, Chrome or Edge or whatever, uses the internet to connect to amazon.com or gmail.com, your browser has its own public and private key, as does Amazon's server, as does Google and Facebook and any other website. And unbeknownst to you, just underneath the hood, so to speak, is your browser using this crypto system, this public key cryptography mechanism, to exchange a secure message with Amazon or Google or Facebook, even though your laptop has never met anyone at those companies before. And so turns out, for efficiency, what's ultimately used later is very often secret key cryptography. In other words, you use this whole public key system to just exchange a secret, like the number one, but much bigger number than number one, and much bigger than 13 and 25. You just use it to exchange a secret that you probably dynamically randomly generate. But this public key system is what solves, ultimately, that chicken and the egg problem. So even then, within the world of our network, do we have not only constant threats, especially these days wirelessly, we do have a number of protections-- software, but also algorithms-- that help keep some of those threats at bay, and also help us avoid some of those threats altogether. So what remains? Well, going around this campus lately are actually posters like this-- Report Phishing. And this is a technique that's actually been around for years now, but it seems to kind of be gaining even more momentum, frankly, especially as email clients are getting a little more sophisticated and a little more featureful. Phishing attacks are when some adversary, some bad guy, sends you an email, typically, that looks legitimate, looks like it's from paypal.com, looks like it's from your own bank, looks like it's from an actual website on which you might have an account. And it usually says something stupid like, please click here to-- it's not even stupid. It's just completely malicious. "Click here to reset your password." Or, "click here to confirm your identity." Or, "click here to confirm your bank account details." And sometimes it will start with a preamble explaining how they're doing this as standard security practice, or sometimes they're doing this-- they say that, oh, something has been hacked and we need you to change your password. It doesn't even matter what the story is. The point is, they're sort of trying to fish and reel you in and trick you into giving them information that they really shouldn't have. And so this is so rampant lately at Harvard that there's posters all over campus encouraging people to report phishing attacks, so then at the network level and the email servers, these kinds of attacks can hopefully be filtered out. Because what actually happens in these attacks? You get an email that might look like it came from Gmail. It might have Google's logo. You get an email that looks like it might have come from PayPal, and it's got their logo, and it's got a lot of fancy text, and it has even a secure message on it. But the link that's in it, odds are, does not go to paypal.com, and does not go to google.com, or your own particular website. Odds are it goes to a completely random URL, or maybe it goes to a slight misspelling of that URL that someone else has bought. And it might even lead, once clicked, to a website that looks like identical to the real PayPal or gmail.com, but that's just because someone knows HTML and copied PayPal's or Google's or whoever's HTML. All that's pretty darn easy. They're just trying to socially engineer you, trick you as a human, into believing them, because it looks like a legitimate email, into behaving in a reasonable way, but in the wrong place. And the phishing attack leads, generally, to you accidentally or unknowingly giving someone your identity, giving them, god forbid, your bank account details, your usernames, your passwords, because you've been duped by a social engineering attack. So what's the giveaway there? Well, one, distrust most emails that you get. Even when you do get an email from your bank and it looks legit and maybe it is legit, don't click the link in the email, right, just in case. You know you're a customer at BankOfAmerica.com. So you go to your browser and type in, literally, BankOfAmerica.com, Enter. Go there without using the link in the email. Log in, and then find your way to whatever it is that email was telling you to do. Don't click on a link from Google. Go to gmail.com, hit Enter, log in in the usual way, and don't trust the email. But look at these emails with a discerning eye, too. Does it look like it came from a sketchy-looking email address, sort of a random Gmail address, not an official-looking account? But even that can be spoofed. So it's not a tell. But sometimes you'll see typographical errors. Hopefully, you think, good marketing departments don't send out emails with typographical errors. So that could be a tell. These are not reliable tells, though, because you can forge an email address, and you can certainly spellcheck a phishing attack. But these are just things that should raise red flags in your mind and should set your radar off. But in general, just avoid clicking things that themselves might not be safe, because what might happen? Well, you might indeed end up giving away sort of the keys to the kingdom, like your identity, your bank account, your usernames, passwords, and more. But your computer might even get infected somehow. Right, it's often the case that these URLs lead you to websites that are infected with something-- malware, malicious software-- that can do anything. Especially in the Windows world, where computers have historically tended to be under greater attack, you might be led to a website that somehow injects into your browser, and in turn into your computer, a piece of software that someone with way too much free time and way too many malicious intentions has written in order to erase your hard drive or send spam from your computer or encrypt all of your files. Indeed, some of the attacks these days do something really draconian, which is they'll encrypt data on your hard drive, or for a company, they'll encrypt a company's database, and then send them a nasty-written email saying, pay us $500, pay us $5 million, in order to get the key to decrypt your data. And maybe that key doesn't even work-- that's even unclear-- effectively giving term to the word "ransomware," where it's software that effectively ransoms your data, expecting some kind of payout before it's given back to you, or effectively, decrypted for you. So malware can be anything. At the end of the day, any piece of software can do anything on your computer that it wants, especially if it's been installed somehow with administrative privileges, or has taken advantage of bugs in software, to somehow get onto your computer in ways that weren't intended, but that are nonetheless possible. And so this is even a more worrisome threat, because you might not even realize thereafter that you've been compromised, and the software might just keep running and running and running. And that, at the end of the day, is kind of the core issue with all of these threats to one's security, privacy, your data, your devices, and more. It really boils down to trust. Do you trust the people around you? Do you trust the algorithms and the software that you're using? Do you trust the manufacturers of the hardware that you're using? Consider, after all, that we've focused for the most part on Mr. Robot in cafes, random people on the internet, and nosy neighbors and roommates and family members. But where did all of the hardware and software come from that's legitimately being used by you on your phones and laptops and desktops every day? Well, a lot of it comes from Apple, or Microsoft, or Google, or other companies. But odds are, all of us have installed software from the so-called App Store or Google Play, or from random websites, or we've bought software and installed it on a computer, or downloaded it in some form. But who's to say that Microsoft Word isn't logging every keystroke you type, whether or not you're inside the program itself? Who's to say that Google is not watching everything you do within Chrome, even if you're not on google.com? If they wrote the software, Microsoft or Google, they could be doing both, or all of those things, or none. Hopefully none. But it's all about trust, because even though we could audit our computers and we could kind of use the activity monitor or process manager to see what it is they're doing, there have been cases where the specially malicious software has been written to cover its tracks. So it doesn't even appear in the process monitor or process manager or activity monitor. So it's still there and running, but it's kind of hiding itself altogether. And that makes it even harder for all but the most sophisticated security folks to actually find, let alone little old me or random users on the internet who might be infected. Right, so who's to say the very software we're using is actually doing what we say? Who's to say that Snapchat is actually deleting messages after three seconds, or 10 seconds? It's just what they say. What if there's a bug? What if there's a malicious intent? What if there's a malicious employee who simply programmed those devices to do something else? So at the end of the day, it is very easy to sort of curl up into a ball and sort of tearfully worry about all of these various threats. But at the end of the day, what really we need to do is decide whom to trust, and how much to trust, and what kind of risks to take. At the end of the day, there are no surefire answers to any of these threats. There are defenses, but they really just raise the bar to the adversary. They raise the cost to him or her, and they increase the probability of your security and your privacy, but they don't guarantee it. You yourself have to decide how much you're comfortable doing on the internet, how much data you're comfortable storing on your computers, and ultimately, whom to trust, and just how much to trust them. That, then, is security.