Continued from Part 2 - Risk and Reward

So far I've laid out some of the more obvious risks of an Internet connection, risks involving active intrusions into your personal computer and whatever private information it holds. Now I'll go over some less obvious but more dangerous risks: obscurity, targeting, and disempowerment.

Obscured Risk

The risk of remote intrusions is obscure in that we can't see beneath the surface of our computers. By the time we discover our computer has been infected by an undetectable and unremovable rootkit, it's much too late. Same if it's been recruited into a botnet and has been cracking passwords, mining Bitcoins, or sending spam all day. Or when it has a keylogger installed that is sending all of our passwords to a Romanian organized-crime syndicate. It's always too late. Then after all that we discover that our Internet-connected activity is being tracked and stored indefinitely by both governments and large corporations. Another discovery, way too late.

The other aspect of obscured risk is that the most insidious remote attacks are targeted specifically at you. That is, even though the well-known indiscriminate attacks achieve many intrusions, extract plenty of cash, and provide useful information and leverage to whoever is behind them, they are half-hearted efforts. The best techniques are waiting for you, specifically, and you have no chance against them. You won't even suspect that you have been targeted. Your router has a backdoor, your wireless encryption is crackable, your computer has vulnerabilities, and you are going to fall for simple cons. No chance at all.


Why would you become a target? It's not random. It's due to information you have exposed, perhaps through a previous intrusion or perhaps information you've exposed intentionally in a blog, on a social network, in a forum, in a comment, or else unintentionally via passive monitoring. Perhaps it's information you have been leaking for some time - as information tends to do - and it has accumulated and been bought and sold to the point that it is finally worth acting on. All because the risks of your actions were obscured and incomplete.

It gets worse. By attempting to maintain your privacy and secure your information, switching to better practices (good opsec, good infosec) simply puts a bullseye on your back. Because your digital fingerprint is now weird and your behaviour is increasingly abnormal, so you begin to look like a legitimate threat regardless of your intentions. Not only are you an easily distinguished high-value target but you remain vulnerable to attacks that are beyond your knowledge and expertise. You're worse off because you have a false sense of security and are also more likely to receive extra-special attention. A poor situation.


And that brings us to disempowerment: the transfer of power from you to someone else. "Information is power" is a phrase you've probably heard before. I like it better as "information asymmetry is power", or even "asymmetry is power". Obscured or ignored risk strikes me as a clear example of information asymmetry. There's someone behind each threat, each attack, all monitoring, and each bit of accumulation. When they know what they're gaining, and you don't know what you're giving up, or even that you're giving up anything at all, that's both asymmetrical and disempowering. And it's all about information.

Yet simple information possession is only a small part of the power differential. The full scope of information includes the ability to collect, filter, structure, analyze, distribute, aggregate, and apply toward developing strategies, increasing the quality of one's options, improving choices, and optimizing the efficiency of actions. A significant gap in capabilities - where one side can do much more with information - represents a growing power disparity, much like how compound interest works. The material, tools, and techniques available to you are laughably infantile compared to what powerful organizations have, and so the gap continues to grow.

Today, thanks to Internet-connected personal computers, there is a clear information asymmetry that goes well past possession. In the domain of information, an individual is like a lone ant to the herd of elephants that is government agencies and big businesses. This is not a new trend overall but technology has accelerated that process and the Internet has enabled the dramatic surge of the past decade or two.

The Point

All unknown or obscured risk represents a transfer of power. When that obscured risk is a continual presence, like it is with Internet-connected devices, you will soon be powerless. Now that most of our population is hooked up to the Internet on a daily basis I'd say that a massive transfer of power has already quietly taken place. This power transfer will continue until our patterns of behaviour are driven by a realistic sense of value instead of one distorted by intentionally obscured risks.

It seems to me that the value of our personal computers is not nearly as high as it should be. Not even close. But since I'm working toward a version of a personal computer that offers a much higher reward while skipping past this whole obscured risk factor by avoiding the Internet, there's still plenty to discuss.

Continued in Part 4 - Incredible Reward