Silicon Footprint

So, I shall continue to mix metaphors horribly, in hopes that the jarring connotations trigger the feelings I'm trying to convey. This time, I'm thinking of my footprint on the web. My friend, Holly Jahangiri, mentioned that she was keeping her profile on a social media platform so that no one else grabs it.

Unlike the dreaded carbon footprint, it's not immediately obvious that we should strive to reduce our silicon footprint. That is, should we be more visible or less? For historical context, I used to read a lot of Make Money Online (MMO) blogs. In the early days of Google, online marketers manipulated search engines for profit. In order to combat this exploitation, Google began to actively hunt down websites that ran afoul of whatever the Google demi-god decreed was fair play.

In response, marketers began teaching each other ways to "reduce their footprint" on the web. You see, a lot of the exploitation involved making dozens or even hundreds of duplicate websites, all linking back to the so-called mothership. Other techniques relied on stealth. Interestingly, both tactics were exposed due to laziness and ignorance on the part of marketers.

For example, if a marketer replicated a Joomla site, chances were good that certain files, HTML snippets and scripts were completely duplicated. In the case of the stealth marketers, these copies were considered "leakages" that revealed the identity of the marketer.

The marketers spent a lot of time and effort sealing these leaks. In essence, they were attempting to reduce their footprint.

The flip-side of silicon reduction is amplification. Ironically, this is also based on efforts of marketers. The most famous amplifier, that I remember, was Pat Flynn, of smartpassiveincome.com.  His message is centered on creating an audience, using as many channels as possible. While some of them are offline (books, for example), many involve social media platforms.

Naturally, amplification appeals to non-marketers, as well. Unless we're all marketers?

Okay, let's leave marketers alone. They're not all a monolith of evil. Let's turn now to the other raging topic of the web: privacy.

If that's not a buzzword for reducing our silicon footprints, I don't know what is. What I do know is that I am pulled between two dichotomous concepts:

The Internet is forever

Security by obscurity

These deserve more than a glossing overview. As a person old enough to pre-date the advent of the world-wide web, privacy was simply a matter of having an unlisted number, not signing up for those store surveys and always requesting the carbon from the cashier who imprinted your credit card.

Of course, I was not too savvy about credit bureaus, public records, the federal government and direct marketing sales leads. (Oops, I mentioned marketers again!)

I was shocked to learn that my savings bank routinely sold customer information to whoever was paying for them. When I finally learned to monitor my credit reports, I realized that privacy was basically a myth.

Now, in this Internet Age, privacy is relative. It is vitally important to someone who is being stalked. But, shouldn't it be equally important to us all? It's one thing for Walmart to harass us with "targeted" ads. It's quite another to be targeted by faceless hackers and their soulless botnets.

This leads directly to the conundrum of the silicon footprint. If it is the sum total of amplification and visibility, less the impact of privacy / stealth efforts, what is the sweet spot? What magic number indicates the perfect balance between having your voice heard without pinpointing the location of the megaphone?

To even begin to search for the answer, we have to look at the second concept: security by obscurity. This term originated to define the choice one takes to evade detection, where that choice flies in the face of established security practices.

I love the examples given here:

Examples of security by obscurity

To explain how security by obscurity works, we need to look at real-life examples. And the first example that comes to mind is this one:

Hiding the key to your front door under a nearby rock or the welcome mat. The principle is simple: your house will be “secure” until a thief discovers the key in its hiding place. That’s when your house becomes vulnerable.

The same goes for building your house in the middle of the forest. Being surrounded by trees and shrubs, it’s “secure” within that forest. However, as soon as someone walks in and discovers your house, it’s vulnerable.

In the cybersecurity world, there are other real-life scenarios where security by obscurity is seen every day:

  • Hiding user passwords inside binary code, or mixed with script code or comments. This is a very popular technique that assumes the attacker won’t read the code, and therefore, provides protection from any intrusion.

  • Changing the name of your application folder, for example from ‘admin’ to ‘_admin.’ It may take longer, but if the attacker finds you are using ‘_admin’, and there is no additional authentication or IP-based whitelist, he’ll be able to jump right into your administrative area.

In terms of regular folks like us, we may subconsciously rely on this concept when we defer things like backing up our WordPress sites, protecting our home computers and reusing our passwords online. In other words, "Ain't nobody thinking about little old me..."

Except, it's not the "nobody" we should be focused on, it's the unrelenting, soulless botnets! If you do have a WordPress site, hopefully, you're using some kind of login protection plugin. Even a cursory glance at the activity logs should be enough to scare you!

If spambots weren't bad enough, what about the barbarian port scanners probing at your gateway? I check in with Gibson Research periodically, just to ensure that  these malevolent electrons don't know that I exist.

Incidentally, that site has a great article about passwords. It's titled How Big is Your Haystack? The subtitle is ...and how well hidden is YOUR needle? Talk about keys under rocks! We shouldn't have to be neuroscientists to stay protected online.

Also, social engineering is going to undo all the technical advances made, ever. What good does it do to have a quantum 4-dimensional authenticator if a hacker can just sweet-talk his way past all of your firewalls?