(Part 2) Top products from r/privacy

I would recomend you to read Future Crimes by Marc Goodman https://www.amazon.co.uk/Future-Crimes-Digital-Underground-Connected/dp/0552170801?SubscriptionId=AKIAILSHYYTFIVPWUY6Q&tag=duckduckgo-ffab-uk-21&linkCode=xm2&camp=2025&creative=165953&creativeASIN=0552170801 mostly deals with the non existence of electronic security though and how it is and can be exploited

Information and Corporate security is a very big subject, so it kind of depends where you intend to take your story. But you can start by reading the Wikipedia article about InfoSec https://en.wikipedia.org/wiki/Information_security and then see how each area fits into your story and work out from there.

Some realisim in how difficult it can be to track down a hacker, read The Cuckoo's Egg by Clifford Stoll
https://www.amazon.co.uk/Cuckoos-Egg-Tracking-Computer-Espionage/dp/1416507787/ref=sr_1_1?s=books&ie=UTF8&qid=1500888747&sr=1-1&keywords=clifford+stoll very different from what you see in the media

IMHO the most interesting area in Information security is Social Engineering, it requires cunning and skill, and sometimes you can't stop admiring the talents and genius of some of these people. Read Social Engineering: The Art of Human Hacking https://www.amazon.co.uk/Social-Engineering-Art-Human-Hacking/dp/0470639539/ref=sr_1_1?s=books&ie=UTF8&qid=1500889212&sr=1-1&keywords=social+engineering+the+art+of+human+hacking

Each year Verizon release their data breach report http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/ it is free to download (don't have to register, just click the download only button) I think that is possibly the best insight you can get into corporate security challenges in 2017

This isn't a short and sweet answer by any means, but if you're interested in understanding what it is about modern-day journalism that makes it so intrinsically difficult for honest journalism to flourish, I highly suggest you read Trust Me, I'm Lying by Ryan Holiday. I jut got done reading it a few weeks ago and found it fascinating.

It really depends on what you mean by "privacy." To wrap your head around all the different ways it's used, Dan Solove's article "A Taxonomy of Privacy" is a good read.

In general, Dan Solove's Nothing to Hide is definitely worth reading.

Robert O'Harrow's No Place to Hide is another good one.

Not books, but Peter Fleischer's blog, Bruce Schneier's blog, and Eugene Volokh's blog.

Also, privacy is kind of the flip-side of the free speech coin, so you'll want to read up on that. There are a bunch of authors that write about the privacy/free speech dichotomy, so here's a random list of various interesting things I've read recently: Eugene Volokh, Robert Larson, Anita Allen, Woodrow Hartzog, etc.

I don't know if there exist threat modeling for a single person but usually most of the materials online are at enterprise level or something to that level. Like those of certification materials Security+ and CEH v9 or other similar courses. It can somewhat give you an idea how you want to determine your threat model.

For courses, I like Nathan House's stuff from Udemy.

There are as well books that cover those topics but the pages can range around 200 to over 600 of pages. E.g. The Basics of Cyber Safety has 254 pages and Threat Modeling: Designing for Security has 624 pages.

You can check those also:

https://en.wikipedia.org/wiki/Threat_model

https://en.wikipedia.org/wiki/Threat_%28computer%29#Threat_model

Otherwise see conferences like DEF CON, Black Hat, CCC and similar topics. Here's my give away:

• https://www.youtube.com/watch?v=JsVtHqICeKE
  
• https://www.youtube.com/watch?v=9XaYdCdwiWU
  
• https://www.youtube.com/watch?v=J1q4Ir2J8P8
  
  I hope that helps.

Some search terms for how the internet works: Packet switched networking, TCP, IP, SSL.

I don't think I have ever read a book about basic internet workings, the internet is really the best place to read about that stuff (hence the search terms).

Instead I will list some books which look at how we define security and why secure systems fail:

Secrets and Lies is a good primer discussing trust / networks / cryptography and a few other things at a high enough level to be interesting to a lay reader: http://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/ref=sr_1_4?ie=UTF8&qid=1419753343&sr=8-4

Art of Intrusion is packed full of stories about how systems (computers or otherwise) fail and become insecure: http://www.amazon.com/Art-Intrusion-Exploits-Intruders-Deceivers/dp/0471782661/ref=sr_1_1?ie=UTF8&qid=1419753466&sr=8-1 the sister book Art of Deception (stories about Social Engineering) is also pretty good.

The Code Book, mostly history, but provides a great introduction to cryptographic concepts. http://www.amazon.com/The-Code-Book-Science-Cryptography/dp/0385495323/ref=pd_rhf_se_s_cp_7_RTJS?ie=UTF8&refRID=1RRWWY0RNX7G8HRYPFFS

It's absolutely possible. Diaspora was a decentralized social network almost a decade ago. And end to end encrypted photo messaging services exist too, all over the place: signal, ichat, WhatsApp... Hell, even bittorrent is encrypted now.

NAT doesn't make this hard since the advent of upnp several years ago.

We have the technology. The issue is the market and legal situations. Problems like

• the US and UK governments hacking into Internet infrastructure to record every byte sent or received... With legal backing.
  
• the US government actively inserting backdoors into encryption methods and products.
  
• EU governments requiring companies to scrub information from the Internet, as if that was even possible.
  
• legal frameworks that allow your information to be collected, combined, and resold without your involvement. Data brokerage is one of the fastest growing industries in the world right now, and you've never heard of any of the main players (Rubicon project, AdSonar, Quantcast...) . These are companies who know every website you've ever visited (thanks ISP for selling that info), every search you've ever tried (thanks google), every product you've bought from every store (thanks credit card company) , every location you've ever been (thanks phone vendor), your entire address book and friends list (thanks phone apps). They sell your information as a part of lists like "new parents", "recently broken up," "behind on payments", and "gullible seniors." And you're not within shouting distance of even knowing about this. The only things that are off limits are the ones with legal protections: financial and medical information.
  
• 90% of users do not understand or care about the difference between encrypted and not encrypted products.
  
• 90% of users don't understand when their data is being read at all - they think Facebook private messages are private, and email is private, and SMS is private...
  
  If you're interested in the subject I highly recommend Bruce Schneier's book, Data and Goliath. An eye opening book from one of the most important people in the industry.

You should look into Toyota, especially the Toyota Production System. For me they're the prime example of a company following a long-term vision over short-term profits. Liker's The Toyota Way gives some excellent examples in that regard.

Read a book... specifically this one, he's responsible for doubling it.
https://www.amazon.com/War-Rise-Military-Internet-Complex/dp/0544570286

I ran across this online magazine series based on the book, The Mastermind, by Evan Ratliff. Amazon link, or check out your local independent bookstore or your public library!

Truth can be stranger than fiction, and to anyone wondering whatever happened behind the scenes that resulted in TrueCrypt being mysteriously pulled, this reporter's excellent work points to how and why.

Err, and also is a cautionary tale of how sometimes folks in the security community can be really freaken' weird when you look closer.

>Paul Calder Le Roux was once known online for helping build one of the world’s most significant pieces of encryption software, and then, in the mid-2000s, he poured his technical talents into an Internet pharmacy business, selling prescription drugs to Americans. That operation, according to the Department of Justice, earned hundreds of millions of dollars. Le Roux then directed his money into a broad portfolio of criminal concerns around the world: cocaine dealing, arms dealing, gold and timber smuggling, money laundering, and selling technology to pariah states. In the course of business, he’d arranged the murder of at least half a dozen people that I could name.

>For two years, I have been following the strange saga of Le Roux and the constellation of criminal prosecutions that surrounds him. I have traveled to the Philippines and Israel, connected with sources deep within Le Roux’s former criminal empire, and obtained exclusive documents revealing Le Roux’s background, his operations, and his cooperation with U.S. authorities.

>On March 10, The Atavist Magazine will launch “The Mastermind,” a seven-week series following Le Roux’s rise, his downfall, and his turn as a U.S. informant.

It's a longer series, but well worth the read.

I think it's important to not swing between two extremes - "nothing to hide" and "tor only". It's not all-or-nothing situation; different situations call for different levels of privacy.

One of the issues in the Information age is nothing is ever forgotten, information stays around in the servers and becomes searchable. How many risks would you take talking about the controversial subject if it is automatically linked to your Real Identity and practically unforgettable?

Here's analogy we can try - people can start different businesses, but one of the options they have is that they can start a LLC so they don't have to be personally liable. What would happen if structures like LLCs are discontinued and all businesses have to have owners who in the end have to assume liability with personal assets? I think you know what I am getting at.

"I got nothing to hide" is probably a fallacy and a misplaced trust in human nature especially when it comes to using power, be it commercial or governmental. This argument is mostly used when talked about unwarranted surveillance in which case the point should be that tracking people unsuspected of a crime is a wrong thing to do under any circumstances and not having anything to hide does not make the surveillance ok.
Further reading: http://www.amazon.com/dp/0300172311/

In general, I think the anonymity or very least using aliases has done very well for reddit. The discussion has been frank and let many people discuss subjects that otherwise they would have not been able to although at the same time kicking up youthful hubris here and there but nothing like unpalatable levels or 4chan.

OK, given enough time and motivation, you can narrow down stuff. Overly sensationalistic story. And hardly breaking news. Glance over Database Nation: The Death of Privacy in the 21st Century (2001)

Tracking drivers via phones has been going on a long time. See this old New Scientist article from 2003.

Of course, toll tags are another tracking method. There are RFID tag readers along highways that monitor drivers beyond the toll booths to get those live traffic congestion pics. See Spychips chapter 11.

This? https://www.amazon.com/Invisibility-Toolkit-Oppressive-Governments-Internationally/dp/1517160081/ref=pd_sim_14_31?_encoding=UTF8&psc=1&refRID=MHJEGG3VXKBQCNQJ2VXQ

This book has about 30 pages worth of places to request info from and then how to opt-out of some data collection services.

Hiding from the Internet: Eliminating Personal Online Information https://www.amazon.com/dp/1522914900/ref=cm_sw_r_cp_api_VoCIAbKTQMAC4

>What makes you think that without a state telling us what to do that everything would go back to a tribalistic nature?

I didn't say society would "go back." I cited the traditional tribal structure as the only form of "natural" self-government that has ever existed. No advanced society has ever achieved this, nor has any society with more than several hundred members. Even larger tribes had courts and judiciaries of sorts. The upper limit of the society you describe is about 200-300 individuals and no more.

I'm not saying society would "go back to" anything. I am saying the world you want disappeared when the small and traditional tribal structure was replaced by systems that allowed for the cooperative survival of more than 300 people together in a group.

Your faith in humanity and human nature is jaw-droppingly naive. You essentially believe in faeries and gnomes.

You should really read Shantung Compound.

>I think people should use crosswalks... regardless of camera coverage. If you don't and you get hit by a car, it's your own fault and it should come out of the pedestrians pocket.

http://smile.amazon.com/Fighting-Traffic-American-Inside-Technology/dp/0262141000

Yes, there are a lot of ways to do that, and they have different costs and benefits and risks.

However, it's not a product you can buy - it's a carefully designed structure that depends a lot on exactly what threats you're concerned about, what sort of assets you're wanting to protect, what kind of access you need to the assets, and the tax and estate planning implications.

If you could just buy some magic beans that would make all legal risks go away, nobody would ever successfully sue anyone, and we could all run around stealing from each other with no worry about the consequences, because we'd all have the magic beans.

Wait, maybe that wouldn't be so awesome . . .

This book is the best I'm aware of on the topic - but if you're looking for a simple bulletproof solution, you're going to be gravely disappointed. If you find someone who tells you they have a solution to your problem, you just need to pay them $X and everything will be fixed, run away - you have found a con man.

I was going to agree with you. I had a post written, including an analogy with the word "gay" about changes in common usage. To demonstrate a point, I looked up "hacker" on Google Ngrams. It was, uh, surprising.

• Up to the mid-1980s: "Hacker" was last name, a taxi driver, or a person very bad at golf. This overlapped with a very, very niche subculture usage of the term to mean tinkerer, as you said. It was so niche that almost nobody wrote about it. Ever.
  
  
• 1976: This book possibly uses the term in a negative connotation, but you can't see the whole book, so I'm not sure.
  
  
• 1981: Science Digest writes an article about "computer addicts", in which it defines the term hacker in the "obsessive hobbyist" sense. They're depicted as somewhat pathological computer users.
  
  
• 1983: The film WarGames doesn't actually use the word "hacker".
  
  
• 1983: This is the earliest usage of computer hacker I can find that's definitely the "unauthorized intruder" sense.
  
  
• 1985: The Palm Beach Post uses the term to mean "illegal intruder". The term is generally used in "quotes" in this period, as though it's still a specialist term.
  
  
• 1986: A book, The Hacker's Handbook by Hugo Cornwall, was published, and included many illegal techniques.
  
  
• 1990: The New York Times uses the term to mean "illegal intruder".
  
  
• 1992: The film Sneakers also doesn't use the word "hacker".
  
  So it looks like, to my surprise, the "hobbyist-tinkerer" sense has always been niche, so niche that nobody actually used the term in the media. Since the general public has used the term applied to technology, it has always meant an unauthorized computer user. Despite our subcultural usage, the general public have never used it any other way.
  
  Edit: formatting on the Post link