Take responsibility for your (digital) life, damnit!!

Published on Sat 04 of Aug, 2012
A 250MB hard disk drive in production. Found at http://royal.pingdom.com/2010/02/18/amazing-facts-and-figures-about-the-evolution-of-hard-disk-drives/
image /via

You probably heard the recent story about this guy getting really badly hacked and loosing his digital life of the last years. If not, check it out here: Yes, I was hacked. Hard. It's a really good story (sort of) and made me shoot out the following tweet.

Spiteful Tweet
Hey, iBitches! See? You don't own your hardware!! Poor sucker can't even reinstall his machine! http://t.co/v1QINODN MuahahaROFL!! Sorry! :P

Which then spawned a discussion on Fakebook.

Andrea Forte
isn't that like saying we should burn down the apartment of everyone who chooses not to own their own house and destroy whatever might be in it?

I should have probably laughed like "BwaahahaROFL" and not "Muaha...". Anyways...

Alexander Mette
I don't say burn anything down, I just say: realize what you have there!
Might help people to understand, if Apple would just rent out their machines and never sell.

Andrea Forte
do you think this guy did something wrong to use iCloud? seems kind of more like someone maliciously destroyed this guys data for no reason. not really sure why? maybe there's more to the story than I understand.

As I respect her a lot (and she's an Apple user), I thought I owe her an explanation. And because that explanation contains lots of things that are bugging me, here it is for all of you to read.

To me there are two parts to this story. The first and probably most discussed is the (i)Cloud and the second, and most neglected, is the hardware part.

No matter to which cloud, you give your data away. You show huge trust to the service. This does not only mean that you trust them not to spy on you or sell your data, but also that you trust them to take good care of your data. People show so much trust in their cloud services that they use them for backups. It's your decision how important the digital extension/part of your life is to you. My life is quite important to me and I don't want anyone to mess with it. I don't even synchronize my Android with Google, but with my own server as I want to be responsible for my data. The interesting thing now is, that with remote wipe (and no self-responsibility for backups) - you not only give your data away, you literally don't own it any more! This guy lost his complete digital life of the last years - just like a physical object that was taken from him! That isn't necessarily good or bad. Some people are submissive masochists and each to their own. But to be able to choose this consciously you need to know what you have - and most cloud users really don't.

The second part is the hardware. I don't know enough about iCloud/Apple specifics to give a detailed analysis, but I can tell you what's basically wrong here. To stay with your metaphor: this guy signed a sales contract for his house only to now find out that the vendor still manages the keys and decides when the buyer is allowed to enter it. I suppose this is meant to be a security measure. But when you think it through, it is just an annoyance measure. It is to annoy a potential thieve about him not being able to use the stolen machine and now it annoys the "owner" himself - he can't take ownership of his very own, bought hardware without the geniuses at Apple. If someone steals your machine, he just has to take out the harddisk and has your data - and try to remote wipe your machine when someone really plans to do that. That's a fake sense of security and as we see, it can turn against you. (I'm now not going on about trusted computing and locked boot loaders and whatnot. They are awesome technologies, but the trust model in Apples planned implementation is completely the wrong way around - _you_ have to be able to trust your machine to entrust your digital life to it! Why does Apple have to be able to trust your machine? They sold it to you!) Most Apple users don't know what they have - I get a really strong gag reflex when I hear people saying that Steve freed them.

Ok, one shouldn't point at others without having some better solution. And it's simple: take the red pill! Take responsibility for your (digital) life! Cloud is easy, people are lazy and so they give the responsibility for their lifes away.
What can you do to prevent the fiasco (and still keep using iCloud):

1. Backups
I mean: real ones! This is such age-old wisdom that I find it puzzling how little it is being followed.
2. Full disk encryption
It's the only way to prevent your data getting lost. You don't need a remote wipe then which in the worst case wouldn't work anyways. But I fear that you can't deactivate remote wipe... it's a built in security flaw of Apple/iCloud. And if you really need to annoy someone stealing your machine, set a BIOS boot password.

With this setup the guy would have said: "FUCK!! Someone stole all my Cloud data, addresses, appointments, mails... shit!! All my life is exposed!! And now I need to reinstall my computer, damnit!! Well, ok, let's get going, it's just two hours of work from my last full backup..." Well, actually he wouldn't have said the last part, because he wouldn't have had remote wipe.

So, to give a direct answer to your question: it's not necessarily wrong to use iCloud, but this guy used it in the wrong way. He trusted it way more than he trusted himself.

This was a lot about trust. And the person you should be able to trust the most is you.

Short Bio [toggle]

Born, went to school, started hacking on free software, did some major high availability sysadmin work in between, now back to my original passion: managing knowledge. :) -- Long CV

Tweets [toggle]