Introduction to Information Security for Activists 102 [security.102.0]

by | Jul 15, 2022 | 1 comment

Welcome to the second block of courses in the Introduction to Information Security program. In the first block of classes, you learned how to spot common phishing attacks, why 2FA is so important, basic incident response, and why security keys work so well to protect your data with. In this 102 block, we’ll look at an overview of the theory underlying information security, how what you learned in block 1 applies, and cover several additional ways to protect your data.

Risk and reward

In Block 1, you learned how 2FA, security keys, and a keen eye for URLs can keep you safe from phishers. While phishing attacks are the most common, they aren’t the only thread you’re going to face. We can think about threats on two axes — severity and probability.

High-severity, frequent risks are the worst combination of these two factors. In those cases, one should actively do what they can to avoid those threats. For example, car accidents are very common and very severe. As a result, we wear seatbelts – a low-effort intervention that saves lives every day. I like to think of information security problems with these three factors — probability, severity, and prevention effort.

It’s possible to use expensive hardware, special software, and complex procedures to try to avoid every three letter agency on the planet. This is difficult and expensive. Moreover, the agencies employ teams of specialists, empowered by the law to do just about anything they want — you can’t really compete with that as an individual. The time and money you would spend on extremely advanced security practices or equipment would almost certainly be better spent on non-security activities.

The effort of avoiding the feds is very high to the extent it’s possible at all, and most people simply have a very low probability of being targeted by the highest levels of three-letter agencies. As leftists, however, we’re at a higher risk of an attack than an average person might be from many groups that aren’t the highest levels of three letter agencies (worry more about your local police and less about the NSA).

These attacks can come from fascists of various types, either acting alone online or part of an organization. If you’re in a public-facing leadership position in your chapter, you should consider including state actors in your threat model from the start. If not, it’s not something I would worry about right now unless you’re willing to put in extra time and work.

Luckily, there are lots of low-effort changes we can make to protect ourselves against anyone. We’ll start Block 2 covering one of the key concepts behind all of these changes — encryption.

The above content is part of a course on socialism.tools. If you login, you’ll see quizzes and links to other lessons in the course.