Here's what I think most people don't let themselves think about the cloud: Having your personal information online means anyone online has access to it. If you have your tax returns, Social Security card, and passport in your home, only someone in your home can get them. Digital information is available to anyone on the network where that info is stored. Thus Mat Honan's horror story where his computer, phone, and tablet (all Apple: Macbook, iPhone, iPad) are all locked and wiped remotely, with the hacker gaining his personal information, leading to the compromise of his business Twitter account, etc etc.

You're almost better off on some level checking your email the old, POP3 way. Check your email online, pull it down, and have the server delete it. Back that up locally, and store another backup off-site periodically. Geography still matters. Geography still provides security, if you let it.

I really enjoy being able to get pictures of family that I've emailed years ago immediately, but I don't need to do that with passwords, tax returns, and other personally identifying information. There should be a distinction made by the service. It should be harder than a simple password to get to emails with personal information.

And it should be tougher than calling Apple support with personal information from Facebook (apparently how Honan's account was compromised; the hacker knew enough about Honan to talk the support tech into unlocking the account) to get to that info too. Where is the guy calling from? Does his voice match a voice fingerprint Honan willingly gave earlier? etc etc.

Anyhow, here's a bit from Honan's "I was hacked" post describing what it's like. Worth reading. From Emptyage — Yes, I was hacked. Hard.:

Here’s how I experienced it:

I was playing with my daughter, when my phone went dead. It then rebooted to the setup screen. This was irritating, but I wasn’t concerned. I assumed it was a software glitch. And, my phone automatically backs up every night. I just assumed it would be a pain in the ass, and nothing more. I entered my iCloud login to restore, and it wasn’t accepted. Again, I was irritated, but not alarmed.

I went to connect it to my computer and restore from that backup—which I had just happened to do the other day. When I opened my laptop, an iCal message popped up telling me that my Gmail account information was wrong. Then the screen went gray, and asked for a four digit pin.

I didn’t have a four digit pin.

By now, I knew something was very, very wrong. I walked to the hallway to grab my iPad from my work bag. It had been reset too. I couldn’t turn on my computer, my iPad, or iPhone.

I used my wife’s iPhone to call Apple tech support. While on hold, I grabbed her laptop and tried to log into gmail. My password had changed. I couldn’t reset it either because the backup went to iCloud, where my password had also changed.

I checked Twitter, and saw someone had just sent a tweet from that account. I tried to log into Gmail again, and now it told me that my Google account had been deleted. The way to restore it was to send a text message to my phone which I didn’t (and still do not) have access to.

... [Apple tech support wasn't] able to stop the wipe on my Macbook. Or give me a pin to log into it. Or give me immediate access to my phone. They couldn’t do much of anything, actually. Although they did set an appointment for me at the Genius bar tomorrow. Actually, I did that, later, when I called the store myself.

EDIT: Wow, I've never seen so many stupid typos. Wth was I doing in August of 2012? Watching The Untouchables?

Labels: ,