What do you think?
Rate this book
The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data
Kevin Mitnick, the world's most famous hacker, teaches you easy cloaking and counter-measures for citizens and consumers in the age of Big Brother and Big Data.
Like it or not, your every move is being watched and analyzed. Consumer's identities are being stolen, and a person's every step is being tracked and stored. What once might have been dismissed as paranoia is now a hard truth, and privacy is a luxury few can afford or understand.
In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge--and he teaches you "the art of invisibility." Mitnick is the world's most famous--and formerly the Most Wanted--computer hacker. He has hacked into some of the country's most powerful and seemingly impenetrable agencies and companies, and at one point he was on a three-year run from the FBI. Now, though, Mitnick is reformed and is widely regarded as the expert on the subject of computer security. He knows exactly how vulnerabilities can be exploited and just what to do to prevent that from happening.
In THE ART OF INVISIBILITY Mitnick provides both online and real life tactics and inexpensive methods to protect you and your family, in easy step-by-step instructions. He even talks about more advanced "elite" techniques, which, if used properly, can maximize your privacy. Invisibility isn't just for superheroes--privacy is a power you deserve and need in this modern age.
Like it or not, your every move is being watched and analyzed. Consumer's identities are being stolen, and a person's every step is being tracked and stored. What once might have been dismissed as paranoia is now a hard truth, and privacy is a luxury few can afford or understand.
In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge--and he teaches you "the art of invisibility." Mitnick is the world's most famous--and formerly the Most Wanted--computer hacker. He has hacked into some of the country's most powerful and seemingly impenetrable agencies and companies, and at one point he was on a three-year run from the FBI. Now, though, Mitnick is reformed and is widely regarded as the expert on the subject of computer security. He knows exactly how vulnerabilities can be exploited and just what to do to prevent that from happening.
In THE ART OF INVISIBILITY Mitnick provides both online and real life tactics and inexpensive methods to protect you and your family, in easy step-by-step instructions. He even talks about more advanced "elite" techniques, which, if used properly, can maximize your privacy. Invisibility isn't just for superheroes--privacy is a power you deserve and need in this modern age.
320 pages, Hardcover
First published February 14, 2017
1610 people are currently reading
13832 people want to read
About the author
Kevin D. Mitnick
19 books1,005 followersKevin David Mitnick, the world's most famous (former) computer hacker, had been the subject of countless news and magazine articles, the idol of thousands of would-be hackers, and a one-time "most wanted" criminal of cyberspace, on the run from the bewildered Feds. A security consultant, he had spoken to audiences at conventions around the world, been on dozens of major national TV and radio shows, and even testified in front of Congress. He was the author of The Art of Deception and The Art of Intrusion.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 30 of 632 reviews
April 8, 2017
The Art of Invisibility by Kevin Mitnick: The world’s most famous hacker, teaches you easy cloaking and countermeasures for citizens and consumers in the age of Big Brother and Big Data- is a Little, Brown, and Company publication.
Online privacy is always of concern, but after the Snowden revelation, people became even more aware of how easy it is for companies and the government to spy on us. VPN’s suddenly became mainstream and browsers like DuckDuckGo and programs like Tor became commonplace alternatives, not because everyone was trying to cover up criminal activity, but because what they search online, their photos or videos, emails, etc. are private and we want to keep them that way, no matter how benign.
But, in just the last week, Congress voted to allow our ISP providers to sell our information to the highest bidder, which can mean anything you search online, including symptoms on Webmd, for example.
So, what do you need to do to protect yourself and keep your information safe and most of all, private?
Kevin Mitnick is an expert hacker, which has gotten him in hot water on occasion, but now works to help people ferret out illegal hackers and expose their methods, teaching people how to protect themselves and their clients, otherwise known as a penetration tester.
While some of the suggestions are easy to carry out, and I have already put those measures to good use, others seem a bit extreme, and are a lot of hard work. So, are all these steps absolutely necessary if I’m not doing anything criminal or visiting the ‘dark web’?
If you want to be absolutely invisible, then yes, you do. Even after putting on several layers of protections, I was stunned to learn that even with these safeguards, I only made my information harder to access, but I was still not totally hidden, could still have my activity traced and shared.
So, if you are in a dispute with your boss, going through a messy divorce, or anything of that nature, you will want to make sure there are no traces of your searches left behind that could be used against you, even if you are an ordinary law abiding citizen.
Remember, the slew of celebrity photos that were hacked and posted online a while back?
iPhone users were vulnerable, so although they didn’t break any laws, private information about them was hacked and exposed, which means you must protect your smartphones and tablets as well as your home, work, and school desktops and laptops.
Therefore, no matter how safe you think you are, no matter how careful you are, you probably aren’t as safe, private, or incognito as you might like to think, which is why everyone should read this book.
It’s a real eye opener for sure, and while I probably would never buy a laptop just one purpose, never tap into online currency, or anything like that, at least for now, it’s good to have this information, and who knows? If Verizon and AT&T continue to obtain information about my online activity – and here’s the real kicker- WITHOUT MY PERMISSION, I may have to resort to such drastic measures, no matter how extreme it might seem.
Overall, this is a very interesting and informative book, but also one that is, unfortunately, necessary. I highly recommend it to anyone using the internet at home, school, or work, as well as anyone using smartphones- which is pretty much everyone.
Online privacy is always of concern, but after the Snowden revelation, people became even more aware of how easy it is for companies and the government to spy on us. VPN’s suddenly became mainstream and browsers like DuckDuckGo and programs like Tor became commonplace alternatives, not because everyone was trying to cover up criminal activity, but because what they search online, their photos or videos, emails, etc. are private and we want to keep them that way, no matter how benign.
But, in just the last week, Congress voted to allow our ISP providers to sell our information to the highest bidder, which can mean anything you search online, including symptoms on Webmd, for example.
So, what do you need to do to protect yourself and keep your information safe and most of all, private?
Kevin Mitnick is an expert hacker, which has gotten him in hot water on occasion, but now works to help people ferret out illegal hackers and expose their methods, teaching people how to protect themselves and their clients, otherwise known as a penetration tester.
While some of the suggestions are easy to carry out, and I have already put those measures to good use, others seem a bit extreme, and are a lot of hard work. So, are all these steps absolutely necessary if I’m not doing anything criminal or visiting the ‘dark web’?
If you want to be absolutely invisible, then yes, you do. Even after putting on several layers of protections, I was stunned to learn that even with these safeguards, I only made my information harder to access, but I was still not totally hidden, could still have my activity traced and shared.
So, if you are in a dispute with your boss, going through a messy divorce, or anything of that nature, you will want to make sure there are no traces of your searches left behind that could be used against you, even if you are an ordinary law abiding citizen.
Remember, the slew of celebrity photos that were hacked and posted online a while back?
iPhone users were vulnerable, so although they didn’t break any laws, private information about them was hacked and exposed, which means you must protect your smartphones and tablets as well as your home, work, and school desktops and laptops.
Therefore, no matter how safe you think you are, no matter how careful you are, you probably aren’t as safe, private, or incognito as you might like to think, which is why everyone should read this book.
It’s a real eye opener for sure, and while I probably would never buy a laptop just one purpose, never tap into online currency, or anything like that, at least for now, it’s good to have this information, and who knows? If Verizon and AT&T continue to obtain information about my online activity – and here’s the real kicker- WITHOUT MY PERMISSION, I may have to resort to such drastic measures, no matter how extreme it might seem.
Overall, this is a very interesting and informative book, but also one that is, unfortunately, necessary. I highly recommend it to anyone using the internet at home, school, or work, as well as anyone using smartphones- which is pretty much everyone.
January 4, 2018
Scary.
I mean, what non-fiction book about the sheer amount of security loopholes wouldn't be scary? I mean, we're talking about our identities online, in our homes and through all our smart devices, our cars, our workplaces, and everywhere.
It's not even about government abuses. It's about the fact that everyone, everywhere, is at risk. Snowdon may have opened our eyes, but the reality remains that your breasts are still online. Everywhere. Never to be deleted. Always accessible. Forever.
If you're thinking about some other body parts, then keep on thinking, because those will still be there and are being housed on not just government sifter sites, but local and foreign ISPs. And countless private computers.
So what are we doing about it?
We're reading. We're arming ourselves. We're realizing that far from being beset with malicious users and crackers, we're actually beset with a ton of idiots running big businesses saying we're being protected when we really aren't. Security holes are everywhere and they're real and pervasive.
Always on cameras and microphones? Keyloggers as a matter of course on company servers? Regular cracking of your gmail and facebook information? Full breakdowns of any photos you take and post, from location, specific identifiers, etc., right in the metadata? Aren't we worried? Shouldn't we be more worried that what we think are precautionary measures to protect ourselves as we order online or use online banking is only as secure as our weakest link?
Indeed.
And that's why reading books like this should scare you. Not because it tells you how much you should be scared, but because the lax security is as much in our minds as it is in the software. Putting our heads in the sand and saying we're not doing anything wrong is beside the point if we get targeted with ransomware or we're identity hacked or we're just one more in an extremely long list of targeted political somebodies. It's not just about having your private parts online, but that's where most of us will usually get outraged.
So do yourself a favor and arm yourself with some practical knowledge and how-to sets on how to anonymize yourself. :) Mitnick does a pretty damn good job with some of that direct-knowledge stuff. :) Sure, you may know a lot already, and maybe you already use vpn and tor and things like ghostery and HTTPS Everywhere, maybe you practice healthy password management and separate your devices for truly secure transactions. Maybe you don't. But it sure as hell doesn't hurt to know what you're missing. :)
I'm so glad I read this! (It helps to keep up-to-date.) :)
I mean, what non-fiction book about the sheer amount of security loopholes wouldn't be scary? I mean, we're talking about our identities online, in our homes and through all our smart devices, our cars, our workplaces, and everywhere.
It's not even about government abuses. It's about the fact that everyone, everywhere, is at risk. Snowdon may have opened our eyes, but the reality remains that your breasts are still online. Everywhere. Never to be deleted. Always accessible. Forever.
If you're thinking about some other body parts, then keep on thinking, because those will still be there and are being housed on not just government sifter sites, but local and foreign ISPs. And countless private computers.
So what are we doing about it?
We're reading. We're arming ourselves. We're realizing that far from being beset with malicious users and crackers, we're actually beset with a ton of idiots running big businesses saying we're being protected when we really aren't. Security holes are everywhere and they're real and pervasive.
Always on cameras and microphones? Keyloggers as a matter of course on company servers? Regular cracking of your gmail and facebook information? Full breakdowns of any photos you take and post, from location, specific identifiers, etc., right in the metadata? Aren't we worried? Shouldn't we be more worried that what we think are precautionary measures to protect ourselves as we order online or use online banking is only as secure as our weakest link?
Indeed.
And that's why reading books like this should scare you. Not because it tells you how much you should be scared, but because the lax security is as much in our minds as it is in the software. Putting our heads in the sand and saying we're not doing anything wrong is beside the point if we get targeted with ransomware or we're identity hacked or we're just one more in an extremely long list of targeted political somebodies. It's not just about having your private parts online, but that's where most of us will usually get outraged.
So do yourself a favor and arm yourself with some practical knowledge and how-to sets on how to anonymize yourself. :) Mitnick does a pretty damn good job with some of that direct-knowledge stuff. :) Sure, you may know a lot already, and maybe you already use vpn and tor and things like ghostery and HTTPS Everywhere, maybe you practice healthy password management and separate your devices for truly secure transactions. Maybe you don't. But it sure as hell doesn't hurt to know what you're missing. :)
I'm so glad I read this! (It helps to keep up-to-date.) :)
February 24, 2018
Did you know that it's relatively easy for an attacker to turn on your webcam or microphone without you knowing it? If not, you might get something out of this book. If you are aware that it can and has happened on many very public occasions, you will not be treated to anything new. In either case, you're going to have to wade through the bad writing, pointless stories, errors, and potential bad advice to get through Mitnick's latest effort.
Admittedly, there is a lot less of Mitnick's preteen writing in this book than there was in Ghost In The Wires, but sentences like "That should be okay, right? Hate to break it to you, but no." (p.129) show up more frequently than I'd like. If you've ever had a conversation with condescending preteen, it feels like that sometimes. There is less of it this time around, so the editing must be getting better.
But the editors missed simple fact check errors like on page 123 where a one inch by one inch pixel is noted as being invisible to the naked eye. First, pixels aren't one inch by one inch. Second, if you can't see something that's one inch by one inch, then invisibility may appear a lot closer than it really is.
The book also recommends using a browser extension called Ghostery to block ads. Ghostery has been a bit of an ambiguous player in the adblock arena because people have charged that they had their hands in selling ads. According to Wikipedia (minimal research, right?), Ghostery "makes money from selling page visit, blocking and advertising statistics to corporations globally, including corporations that are actively engaged in collecting user information to target ads and other marketing messages to consumers." According to the parent company, they don't do anything wrong or reveal private browsing habits, but the code is not open source nor available to inspect. So while no one can't prove that Ghostery is selling private data, it's odd for a book about being invisible to recommend an ambiguous adblocker when there are other products like Disconnect, uBlock, or the EFF's Privacy Badger that are more trustworthy and open-source.
So, even if you disregard all the negative points, you might learn something from this book. Maybe you pick up a little tip about how you're being tracked and it makes you think for a minute before your daily doughnut in your barkalounger. But do you actually follow the last chapter of the book to become invisible?
As an average person, is there a benefit to going so far as to pay someone $100 to walk into a Best Buy and buy you gift cards that you will turn into bitcoin, which you will launder for more bitcoin to pay for your vpn that you only connect to on your dedicated cash bought laptop that you never use in close proximity to home work or other devices, etc?
Probably not. Even the paranoid among us have limits.
This is cloak and dagger nonsense. You're going to spend a ton of effort and completely ignore that Best Buy has cameras all over the parking lot and your license plate got read 75 times by ALPR readers on your way to the store. So yea. You do some rolls across the parking lot and lean up flat backed against that wall in your trench coat and sunglasses there, Carmen SanDiego. I'm sure you won't get caught. Mitnick never did...hold on.
If you are even slightly paranoid, this book will not give you anything new. If you are not paranoid at all, this book might give you something to think about, but will probably make you pointlessly paranoid.
Admittedly, there is a lot less of Mitnick's preteen writing in this book than there was in Ghost In The Wires, but sentences like "That should be okay, right? Hate to break it to you, but no." (p.129) show up more frequently than I'd like. If you've ever had a conversation with condescending preteen, it feels like that sometimes. There is less of it this time around, so the editing must be getting better.
But the editors missed simple fact check errors like on page 123 where a one inch by one inch pixel is noted as being invisible to the naked eye. First, pixels aren't one inch by one inch. Second, if you can't see something that's one inch by one inch, then invisibility may appear a lot closer than it really is.
The book also recommends using a browser extension called Ghostery to block ads. Ghostery has been a bit of an ambiguous player in the adblock arena because people have charged that they had their hands in selling ads. According to Wikipedia (minimal research, right?), Ghostery "makes money from selling page visit, blocking and advertising statistics to corporations globally, including corporations that are actively engaged in collecting user information to target ads and other marketing messages to consumers." According to the parent company, they don't do anything wrong or reveal private browsing habits, but the code is not open source nor available to inspect. So while no one can't prove that Ghostery is selling private data, it's odd for a book about being invisible to recommend an ambiguous adblocker when there are other products like Disconnect, uBlock, or the EFF's Privacy Badger that are more trustworthy and open-source.
So, even if you disregard all the negative points, you might learn something from this book. Maybe you pick up a little tip about how you're being tracked and it makes you think for a minute before your daily doughnut in your barkalounger. But do you actually follow the last chapter of the book to become invisible?
As an average person, is there a benefit to going so far as to pay someone $100 to walk into a Best Buy and buy you gift cards that you will turn into bitcoin, which you will launder for more bitcoin to pay for your vpn that you only connect to on your dedicated cash bought laptop that you never use in close proximity to home work or other devices, etc?
Probably not. Even the paranoid among us have limits.
This is cloak and dagger nonsense. You're going to spend a ton of effort and completely ignore that Best Buy has cameras all over the parking lot and your license plate got read 75 times by ALPR readers on your way to the store. So yea. You do some rolls across the parking lot and lean up flat backed against that wall in your trench coat and sunglasses there, Carmen SanDiego. I'm sure you won't get caught. Mitnick never did...hold on.
If you are even slightly paranoid, this book will not give you anything new. If you are not paranoid at all, this book might give you something to think about, but will probably make you pointlessly paranoid.
February 15, 2017
You may be questioning why a digital marketer would encourage reading the Art of Invisibility. It’s a book teaching how to hide your online life. Hiding online actions does tend to make our jobs as digital marketers rather difficult.
However, you need to read this book for several reasons. First, I believe in informed choices. Yes, we use audience data for decision making (well, we should). And the data isn’t always anonymized. But our audiences should know and consent to this. Second, this book gives essential tips for protecting yourself online – which also protects your brands and clients. And finally, it’s written by Kevin Mitnick. I probably would have done better in college the first time if I wasn’t following Kevin’s hacking spree and run from the FBI. He definitely influenced my curiosity.
Kevin has now moved on to legal, authorized hacking as a penetration tester. Companies pay him to hack into their systems, except now it’s called testing. It does mean that Kevin sees what companies collate about us, and knows it’s not always used ethically. Is this book, Kevin shares that knowledge.
What’s the Art of Invisibility About?
The book is a how-to guide for avoiding hackers and malicious activities online and offline. It even goes as deep as teaching how to completely be invisible online. This internet-loving introvert thinks that sounds lonely, but recent reports show how much we all need to protect ourselves. For those reading this later, it’s February 2017 and it’s not shaping up to be the safest year in US history.
The Art of Invisibility is essentially divided in two. The first half details how to secure your own life. So choosing secure passwords, which public networks are safe, protecting your online banking, blocking ads and transaction tracking. That kind of thing. It’s very Android and Windows focused. Sometimes the recommendations are on price. Later in the book Kevin references the default security Apple uses, and that probably accounts for the Android and Windows focus. I’m being intentionally vague so I’m not putting words in Kevin’s mouth. In one example Kevin describes a road rage response he gave. If he can social engineer that kind of information on someone while driving down a freeway, I don’t want him grumpy with me. Which leads to a strong point that Kevin makes in the book, social engineering is a huge part of hacking and online security. It’s easy to pretend to be someone and talk a receptionist into handing over details. They may not realize what they’ve actually said. It’s covered in this book. This first 50% (I was reading a Kindle copy courtesy of publishers Little, Brown) could be a book on its own. It covers so much detail that I was wondering what could be left to discuss in the remaining 140 pages.
The second half gets seriously scary. I hope no one is ever in a situation to need to hide this entirely. Actually, it’s February 2017. Sigh, everyone read and follow Kevin’s advice. This second part is where Kevin teaches the art of invisibility. The first part of the book shows some tips, but this shows how to totally disappear. As with the first part, Kevin uses real life examples to illustrate both the points and the need for security. These are mainly his experiences. I found the way Kevin describes these experiences interesting. He’s been detained and searched by US government officials with less than valid reason, but even when describing this and the efforts he does to protect the devices he carries with him, he never allocates blame. I understand by now it’s a fact of life that he’ll be harassed when traveling, but it was interesting the way he turns the stories around. Having cash stolen from a hotel safe was the example of why you shouldn’t trust them and he explains how they are easily broken into.
Who Should Read the Art of Invisibility?
EVERYONE!
Art-of-Invisibility-iMessageI sent this text the night I started reading. The group I reference is highly educated, conscious of current affairs and tech savvy, but there’s more we can do to protect ourselves and our brands and clients. Even though this book is directed at personal actions, we have Facebook accounts and WordPress installs accessible with our phones. We can’t think just of ourselves. Imagine your brand being compromised because you clicked the wrong link. Do you want to be responsible for that?
Consumers also need to make an informed decision on the data they share with us. This book helps them opt out (because we rarely make it easy).
So yes, I say online security and privacy is so important everyone needs to read the Art of Invisibility.
At the very least I urge you to read the first half. It’ll make you more secure than most. Reading the news of the last few weeks, I recommend you read and action the lot.
The Art of Invisibility was released today. Buy it, read it, action it, then share it with your family and friends. Democracy needs you to.
Originally published: http://tapdancingspiders.com/book-rev...
However, you need to read this book for several reasons. First, I believe in informed choices. Yes, we use audience data for decision making (well, we should). And the data isn’t always anonymized. But our audiences should know and consent to this. Second, this book gives essential tips for protecting yourself online – which also protects your brands and clients. And finally, it’s written by Kevin Mitnick. I probably would have done better in college the first time if I wasn’t following Kevin’s hacking spree and run from the FBI. He definitely influenced my curiosity.
Kevin has now moved on to legal, authorized hacking as a penetration tester. Companies pay him to hack into their systems, except now it’s called testing. It does mean that Kevin sees what companies collate about us, and knows it’s not always used ethically. Is this book, Kevin shares that knowledge.
What’s the Art of Invisibility About?
The book is a how-to guide for avoiding hackers and malicious activities online and offline. It even goes as deep as teaching how to completely be invisible online. This internet-loving introvert thinks that sounds lonely, but recent reports show how much we all need to protect ourselves. For those reading this later, it’s February 2017 and it’s not shaping up to be the safest year in US history.
The Art of Invisibility is essentially divided in two. The first half details how to secure your own life. So choosing secure passwords, which public networks are safe, protecting your online banking, blocking ads and transaction tracking. That kind of thing. It’s very Android and Windows focused. Sometimes the recommendations are on price. Later in the book Kevin references the default security Apple uses, and that probably accounts for the Android and Windows focus. I’m being intentionally vague so I’m not putting words in Kevin’s mouth. In one example Kevin describes a road rage response he gave. If he can social engineer that kind of information on someone while driving down a freeway, I don’t want him grumpy with me. Which leads to a strong point that Kevin makes in the book, social engineering is a huge part of hacking and online security. It’s easy to pretend to be someone and talk a receptionist into handing over details. They may not realize what they’ve actually said. It’s covered in this book. This first 50% (I was reading a Kindle copy courtesy of publishers Little, Brown) could be a book on its own. It covers so much detail that I was wondering what could be left to discuss in the remaining 140 pages.
The second half gets seriously scary. I hope no one is ever in a situation to need to hide this entirely. Actually, it’s February 2017. Sigh, everyone read and follow Kevin’s advice. This second part is where Kevin teaches the art of invisibility. The first part of the book shows some tips, but this shows how to totally disappear. As with the first part, Kevin uses real life examples to illustrate both the points and the need for security. These are mainly his experiences. I found the way Kevin describes these experiences interesting. He’s been detained and searched by US government officials with less than valid reason, but even when describing this and the efforts he does to protect the devices he carries with him, he never allocates blame. I understand by now it’s a fact of life that he’ll be harassed when traveling, but it was interesting the way he turns the stories around. Having cash stolen from a hotel safe was the example of why you shouldn’t trust them and he explains how they are easily broken into.
Who Should Read the Art of Invisibility?
EVERYONE!
Art-of-Invisibility-iMessageI sent this text the night I started reading. The group I reference is highly educated, conscious of current affairs and tech savvy, but there’s more we can do to protect ourselves and our brands and clients. Even though this book is directed at personal actions, we have Facebook accounts and WordPress installs accessible with our phones. We can’t think just of ourselves. Imagine your brand being compromised because you clicked the wrong link. Do you want to be responsible for that?
Consumers also need to make an informed decision on the data they share with us. This book helps them opt out (because we rarely make it easy).
So yes, I say online security and privacy is so important everyone needs to read the Art of Invisibility.
At the very least I urge you to read the first half. It’ll make you more secure than most. Reading the news of the last few weeks, I recommend you read and action the lot.
The Art of Invisibility was released today. Buy it, read it, action it, then share it with your family and friends. Democracy needs you to.
Originally published: http://tapdancingspiders.com/book-rev...
November 30, 2019
5 stars
Will read again.
🇺🇸💀
Will read again.
🇺🇸💀
September 24, 2017
3.5 stars.
I had many different thoughts and feelings while reading this. The author is an ex-hacker and has done jail time. So some of this felt like it was written by a criminal FOR CRIMINALS.
The author offered a wide range of ideas on how to protect one's identity while on the computer. With some of his ideas, I felt a little pride because I could say, "Did it already." There were also some other useful ideas that I felt I could easily implement. But some of this was so completely over my head. I need to do baby steps. Reading this made me feel an urgency to protect my identity.
November 14, 2019
Consider this as the self-help guide for those interested in privacy protection.
This was a random pick but a fortunate one. It must be the first non-fiction book that is exactly the right length, has the perfect ratio between providing background, facts, anecdotes and recommendations/tips for the reader. From my perspective, it also didn't have as much bias as other books that I've encountered, with (personal) anecdotes often including mistakes rather than infallible moments.
And what better than to get advice on privacy and data protection on the internet than from an expert hacker?
One thing is constantly emphasised in this book is that invisibility is practically impossible to attain in today's world. However, whether you are someone who wishes to just minimise the risk, or someone who wants to live off the grid; whether you are an amateur or a computer wiz, you will gain something from this book.
It's very accessible, with detailed steps in each recommendation section at the end of each chapter. Even though I already was familiar with some of the information, this expanded on sufficient related topics to keep my interest and get me to reconsider how I was going about my internet life. There are some recommendations that might not serve everyone's interest (there are few people who will expressly buy a single-purpose, off-grid laptop), but I consider it an essential guide that everyone with just a phone should read.
This was a random pick but a fortunate one. It must be the first non-fiction book that is exactly the right length, has the perfect ratio between providing background, facts, anecdotes and recommendations/tips for the reader. From my perspective, it also didn't have as much bias as other books that I've encountered, with (personal) anecdotes often including mistakes rather than infallible moments.
And what better than to get advice on privacy and data protection on the internet than from an expert hacker?
One thing is constantly emphasised in this book is that invisibility is practically impossible to attain in today's world. However, whether you are someone who wishes to just minimise the risk, or someone who wants to live off the grid; whether you are an amateur or a computer wiz, you will gain something from this book.
It's very accessible, with detailed steps in each recommendation section at the end of each chapter. Even though I already was familiar with some of the information, this expanded on sufficient related topics to keep my interest and get me to reconsider how I was going about my internet life. There are some recommendations that might not serve everyone's interest (there are few people who will expressly buy a single-purpose, off-grid laptop), but I consider it an essential guide that everyone with just a phone should read.
February 9, 2017
Trust Me: Even You Are Not Invisible. At Least Not Yet.
THE ART OF INVISIBILITY is a little bit scary. The authors, Kevin Mitnick and Robert Vamosi, document the myriads of ways that others can spy on our activities. You might think no one knows what you are doing, but you are wrong: "Each and every one of us is being watched." If you carry a cell phone, "You are being surveilled."
Mitnick tells the story of how the famous John McAfee, on the lam, was found supposedly by coordinates listed in the meta data of a photo posted online. The authors snicker, "Take it from me: if you’re trying to get off the grid and totally disappear, you don’t want to start a blog."
Some of the pointers are pretty basic, such as using strong passwords, and being careful to setup your home Wifi using the latest security protocols. A large chunk of the book relates to securing wireless internet access. "Public Wi-Fi wasn’t created with online banking or e-commerce in mind. It is merely convenient, and it’s also incredibly insecure."
More advanced suggestions are for those who feel they need extreme online privacy. These tactics include things such as using "burner" phones, paid for with cash, and using encryption tools to hide the data on our laptop.
Law enforcement has come a long way in tracking down fugitives. The authors explain how authorities use devices to mimic cellular base stations, and "designed to intercept voice and text messages." Using another tactic, the FBI has successfully tracked criminals by getting the cell tower data, and correlating their cell phone records.
I was surprised to learn of certain recent laws regarding data preservation. In the event of a legal investigation, you must preserve your entire browser history. You can be arrested--and people have been, for clearing the history.
The really meaty parts of the book provide extreme tactics to remain anonymous on the internet. Mitnick advises creating a complete new persona, "one that is completely unrelated to you. . . When you’re not being anonymous, you must also rigorously defend the separation of your life from that anonymous identity."
The first thing to do in making yourself anonymous is to get a cheap standalone laptop--used only for your anonymous persona. "Don't ever use the anonymous laptop at home or work. Ever."
Here are a few more tips for becoming anonymous:
* When you travel, don't bring electronics that store sensitive information with you.
* Encrypt the confidential data on your laptop.
The authors present a LOT of different ways to make your online persona more invisible. The authors admit, however, that even with all their precautions, it is still tough to be 100% anonymous. The main idea is to make it much more difficult for the intruder. So, put up "so many obstacles that an attacker will give up and move on to another target. . . Being anonymous in today’s digital world requires a lot of work and constant vigilance."
All in all, I found THE ART OF INVISIBILITY to be an interesting, fairly-practical read. It was good to be reminded about the proper setup of networks, and how vulnerable public systems can be. I don't feel the need to go out and buy a "burner" phone anytime soon, but it's good to know.
Advance Review Copy courtesy of the publisher.
THE ART OF INVISIBILITY is a little bit scary. The authors, Kevin Mitnick and Robert Vamosi, document the myriads of ways that others can spy on our activities. You might think no one knows what you are doing, but you are wrong: "Each and every one of us is being watched." If you carry a cell phone, "You are being surveilled."
Mitnick tells the story of how the famous John McAfee, on the lam, was found supposedly by coordinates listed in the meta data of a photo posted online. The authors snicker, "Take it from me: if you’re trying to get off the grid and totally disappear, you don’t want to start a blog."
Some of the pointers are pretty basic, such as using strong passwords, and being careful to setup your home Wifi using the latest security protocols. A large chunk of the book relates to securing wireless internet access. "Public Wi-Fi wasn’t created with online banking or e-commerce in mind. It is merely convenient, and it’s also incredibly insecure."
More advanced suggestions are for those who feel they need extreme online privacy. These tactics include things such as using "burner" phones, paid for with cash, and using encryption tools to hide the data on our laptop.
Law enforcement has come a long way in tracking down fugitives. The authors explain how authorities use devices to mimic cellular base stations, and "designed to intercept voice and text messages." Using another tactic, the FBI has successfully tracked criminals by getting the cell tower data, and correlating their cell phone records.
I was surprised to learn of certain recent laws regarding data preservation. In the event of a legal investigation, you must preserve your entire browser history. You can be arrested--and people have been, for clearing the history.
The really meaty parts of the book provide extreme tactics to remain anonymous on the internet. Mitnick advises creating a complete new persona, "one that is completely unrelated to you. . . When you’re not being anonymous, you must also rigorously defend the separation of your life from that anonymous identity."
The first thing to do in making yourself anonymous is to get a cheap standalone laptop--used only for your anonymous persona. "Don't ever use the anonymous laptop at home or work. Ever."
Here are a few more tips for becoming anonymous:
* When you travel, don't bring electronics that store sensitive information with you.
* Encrypt the confidential data on your laptop.
The authors present a LOT of different ways to make your online persona more invisible. The authors admit, however, that even with all their precautions, it is still tough to be 100% anonymous. The main idea is to make it much more difficult for the intruder. So, put up "so many obstacles that an attacker will give up and move on to another target. . . Being anonymous in today’s digital world requires a lot of work and constant vigilance."
All in all, I found THE ART OF INVISIBILITY to be an interesting, fairly-practical read. It was good to be reminded about the proper setup of networks, and how vulnerable public systems can be. I don't feel the need to go out and buy a "burner" phone anytime soon, but it's good to know.
Advance Review Copy courtesy of the publisher.
March 22, 2024
Trebuie citită de toată lumea având în vedere faptul că e atât de comun să transmiți prin intermediul Internetului mai multe informații decât ar trebui despre tine fără să fi conștient de potențialele riscuri.
Tot pe același subiect sau asemănător recomand:
• Minimalism digital, Cal Newport.
• Dosar permanent, Edward Snowden.
• ghidul de pe canalul de Youtube Techlore pentru a deveni anonim pe Internet.
• canalul de Youtube Scammer Payback pentru a observa cât de comune sunt înșelătoriile online și cum mulți pică în plasă.
Cred că e important ca atunci când te caută un străin pe Internet să nu îți afle tot istoricul vieții tale. (Și da, se poate.)
Pentru mai multe sfaturi, sunt oricând deschisă la discuții despre securitatea cibernetică, mai ales că este domeniul în care îmi doresc să profesez.
Tot pe același subiect sau asemănător recomand:
• Minimalism digital, Cal Newport.
• Dosar permanent, Edward Snowden.
• ghidul de pe canalul de Youtube Techlore pentru a deveni anonim pe Internet.
• canalul de Youtube Scammer Payback pentru a observa cât de comune sunt înșelătoriile online și cum mulți pică în plasă.
Cred că e important ca atunci când te caută un străin pe Internet să nu îți afle tot istoricul vieții tale. (Și da, se poate.)
Pentru mai multe sfaturi, sunt oricând deschisă la discuții despre securitatea cibernetică, mai ales că este domeniul în care îmi doresc să profesez.
February 1, 2021
книга, від якої параноя лише підсилиться, тривога зросте неймовірно і на якийсь час ви захочете видалити аплікації, соціальні аккаунти і сховатися у світі без електрики.
для загального уявлення у якому світі ми тепер живемо, варто прочитати.
для загального уявлення у якому світі ми тепер живемо, варто прочитати.
March 8, 2022
It gave very clear ways to stay anonymous and showed all the loopholes someone could find you. It also contains a lot of technical jargon.
March 20, 2020
Ok, technically I didn't finish this but only because I want the ebook version so I can actually try to do some of these things. You can't exactly do the steps by audio. 😁 I have the book on hold at the library and will finish this then. The audio was great and I thought about finishing just because it was interesting, but decided I shouldn't waste time when I was just going to read it later.
4 stars. I have NO idea this guy knows what he is talking about. It is all way over my head, but it sounded good. 😉
4 stars. I have NO idea this guy knows what he is talking about. It is all way over my head, but it sounded good. 😉
November 20, 2018
I just watched on Japan’s main nightly news program an interview with the Cambridge Analytica whistleblower Christopher Wylie in which he explained how Facebook data was used by CA to manipulate the results US 2016 Presidential election and the Brexit Referendum, both of which it is worth remembering were extremely close.
According to Mr Wylie 200 Facebook “likes” are enough to reliably categorize you by age, gender, political affiliation, marital status and a host of other indicators including how susceptible you were to conspiracy theories or political advertising.
Based on this categorization people would be encouraged to vote by micro targeted political adverts that played on fears of immigrants, gang members or someone taking away your guns. Others would be micro targeted with adverts discouraging them from voting, such as reminders sent to single mothers that voting queues would be long, that they might not have time to pick up their children if they went to vote and so on.
On September 13 2018 the European Human Court of Human Rights ruled that the UK government’s mass data interception program violates human rights to privacy and freedom of expression. A summary of the case can be found in Privacy International’s press release here: UK mass interception law violates human rights. The opinion of the court can be found here: CASE OF BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM
Of particular interest is the finding that “…the intelligence services can search and examine ‘related communications data’ apparently without restriction…”. If you read this book you will learn just how important this so called “related communications data” – more commonly referred to as metadata – is to anyone wishing to compromise your privacy.
What is more worrying is that this metadata is not so different from the data that Facebook, Google and the like are collecting with their “likes” and searches which was so successfully exploited politically by Cambridge Analytica.
Some relevant sections from the case:
It is not encouraging to see the ECHU also commenting that:
Don’t forget that the same people who have failed to conduct “robust independent oversight” of the bulk collection of your private data have also conducted under-cover multi year investigations of peaceful environmental groups which went so far as to deceive their members into entering romantic relationships with the police officers concerned who proceeded to father children on them before 'vanishing': UK undercover policing relationships scandal. That is where a 'lack of robust independent oversight' leaves you - 'f****d', as Boris Johnson might put it.
Well, I for one have had enough and frankly you can stuff your micro-targeting where the sun does not shine. This is where this book comes in.
Finally, the review
This is a very “content rich” book. I learnt a great deal about the technical side of accessing the internet and other communications networks while protecting privacy and the book included innumerable links to useful online resources or explanations of various cryptographic or privacy related tools with an outline of how they work and why you would want to use them.
This advice is informed by the time Kevin Mitnick spent on the lam - an experience that adds an extra practical dimension to the work that other books might lack . Mr Mitnick was arrested by the FBI as a result of using his burner phone repeatedly in the same geographic location as his personal mobile phone. Eventually the FBI was able to put this usage pattern together and track both his real and anonymous identity. Caught by the meta-data in other words.
My read is that there are different layers of privacy that can be achieved on the internet depending on how much time, cost and effort you are prepared to put in.
At one extreme maintaining a completely anonymous internet presence requires enormous effort and a level of self discipline and would seem almost impossible. You would have acquire burner phones with the help of a proxy purchaser paying cash, set up an in email account using prepaid cards, set up two bit coin accounts after selling your pre-paid cash cards at a significant loss and then paying extra for bitcoin tumbling services all the while never connecting your real and anonymous online identity. You would need two computers (one for personal and one for anonymous use), to master the TOR network to disguise your IP address, regularly vary your geographic location and never use the same location for personal and anonymous use, frequently change your MAC address, disguising the hardware and software profile of your computer and so on. Who could really do all this.
On the other hand there are some easier steps you can take. If you are going to be doing online banking then buy a cheap chrome-book computer to use exclusively for this purpose and book-mark the sites you are going to use it on in advance so you won’t accidentally log on to a fake site. Set up a separate e-mail account exclusively for use with the service.
Simpler steps include making sure you have regular fake birthday to use that you can remember, password discipline and the use of a whole range of recommended encryption and other useful add-ons and devices. I would strongly encourage people to familiarize themselves with and then adopt these more straightforward privacy measures as a simple first step to giving the finger to Facebook, Google and the like to reclaim some personal privacy.
The only criticism I would have of the book is that there are some points that are a little repetitive and it could have done with some better editing but I doubt you will find a better outline of the topic. This would be a great introduction to anyone wanting to then follow up technical aspects in more detail.
I’m going to make some notes on the book when I get a chance so will be posting them here as well.
According to Mr Wylie 200 Facebook “likes” are enough to reliably categorize you by age, gender, political affiliation, marital status and a host of other indicators including how susceptible you were to conspiracy theories or political advertising.
Based on this categorization people would be encouraged to vote by micro targeted political adverts that played on fears of immigrants, gang members or someone taking away your guns. Others would be micro targeted with adverts discouraging them from voting, such as reminders sent to single mothers that voting queues would be long, that they might not have time to pick up their children if they went to vote and so on.
On September 13 2018 the European Human Court of Human Rights ruled that the UK government’s mass data interception program violates human rights to privacy and freedom of expression. A summary of the case can be found in Privacy International’s press release here: UK mass interception law violates human rights. The opinion of the court can be found here: CASE OF BIG BROTHER WATCH AND OTHERS v. THE UNITED KINGDOM
Of particular interest is the finding that “…the intelligence services can search and examine ‘related communications data’ apparently without restriction…”. If you read this book you will learn just how important this so called “related communications data” – more commonly referred to as metadata – is to anyone wishing to compromise your privacy.
What is more worrying is that this metadata is not so different from the data that Facebook, Google and the like are collecting with their “likes” and searches which was so successfully exploited politically by Cambridge Analytica.
Some relevant sections from the case:
“…it is a matter of some concern that the intelligence services can search and examine “related communications data” apparently without restriction. While such data is not to be confused with the much broader category of “communications data”, it still represents a significant quantity of data. The Government confirmed at the hearing that “related communications data” obtained under the section 8(4) regime will only ever be traffic data. However, according to paragraphs 2.24-2.27 of the ACD Code (see paragraph 117 above), traffic data includes information identifying the location of equipment when a communication is, has been or may be made or received (such as the location of a mobile phone); information identifying the sender or recipient (including copy recipients) of a communication from data comprised in or attached to the communication; routing information identifying equipment through which a communication is or has been transmitted (for example, dynamic IP address allocation, file transfer logs and e-mail headers (other than the subject line of an e-mail, which is classified as content)); web browsing information to the extent that only a host machine, server, domain name or IP address is disclosed (in other words, website addresses and Uniform Resource Locators (“URLs”) up to the first slash are communications data, but after the first slash content); records of correspondence checks comprising details of traffic data from postal items in transmission to a specific address, and online tracking of communications (including postal items and parcels) (see paragraph 117 above).
356. In addition, the Court is not persuaded that the acquisition of related communications data is necessarily less intrusive than the acquisition of content. For example, the content of an electronic communication might be encrypted and, even if it were decrypted, might not reveal anything of note about the sender or recipient. The related communications data, on the other hand, could reveal the identities and geographic location of the sender and recipient and the equipment through which the communication was transmitted. In bulk, the degree of intrusion is magnified, since the patterns that will emerge could be capable of painting an intimate picture of a person through the mapping of social networks, location tracking, Internet browsing tracking, mapping of communication patterns, and insight into who a person interacted with (see paragraph 301 above).
357. Consequently, while the Court does not doubt that related communications data is an essential tool for the intelligence services in the fight against terrorism and serious crime, it does not consider that the authorities have struck a fair balance between the competing public and private interests by exempting it in its entirety from the safeguards applicable to the searching and examining of content. While the Court does not suggest that related communications data should only be accessible for the purposes of determining whether or not an individual is in the British Islands, since to do so would be to require the application of stricter standards to related communications data than apply to content, there should nevertheless be sufficient safeguards in place to ensure that the exemption of related communications data from the requirements of section 16 of RIPA is limited to the extent necessary to determine whether an individual is, for the time being, in the British Islands.
It is not encouraging to see the ECHU also commenting that:
“….the Court is not persuaded that the safeguards governing the selection of bearers for interception and the selection of intercepted material for examination are sufficiently robust to provide adequate guarantees against abuse. Of greatest concern, however, is the absence of robust independent oversight of the selectors and search criteria used to filter intercepted communications…”
Don’t forget that the same people who have failed to conduct “robust independent oversight” of the bulk collection of your private data have also conducted under-cover multi year investigations of peaceful environmental groups which went so far as to deceive their members into entering romantic relationships with the police officers concerned who proceeded to father children on them before 'vanishing': UK undercover policing relationships scandal. That is where a 'lack of robust independent oversight' leaves you - 'f****d', as Boris Johnson might put it.
Well, I for one have had enough and frankly you can stuff your micro-targeting where the sun does not shine. This is where this book comes in.
Finally, the review
This is a very “content rich” book. I learnt a great deal about the technical side of accessing the internet and other communications networks while protecting privacy and the book included innumerable links to useful online resources or explanations of various cryptographic or privacy related tools with an outline of how they work and why you would want to use them.
This advice is informed by the time Kevin Mitnick spent on the lam - an experience that adds an extra practical dimension to the work that other books might lack . Mr Mitnick was arrested by the FBI as a result of using his burner phone repeatedly in the same geographic location as his personal mobile phone. Eventually the FBI was able to put this usage pattern together and track both his real and anonymous identity. Caught by the meta-data in other words.
My read is that there are different layers of privacy that can be achieved on the internet depending on how much time, cost and effort you are prepared to put in.
At one extreme maintaining a completely anonymous internet presence requires enormous effort and a level of self discipline and would seem almost impossible. You would have acquire burner phones with the help of a proxy purchaser paying cash, set up an in email account using prepaid cards, set up two bit coin accounts after selling your pre-paid cash cards at a significant loss and then paying extra for bitcoin tumbling services all the while never connecting your real and anonymous online identity. You would need two computers (one for personal and one for anonymous use), to master the TOR network to disguise your IP address, regularly vary your geographic location and never use the same location for personal and anonymous use, frequently change your MAC address, disguising the hardware and software profile of your computer and so on. Who could really do all this.
On the other hand there are some easier steps you can take. If you are going to be doing online banking then buy a cheap chrome-book computer to use exclusively for this purpose and book-mark the sites you are going to use it on in advance so you won’t accidentally log on to a fake site. Set up a separate e-mail account exclusively for use with the service.
Simpler steps include making sure you have regular fake birthday to use that you can remember, password discipline and the use of a whole range of recommended encryption and other useful add-ons and devices. I would strongly encourage people to familiarize themselves with and then adopt these more straightforward privacy measures as a simple first step to giving the finger to Facebook, Google and the like to reclaim some personal privacy.
The only criticism I would have of the book is that there are some points that are a little repetitive and it could have done with some better editing but I doubt you will find a better outline of the topic. This would be a great introduction to anyone wanting to then follow up technical aspects in more detail.
I’m going to make some notes on the book when I get a chance so will be posting them here as well.
June 3, 2019
Target audience: The primary target of the book are the common people who use computers and have a basic understanding of they work. The secondary target are people who activate in the domain of cybersecurity.
About the author: According to Wikipedia, Kevin David Mitnick is an American computer security consultant, author, and convicted hacker, best known for his high-profile 1995 arrest and five years later in prison for various computer and communications-related crimes. He now runs the security firm Mitnick Security Consulting, LLC. He is also the Chief Hacking Officer of the security awareness training company KnowBe4, as well as an active advisory board member at Zimperium, a firm that develops a mobile intrusion prevention system.
Structure of the book: The book has around 320 pages, divided into 16 chapters plus other parts, and it can be read in about two days.
Overview: You might remember the name of Kevin Mitnick from movies about hackers (Takedown (2000)). He is quite a personality in cybersecurity circles. Anyway, I can tell you that movies are sometimes little away from reality. In the movies hackers are relatively well-dressed, they are handsome and do almost all the hacking work from their computer. Well, no…
Basically, this book is about how to remain anonymous on the Internet and consequently to protect yourself: your identity, your private information, your health, your money and those around you. From whom? The government/authorities and other hackers. And this is the point I did not get: why the government is portrayed as a bad guy? I understand to hide yourself from authorities in North Korea or China, for example, but why hide in the United States? I mean, as long as you don’t do illegal things, there is no point in hiding; or at least not at the level described or advised in the book. It took me a while until I realized that the default mindset of a hacker is in fact that of a virtual outlaw, who opposes status quo no matter the nature of the status quo.
Another important thing that I understood from this book is that the world is changing, the world of technology is changing even faster and hacking changes accordingly. Hacking is very different at the moment than it was done 20 years ago, and it will be done differently in the future. As technology advances, hacking will be increasingly difficult. Moreover, hacking nowadays is no longer a thing of geeks that live in the garage of their parents’ house, but a thing of governments and companies. Hacking has turned into a weapon; see for example on the internet the case of Stuxnet: https://www.youtube.com/watch?v=7g0pi...
Regardless of technological advancement, there is a universal law when it comes to hacking: your application/network is as secure as the weakest link. And the weakest link is almost always the people. Laymen imagine hackers as computer addicts that do everything from the front of their monitors. In reality, Technological resources are protected at different levels and from many points of view, and thus the work of hacking is a combination of many things, that comes to supplements the manipulation of code. Hacking is also about social engineering: lying, cheating, pretending to be someone else, planting traps, deceiving and so on. Although for cybersecurity specialists might find many things described in this book familiar, Mitnick makes a tour of many aspects related to cybersecurity and there are things to be learnt.
Finally, if you read the book as a novel, you can finish it in a couple of days; easily. But if you want to apply what is written there, this book can be a useful guide and you will finish it in a couple of months or years.
Quote: Take a moment and surf over to Panopticlick.com. This is a site built by the Electronic Frontier Foundation that will determine just how common or unique your browser configuration is compared to others, based on what’s running on your PC or mobile device’s operating system and the plug-ins you may have installed.
Strong points: Albert Einstein said: “If you can't explain it simply, you don't understand it well enough”. Kevin Mitnick did a very good job at explaining complicated things related to cybersecurity in layman terms. So, whether if you want to learn more about cybersecurity or you are simply curious about it, then this is a book to read.
Weak points: The book is quite long and the reader might lose patience, especially given the he faces – inevitably – some technicalities on the road. In fact, the length of the book might be a strong point or a weak point, depending on the point of view of each reader.
About the author: According to Wikipedia, Kevin David Mitnick is an American computer security consultant, author, and convicted hacker, best known for his high-profile 1995 arrest and five years later in prison for various computer and communications-related crimes. He now runs the security firm Mitnick Security Consulting, LLC. He is also the Chief Hacking Officer of the security awareness training company KnowBe4, as well as an active advisory board member at Zimperium, a firm that develops a mobile intrusion prevention system.
Structure of the book: The book has around 320 pages, divided into 16 chapters plus other parts, and it can be read in about two days.
Overview: You might remember the name of Kevin Mitnick from movies about hackers (Takedown (2000)). He is quite a personality in cybersecurity circles. Anyway, I can tell you that movies are sometimes little away from reality. In the movies hackers are relatively well-dressed, they are handsome and do almost all the hacking work from their computer. Well, no…
Basically, this book is about how to remain anonymous on the Internet and consequently to protect yourself: your identity, your private information, your health, your money and those around you. From whom? The government/authorities and other hackers. And this is the point I did not get: why the government is portrayed as a bad guy? I understand to hide yourself from authorities in North Korea or China, for example, but why hide in the United States? I mean, as long as you don’t do illegal things, there is no point in hiding; or at least not at the level described or advised in the book. It took me a while until I realized that the default mindset of a hacker is in fact that of a virtual outlaw, who opposes status quo no matter the nature of the status quo.
Another important thing that I understood from this book is that the world is changing, the world of technology is changing even faster and hacking changes accordingly. Hacking is very different at the moment than it was done 20 years ago, and it will be done differently in the future. As technology advances, hacking will be increasingly difficult. Moreover, hacking nowadays is no longer a thing of geeks that live in the garage of their parents’ house, but a thing of governments and companies. Hacking has turned into a weapon; see for example on the internet the case of Stuxnet: https://www.youtube.com/watch?v=7g0pi...
Regardless of technological advancement, there is a universal law when it comes to hacking: your application/network is as secure as the weakest link. And the weakest link is almost always the people. Laymen imagine hackers as computer addicts that do everything from the front of their monitors. In reality, Technological resources are protected at different levels and from many points of view, and thus the work of hacking is a combination of many things, that comes to supplements the manipulation of code. Hacking is also about social engineering: lying, cheating, pretending to be someone else, planting traps, deceiving and so on. Although for cybersecurity specialists might find many things described in this book familiar, Mitnick makes a tour of many aspects related to cybersecurity and there are things to be learnt.
Finally, if you read the book as a novel, you can finish it in a couple of days; easily. But if you want to apply what is written there, this book can be a useful guide and you will finish it in a couple of months or years.
Quote: Take a moment and surf over to Panopticlick.com. This is a site built by the Electronic Frontier Foundation that will determine just how common or unique your browser configuration is compared to others, based on what’s running on your PC or mobile device’s operating system and the plug-ins you may have installed.
Strong points: Albert Einstein said: “If you can't explain it simply, you don't understand it well enough”. Kevin Mitnick did a very good job at explaining complicated things related to cybersecurity in layman terms. So, whether if you want to learn more about cybersecurity or you are simply curious about it, then this is a book to read.
Weak points: The book is quite long and the reader might lose patience, especially given the he faces – inevitably – some technicalities on the road. In fact, the length of the book might be a strong point or a weak point, depending on the point of view of each reader.
December 26, 2019
I read Mitnick's Ghost in the Wires in 2011-ish (my review) and really liked it - I knew about Mitnick from being a geeky wanna-be kid computer hacker; reading about his strung-together exploits was great wish fulfillment.
I'll start with a couple things I liked about The Art of Invisibility. In each chapter there were stories and anecdotes of people (mis)using technologies to conduct their business, or get caught in the act - these were consistently interesting. The book is decently accessible for a fairly wide audience, and is a great way to learn Cyber Security 101. There are also some great, easy takeaways. I'd been following lots of the easy advice already (password manager, 2FA/MFA, etc) but the quick, easy action I took away was installing the HTTPS Everywhere extension in Chrome.
Unfortunately there was a lot that bugged me about the book:
Book-reader mismatch? I've been a life-long geek, always interested in tech & privacy. I work for a giant corporation who has provided cyber security training. I've also spent my career working on industrial control systems, picking up more security knowledge along the way. So very little of the content was brand-new for me. I nearly ditched the book after a terrifically boring first chapter on password security that felt like remedial cyber training at work. Help me get engaged in the content, please!
Structure/editing? The "hands-on" portion of the book - the stuff you're supposed to do - is clumsily smashed in between the interesting anecdotes and stories. Example: paragraphs and paragraphs of how to navigate to settings in iPhone and Android menus. The book could have benefited from separating your possible actions into end-of-chapter notes, and kept the interesting content front-and-centre.
Quickly dated? I think it's hard to print a book like this and have it stay current. I would say this book, printed in 2017, is certainly not timeless; it's got a limited shelf life. Example: Recommending AdBlock Plus extension. I am pretty sure the current consensus says AdBlock is basically malware, and uBlock Origin or AdGuard are among the current favourites (if I am wrong someone let me know).
Inconsistent audience? I imagine Mitnick writing different sections, paragraphs and chapters for different audiences, with different knowledge levels. Because I am just one person, this makes reading more difficult. In extreme cases this becomes ridiculous: a pair of consecutive paragraphs read something like "Are you the sort of person who is susceptible to having the Ask.com toolbar accidentally installed in your browser? Just use FireFox w/ the NoScript extension in a Mac OSX VM on your Windows box!". Easy!
Lastly, the sentence that made me lose the last bit of confidence was when Mitnick advised me - on page 160, more than halfway into this book on keeping yourself cyber-secure - not to post my credit card number on Twitter. Really? ............. Really?
Having said all that, the anecdotes were good enough that I LIKED the book, and on the Goodreads emotional scale that's 3 stars. I would easily recommend this book to people interested in learning about being more cyber-secure, but would suggest that the experts and disinterested audiences avoid it.
I'll start with a couple things I liked about The Art of Invisibility. In each chapter there were stories and anecdotes of people (mis)using technologies to conduct their business, or get caught in the act - these were consistently interesting. The book is decently accessible for a fairly wide audience, and is a great way to learn Cyber Security 101. There are also some great, easy takeaways. I'd been following lots of the easy advice already (password manager, 2FA/MFA, etc) but the quick, easy action I took away was installing the HTTPS Everywhere extension in Chrome.
Unfortunately there was a lot that bugged me about the book:
Book-reader mismatch? I've been a life-long geek, always interested in tech & privacy. I work for a giant corporation who has provided cyber security training. I've also spent my career working on industrial control systems, picking up more security knowledge along the way. So very little of the content was brand-new for me. I nearly ditched the book after a terrifically boring first chapter on password security that felt like remedial cyber training at work. Help me get engaged in the content, please!
Structure/editing? The "hands-on" portion of the book - the stuff you're supposed to do - is clumsily smashed in between the interesting anecdotes and stories. Example: paragraphs and paragraphs of how to navigate to settings in iPhone and Android menus. The book could have benefited from separating your possible actions into end-of-chapter notes, and kept the interesting content front-and-centre.
Quickly dated? I think it's hard to print a book like this and have it stay current. I would say this book, printed in 2017, is certainly not timeless; it's got a limited shelf life. Example: Recommending AdBlock Plus extension. I am pretty sure the current consensus says AdBlock is basically malware, and uBlock Origin or AdGuard are among the current favourites (if I am wrong someone let me know).
Inconsistent audience? I imagine Mitnick writing different sections, paragraphs and chapters for different audiences, with different knowledge levels. Because I am just one person, this makes reading more difficult. In extreme cases this becomes ridiculous: a pair of consecutive paragraphs read something like "Are you the sort of person who is susceptible to having the Ask.com toolbar accidentally installed in your browser? Just use FireFox w/ the NoScript extension in a Mac OSX VM on your Windows box!". Easy!
Lastly, the sentence that made me lose the last bit of confidence was when Mitnick advised me - on page 160, more than halfway into this book on keeping yourself cyber-secure - not to post my credit card number on Twitter. Really? ............. Really?
Having said all that, the anecdotes were good enough that I LIKED the book, and on the Goodreads emotional scale that's 3 stars. I would easily recommend this book to people interested in learning about being more cyber-secure, but would suggest that the experts and disinterested audiences avoid it.
May 3, 2019
Very interesting, I learned a lot, and feel a little bit safer. I also think I could probably be a criminal now.
March 15, 2019
Cybersecurity had been a big interest of mine for a while, so this book didn't bring enlightment but I certainly learned a few things. Author, in simple language designed for average Joe, describes basics of security in the era of internet. He mentions few useful applications and websites, but this is not step by step guide how to install Tor on your computer for example. This book could be two edge sword - it can make you feel depressed, as there is not such a thing as a complete invisibility in today's world, so you decide to do nothing, or it can prompt you to put as many locks on your virtual door as you can.
If you think you don't need cybersecurity as you have nothing to hide....
Imagine your boss and wife seeing your skillfully photoshoped inappropriate photos with some unknown lady, gained from your mailbox or Facebook account. Imagine your bank statements wildly available to public on the internet. Imagine your house being robbed while you are on vacation as someone saw confirmation of purchased air ticket in your mailbox. Imagine your daughter receiving threats from a stalker who knows her every move ....
You may have nothing to hide, but you have lots of things to protect.
If you think you don't need cybersecurity as you have nothing to hide....
Imagine your boss and wife seeing your skillfully photoshoped inappropriate photos with some unknown lady, gained from your mailbox or Facebook account. Imagine your bank statements wildly available to public on the internet. Imagine your house being robbed while you are on vacation as someone saw confirmation of purchased air ticket in your mailbox. Imagine your daughter receiving threats from a stalker who knows her every move ....
You may have nothing to hide, but you have lots of things to protect.
December 21, 2020
Do you use a cell phone? A tablet? Any "smart" devices? Drive a car manufactured in the 1980s or later? Use the internet? Have a job? Go shopping? Post on social media? Basically live in a modern society? You are being tracked. Constantly. Big Brother and Big Data are everywhere, collecting information about you and your habits every minute of every day. Some claim it's for the greater good, such as fitness devices providing health data, or to better target marketing, such as department stores texting you about sales as you shop. But what about less ethical reasons? Data breaches and successful hacking attempts are making headlines at a record rate.
Luckily there are things you can do to help protect yourself. Kevin Mitnick, a ex-convict turned ethical hacker, outlines steps you can take today in his book The Art of Invisibility. It is a practical guide and you don't need to be an IT guru to use Mitnik's advice, though having a basic understanding of computers is helpful. The book is broken into two sections. The first half provides the basics on how to protect yourself online, such as using secure passwords, installing browser add ons to increase security while surfing the web and not using free wifi networks for online banking (duh!). The second half is where things get really scary as Mitnick shows just how insecure all technology is, things we use every day without even thinking, how your job is monitoring you and even how recycling or selling old equipment can lead to identity theft. Lax security is everywhere and it's frightening just how unaware and/or accepting most of us are.
The good news is that true invisibility on the internet and in daily life is achievable though increasingly difficult as technology continues to evolve. It requires a lot of diligence, probably more than most people are willing to commit to. Mitnick offers enough advice for you to choose what level of privacy you'd like to acheive and how to go about it.
We are only as secure as the weakest link in the chain and that weakest link is us in a lot of cases due to ignorance. It's up to us to protect ourselves by staying informed. This book is a great place to start on your personal cyber security journey.
Luckily there are things you can do to help protect yourself. Kevin Mitnick, a ex-convict turned ethical hacker, outlines steps you can take today in his book The Art of Invisibility. It is a practical guide and you don't need to be an IT guru to use Mitnik's advice, though having a basic understanding of computers is helpful. The book is broken into two sections. The first half provides the basics on how to protect yourself online, such as using secure passwords, installing browser add ons to increase security while surfing the web and not using free wifi networks for online banking (duh!). The second half is where things get really scary as Mitnick shows just how insecure all technology is, things we use every day without even thinking, how your job is monitoring you and even how recycling or selling old equipment can lead to identity theft. Lax security is everywhere and it's frightening just how unaware and/or accepting most of us are.
The good news is that true invisibility on the internet and in daily life is achievable though increasingly difficult as technology continues to evolve. It requires a lot of diligence, probably more than most people are willing to commit to. Mitnick offers enough advice for you to choose what level of privacy you'd like to acheive and how to go about it.
We are only as secure as the weakest link in the chain and that weakest link is us in a lot of cases due to ignorance. It's up to us to protect ourselves by staying informed. This book is a great place to start on your personal cyber security journey.
September 15, 2017
كتاب يتحدث عن الخطوات اللازمة لتصبح مختفيًا على الأنظار لما تبحر على الإنترنت بشكل عام وكيف تحمي خصوصيتك الرقمية بشكل خاص.
ربما وصف ما يتحدث الكتاب عنه بـ"الفن" أمر مقصود، حيث أن الإلمام بجميع الأساسيات التي يُعالجها الكتاب ليس كفيلًا بضمان تخفيك الكامل عن الأنظار، بقدر ما هو معرفة بجملة الأخطاء الشائعة التي يُمكنك أن تقع فيها إن أردت أن تبقى مُختفيًا على الأنظار، أو حتى للحفاظ على خصوصيتك.
الإشكال الذي يواجهنا حاليًا هو أننا تحت مُراقبة دائمة ولصيقة، فإن لم تظهر صورتك في أية كاميرات مُراقبة، وإن لم تكن تنشر كامل حياتك الخاصة على فيس بوك، فإنك تحمل معك هاتفًا مزوّدًا بحساس تسارع، وبكاميرا أمامية وخلفية، وبنظام للملاحة الجوية، بل وقد تضع على رسغك ساعة ذكيّة تسجّل حركاتك وسكناتك، بل حتى نبضات قلبك وتسارعها ما يسمح بمعرفة إن كنت نائمًا، أو تُمارس الرّياضة أو تمارس أي نشاط آخر (حتى ولو كان حميميًا) يُمكن التّعرف عليه من تسارع نبضات قلبك.
الخلاصة التي خرجت بها من الكتاب هي أن التّخفي التّام أمر شبه مُستحيل، وهو مُتاح بشكل جزئي فقط لمن يكون التّخفي جزءًا أساسيا من نشاطه على الإنترنت كالناشطين الحُقوقيين أو السياسيين خاصّة في البلدان التي تعرف قمعًا للحُريّات. قد يكون تحقيق تخفِّ جزئي مُمكنا لمن لا ينتمون إلى هذه الفئة، لكن يبقى محدودًا.
التّخفي المقصود في الكتاب ليس بالضرورة الاختفاء لأجل تنفيذ عمليات مشبوهة أو محضورة قانونًا، وإنما هي أوسع من ذلك لتشمل حماية خصوصيتك الرقمية على الإنترنت. كما أن هذه الحماية لا تكون مطلوبة لما يكون المُتخفّى منه جهة حكومية أو نظامًا قضائيًا، وإنما حتى من أعين الشّركات التي قد تستغل تلك البيانات لصالحها أو حتى من أعين المُتطفّلين الذين قد يلحقون ضرًرا بك أو كشف بياناتك الخاصة.
يذكّر الكتاب باحتياطات قياسية معروفة يجب على الجميع اتّخاذها، كاستخدام التّشفير في كل مكان (تشفير بياناتك على جميع الأجهزة الشخصية) واستخدام وسائل تواصل تستخدم التشفير وتحمي الخصوصية (كتطبيق سيجنال للدردشة والمُحادثات) وتصفّح المواقع عبر بروتوكول إس إس إل إن توفّر، إضافة إلى تغطية كاميرا الحاسوب مثلًا أو "إغلاق" منفذ الصوت فيه، وحتى استخدام البرمجيات مفتوحة المصدر وما إلى ذلك.
لكن احتوى أيضًا على نصائح ربما لن تخطر على بالك أو أن لا تعتبرها أساسية، كاستخدام "في بي إن" لدى الاتصال بالإنترنت من شبكات عامة، أو تغيير عنوان ماك لدى استخدامها، أو حتى إطفاء شبكة الواي فاي لدى عدم الحاجة إليها. إضافة إلى تغيير إعدادات الراوتر المنزلي أو حتى كلمة سر كاميرا المُراقبة التي نصّبتها في منزلك.
الكتاب مفيد من حيث أنّه يذكّرنا بجميع الأخطار التي تُحدّق بخصوصياتنا الرّقمية، وبضرورة إيلاء الأمر اهتمامًا بالغًا، حيث أن حماية الخصوصية لا تهم فقط من "لديه حاجة ليخفيها" بل هل حقّ يتوجّب على الجميع الحفاظ عليها.
ربما وصف ما يتحدث الكتاب عنه بـ"الفن" أمر مقصود، حيث أن الإلمام بجميع الأساسيات التي يُعالجها الكتاب ليس كفيلًا بضمان تخفيك الكامل عن الأنظار، بقدر ما هو معرفة بجملة الأخطاء الشائعة التي يُمكنك أن تقع فيها إن أردت أن تبقى مُختفيًا على الأنظار، أو حتى للحفاظ على خصوصيتك.
الإشكال الذي يواجهنا حاليًا هو أننا تحت مُراقبة دائمة ولصيقة، فإن لم تظهر صورتك في أية كاميرات مُراقبة، وإن لم تكن تنشر كامل حياتك الخاصة على فيس بوك، فإنك تحمل معك هاتفًا مزوّدًا بحساس تسارع، وبكاميرا أمامية وخلفية، وبنظام للملاحة الجوية، بل وقد تضع على رسغك ساعة ذكيّة تسجّل حركاتك وسكناتك، بل حتى نبضات قلبك وتسارعها ما يسمح بمعرفة إن كنت نائمًا، أو تُمارس الرّياضة أو تمارس أي نشاط آخر (حتى ولو كان حميميًا) يُمكن التّعرف عليه من تسارع نبضات قلبك.
الخلاصة التي خرجت بها من الكتاب هي أن التّخفي التّام أمر شبه مُستحيل، وهو مُتاح بشكل جزئي فقط لمن يكون التّخفي جزءًا أساسيا من نشاطه على الإنترنت كالناشطين الحُقوقيين أو السياسيين خاصّة في البلدان التي تعرف قمعًا للحُريّات. قد يكون تحقيق تخفِّ جزئي مُمكنا لمن لا ينتمون إلى هذه الفئة، لكن يبقى محدودًا.
التّخفي المقصود في الكتاب ليس بالضرورة الاختفاء لأجل تنفيذ عمليات مشبوهة أو محضورة قانونًا، وإنما هي أوسع من ذلك لتشمل حماية خصوصيتك الرقمية على الإنترنت. كما أن هذه الحماية لا تكون مطلوبة لما يكون المُتخفّى منه جهة حكومية أو نظامًا قضائيًا، وإنما حتى من أعين الشّركات التي قد تستغل تلك البيانات لصالحها أو حتى من أعين المُتطفّلين الذين قد يلحقون ضرًرا بك أو كشف بياناتك الخاصة.
يذكّر الكتاب باحتياطات قياسية معروفة يجب على الجميع اتّخاذها، كاستخدام التّشفير في كل مكان (تشفير بياناتك على جميع الأجهزة الشخصية) واستخدام وسائل تواصل تستخدم التشفير وتحمي الخصوصية (كتطبيق سيجنال للدردشة والمُحادثات) وتصفّح المواقع عبر بروتوكول إس إس إل إن توفّر، إضافة إلى تغطية كاميرا الحاسوب مثلًا أو "إغلاق" منفذ الصوت فيه، وحتى استخدام البرمجيات مفتوحة المصدر وما إلى ذلك.
لكن احتوى أيضًا على نصائح ربما لن تخطر على بالك أو أن لا تعتبرها أساسية، كاستخدام "في بي إن" لدى الاتصال بالإنترنت من شبكات عامة، أو تغيير عنوان ماك لدى استخدامها، أو حتى إطفاء شبكة الواي فاي لدى عدم الحاجة إليها. إضافة إلى تغيير إعدادات الراوتر المنزلي أو حتى كلمة سر كاميرا المُراقبة التي نصّبتها في منزلك.
الكتاب مفيد من حيث أنّه يذكّرنا بجميع الأخطار التي تُحدّق بخصوصياتنا الرّقمية، وبضرورة إيلاء الأمر اهتمامًا بالغًا، حيث أن حماية الخصوصية لا تهم فقط من "لديه حاجة ليخفيها" بل هل حقّ يتوجّب على الجميع الحفاظ عليها.
March 16, 2017
A cautionary tale of just how visible you are on the internet and in todays connected society.
First off I am fully aware of the irony of posting a review of this book online on Goodreads, my blog and Facebook after reading a book on how to be invisible on the internet.....
This was a an entertaining read and although I work in the IT field, there were still some security facts in the book that I was not aware so I learnt a fair amount. There are also some useful references for security tools that I had not been previously aware of (although I'm not a security professional).
Despite the above, the book isn't too technical to make the non IT person bored but it may well make them paranoid! There is a huge emphasis on becoming invisible in the book through extreme measures such as paying a complete strange to buy some gift cards at a store that doesn't have cameras in the store OR on the way to the store, then using that to buy bitcoins - twice to ensure they are completely laundered and then using those new coins to purchase various items. Not something that the average person in the street is likely to ever do ......and I must admit I do wonder if someone needs to go to all that trouble, would they be reading this book?
There are useful hints and tips about using secure messaging, email etc that can be used by everyone just to keep their internet usage secure which are not too extreme for the day to day consumer.
But for the ultra paranoid/nefarious, this book will either help you solve some of your issues or make you even more paranoid as it brings up points you hadn't thought of before....
First off I am fully aware of the irony of posting a review of this book online on Goodreads, my blog and Facebook after reading a book on how to be invisible on the internet.....
This was a an entertaining read and although I work in the IT field, there were still some security facts in the book that I was not aware so I learnt a fair amount. There are also some useful references for security tools that I had not been previously aware of (although I'm not a security professional).
Despite the above, the book isn't too technical to make the non IT person bored but it may well make them paranoid! There is a huge emphasis on becoming invisible in the book through extreme measures such as paying a complete strange to buy some gift cards at a store that doesn't have cameras in the store OR on the way to the store, then using that to buy bitcoins - twice to ensure they are completely laundered and then using those new coins to purchase various items. Not something that the average person in the street is likely to ever do ......and I must admit I do wonder if someone needs to go to all that trouble, would they be reading this book?
There are useful hints and tips about using secure messaging, email etc that can be used by everyone just to keep their internet usage secure which are not too extreme for the day to day consumer.
But for the ultra paranoid/nefarious, this book will either help you solve some of your issues or make you even more paranoid as it brings up points you hadn't thought of before....
March 24, 2021
Packed with strategies and tactics for increasing your digital security and privacy. It instills a privacy mindset. Each chapter raises awareness by explaining some privacy challenges in a not overly-technical way, usually with specific examples or stories, then gives instructions and advice on how to protect your privacy in the face of those challenges.
Average computer and phone users will likely be overwhelmed; this book is most useful to those whose tech-savviness is above average.
You'll quickly learn that the title of Chapter 14 is very true: obtaining anonymity is hard work. Mitnick explains that, "A persistent attacker will succeed given enough time and resources. … All you are really doing by trying to make yourself anonymous is putting up so many obstacles that an attacker will give up and move on to another target."
Mitnick says Rule #1 is "To be invisible online, you more or less need to create a separate identity, one that is completely unrelated to you. … you must also rigorously defend of the separation of your life from that anonymous identity."
Even though the book offers a wealth of privacy-protecting measures, you can still benefit by acting on a subset of them. It's not an all-or-nothing proposition.
I read this to increase my knowledge of digital security and privacy.
Notes
Your Password Can Be Cracked
Haveibeenpwned.com will tell if you have compromised accounts.
Use passwords of 20-25 random characters.
Replacing letters with numbers (leetspeak) doesn't fool password-cracking software.
Use password manager (Mitnick likes Password Safe and KeePass that run locally and aren't cloud-connected).
Use a PIN of more than 4 characters to lock your phone. 7 characters is good. Use letters and numbers if phone allows.
If you use a lock pattern, use a complex, non-obvious pattern.
Biometrics are vulnerable, so use with another factor, not alone.
Provide creative (or false) answers to security questions.
If someone hacks your email: 1) reset password, 2) check Sent folder to see what hacker sent, 3) see if hacker set up any forwards.
Use two-factor authentication (2FA) or multi-factor authentication (MFA). An authentication app (such as Google Authenticator) is more secure than receiving auth codes by SMS (text message).
Use separate device (such as Chromebook or tablet) for working with finances (and maybe medical stuff) online.
Who Else Is Reading Your E-mail?
Use PGP, OpenPGP, or GPG to encrypt email.
When you encrypt a message (email, text, phone call), use end-to-end encryption. There are PGP browser plugins such as Mailvelope.
You can hide your IP address by using a proxy, remailer, or Tor (torproject.org, Orbot app for Android, Onion Browser app for iOS).
Use Tor on a separate device.
Wiretapping 101
Signal provides free end-to-end encrypted communication for iOS and Android.
If You Don't Encrypt, You're Unequipped
Text (SMS) messages aren't private. They're sent unencrypted and are stored by carriers for some amount of time.
All popular messaging apps encrypt data in transit, but not all use strong encryption, and most don't encrypt data at rest. WhatsApp provides end-to-end encryption, and Facebook Messenger provides it if you opt in to "Secret Conversations."
Skype stores messages without encrypting them.
Whisper, Secret, and Telegram apps aren't secure and private enough.
Look for messaging apps that provide off-the-record (OTR) messaging, and perfect forward secrecy (PFS). Mitnick recommends Signal ("perhaps the best open-source option"), ChatSecure, Cryptocat, Tor Messenger.
Now You See Me, Now You Don't
HTTPS Everywhere browser plugin forces HTTPS whenever possible, and can secure otherwise insecure connection negotiation.
Beware free proxy services. When using a commercial proxy service, read privacy policy, looking for how it handles data in motion, law enforcement, government requests for info.
Set privacy options in Google account, and/or use Startpage.com or DuckDuckGo, which doesn't track users.
Every Mouse Click You Make, I'll Be Watching You
One way to minimize tracking is to browse in a virtual machine (VM).
NoScript and ScriptBlock plugins block ads and third-party referrers, reducing tracking.
Adblock Plus browser plugin blocks potentially dangerous ads, but Adblock tracks you.
Ghostery browser plugin allows you to limit tracking.
Use a variety of email addresses tailored to individual purposes to make it harder for marketers and hackers to build profile of you.
Cookies from normal browsing will apply to private mode browsing.
Consider removing cookies on case-by-case basis to limit tracking. You should delete referrer cookies, super cookies. CCleaner can help.
Don't use social sign-in options (e.g., OAuth) on websites, because if someone hacks your social account they can access all those linked sites.
Browser extensions Facebook Disconnect and Facebook Privacy List for Adblock Plus give you control over what you share with Facebook.
Browser plugins CanvasBlocker and CanvasFingerprintBlock block canvas fingerprinting.
Use cryptocurrency (e.g., Bitcoin) to pay anonymously.
Pay Up Or Else!
If your router has an open/guest network, lock down its settings or disable it.
Update router firmware regularly.
Change WiFi name (SSID) to something that doesn't identify you or the make and model of the router. Change router admin username and password. Use WPA2. Disable WiFi Protected Setup (WPS).
It's easy for malicious software to activate camera and microphone on computers and mobile devices. Put tape over cameras when not in use.
In general, don't respond to unsolicited messages requesting personal info. Instead, contact the alleged sender through a known trustworthy channel (e.g., public phone number) to ensure they actually sent request.
Keep full backups of PCs and mobile devices as precaution against ransomware.
It's difficult to decrypt ransomware, so consider paying ransom if you don't have backup.
Believe Everything, Trust Nothing
Don't use unencrypted public WiFi, at least not for anything involving personal data. Instead, use your cellular connection or personal hotspot.
Disable device's automatic connection to saved WiFi networks, or delete saved WiFi networks when you no longer need them, so device doesn't connect to malicious networks with the same name as saved networks.
Consider using a virtual private network (VPN) when using others' WiFi. Make sure it uses PFS. If the VPN provider keeps logs, make sure it doesn't retain traffic or connection logs, or make data available to law enforcement (as that would mean they log). Mitnick named OpenVPN, TorGuard, ExpressVPN, TunnelBear.
Turn off WiFi when you don't need it, to avoid being tracked by your MAC address.
To be invisible, prior to connecting to any WiFi you should change your MAC address to one not associated with you.
Never use public PCs for anything sensitive. Assume they have malware.
You Have No Privacy? Get Over It!
To request that photos of you be removed from a website, email abuse@domain.com, admin@domain.com. If they don't remove photos, email dmca@domain.com, or file a DMCA request with the website's host or ISP.
Limit personal info you put in social media profiles. Set privacy settings. Don't display your birthday.
Be very careful whom you friend or connect with on social media, as they instantly get access to a lot of personal info.
Disable location broadcasting in all apps or for entire phone.
Review Android app permissions before deciding whether to install.
iOS is much more secure than Android (if you don't jailbreak your Apple device).
You Can Run but Not Hide
Periodically delete location history from your phone.
Wearables (fitness bands, smart watches, etc.) can track your location. Lock down privacy settings.
Hey, KITT, Don't Share My Location
Mass transit isn't anonymous unless you pay with cash, or with commuter card you paid for with cash.
Car infotainment systems store info (including your contacts) from paired phones. Don't pair your phone with cars that aren't yours. Delete data from infotainment system before you sell car.
The Internet Of Surveillance
Change default username and password on all Internet of Things (IoT) devices.
Most smart TVs record audio in the room while they're on, and transmit that audio unencrypted to the manufacturer. To stop this, disable voice recognition in settings.
Turning your phone off should prevent it from eavesdropping, but to be sure, pull the battery out.
Listening software and devices (Google Assistant, Siri, Cortana, Alexa, etc.) record audio searches/questions/commands indefinitely.
To avoid eavesdropping, put tape over cameras and put dummy mic plug (cut-off end of headphones) in mic jack.
Delete voice data from Amazon Echo devices before you get rid of them (do in your account).
When possible, turn off voice activation feature in voice-activated devices, to limit eavesdropping.
DIY home security systems that use your home network and home Internet connection are vulnerable to being disabled or triggering false alarms.
Things Your Boss Doesn't Want You To Know
Your employer probably monitors you, so if you're concerned about privacy, don't do anything personal at work, or use a personal device with your own cellular connection.
IMSI catchers (such as StingRay) are used by law enforcement to see which phones were at locations, such as protests.
Skype is monitored by NSA.
Securely wipe drives of printers, copy machines, video conferencing systems, etc. before getting rid of them.
Encrypt files before sharing via file sharing services if you don't want NSA reading them. Even when services encrypt data in transit or at rest, service provider has the keys, and can access or give access to your files.
SpiderOak provides 100% data privacy (they have no knowledge of your password and data).
Obtaining Anonymity Is Hard Work
VeraCrypt can create a visible or hidden encrypted folder.
On iPhone, set a password for encrypted iTunes backups to prevent someone from backing up your phone to their PC without your knowledge.
Rebooting an iPhone disables Touch ID until passcode is entered, so reboot phone before going through security checkpoints.
In US, law enforcement can't demand your password, but can compel you to provide fingerprints to unlock a device.
When traveling, take your laptop with you everywhere. If you must leave it somewhere, power it completely off so an attacker can't dump the memory to get your drive encryption keys.
The Tails OS can be booted up on any modern computer and not leave any forensically recoverable data on the hard drive. Run Tails from a USB drive or DVD.
Windows BitLocker is OK for average user, but isn't ideal because it's privately owned and may contain back doors, and you must share your key with Microsoft unless you pay $250.
Other disk encryption software: PGP Whole Disk Encryption, WinMagic, Apple's FileVault 2.
Don't let encryption software save its keys to the provider's online account, as that grants them access to your data.
Encryption is often enough to foil common thieves, but not dedicated governments.
Hotel safes aren't much safer than keeping items in your suitcase in your room.
Loyalty cards track your purchasing habits. Register with a false name, address, phone number to prevent data from being linked to you.
Don't install software updates when on others' WiFi, unless you use your own cellular connection to verify from the vendor's site that the update is legit. If update isn't critical, wait to install when you're on a trusted network.
Mastering The Art Of Invisibility
ProtonMail and Tutanota provide email accounts without identity verification. Fastmail is another option that doesn't mine user data. Use Tor to get to the sites to register anonymously.
Average computer and phone users will likely be overwhelmed; this book is most useful to those whose tech-savviness is above average.
You'll quickly learn that the title of Chapter 14 is very true: obtaining anonymity is hard work. Mitnick explains that, "A persistent attacker will succeed given enough time and resources. … All you are really doing by trying to make yourself anonymous is putting up so many obstacles that an attacker will give up and move on to another target."
Mitnick says Rule #1 is "To be invisible online, you more or less need to create a separate identity, one that is completely unrelated to you. … you must also rigorously defend of the separation of your life from that anonymous identity."
Even though the book offers a wealth of privacy-protecting measures, you can still benefit by acting on a subset of them. It's not an all-or-nothing proposition.
I read this to increase my knowledge of digital security and privacy.
Notes
Your Password Can Be Cracked
Haveibeenpwned.com will tell if you have compromised accounts.
Use passwords of 20-25 random characters.
Replacing letters with numbers (leetspeak) doesn't fool password-cracking software.
Use password manager (Mitnick likes Password Safe and KeePass that run locally and aren't cloud-connected).
Use a PIN of more than 4 characters to lock your phone. 7 characters is good. Use letters and numbers if phone allows.
If you use a lock pattern, use a complex, non-obvious pattern.
Biometrics are vulnerable, so use with another factor, not alone.
Provide creative (or false) answers to security questions.
If someone hacks your email: 1) reset password, 2) check Sent folder to see what hacker sent, 3) see if hacker set up any forwards.
Use two-factor authentication (2FA) or multi-factor authentication (MFA). An authentication app (such as Google Authenticator) is more secure than receiving auth codes by SMS (text message).
Use separate device (such as Chromebook or tablet) for working with finances (and maybe medical stuff) online.
Who Else Is Reading Your E-mail?
Use PGP, OpenPGP, or GPG to encrypt email.
When you encrypt a message (email, text, phone call), use end-to-end encryption. There are PGP browser plugins such as Mailvelope.
You can hide your IP address by using a proxy, remailer, or Tor (torproject.org, Orbot app for Android, Onion Browser app for iOS).
Use Tor on a separate device.
Wiretapping 101
Signal provides free end-to-end encrypted communication for iOS and Android.
If You Don't Encrypt, You're Unequipped
Text (SMS) messages aren't private. They're sent unencrypted and are stored by carriers for some amount of time.
All popular messaging apps encrypt data in transit, but not all use strong encryption, and most don't encrypt data at rest. WhatsApp provides end-to-end encryption, and Facebook Messenger provides it if you opt in to "Secret Conversations."
Skype stores messages without encrypting them.
Whisper, Secret, and Telegram apps aren't secure and private enough.
Look for messaging apps that provide off-the-record (OTR) messaging, and perfect forward secrecy (PFS). Mitnick recommends Signal ("perhaps the best open-source option"), ChatSecure, Cryptocat, Tor Messenger.
Now You See Me, Now You Don't
HTTPS Everywhere browser plugin forces HTTPS whenever possible, and can secure otherwise insecure connection negotiation.
Beware free proxy services. When using a commercial proxy service, read privacy policy, looking for how it handles data in motion, law enforcement, government requests for info.
Set privacy options in Google account, and/or use Startpage.com or DuckDuckGo, which doesn't track users.
Every Mouse Click You Make, I'll Be Watching You
One way to minimize tracking is to browse in a virtual machine (VM).
NoScript and ScriptBlock plugins block ads and third-party referrers, reducing tracking.
Adblock Plus browser plugin blocks potentially dangerous ads, but Adblock tracks you.
Ghostery browser plugin allows you to limit tracking.
Use a variety of email addresses tailored to individual purposes to make it harder for marketers and hackers to build profile of you.
Cookies from normal browsing will apply to private mode browsing.
Consider removing cookies on case-by-case basis to limit tracking. You should delete referrer cookies, super cookies. CCleaner can help.
Don't use social sign-in options (e.g., OAuth) on websites, because if someone hacks your social account they can access all those linked sites.
Browser extensions Facebook Disconnect and Facebook Privacy List for Adblock Plus give you control over what you share with Facebook.
Browser plugins CanvasBlocker and CanvasFingerprintBlock block canvas fingerprinting.
Use cryptocurrency (e.g., Bitcoin) to pay anonymously.
Pay Up Or Else!
If your router has an open/guest network, lock down its settings or disable it.
Update router firmware regularly.
Change WiFi name (SSID) to something that doesn't identify you or the make and model of the router. Change router admin username and password. Use WPA2. Disable WiFi Protected Setup (WPS).
It's easy for malicious software to activate camera and microphone on computers and mobile devices. Put tape over cameras when not in use.
In general, don't respond to unsolicited messages requesting personal info. Instead, contact the alleged sender through a known trustworthy channel (e.g., public phone number) to ensure they actually sent request.
Keep full backups of PCs and mobile devices as precaution against ransomware.
It's difficult to decrypt ransomware, so consider paying ransom if you don't have backup.
Believe Everything, Trust Nothing
Don't use unencrypted public WiFi, at least not for anything involving personal data. Instead, use your cellular connection or personal hotspot.
Disable device's automatic connection to saved WiFi networks, or delete saved WiFi networks when you no longer need them, so device doesn't connect to malicious networks with the same name as saved networks.
Consider using a virtual private network (VPN) when using others' WiFi. Make sure it uses PFS. If the VPN provider keeps logs, make sure it doesn't retain traffic or connection logs, or make data available to law enforcement (as that would mean they log). Mitnick named OpenVPN, TorGuard, ExpressVPN, TunnelBear.
Turn off WiFi when you don't need it, to avoid being tracked by your MAC address.
To be invisible, prior to connecting to any WiFi you should change your MAC address to one not associated with you.
Never use public PCs for anything sensitive. Assume they have malware.
You Have No Privacy? Get Over It!
To request that photos of you be removed from a website, email abuse@domain.com, admin@domain.com. If they don't remove photos, email dmca@domain.com, or file a DMCA request with the website's host or ISP.
Limit personal info you put in social media profiles. Set privacy settings. Don't display your birthday.
Be very careful whom you friend or connect with on social media, as they instantly get access to a lot of personal info.
Disable location broadcasting in all apps or for entire phone.
Review Android app permissions before deciding whether to install.
iOS is much more secure than Android (if you don't jailbreak your Apple device).
You Can Run but Not Hide
Periodically delete location history from your phone.
Wearables (fitness bands, smart watches, etc.) can track your location. Lock down privacy settings.
Hey, KITT, Don't Share My Location
Mass transit isn't anonymous unless you pay with cash, or with commuter card you paid for with cash.
Car infotainment systems store info (including your contacts) from paired phones. Don't pair your phone with cars that aren't yours. Delete data from infotainment system before you sell car.
The Internet Of Surveillance
Change default username and password on all Internet of Things (IoT) devices.
Most smart TVs record audio in the room while they're on, and transmit that audio unencrypted to the manufacturer. To stop this, disable voice recognition in settings.
Turning your phone off should prevent it from eavesdropping, but to be sure, pull the battery out.
Listening software and devices (Google Assistant, Siri, Cortana, Alexa, etc.) record audio searches/questions/commands indefinitely.
To avoid eavesdropping, put tape over cameras and put dummy mic plug (cut-off end of headphones) in mic jack.
Delete voice data from Amazon Echo devices before you get rid of them (do in your account).
When possible, turn off voice activation feature in voice-activated devices, to limit eavesdropping.
DIY home security systems that use your home network and home Internet connection are vulnerable to being disabled or triggering false alarms.
Things Your Boss Doesn't Want You To Know
Your employer probably monitors you, so if you're concerned about privacy, don't do anything personal at work, or use a personal device with your own cellular connection.
IMSI catchers (such as StingRay) are used by law enforcement to see which phones were at locations, such as protests.
Skype is monitored by NSA.
Securely wipe drives of printers, copy machines, video conferencing systems, etc. before getting rid of them.
Encrypt files before sharing via file sharing services if you don't want NSA reading them. Even when services encrypt data in transit or at rest, service provider has the keys, and can access or give access to your files.
SpiderOak provides 100% data privacy (they have no knowledge of your password and data).
Obtaining Anonymity Is Hard Work
VeraCrypt can create a visible or hidden encrypted folder.
On iPhone, set a password for encrypted iTunes backups to prevent someone from backing up your phone to their PC without your knowledge.
Rebooting an iPhone disables Touch ID until passcode is entered, so reboot phone before going through security checkpoints.
In US, law enforcement can't demand your password, but can compel you to provide fingerprints to unlock a device.
When traveling, take your laptop with you everywhere. If you must leave it somewhere, power it completely off so an attacker can't dump the memory to get your drive encryption keys.
The Tails OS can be booted up on any modern computer and not leave any forensically recoverable data on the hard drive. Run Tails from a USB drive or DVD.
Windows BitLocker is OK for average user, but isn't ideal because it's privately owned and may contain back doors, and you must share your key with Microsoft unless you pay $250.
Other disk encryption software: PGP Whole Disk Encryption, WinMagic, Apple's FileVault 2.
Don't let encryption software save its keys to the provider's online account, as that grants them access to your data.
Encryption is often enough to foil common thieves, but not dedicated governments.
Hotel safes aren't much safer than keeping items in your suitcase in your room.
Loyalty cards track your purchasing habits. Register with a false name, address, phone number to prevent data from being linked to you.
Don't install software updates when on others' WiFi, unless you use your own cellular connection to verify from the vendor's site that the update is legit. If update isn't critical, wait to install when you're on a trusted network.
Mastering The Art Of Invisibility
ProtonMail and Tutanota provide email accounts without identity verification. Fastmail is another option that doesn't mine user data. Use Tor to get to the sites to register anonymously.
December 31, 2017
This is a lot of material, and obviously most of it won't apply to most people, but it's a fascinating look into just how much we take for granted in today's world of electronic devices. This is a good reference for anyone who wants to learn about technology in general, or the internet specifically, and if it teaches even a few people to be a bit less free with their personal information, then I think the author would consider writing the book time well spent.
August 6, 2017
Loved this read. It can be a little tech heavy in some places, as is the nature of the beast. Scared the bejeezus out of me in other areas. Orwell was right. Hi there, big brother.
March 13, 2018
this book gives you a lot of information about the privacy in the virtual world (internet).
what are the things are being tracked, why you're tracked, what are the impacts and much more, and more importantly, how to protect your self from those trackings.
It's better to read the written addition of the book, if you decided to go with the audiobook keep something to take notes while reading, you may need write down some names of add-ons or software.
some information is repeated so many times, but linked in one way or another. the book explains some so advance technics to be invisible, but as a normal user you don't need all that, still what is good is that he explains each process and why you may want that.
Also he mentioned some stories to make clear the importance of some procedures.
what are the things are being tracked, why you're tracked, what are the impacts and much more, and more importantly, how to protect your self from those trackings.
It's better to read the written addition of the book, if you decided to go with the audiobook keep something to take notes while reading, you may need write down some names of add-ons or software.
some information is repeated so many times, but linked in one way or another. the book explains some so advance technics to be invisible, but as a normal user you don't need all that, still what is good is that he explains each process and why you may want that.
Also he mentioned some stories to make clear the importance of some procedures.
November 12, 2019
Heavy read. It does cover a lot for a small book. How to anonymous in the current age. Book is a bit outdated but relevant underlying principles. If you want to know how much you are vulnerable to a cyber attack, you can read this. It was fun while it lasted. Last few chapters were really helpful.
December 20, 2017
A fascinating and tremendously helpful piece of writing. Because of this book, I spent hours changing all my passwords, my online accounts, hours reconfiguring my laptop and cellphone, haha.
The writing isn't that great, and Mitnick's ego gets in the way often, but well, I pick up the book for the other infos that he provides. I have little knowledge in cyber security so this is awesome, but for others with stronger background, it may not be so. I wish the book were more detailed on the exact working of the technologies presented, but well, for practical purpose and its general audience, it serves well.
After the recent few books on technology I have read these days, I realize that the world I'm living in is approaching a dystopian-like realm. I didn't notice it, because from the appearance it's still fine, people still highly value privacy. Yet at the same time, we are unaware of the way we make ourselves vulnerable, of the colossal footprints we leave everyday due to the deeper and deeper integration of technology. Not many people are like Mitnick, a criminal trying to disguise his identity, yet it's disturbing to see how much others, either states or private entities, can tell and pindown who we are with extreme accuracy and with little effort. Legal, ethical, and philosophical systems haven't caught up with the speed that technology has fused into our life, and in the limbo I wonder what to do.
Anyway, the point of the book is more like: becoming invisible is quite impossible, at least for general readers. It is very costly to do so, mentally and financially. What we can do is at best increasing our firewalls, telling the attackers to find easier preys.
The writing isn't that great, and Mitnick's ego gets in the way often, but well, I pick up the book for the other infos that he provides. I have little knowledge in cyber security so this is awesome, but for others with stronger background, it may not be so. I wish the book were more detailed on the exact working of the technologies presented, but well, for practical purpose and its general audience, it serves well.
After the recent few books on technology I have read these days, I realize that the world I'm living in is approaching a dystopian-like realm. I didn't notice it, because from the appearance it's still fine, people still highly value privacy. Yet at the same time, we are unaware of the way we make ourselves vulnerable, of the colossal footprints we leave everyday due to the deeper and deeper integration of technology. Not many people are like Mitnick, a criminal trying to disguise his identity, yet it's disturbing to see how much others, either states or private entities, can tell and pindown who we are with extreme accuracy and with little effort. Legal, ethical, and philosophical systems haven't caught up with the speed that technology has fused into our life, and in the limbo I wonder what to do.
Anyway, the point of the book is more like: becoming invisible is quite impossible, at least for general readers. It is very costly to do so, mentally and financially. What we can do is at best increasing our firewalls, telling the attackers to find easier preys.
July 24, 2018
“This book is all about staying online while retaining our precious privacy.”
3 1/2 stars. Well, reading The Art of Invisibility: The World's Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data has certainly been a very sobering experience. If Mitnick’s goal in writing this book was to to scare us readers into paranoia, he’s for sure succeeded.
Nowadays, none of us could imagine living without our electronics, but how much do we really know about the way they work, and how they reveal so much about us without our knowledge? I consider myself a pretty cautious person when it comes to my privacy, and I’m especially careful about just how much I reveal about myself online.
Kevin D. Mitnick showed me just how wrong I was in believing I’m doing a pretty good job of preserving my (online) privacy. I certainly learned a lot from reading The Art of Invisibility, and I am sure you will, too.
“We’re actually making decisions that carry a lifetime of ramifications. So we need to act.”
Blog ¦ Bloglovin’ ¦ Tumblr ¦ Instagram
March 31, 2020
The grumpus23 (23-word commentary) Maintaining separation between your real and anonymous life is possible, but requires constant vigilance. However, online invisibility is not feasible for average Joes.
November 10, 2017
Според мен само един американец може да е дотолкова обсебен от темата "личното ми пространство е нарушено". Сериозно... Не знам колко хиляди примери мога да дам от тази книга, които звучат като дошли от някакъв параноичен и побъркан на тази тема. ОК, разбирам целта - да се борим за "справедливост"... обаче да трябва да се изправям срещу хладилника си ми идва в повече.
Сайтовете събират информацията ми с цел реклама и я записват? Ми хубаво, нека записват... аз нямам нищо против да ми рекламират книги xD. Защото действително точно това са ми рекламите, ако реша да изключа AdBlock-а... А знаете ли какво? Аз винаги съм била наясно с политиката им, така че не ми е бил нужен Митник, за да разбирам "рисковете".
Аз съм дете на времето, в което в интернет човек се ровеше като къртица из разни любителски направени сайтове... аз пишех любителски сайтове на ръка. Винаги съм знаела, че не мога да стана "хакер" (нямам тази подготовка, нито пък даже парите, ако става въпрос), но изпитвам интерес към темата от чисто любопитство и спомен от първите ми срещи с компютрите. Много голяма част от този технологичен сайт се разви пред очите ми. Невинаги схващах бързо промените, но в крайна сметка съм наясно с повечето от тях.
Фейсбук знае повече за мен, отколкото аз знам за себе си? Да е жив и здрав... Ако Митник чуе това, ще въздъхне съчувствено, задето не искам да си пазя личното пространство. Аз обаче наистина не споделям почти нищо, колкото и авторът да има да ме убеждава. Даже специално проверих... за жалост, почти не фигурирам из пространството със свои снимки... сАлза. Сега почти очаквам Митник да каже как и малкото ми снимки стоят в пространството, без аз да го искам, все едно знае аз какво искам...
Четат ми имейлите? Боже, защо никой никога така и не ми прихвана някой имейл да ми помогне с темите за университета? Защо поне един нигерийски принц не се роди хакер, за да ми даде парите си, без да е нужно да му отговарям, ей така, понеже сърцето му е чисто... Защо веднъж някой хакер не ми хакна мейла, за да изпрати спам на контактите ми и всички професори да ми се качат на главата след това? Защото в днешно време имейлът го ползвам предимно за това.
Могат да ми разбият паролата?!
Могат, разбира се. Повечето хора на планетата не сме вундеркини. Винаги ще има някой по-добър от мен в тези неща. Винаги ще има по един Митник, който ще влезе в компютъра ми без проблем, ако поиска, дори да имам парола от 300 символа, виртуална компютърна система и прочие.
Винаги съществува опасността да ми източат картата. Винаги могат да се представят за мен, ако им е притрябвало да са букохолици. Не мога да се превърна в полицията или нещо подобно. Аз съм обикновен човек. Просто не желая да жертвам удобството и бързината, за да се мъча с Tor, примерно, в един свят, където всичко се стреми да стане бързо, лесно и удобно. Винаги ще има засечки. Винаги ще съществува опасност, защото винаги ще има хора, които смятат себе си за царе на интернета. Винаги ще има събиране на данни... отдавна сме се превърнали в общество, тръгнало към "1984" на Оруел, ако гледаме от една страна. Предполагам, че повечето хора дори знаят, че никога не са невидими... колко народ постоянно пуска за себе си информация - от това кога си ляга да спи, до това кога е в тоалетната?
Митник живее в съвсем друг свят от нас. Книгата му е като наръчник за младши престъпници, или поне така звучи в повечето случаи. Ние тук, в България, така или иначе трудно ще изпълним всички тези съвети. Колко хора у нас имат умен хладилник, телевизор, карат Tesla? Колко услуги у нас позволяват да си свършиш работата отдалеч... или да напомням за знаменитата опашка на СУ при плащането на семестриалните такси?
Колко хора ще имат възможността да си купят "два-три различни лаптопа" и да работят с "телефони за еднократно ползване"?
Значи, за да си невидим, трябва и да си нещо малко богат, мисля си...
Но давам на книгата повече звезди, защото ми беше интересна с представянето на различни системи и способи. Тези неща са ми интересни, макар и много да изглеждат неизпълними, а пък други - свръх прекалени. За някои по принцип имам представа и дори донякъде съм ги изпълнила, гордея се. Това за паролите например беше много интересно и като че ли най-полезно и достъпно.
Дано това успокои полицията xD. Ами ако следят всеки, който си е взел тази книга, от страх, че могат изведнъж да изгубят следите му?! Дали не стоят на вратата ми да подслушват тракането на клавиатурата ми, чакайки с проследяващото устройство да изчезна от света, да разбият вратата и да ме хванат на местопрестъплението?!
Сайтовете събират информацията ми с цел реклама и я записват? Ми хубаво, нека записват... аз нямам нищо против да ми рекламират книги xD. Защото действително точно това са ми рекламите, ако реша да изключа AdBlock-а... А знаете ли какво? Аз винаги съм била наясно с политиката им, така че не ми е бил нужен Митник, за да разбирам "рисковете".
Аз съм дете на времето, в което в интернет човек се ровеше като къртица из разни любителски направени сайтове... аз пишех любителски сайтове на ръка. Винаги съм знаела, че не мога да стана "хакер" (нямам тази подготовка, нито пък даже парите, ако става въпрос), но изпитвам интерес към темата от чисто любопитство и спомен от първите ми срещи с компютрите. Много голяма част от този технологичен сайт се разви пред очите ми. Невинаги схващах бързо промените, но в крайна сметка съм наясно с повечето от тях.
Фейсбук знае повече за мен, отколкото аз знам за себе си? Да е жив и здрав... Ако Митник чуе това, ще въздъхне съчувствено, задето не искам да си пазя личното пространство. Аз обаче наистина не споделям почти нищо, колкото и авторът да има да ме убеждава. Даже специално проверих... за жалост, почти не фигурирам из пространството със свои снимки... сАлза. Сега почти очаквам Митник да каже как и малкото ми снимки стоят в пространството, без аз да го искам, все едно знае аз какво искам...
Четат ми имейлите? Боже, защо никой никога така и не ми прихвана някой имейл да ми помогне с темите за университета? Защо поне един нигерийски принц не се роди хакер, за да ми даде парите си, без да е нужно да му отговарям, ей така, понеже сърцето му е чисто... Защо веднъж някой хакер не ми хакна мейла, за да изпрати спам на контактите ми и всички професори да ми се качат на главата след това? Защото в днешно време имейлът го ползвам предимно за това.
Могат да ми разбият паролата?!
Могат, разбира се. Повечето хора на планетата не сме вундеркини. Винаги ще има някой по-добър от мен в тези неща. Винаги ще има по един Митник, който ще влезе в компютъра ми без проблем, ако поиска, дори да имам парола от 300 символа, виртуална компютърна система и прочие.
Винаги съществува опасността да ми източат картата. Винаги могат да се представят за мен, ако им е притрябвало да са букохолици. Не мога да се превърна в полицията или нещо подобно. Аз съм обикновен човек. Просто не желая да жертвам удобството и бързината, за да се мъча с Tor, примерно, в един свят, където всичко се стреми да стане бързо, лесно и удобно. Винаги ще има засечки. Винаги ще съществува опасност, защото винаги ще има хора, които смятат себе си за царе на интернета. Винаги ще има събиране на данни... отдавна сме се превърнали в общество, тръгнало към "1984" на Оруел, ако гледаме от една страна. Предполагам, че повечето хора дори знаят, че никога не са невидими... колко народ постоянно пуска за себе си информация - от това кога си ляга да спи, до това кога е в тоалетната?
Митник живее в съвсем друг свят от нас. Книгата му е като наръчник за младши престъпници, или поне така звучи в повечето случаи. Ние тук, в България, така или иначе трудно ще изпълним всички тези съвети. Колко хора у нас имат умен хладилник, телевизор, карат Tesla? Колко услуги у нас позволяват да си свършиш работата отдалеч... или да напомням за знаменитата опашка на СУ при плащането на семестриалните такси?
Колко хора ще имат възможността да си купят "два-три различни лаптопа" и да работят с "телефони за еднократно ползване"?
Значи, за да си невидим, трябва и да си нещо малко богат, мисля си...
Но давам на книгата повече звезди, защото ми беше интересна с представянето на различни системи и способи. Тези неща са ми интересни, макар и много да изглеждат неизпълними, а пък други - свръх прекалени. За някои по принцип имам представа и дори донякъде съм ги изпълнила, гордея се. Това за паролите например беше много интересно и като че ли най-полезно и достъпно.
Дано това успокои полицията xD. Ами ако следят всеки, който си е взел тази книга, от страх, че могат изведнъж да изгубят следите му?! Дали не стоят на вратата ми да подслушват тракането на клавиатурата ми, чакайки с проследяващото устройство да изчезна от света, да разбият вратата и да ме хванат на местопрестъплението?!
June 29, 2018
So, you want to be invisible online? Great. All you'll need is three separate computers -- one for your top secret business, one for your banking, and one for your everyday use; a few new email addresses, a handful of burner phones, a large pile of cash to buy gift cards and electronics without leaving a credit trace, a slightly larger pile if you intend on paying strangers to buy said cards and electronics for you, an ability to habitually lie, and the concentration of a criminal mastermind to remember which accounts you're using on which computer so you never accidentally blend your Top Secret identity with your real one. Child's play.
Kevin Mitnick knows a thing or two about the necessity and the difficulty of staying invisible. He spent two and a half years as a fugitive from the FBI, wanted for hacking, unauthorized access, and wire fraud. These days he works as a security consultant, and in The Art of Invisibility he provides a point-by-point tour of the surveillance web created by the internet and telecommunications infrastructure. There are also specialized chapters on surveillance in the workplace, and maintaining privacy while traveling abroad. Mitnick's survey and advice have at least two audiences: most of the book can be appreciated by a technologically savvy and privacy-minded individual who wants to know more, while a smaller but not insignificant portion of the book, somewhere between 30 and 40 percent, would be of interest to the truly paranoid.
Although Mitnick does cover material would be a given to those with an interest in security -- don't use public WIFI networks for banking or other sensitive business, even if they're password-protected, that kind of thing -- most of his information is less elementary. He's thorough, explaining how tools like email and hardware encryption work, where they're vulnerable, and why they're useful. The Tor browser is a mainstay of recommendation, as it allows users to be relatively anonymous and evade filters that restrict access in territories controlled by authoritarian states like China by redirecting the user's activity across a series of nodes. The nodes chosen are random, and it's possible to encounter a node controlled by surveying authorities. If a person uses Tor on the same computer and accesses the same accounts as they normally do, however, then if they're under active surveillance by someone their token efforts at anonymity are for naught. People in witness protection can't go to family reunions, and those who want remain invisible can't muddle their identities together. If you want to have an email account and use Tor, Mitnick advises, then use Tor and create a new email account. The same concept applies across communication technologies: Mitnick was caught in the 1990s because despite using multiple cell phones, he was using them in the same location (a motel room), and thereby connecting to the same cell tower every single time -- allowing the FBI to collaborate with the local telecom to get a fix on their man.
The Art of Invisibility is far more comprehensive and helpful than Mitnick's previous books on intrusion and social engineering. Mitnick offers his exhaustive tour of vulnerabilities not to scare readers into retreating to a monastery, but to point out -- this is what you're up against, this is what you can do about it, this is where you'll still be weak. Like a security consultant's tour of your home, The Art of Invisibility shakes expectations, and disturbs the illusion of safety -- while at the same timeVanishingly few people are capable of taking all of Mitnick's advice: even he doesn't. He leaves the decision to the reader how best to integrate this information with their own practices. Everyone can benefit from better cyber-security hygiene, even if it's something as basic as keeping your cellphone locked, running adblock to disable malicious scripts on websites, and keeping SmartTvs that never stop listening to you out of your house.
Related:
10 Don'ts On Your Digital Devices Daniel G. Bachrach, Eric J. Rzeszut. A more entry-level citizen's guide to digital hygiene.
Swiped: How To Protect Yourself in World of Scammers, Phishers, and Identity Thieves, Adam Levin
Future Crime: Everything Is Connected, Everyone is Vulnerable, and What We Can Do About It, Marc Goodman
Kevin Mitnick knows a thing or two about the necessity and the difficulty of staying invisible. He spent two and a half years as a fugitive from the FBI, wanted for hacking, unauthorized access, and wire fraud. These days he works as a security consultant, and in The Art of Invisibility he provides a point-by-point tour of the surveillance web created by the internet and telecommunications infrastructure. There are also specialized chapters on surveillance in the workplace, and maintaining privacy while traveling abroad. Mitnick's survey and advice have at least two audiences: most of the book can be appreciated by a technologically savvy and privacy-minded individual who wants to know more, while a smaller but not insignificant portion of the book, somewhere between 30 and 40 percent, would be of interest to the truly paranoid.
Although Mitnick does cover material would be a given to those with an interest in security -- don't use public WIFI networks for banking or other sensitive business, even if they're password-protected, that kind of thing -- most of his information is less elementary. He's thorough, explaining how tools like email and hardware encryption work, where they're vulnerable, and why they're useful. The Tor browser is a mainstay of recommendation, as it allows users to be relatively anonymous and evade filters that restrict access in territories controlled by authoritarian states like China by redirecting the user's activity across a series of nodes. The nodes chosen are random, and it's possible to encounter a node controlled by surveying authorities. If a person uses Tor on the same computer and accesses the same accounts as they normally do, however, then if they're under active surveillance by someone their token efforts at anonymity are for naught. People in witness protection can't go to family reunions, and those who want remain invisible can't muddle their identities together. If you want to have an email account and use Tor, Mitnick advises, then use Tor and create a new email account. The same concept applies across communication technologies: Mitnick was caught in the 1990s because despite using multiple cell phones, he was using them in the same location (a motel room), and thereby connecting to the same cell tower every single time -- allowing the FBI to collaborate with the local telecom to get a fix on their man.
The Art of Invisibility is far more comprehensive and helpful than Mitnick's previous books on intrusion and social engineering. Mitnick offers his exhaustive tour of vulnerabilities not to scare readers into retreating to a monastery, but to point out -- this is what you're up against, this is what you can do about it, this is where you'll still be weak. Like a security consultant's tour of your home, The Art of Invisibility shakes expectations, and disturbs the illusion of safety -- while at the same timeVanishingly few people are capable of taking all of Mitnick's advice: even he doesn't. He leaves the decision to the reader how best to integrate this information with their own practices. Everyone can benefit from better cyber-security hygiene, even if it's something as basic as keeping your cellphone locked, running adblock to disable malicious scripts on websites, and keeping SmartTvs that never stop listening to you out of your house.
Related:
10 Don'ts On Your Digital Devices Daniel G. Bachrach, Eric J. Rzeszut. A more entry-level citizen's guide to digital hygiene.
Swiped: How To Protect Yourself in World of Scammers, Phishers, and Identity Thieves, Adam Levin
Future Crime: Everything Is Connected, Everyone is Vulnerable, and What We Can Do About It, Marc Goodman
Displaying 1 - 30 of 632 reviews