Everyone wants to be a porn star, apparently
By John D. Turner
5 Sep 2014

Ok, raise your hand. Who out there thinks it is a good idea to take nude photographs (or x-rated video) of yourself and upload them anywhere? Apparently lots of people think so, including celebrities. Hey – who doesn’t like a good nude photo or two?

It would be funny if it weren’t so tragic. Ok, it is funny. I must admit I almost fell of my chair laughing. People actually think that the Cloud, or anything on the internet, is secure? They think they have privacy? Really?

The mind boggles at the myriad of ways this could go horribly wrong and apparently for quite a few Hollywood A-listers and others it just did. But, as the Geico commercial says “some human behaviors make no sense.”

“This is a flagrant violation of privacy,” bleated a spokeswoman for Jennifer Lawrence, whose photos are among those outed. Mary Elizabeth Winstead went on record with this jewel: “To those of you looking at photos I took with my husband years ago in the privacy of our home, hope you feel great about yourselves. Knowing those photos were deleted long ago, I can only imagine the creepy effort that went into this.”

Which only goes to point out several things; 1), if you feel it necessary to take such photos of yourself for your own enjoyment, and you want them to remain “private,” keep them in the privacy of your home; don’t upload them to the Cloud. 2) Understand how the technology you use actually works. Just because you “delete” something doesn’t mean it is actually gone. 3) if you are a public celebrity, you are a target; you get the perks of your public stardom but you also get the pitfalls.

I have been pounding this into my children’s heads for years. NEVER upload or say ANYTHING on the Internet that you wouldn’t feel comfortable with anyone and everyone knowing about. Always assume that nothing you put out there is safe, secure, unavailable to others, or ever deleted. This is a phenomena that has come back to bite countless people over the years. Articles appear on this on an almost weekly basis. And yet everyone somehow seems to think they are immune.

It’s like this woman, who was texting while driving and looked down for just an instant to check what she had just sent – and ended up in the hospital with a guard rail pole sticking through her thigh and buttocks and into the back of her seat. Rescue firefighters had to saw off both ends of the pole before they could transport her. That must have been fun. Hey, she was only going 20 miles per hour; what could possibly go wrong?

Or this young lady, immortalized on video for all to see as she falls into a fountain in a shopping mall while texting and walking at the same time. This footage was captured on the mall’s security camera system and “thoughtfully” uploaded to the Internet so that everyone could enjoy. The person who did that, for his amusement and that of his friends, was fired from his job and the young lady sued the mall, however as you may have noticed, the video is still out there.

So how could all this happen? Let me count the ways.

Let’s start with the fact that programmers are human and software, the Internet, and the interactions between everything are complex. The internet was originally developed as a study into the possibility that computers, which at the time were large, expensive standalone systems, could be linked together so that everyone could quickly access data and programs from any site. This was back in 1962. By 1967, a plan for what was to become the “ARPANET” was developed at DARPA, the Defense Advanced Research Projects Agency. The first host computers were connected in September 1969; connecting the Network Measurement Center at UCLA to the ARPANET, followed by the Stanford Research Institute (SRI) as the second node. Other research institutes and laboratories followed suit.

1972 saw the development of electronic mail, which quickly became the largest network application for over a decade. More nodes hooked in and the network continued to evolve. TCP/IP (Transmission Control Protocol/Internet Protocol), the underlying basis for the modern Internet, was developed; on 1 January 1983 the ARPANET host protocol was transitioned from NCP (Network Control Protocol), which it originally ran, to the new TCP/IP protocol, which had been adopted as a defense standard in 1980. ARPANET was now being used by a significant number of defense R&D and operational organizations, and the transition allowed the network to be split with ARPANET supporting research needs and a new network, MILNET to be used to support military operational requirements.

There was still, at this time no real civilian use of what we now call the Internet. It wasn’t until 1985 or so that computers available to the general public, most notably the Apple MacIntosh, Atari ST, and Commodore Amiga, were marketed with a graphic user interface (GUI) that even permitted something like our modern civilian internet to exist. And bandwidth was pathetic. At 1200-2400 baud, typical download speeds back then, it would take forever just to display the Drudge Report page, much less anything with significant graphic content.

The main takeaway here is that, despite its origins in the Department of Defense, the entire thing was developed, from the basic communications protocols on up, without security in mind. Why should it have been? It connected research institutes – who was going to hack it? Nobody was even thinking in that direction back then.

Since then, literally millions of programmers have written a plethora of apps for use on the internet. Hardware of all descriptions has been hung off it, from computer systems and large server farms, to smart phones and refrigerators. The system has continued to grow with a myriad of protocols for a myriad of purposes becoming part of the morass. Upload and download speeds have gone from teletype speeds (110 baud) to multi-gigabits of data per second and faster for some applications. In January 2014, scientists in the UK demonstrated what was then the fastest download speed ever achieved using commercial-grade fiber optic lines – 1.4 terabits per second.

The internet has done nothing but become more complex (and more necessary in our individual lives) every year. If it were to disappear tomorrow, the developed world would be thrown into chaos. And yet, security, something that most people take for granted, is something that has basically been “bolted on”; it is not inherently part of the specifications on which the Internet was originally built.

The “security” of your information depends on many factors. How well were the applications that you use designed, in terms of security? Was security taken into account at all? For some applications, yes; if we are talking banking or financial applications, you bet security is at the forefront of the minds of the people running those companies. So much so that for most, before an application is fielded, they hire an independent computer security firm to attempt to hack the app before they put it out for general use.

But even this doesn’t “guarantee” the application is secure. There are many ways to gain access to information, and it is an ongoing battle between the offense and defense. The Internet is always changing; it is a very dynamic environment. And people are human; you would think that hacks that were successful years ago would no longer be a problem as we have developed defenses against them. You would be incorrect in that assumption. People make mistakes. Fixes to new problems sometimes uncover old holes. Software is complex and there are a lot of ways to break it.

And of course, there is always the “inside job.” The thing that is the most difficult to guard against is the insider threat; the bored employee with administrative access who, on his or her off time peruses the files of others in search of titillation simply because he or she can. Or the criminally-minded employee who does so in search of information that he or she can use for blackmail purposes. Or the employee seeking notoriety who posts intimate pictures or information on the internet because it makes them an “important person” and strokes their ego.

So how does this stuff get on the Internet in the first place? Is everyone a wannabe “porn star,” posting nude photos of themselves, or posing in provocative positions? It seems that way, doesn't it? And even if you don’t actually send these photos to someone explicitly – do you have an online backup service like Mosey or Carbonite that backs up your files on a regular basis and stores them in the Cloud? Do you store copies of your pictures on iCloud or other services? Then those photos are “out there” and subject to download at any time by anyone who has the capability to hack them or who just feels like “having a little fun.”

Backup services are in the business of not losing your files. In order to accomplish this they make redundant copies. And they regularly backup everything on their servers so if they lose a drive they can reconstruct its content and you don’t lose anything. That includes your nude photos. And these backup copies are kept for long periods of time just in case you delete a file accidently and want it back. So even if you “deleted” the file on your computer, it doesn’t mean it was deleted on the backup service – certainly not on all the backup files, both on site and off site.

Offsite backups are made so that if the company lost the entire building, your data would not be lost.

Heck, you don’t even lose the file on your computer if you “delete” it, unless you go to lengths to ensure it is gone. When you “delete” a file, all that is normally deleted is the pointer that points to the location of that file on your hard drive. The file itself is still there – there just isn’t any connection to it. That is why file recovery software is able to retrieve “deleted” files. That is also why, when someone is accused of a crime, particularly something like child pornography, the first thing the police do is seize all the computers in the home; it is very hard to eliminate files and good forensics software can retrieve a lot. In fact, even if you use software that “shreds” files into digital hash, information can still be gleaned if one is willing to spend the bucks to do so.

Let's go a step further; if your hard drive dies, what do you do with it? Do you degauss it to make sure that anything on it is reduced to digital hash? Do you open it up and sand the platters? Do you beat it to a pulp with a hammer? Or do you just throw it in the trash and forget about it? Ever heard of "dumpster diving?" If you are a celebrity, you might want to look it up. Even if you aren't a celebrity you should give it a thought. It is possible for a sufficiently motivated person to recover files off a "dead" drive.

For that matter, forget about a dead drive - when you get rid of your computer to buy a new one, what do you do with it? Do you digitally shread your drive or just put it out with the trash? Or even worse, sell or give it to someone? It's much easier to read files off a perfectly working drive - anyone can do it!

Of course, it isn’t even necessary for you to have deliberately made and uploaded nude pictures and video of yourself – you may have done it without your knowledge.

Do you have a webcam? Do you Skype? Do you play massively multiplayer online role-playing games (MMORPGs) such as World of Warcraft and use your webcam when playing them? Is your webcam located on a computer in your bedroom? How about your TV – many smart TVs come with a built-in webcam and Skype capability. Did you know that it is possible for someone to take control of your webcam remotely and turn it on without your knowledge? But wait – there is a little red light that comes on when the webcam is running. Did you know that the little red light can be turned off via software? So your webcam can be running, allowing someone to see (and record) what is going on in your room, without your knowledge.

This is a known problem and there are patches but have you downloaded them? Are there perhaps other ways to do the same thing that the patch hasn’t patched? The good news is that you probably don’t have to worry about this, unless of course you have a technically literate ex, or someone else that has it in for you. Or you leave your access point unsecured and someone finds it and decides to have a bit of fun. But celebrities? That is a different kettle of fish.

And as if that weren’t enough, how about this article concerning “rogue” cellphone towers that can intercept your mobile calls and data transmissions, which apparently are starting to crop up around the country. Did you perchance take a nude “selfie” and upload it to the cloud? Your cloud account may not be the only place a copy was sent.

It’s pretty funny to me that after months of Edward Snowden and his revelations on how NSA has been spying on our emails, Facebook pages, Twitter feeds and conversations for years; recent articles on how Google has been searching our Gmail attachments in search of child abusers; articles on how insecure social networking sites such as FaceBook, Twitter, and LinkedIn are; periodic revelations on how yet another government agency has compromised yet again, tens of thousands or millions of confidential records of individuals they are supposed to be safeguarding (a term called “spillage,” as if losing your personally identifiable information (PII) is akin to spilling some milk on the floor); articles on companies “mining” social networking sites for information on their employees and potential employees and using that information on hiring and firing decisions; and articles of all sorts on how your online information is being mined for advertising or other purposes and sold to the highest bidder, that people still think they have privacy on the Internet?

But hey, when it comes to nude photos of starlets and others of that ilk, suddenly privacy becomes an issue. The problem isn’t people taking pictures of themselves that they probably shouldn’t have and putting them somewhere that others can get at them. Nope! Blame never adheres to you for doing something stupid – it’s always 100% the other person’s fault. If you were to go to the worst part of town and start flashing a roll and as a result got mugged, there would be no blame attached to you for poor judgment in the first place; all the blame would adhere to the mugger since your bad decision in no way excuses the mugger from mugging you, right?

I guess that if you feel that you really must take nude photos of yourself and upload them, and that no pimply faced 30 something sitting in his parents basement drinking Monster and eating Fritos should be able to stop you from doing that which you enjoy then by all means, feel free to do so. Just don’t complain when you are faced with the consequences of your poor judgment. Yes, the perp may be caught. Yes he or she may go to jail. However the damage will still be done; the photos will still be out there for all time and you cannot take them back.

As Emma Watson, famous for her role in the Harry Potter films stated, “Even worse than seeing women’s privacy violated on social media is reading the accompanying comments that show such a lack of empathy.” Bingo. Read the comments accompanying almost any article on the internet and you will see that the majority of them follow this format. You do not want to be the subject of an article of any kind on the Internet, particularly one such as this; an experience akin to being thrown alive to a school of hungry piranha.

Bottom line as I tell my kids: The internet is forever – anything you put there can and probably will come back to haunt you. You cannot delete things from the Internet. Copies exist somewhere (there are, in fact organizations dedicated to preserving everything that has ever been posted and they have web bots crawling the web to send copies back to their archives). Don’t ever post anything there that you would feel uncomfortable with if it were made “public.”

And yes, Virginia, it can happen to you…

Other sources: