Book Chat: “The Art of Invisibility by Kevin Mitnik: How to stay safe and private online”

Art of Invisibilitiy book coverI came across this book a while back and I thought it might be of interest to some readers as protecting ourselves online is a topic that many people are concerned about and one that I often discuss here on the blog.

The Art of Invisibility is a book that asks the following question:

What do you need to do to protect yourself both online and off, and keep your information safe and most of all, private?

This book is written by one of the world’s famous hackers, Kevin D. Mitnik whose extracurricular activities, shall we say, have landed him in some major hot water years back. He spent two and a half years as a fugitive from the FBI, wanted for hacking, unauthorized access, and wire fraud. Mr. Mitnik has now seen the error of his ways and these days, he’s moved on to legal, authorized hacking as a security consultant in which corporations pay him to hack into their systems to test their security.

Now, he works to teach people how to protect themselves and their companies in a world of malware, scammers, spammers, hackers, government abuse, keylogging software, microphones and cameras that are always on, and the tracking of our every move online.

Being a former hacker himself, he knows what information companies collect about us, the manner in which they gather that information, how they spy on us, and in this book, he shares that knowledge with us. Think of The Art of Invisibility as a how-to guide for avoiding hackers and other malicious activity both in your online life as well as when you’re offline.

If you’ve thought that you were relatively safe online, this book will shatter that illusion of security pretty darn quickly, as he goes through all of our devices, online services, and conveniences, explaining their vulnerabilities and how easily they can be exploited. Quite eye-opening!

What’s Covered in the Book

The author covers a wealth of information based on his experience and past encounters with law enforcement. Some of the most interesting topics covered in this book have to do with:

  • software vulnerabilities
  • password security
  • ransomware
  • email, text message and file encryption
  • Using bitcoin
  • wiretapping and other surveillance mechanisms
  • device and software backdoors
  • our social media presence
  • geo-location metadata such as that which is stored in every image we take.

A Hacker’s Recommendations

Some of Mr. Mitnik’s recommendations are fairly basic, such as using strong passwords, using a password manager, and being careful to set up your home Wifi using the strongest and most recent security protocols.

He also stresses the importance of renaming your Wi-Fi router so as not to give away the make and model, which can allow for easier hackability. I actually did this one, not because of security reasons, but because I thought it’d be cool to name my Wi-Fi Router “Merlin” (yes, I’m a geek. Can’t help it).

Another thing that was really stressed in the book was how the use of public Wi-Fi it was not designed with online banking or e-commerce in mind, meaning that it is highly unsecure. The author advises that if you must perform financial transactions online when you’re away from home, you’re better off using your Cellular Data or your phone’s hotspot whenever possible.

Practices that I’m Currently Using

What’s funny, is that I was already implementing a lot of these strategies because I was the victim of identity theft several years back. Someone was opening utility accounts under my name all over town. I had no idea this was happening until I started received past due notices from the phone company.

And boy, was that a mess to clean up! So since that happened, I’ve been extra diligent about protecting my identity and was pleased to see Mr. Mitnik recommend many of the same practices I was using.

Some of these are as follows:

  • Always use a VPN when using Public Wi-Fi and never do banking over Public Wi-Fi. Only over cellular. Personally, I keep my VPNs activated all the time.
  • Don’t give real answers to security questions. I personally always use fake answers to security questions, such as Mother’s Maiden name, my first-grade teacher, my first car, the city where I was born, etc. I never use my real date of birth, even the month or day.
  • Use a password manager. I personally use 1Password but there are others out there such as LastPass. One should also use passwords that are at least 25 characters and never use the same password twice.
  • Another thing I do is encrypt my files (but I don’t do messages or mail). Maybe I should.
  • I maintain complete backups of my Mac and PC and keep them unplugged. This is a backup in case my computer is ever attacked by ransomware. This way, I have complete backups of all my data that are kept away from my main computers.
  • Use 2 Factor Authentication on any websites that offer it and use an Authenticator App such as Google Authenticator or Authy (the one I use).
  • Don’t post anything too personal on social media though I do fail at this from time to time as many of us do.

Takeaway

So one of the big takeaways from The Art of Invisibility was that basically, there is no privacy anymore and we live in a society where practically everything we do is tracked, monitored, and stored, sometimes for years if not forever. But you CAN become less visible but depending on how far you want to go, it is not necessarily straightforward or easy — and most of the time not very convenient. To become truly invisible is more than challenging and takes an incredible amount of work.

So often when I’ve spoken about online privacy in the past to the people in my life, some have often responded by saying “I have nothing to hide, my life’s an open book.” This book, however, points out repeatedly that even if we’re not working on classified government secrets or are not on the lam as a criminal fugitive, we still may not want private-third parties or nefarious hackers snooping through our computer files or into our personal data, or as I like to call it: having strangers rifling through your knickers drawer.

Steps Toward Privacy

And even then, there may be those times where you are might be in a dispute with your boss or with a coworker, going through a messy divorce, being sued by a neighbor or anything of that nature, and in these cases, you will want to make sure there are no traces of your searches left behind that could be used against you, even if you are an ordinary law-abiding citizen. It’s surprising what can be used against you in court: text messages, emails, Uber rides, even the purchase of a bottle of wine at the grocery store.

To cut down on this possibility, the author recommends a couple of options:

  • That you and your friends can use text-messaging apps like “Signal”, which uses end-to-end encryption.
  • Use email programs that also use end-to-end encryption. Protonmail is one that comes to mind.
  • Another big one is to use the “HTTPS Everywhere” plugin no matter what browser you so to ensure that your session is always encrypted. I’m not sure what browsers it supports. I use Firefox at the moment and installed it as a plug-in. I would guess that it’s available for the Chrome browser as well.
  • It’s important to realize that when you post a photo, it contains geo-location metadata embedded into it, which means that someone can easily discover the exact GPS location where the photo was taken. That could even be your home address. So either stop posting photos or learn how to remove the GPS metadata before posting them.

There were also a plethora of more advanced recommendations for people who need extreme online privacy, like at the Edward Snowden level. Some tactics include things such as using “burner” phones, paid for with cash and purchased for you by strangers, and using encryption tools to hide the data on our laptops.

There are so many fantastic recommendations in this book to get started, no matter what level of privacy and invisibility you want to achieve. What I found especially helpful, was that the author provides names of desktop and phone/tablet applications that can help us. He also tells us which online services to use (and which ones to avoid) and what to be aware of both in our online lives and our private lives.

It really is pretty easy to get started with all this but it does take vigilance and discipline.

I think that this is an important book that everyone should read because online security and privacy is something we all should be aware of and concerned about, and the strategies detailed in The Art of Invisibility provide the necessary guidance to get us started.

You can check out the book here on Amazon

Book Chat: “The Art of Invisibility by Kevin Mitnik: How to stay safe and private online” Read Post »