<$BlogRSDURL$>

constructions

Thursday, March 29, 2007

security through obscurity

In computer security engineering (of which I know nothing at all), "security through obscurity" is a principle where secrecy is used to ensure security. The idea is, as far as I can understand, not to tell anyone about how your system works. Consequently flaws in the system are not known to others than the owners and designers and attackers are unlikely to find them (for more, see AllExperts. It is a controversial principle, but my interest stems from the use of the principle to explain why users voluntarily expose private information without worrying about the hazards these performances pose to their privacy. danah boyd for example writes the following in "Why Youth (Heart) Social Network Sites"

Most people believe that security through obscurity will serve as a functional barrier online. For the most part, this is a reasonable assumption. Unless someone is of particular note or interest, why would anyone search for them?

Keeping the original meaning of the principle in mind, is this argument valid only for users who are determined to keep their performances a secret? I mean, it can hardly be applied to explain the practices of users who do little to hide their presence? Moreover, it is hardly the case that users themselves actually think that security through obscurity functions as a barrier securing their privacy. My impression is rather that users perceive the sheer magnitude of expressions online to be a protection towards their own privacy. Which is how David seems to apply the term in his contribution to the forthcoming anthology Personlige medier. Livet mellom skjermene (in English, Personal media. Life between screens): "For the most part those interviewed rely on ‘security through obscurity’ (the sheer number of weblogs and web pages in general) to ensure what they write is not read by anyone save the ‘innocuous’ passing stranger." (David's contribution is translated from English and concerns how bloggers relate to their readers).

Labels:

1 Comments:

Blogger i1277 said...

Me and most of my online-active friends employ this strategy to some extent. The not-so-safe-for-future-work movies or pictures might be there, but as long as searching for specific multimedia-objects doesn't really work they feel "needle in the haystack-safe". Of course, the obscurity disappears the moment someone starts connecting the dots, like when everyone joins some sort of platform where photos posted in what is perhaps perceived as a semi-private environment are easily connected to full-name identities...

7:11 PM  

Post a Comment