Sinabro

There was a security breach involving Twitpics (which apparently isn’t run by Twitter but is somehow … authorized to get users to type in their passwords somehow) a while ago. And now, a breach involving Twitter itself.

Well, from a broader perspective, I guess nothing of value is lost for me here, since I don’t store anything sensitive on Twitter (or, formerly, on Facebook). All my profiles are as public as I can make them. After all, only criminals and other malcontents with things to hide use any privacy features, right?

I guess, in some sense, if someone takes control of my Twitter account, they can send messages to my friends pretending to be me, but, well, one would hope that my true friends will be able to recognize when it is me talking and when it is not—and if they do anything significant without verifying it with me through some secured channel, well, they’ve become a security liability to me.

But this breach should serve as a warning: don’t trust online service providers, and trust big online service providers (Google, Yahoo, etc.) even less. I don’t mean not to use them. That would be near impossible if you have any sort of online presence. The services they provide are valuable and useful in daily lives. I use Flickr (Yahoo) and Google Voice myself.

But I use these services because they have nothing of security value. I don’t speak on the phone regarding anything sensitive—I assume all the phones I use are tapped, and I don’t leave electronic or paper trails when the situations warrant it—and although I did mark some photos in my Flickr account as “private”, they are hardly sensitive documents (they are pictures of my nephew and, well, I don’t feel I have the authority to distribute them widely).

I have moved away from Gmail more than a year ago, and I make sure that anything sensitive doesn’t even go through Gmail (instead, I use randomly generated email addresses on my own domain and server), and no one who handles sensitive data from corporate or national perspective should be using Gmail (or any other public email provider) for those purposes.

As the saying goes, just because I’m paranoid doesn’t mean everyone isn’t out to get me (or was it “If everyone is out to get me, it’s not paranoia”?).