...how there's no music in 90% of bathrooms? Nah. Something else.

Hi. I'm Jon Fedor and this is InCyber Regular, edition 15. I love helping people live more digitally-secure lives. Like love it. The kind of love like that song that takes you in a time machine back to a moment you'll never forget.

At InCyber I talk about cyber-related issues and security-awareness for smaller enterprises, the cyber-curious, and the security-conscious. Sometimes we talk tactics, sometimes theories; always, security.

Today:

1. Consent in security
2. Something funny
3. Cyber security trends in 2021

Not just for sex

It seems like just about every application, installation wizard, website (thank you GDPR), OS configuration change, and your gosh dang TV asks for your consent when making updates or changes. I feel like I sound about 65-70 years old right now. Should I complain about the neighborhood kids running across my lawn?

But really, it gets to be a bit much.

Something we tend to forget though is that the original problem never went away. Sure, it *seems* like you're inundated by consent requests for every single small thing. But there are a host of changes made to the devices and environments you use daily made without your explicit, line-by-line consent. This happens at the network level, the OS level, the application level, etc.

And largely, this is a good thing. We've abstracted away the *need* to know about every small detail of every change in the computers we use hourly.

But in every decision there lies a series of tradeoffs.

We've traded the control of our devices for the convenience that the increasingly-complex machines in our palms provide to us. Largely, this is a good trade. On the aggregate we benefit.

Then comes along Amazon to remind us of yet another area where we've made this tradeoff and decided to offload risk to the application / device manufacturer.

Amazon's briefing on Sidewalk touts many benefits but also left large swaths of Alexa-users feeling like the privacy rug was about to be pulled out from under them.

Amazon scheduled Sidewalk to auto-enroll any qualifying echo devices unless users opted-out. This is the other side of the consent question: turning all the switches on by default and letting users turn off what they don't want.

And people got up in arms. The prevailing opinion is that users should opt out.

My own mom texted and asked me if I opted out (we don't have any qualifying devices).

The thing is that Amazon is just the flavor of the week. Apple's been doing this for. ever. Not necessarily sharing the bandwidth of our networks with strangers. No. But they turn on all their settings on iPhones that send data back to iOS HQ. And all those switches stay on unless you opt out.

I could go on and on with examples.

The question is what do we do here?

Stay vigilant. Ask questions about the data your devices produce and where it's going. And if the answers bother you, take action.

No one is going to care more about your security than you.

We all do this (or have done it)

What's that thing we've all done at some point?

We've been idiots with answers to security questions.

What's really going to bake your oatmeal raisin cookie is: what do you think's going to happen with the database of all those Voila AI images?

(If the product is free...YOU are the product)

Purplesec and cyber trends

Purplesec put together an interesting list of cyber security trends in 2021. It's a solid list.

A couple that are interesting:

Number Four (4): Increase in supply chain attacks and interest in them

Why? Because real target organizations are statistically easier to breach orthogonally e.g. through a vendor or third-party.

Number Eight (8): Cyber security cold war is here and heating up.

The Solarwinds Orion breach is just the beginning. Soon governments are going to draw brighter, more public battle lines.

Private organizations will do the same.

Looks like cyber security job-security is a small concern in the coming months and years.

Thanks!

I love writing this thing for y'all and I want to keep doing it. And I want it to get better weekly. So let's make it happen already.

Have a good'un, Good Lookin'.

~Jon "Security Consent" Fedor