Sign in with
Sign up | Sign in

'Don't Take Nude Selfies' Is Not Good Security Advice (Op-Ed)

By - Source: Tom's Guide US | B 42 comments
Tags :

Credit: Oscars.go.com/Miss-Winstead.comCredit: Oscars.go.com/Miss-Winstead.com

Your email account got hacked, and all your messages were posted online. It's your fault for not using a better password. Your World of Warcraft account got hijacked, and someone stole all your gold. It's your fault for playing video games. Your credit-card data was stolen. It's your fault for having a credit card.

Your photo-storage service or smartphone was hacked, and someone posted your nude selfies online. It's your fault for taking photos that other people find desirable.

MORE: How to Prevent Your Nude Photos from Going Online

Most people would find the first three assertions ridiculous. Using a guessable password, playing an online game or having a credit card may be inherently risky propositions, given the nature of the Internet, but they don't mean you're at fault when someone else hacks your account.

But when the stolen data consist of selfies privately taken by famous women posing nude, suddenly people leap to blame the victims of the data breach, not the perpetrators.

Virtually no other type of breach provokes this kind of blame-the-victim response. "She shouldn't have done it" isn't actually sound technological advice. It's moralizing, condescending and puritanical.

Jennifer Lawrence, Kate Upton, Kirsten Dunst and the other actresses whose nude photos appeared on Internet forums Reddit and 4chan this weekend are not at fault for these data leaks. The only people responsible are the ones who stole, collected and apparently trafficked these photos for years before the spoils of their thefts appeared online.

"Don't take nude selfies" is not only victim blaming, it's simply not viable. Taking nude selfies may not be "necessary" in the way that having an email address or a credit card are, but neither is playing an online game, and no one would describe playing World of Warcraft as "scandalous" or tell players they "shouldn't have done it."

Encouragingly, the conversation surrounding this round of female celebrity nude photo leaks is less accusatory than in previous leaks. In 2007, when a nude photo of Disney Channel star Vanessa Hudgens appeared online, hardly anyone asked who had actually leaked the photo, or questioned the security of the digital service used to store and transmit it. Hudgens, who was 18 at the time, was forced to apologize for a nude photo that someone else leaked without her permission.

"We hope she's learned a valuable lesson," said a Disney Channel representative of the incident.

This time, the question of who stole dozens of nude photos, and how they did it, is at the forefront of the conversation. Many experts and commentators have attempted to focus blame on the people who stole and exploited the photos, not the people who took them. Celebrity blogger Perez Hilton, who initially posted the photos on his website, quickly took them down and apologized for posting them in the first place.

That's not to say Jennifer Lawrence, Kate Upton and the more than 100 affected actresses haven't been shamed and blamed for the hacks. Under a Twitter hashtag #ifIwerehacked, people have boasted that they're "smart enough" or "responsible enough" not to take nude selfies, and that the only photos on their phones were of pets or of food. At best, this hashtag misses the point; at worst, it contributes to a culture of victim blaming and exploitation.

Could Jennifer Lawrence and the other women affected in the data breach have done more to protect their photos? Sure. "Security is a process, not a product," as security guru Bruce Schneier wrote in his book "Applied Cryptography" (Wiley, 1996).

Security experts could and probably should recommend that anyone, no matter what gender you are or how famous you are, use encrypted cloud storage services, secure messaging apps and complicated unique passwords.

But before offering that advice, people need to first acknowledge that a person's private data is that person's private data, and that "don't take nude selfies" is neither good advice nor appropriate commentary. 

The fact is, the theft of these women's nude photos was a theft. It was an invasion of privacy. It was the digital equivalent of robbing a bank and stealing money from accounts held in the bank. Just because the "safe" the criminals broke into to steal these private photos wasn't as strong as it "could have been," or even because the photos existed in the first place, does not make the theft any less of a crime or an outrage. 

Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Add a comment
Ask a Category Expert
React To This Article

Create a new thread in the Off-Topic / General Discussion forum about this subject

Example: Notebook, Android, SSD hard drive

Top Comments
  • 15 Hide
    DarkSable , September 2, 2014 4:43 PM
    I came here to post a rebuttal arguing that while it's poorly phrased, the advice is sensible when it boils down to: "Don't put something you don't want found where it could be easily found." It's a concept of physical security and digital security; if it's stored on the cloud, you're trusting someone else's security, not just your own.

    That being said, this article wasn't arguing the points I thought it was going to, and makes perfectly valid points. Surprisingly strong, well-argued content for Tom's Hardware; keep it up, Jill.
Other Comments
  • 15 Hide
    DarkSable , September 2, 2014 4:43 PM
    I came here to post a rebuttal arguing that while it's poorly phrased, the advice is sensible when it boils down to: "Don't put something you don't want found where it could be easily found." It's a concept of physical security and digital security; if it's stored on the cloud, you're trusting someone else's security, not just your own.

    That being said, this article wasn't arguing the points I thought it was going to, and makes perfectly valid points. Surprisingly strong, well-argued content for Tom's Hardware; keep it up, Jill.
  • -2 Hide
    Christopher1 , September 2, 2014 4:55 PM
    Thank the author for writing an article like this. The 'shaming' of a woman who did what numerous people do is sickening to me, it sounds like a bunch of Puritanical BS like we had during the 1700's from the actual Puritans.
  • Add your comment Display all 42 comments.
  • 0 Hide
    skit75 , September 2, 2014 5:01 PM
    I'm not trying to blame the victim here, either, but you know you did backup or store your data online or in the cloud. From what I hear and have read, it looks to be more of a targeted attack against the user accounts themselves. Still, the data would still be theirs if they had chosen a safety deposit box or even a shoe box in the closet. Nothing online is private, or secure.
  • 8 Hide
    CaedenV , September 2, 2014 5:18 PM
    Do whatever you want, but if it is stored on the internet or goes through a network then just know that there is a very real chance that SOMEBODY will be looking, and if that something is particularly interesting then SOMEBODY will share it to the greater public. Not saying it is right, because it certainly isn't, but it is a fact of life that everyone has to deal with on one level or another. If you are going to do something meant to be private then store it on private local machines, and distribute it over private media (CDs, flash drives, SD cards, whatever).

    These are things that nerds have had to deal with for 20+ years now, and if the general public is going to play on our turf, then they get to inherit the concerns of nerds too.
  • 1 Hide
    bwcbwc , September 2, 2014 5:19 PM
    I'll write off the phrase "moralizing, condescending and puritanical" as authorial hyperbole to make the point hit home. I can certainly agree that a lot of the reaction to this "scandal" is a) emblematic of our ongoing societal double-standard when it comes to sexuality expressed by men and women and b) symptomatic of the misogyny in the tech community. But maybe we should take "she shouldn't have done that" as a technical recommendation rather than a moral one - in other words, if you don't want to risk it being hacked, don't connect it to the internet in any way, shape or form. Obviously we're looking at some statements from completely different points of view - such a technical recommendation can easily be interpreted as "blaming the victim". But we don't leave our homes unlocked anymore and our cars have several layers of locks instead of open sides and an ignition button. From my POV, unless "she shouldn't have done that" is actually followed by a "moral" argument against public nudity, it's more 20/20 hindsight about security precautions than blaming the victim. Which, in retrospect, is still pretty condescending. So I'll give on that one.
  • 3 Hide
    maban , September 2, 2014 5:35 PM
    I really didn't care to read the rest of the article as opinion pieces are generally bullshit. But I would like to disagree on the notion that using a weak password is not the user's fault. While that user isn't actively instigating a "hack" they are not protecting themselves in a manner that anyone would consider proper. The official Apple release says that the "hack" was due to a "very targeted attack on user names, passwords and security questions." In other words, it was partially the user's fault for using a guessable password/security questions. I would like to use the analogy of leaving your car unlocked and it being stolen but it's more like permanently parking it in a crime-ridden part of town.
  • 3 Hide
    fkr , September 2, 2014 5:42 PM
    or you can setup accounts so that when a non trusted computer logs into your account it must have a onetime password entered that is sent to the account owner by sms. this is an old story about a fool and his money

    I feel for those who get hacked and such but really if you make millions of dollars but you do not have the common sense to hire somebody to help you with your sensitive information you only have yourself to blame.
  • 3 Hide
    Necr0v , September 2, 2014 5:47 PM
    The first section in this article "It's your fault for not using a better password" and "Most people would find the first three assertions ridiculous.".

    Is it ridiculous to say that if I picked using qwerty or password as a password then it's not my fault? That I shouldn't have my emails hacked because it's up to me to choose my own password and that's a fundamental right of mine?

    I'm pretty sure in the last 6 months I have read more articles on here than I can count about using strong passwords and perhaps 2-step verification for accounts that matter (which I would assume includes email).

    Not arguing that it's ok for people to hack others email accounts, but if you leave yourself so blindingly open to such things what do you expect?

  • 5 Hide
    drapacioli , September 2, 2014 5:59 PM
    Look, I'm not saying a victim is to blame for this sort of stuff, but what I am saying is that cloud security is NOT up to par. Yes, the people that stole it (yes, STOLE, not leaked!) have committed the crime and the celebs are not to blame for these, but there are steps people can take to avoid this situation entirely. Is it your fault that you might not know that your data isn't secure? Well, no you can't be faulted for it, especially if the company hosting your cloud content touts their security as a main feature. The big problem is that even today's best security is being rapidly overwhelmed by hackers and thieves. Remember all the credit card fraud articles from at least 2 dozen retailers this year? Yeah, you're not at fault for shopping there either, but the people/company in charge of making sure those transactions are secure aren't doing everything they can to stop these. Why are we still using encryption that can be cracked on the fly with modern technology? Why are card readers and registers still running on windows xp? These aren't secure at all, and neither is cloud storage if the people in charge are using outdated security protocols.

    So yes, the criminals need to be caught, but the companies also need to be more proactive in making sure their services and systems are secure. I'm annoyed at the people that have the nerve to steal such private information and then distribute it, but I'm even more ticked off that companies just don't seem to care enough to spend any real money on fixing the underlying problems with their security. THAT is what I take from all that has happened recently. Also, the internet is still immature, but maybe it's getting slightly better?
  • 2 Hide
    drapacioli , September 2, 2014 6:03 PM
    Also I would like to point out that having a bad password is not a good idea regardless of whether or not the theft is "your fault," because it just enables others. If your password is 16+ characters with numbers and symbols and it's still cracked, there was nothing you could do. But if your password to your intimate photos was "password" well you kind of did leave that wide open. It's like writing down the safe combination and putting it on the fridge for a burglar to read if they decided to break in. You are still the "victim" but you aren't exactly helping yourself either...
  • 0 Hide
    kapitalistas , September 2, 2014 6:26 PM
    english is not my native language,nude picture ha.i just check one of many consider porn magazines and nude pictures quality there was terrible(if we judge taking naked selfies)if the picture was very bad quality (original picture its not published)im guess it was all on purpose.
  • 3 Hide
    ricksun500 , September 2, 2014 6:41 PM
    This is the degraded state of feminism in the year 2014: if a woman does anything naive, unsophisticated, or outright foolish, which then injures her or causes embarrassment in the most spectacular way-- hey, it doesn't owe to her behavior, don't you dare point out what she could have done differently, Because Patriarchy.

    When a woman crashes her Volkswagen into a roadside obstacle it's the fault of the male traffic engineer & construction worker as well as whoever invented trees
  • 2 Hide
    scolaner , September 2, 2014 6:58 PM
    As the news editor for Tom's Hardware, let me say that 1) I wish I had written this article myself and 2) Jill did a better job on it than I would have.
  • 3 Hide
    Christopher1 , September 2, 2014 7:10 PM
    Quote:
    I'm not trying to blame the victim here, either, but you know you did backup or store your data online or in the cloud. From what I hear and have read, it looks to be more of a targeted attack against the user accounts themselves. Still, the data would still be theirs if they had chosen a safety deposit box or even a shoe box in the closet. Nothing online is private, or secure.

    Except that these companies say on a regular basis that the things online are safe and secure and if someone points out that they really are not? They are sued for slander.
    To be blunt, online stuff is about as secure as you are going to get in the real world. Just as someone can break into your home and crack your safe, someone can break into your online vault.
    We should stop blaming the victims (yes, these people are truly victims) and start blaming the criminals who do these things.
  • 4 Hide
    hajila , September 2, 2014 8:35 PM
    You may not consider it 'good' advice, but it is the 'only' effective advice. These systems will never be secure. Don't digitize anything you don't want everyone to have access to.
  • 3 Hide
    youDontGetMyEmail , September 2, 2014 9:03 PM
    In my opinion, the fault is 90% at Apple for having horrible security practices, and 10% on the victims for blindly trusting in Apple..

    Why on earth did Apple decide to not make any anti brute-force measures/warnings on their iCloud system? Did they even make any kind of security audit? I'm pretty sure any half-decent security expert would find such a major flaw in no time..
    But of course, security audits costs money, and we all know that the money is better spent on bonuses and raises to Apple execs..
  • -1 Hide
    Shin-san , September 2, 2014 9:10 PM
    I'm with the "Don't take nude selfies and upload them" crowd. However, another commenter beat me to it. Don't post anything you want to get out. I do blame the victim a little bit, but at the same time, yes, it's hacking job.

    Part of it is education. Would the general public expect some of these large companies to get data leaked out? Sony? Target? Home Depot? Microsoft didn't point fingers and go "Ha ha!" at Sony when they get hacked because they know that it could happen to them!

    And holy shit are companies getting hacked left and right. At the same time, holy shit are companies we know are getting hacked are getting hacked. There's probably more that we don't know that are. Some of the hacks aren't because of an IT department or a developer missing a check. They are because someone sabotaged some equipment.

    There's a story on Reddit where a teenager sent out naked pictures of herself because it made her feel sexy. She says later, as an adult, someone contacted her saying something like "You don't want those images to get out, do you?" It turns out that the boy got charged with child pornography. The woman still felt terrible from the ordeal.

    The stuff you upload is on a server. Even if the data on the server gets encrypted, there is no guarantee that it would stay that way. Software has a ton of layers, and each can be breached. Companies can only try their best
  • 2 Hide
    Solandri , September 2, 2014 9:40 PM
    Let me get this out of the way: I believe that misogyny exists, that the pervs who pulled of these hacks are criminals who should be prosecuted to the fullest extent of the law, that if said hacks were assisted by poor security at a cloud storage service then they should be liable, and people who value their privacy but are downloading these pics are shamelessly practicing a double standard.

    That said, I completely disagree with the premise of the op-ed that:
    Quote:
    "Virtually no other type of breach provokes this kind of blame-the-victim response. "She shouldn't have done it" isn't actually sound technological advice. It's moralizing, condescending and puritanical. "

    Virtually every type of technological breach provokes a blame-the-victim response. You've heard the phrase ignorance of the law is not an excuse? Well ignorance of how tech works is not an excuse.

    Credit card numbers stolen from POS terminals? Blame the store for poor security.

    You game account hacked and your virtual items stolen? Blame the victim for re-using the same password for his game account as on a low-security website forum.

    Your computer gets a virus? Should've been running current antivirus.

    Your computer gets encrypted by malware? Shouldn't have blithely clicked that link in that phishing email.

    Your hard drive crashes? Should've had a backup.

    Whether you choose to take nude pics of yourself is totally up to you. But if you're going to be upset if they get leaked, then it is completely your responsibility to learn and understand what happens to the pics on your device and on any network it connects to. Ignorance of how tech works is not an excuse. If I burn myself because I don't understand how batteries work and I connect the positive and negative leads while trying to jump start my car, you do not blame the car or battery manufacturer. You blame me for failing to take the time to understand the dangers involved with the equipment I was using.

    If you don't understand what risks there are with storing data on an always-networked device like a phone or a cloud storage service, then take the time to learn the risks. If you don't want to, then that is your perogative. But don't take nude pictures of yourself and store them on that device/service and expect not to bear any blame. If you want to remain ignorant of how the tech works but still want to take nude pics of yourself, then isolate the pics from the pieces of tech you don't understand. Buy a standalone digital camera, take your nude pics, and never remove the memory card from the camera. Better yet, talk to a tech geek (yes, I know, beneath you if you're narcissistic enough to take nude pics of yourself) and have him/her teach you how to use an encrypted filesystem so you can store the photos in encrypted form.
  • 0 Hide
    jdwii , September 2, 2014 10:53 PM
    well duh
  • 0 Hide
    rantoc , September 2, 2014 10:57 PM
    Like any data breach... dont store sensitive data unencrypted - Its just stupid, no matter if its a celeb wimmen or some credit card company....

    Unencrypted data = Data at risk - If you weant to gamble... be prepared to reap what is sown!
Display more comments
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS