If you haven't already heard, nude photos purporting to be of dozens of young Hollywood starlets, including Jennifer Lawrence, Ariana Grande and Kate Upton, began appearing on the Web last night (Aug. 31).
The photos, some of which have been confirmed to be real, are almost all "selfies" taken by the subjects themselves using smartphone cameras. It's not clear how the images were accessed — various theories blame Apple's iCloud photo-backup service, Dropbox's similar service, or both — but they first showed up on the 4chan and Reddit discussion boards. (Apple admits that some of its accounts were hit by "a very targeted attack on user names, passwords and security questions.")
MORE: 12 Computer-Security Mistakes You're Probably Making
Apart from the unsurprising fact that young actresses look good in photographs, this breach of data and privacy reveals just how vulnerable sensitive personal information can be as a result of Internet services designed for users' convenience.
To avoid suffering the same fate as Jennifer Lawrence, here's what to do — and not do:
Don't use a smartphone to take compromising pictures. If you absolutely must take nude selfies, use a camera that's not connected to the Internet. Don't email the photos, and don't back them up to a cloud-storage or cloud-sharing service; if you do either, copies will be stored on someone else's computer.
Pick a strong password for each online account. Too many passwords are easy to guess, and too many are used for multiple accounts. For anything sensitive, make sure you have a strong password for each: a password that's least 10 characters long, includes numbers and punctuation marks and isn't based on a word you can find in the dictionary.
Set up two-factor authentication for any online account that handles your photos. Here's how to set up two-factor authentication for Facebook, and here's how to set up two-factor authentication for Apple, Dropbox and Google. With two-factor authentication turned on, anyone who tries to access your account from a computer or smartphone that isn't yours will need to enter a special code that's been texted to your smartphone and yours alone.
You may also want to go into your smartphone's settings to turn off the service that automatically backs up your photos to Apple or Google's servers, but that puts your regular images at risk of being lost forever if your phone is damaged, lost or stolen.
Just remember that if you're taking nude photos with your smartphone, they are probably being backed up in the cloud, and as a result, you're losing control of them. To paraphrase the old adage, you don't want to lose control of any digital image you wouldn't want your grandmother to see.
- Best Free PC Antivirus Software 2014
- 10 Worst Data Breaches of All Time
- 10 Facebook Privacy and Security Settings to Lock Down
Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.
I do have to say that When I had a compromising picture, I kept it under a external HDD, with 3 layers of protection, hidden in a hidden folder, in a sea of fun/stupid pics (and I mean a SEA, it was at least 300 MB of files with the size of 400kb), mixed in a caotic amount of folders all named things like agsaefgae, or asgafefa, and never connected it to any PC that was online, past, present of future, unless a full format was performed first.
And I STILL know a way that someone could have accessed it without breaking into my home.
Paranoid? Yeah, Id say so, but at least I know those pics will never hit the internet (especially since they are long gone now).
When you are young you might make the mistake of taking these sort of pics, but usually you grow smarter and delete them in a 3-5 year time. Obviously that requires to remember that you actually have pictures like that around.
So, two-factor is not a solution. IP address filtering might be or geo-location filtering might be a good one.
Maybe it is more time to normalize the taking of these kinds of pictures so that the blackmail and shaming thing disappears.