Talk about a flip-flop.
A bizarre article was published by Russian security company Kaspersky on Wednesday. But you won’t be able to find it on their website now.
Entitled “Why we should not be afraid of being watched while online”, the article was posted on the Kaspersky Academy website – a project run by the company to “support young talents in IT security”.
Here is part of the article’s conclusion:
there are many more [reasons] why you shouldn’t be paranoid and try to conceal your location while online. Remember if you’re doing nothing wrong, you have nothing to hide. There is almost to zero chance that you would be of interest to any secret service on the planet. The only nuisance to you will be advertisement robots – and there are more effective tools against them than online anonymity.
Seriously? We shouldn’t be concerned about being watched online? If “you’re doing nothing wrong, you have nothing to hide”?
Woah. That seems an odd position for a company which you would think was dedicated to protecting the security and privacy of its customers.
For posterity and those who might have missed it, I managed to find a cached copy of the entire article even though Kaspersky has since zapped it from its site (click on the image below for a full size version):
Understandably, the article caught the eye of a few skeptical observers online:
Hmmm RT @e_kaspersky: Why we should not be afraid of being watched while online https://t.co/9k2Prea4j5 #privacy http://t.co/ArrXXRwJsX
— Charles Indelicato (@cindelicato) August 28, 2014
Well this is disturbing MT @e_kaspersky: Why we should not be afraid of being watched online https://t.co/OnKqeUMHP5 http://t.co/t1OOQ50O7V
— Scott Elcomb (@psema4) August 29, 2014
But Kaspersky’s social media team must have really realised they had dropped a clanger when Finnish anti-virus guru Mikko Hypponen tweeted his surprise about the article too.
Could it be that a hacker has broken into Kaspersky Lab’s web servers and fiddled around with its text? Is this all a prank defacement designed to embarrass the company.
Apparently not. It seems the embarrassment for the Russian security firm is entirely self-inflicted.
After all, CEO and Founder Eugene Kaspersky had himself tweeted the link out to his followers – and there would be a right ding-dong if it turned out Eugene’s Twitter account had been compromised.
Earlier today, Kaspersky Lab removed the article from its website – replacing it with an apology and a link to its (much more orthodox) views on privacy.
The content of this article was actually a draft of the column by an independent author. It was published accidentally, and Kaspersky Lab do apologize for misunderstanding.
Author’s views do not reflect the official position of Kaspersky Lab on the subject of privacy (our position on privacy could be found here).
Of course, everyone is human and can make mistakes. And maybe the original version of the article wasn’t the official viewpoint of Kaspersky Lab and its chief Eugene Kaspersky (although he has often banged on about the need for internet passports, which I think is a troubling idea..), and maybe staff failed to properly check the piece before publishing it and promoting it online.
But hey, they’ve learnt one lesson haven’t they? Once you post something onto the internet, it never really disappears – even if you delete it from your web server. ;-)
The truth is that everybody today needs to be sensible about what they do online and how they protect it from snoopers. The “if you’re not doing anything illegal, what are you worried about?” argument has to be vigorously fought, as it’s a slippery slope through which all of our privacy will eventually disappear.
After all, as we’ve discussed before, even the most innocent-seeming meta-data can reveal a lot that we may have wished to keep secret.
That view is a scary one especially when some do not realise exactly what they're suggesting. And by that I mean in real life, history included and yes before the (and in addition to!) Internet (and think about it: spying is a part of wars and has been longer than Arpanet, so…therefore longer than the Internet). Facebook is a good example here, and Mark Z. himself has suggested exactly this. A most clueless suggestion. In reality, your privacy is part of your security. There's a real quick way get anyone to understand this, at least it should: you have nothing to hide, you say? Okay, then would you mind giving me your banking info (routing number etc.)? In fact, give me everything related to your finances. While you're at it, may I have your ID too? I'll need your passwords of course, as well. Etc. It is worse than stupid – it is really stupid and flat out dangerous. And that Kaspersky did that… is… scary. Indeed, not only is there cache but there's also the wayback machine, and there's other spiders (other than Google) and that even includes common command line utilities that do this (wget, curl, …).
Edit: and yes, an Internet passport is absurd and also rather unfeasible (and be thankful of that) without some serious changes that would cause a huge backlash (as it should!).
Amusingly, the author of the "nothing to hide, nothing to fear" article has remained anonymous.