Digital erasure: how to avoid it happening to you

Mat Honan lost everything. Here's how to ensure you don't.

On Friday night, Mat Honan, a senior reporter for Gizmodo, got hacked. Hard:

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. . .

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

A few minutes after that, they took over my Twitter.

The full account of his travails is terrifying for anyone who lives a largely digital life. In fifteen minutes, Honan lost most of his digital property (photos, emails, documents and so on), and most of his ways of communicating with the outside world. Not just email and twitter, but phone calls, and text messages.

How it happened has only become clear since Friday, and presents a worrying picture of security at Apple. The initial breach, in Honan's iCloud account, was done by someone who successfully convinced Apple support to reset the password without knowing the original password, or any security questions associated with the account. Simply put, that should not be possible. From there, however, a series of easily made but unfortunate decisions allowed it to spiral out of control.

What's particularly scary about Honan's situation is that, in a number of ways, he followed best-practices. His iCloud account password was unique, alphanumeric, and never got leaked or cracked. Yet he still lost everything. But there are two things which may – just – have been able to improve the situation.

Back-ups

It sounds really simple, and you have in fact probably been told it before, but back-up. Back-up everything, and preferably back it up more than once. As Marco Arment says, if you can afford a MacBook Air, iPhone and iPad, you can definitely afford an external hard drive.

More importantly, don't confuse what are two separate services: back-up and syncing. If all your precious photos are stored on Dropbox or iCloud, that protects you against some types of data loss – dropping your laptop in the bath, that sort of thing – but not others. And frankly, most data loss these days isn't hardware or software failure but "wetware" – your brain. It's when you delete a file, and empty the trash, and only then realise that you actually really wanted to keep that piece of data (yes, I have done this (with my entire Applications folder (it hurts))). If you are using a backup service which deletes the backup when you delete the original, that's not a huge help. And even worse is that many of them will delete the original if you delete the backup.

This is especially useful if you have a service – like iCloud – which allows remote wiping. If you turn on a switch which allows all your data to be erased, it's probably worth making sure you have a plan in case you have to hit that switch. If you don't keep back-ups, turn that off.

Password resets

If you are sensible – and many people aren't – you'll have different passwords for every service. Honan did. The problem is that although that removes most possibilities for losing multiple accounts, it doesn't take away the weakest link. If Linked.In gets hacked, that password shouldn't be able to gain access to anything else, but if your email account is hacked, you may well be screwed. Most services are designed to allow anyone with a password or access to the registered email account ​to log-on. Making the former secure and then leaving the latter open is not the best move. So what's the best thing to do?

Step one is to make sure that the email address password resets go to is the most secure possible one. For most people who don't have extra-strong security needs, that means a Gmail account with two-step encryption. Every time you try to log-on from a new computer, you get sent a text (or check a special app) with a code to finish the log-in. Unless someone steals that as well, you're safe.

Step two is to remove password resets from that address. There's no point having a secure email address if you can reset the password by requesting it from a less secure one. Step three is to stop​ using it for anything but account registrations. It will be impossible to keep it totally secure, because of the number of services which still identify you by your address, but it's better than handing it out to everyone.

But the question that still remains is whether Apple and iCloud can be trusted at all. Following Honan's story, it certainly seems a bad idea to link any other accounts to your iCloud. Until the company responds, however, we can't know quite how bad it will be.

Update

Mat Honan has now made public just how the hack happened, and it's even scarier than we thought. There are severe security flaws in Amazon and Apple's password reset procedures that allow someone to take over both accounts with just your name, email address and billing address. This is not, by any stretch of the imagination, confidential data – yet until those procedures are changed, it would be best to treat it as such, and to attempt to limit the amount of damage which would happen if those accounts were compromised.

How to trick Amazon:

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry's published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you've lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account -- not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn't have anything to share by press time.

Delete – even if you don't want to. Photograph: Cari McGee/www.carimcgee.com

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Photo: Getty
Show Hide image

We're asking the wrong questions about the Google “anti-diversity memo”

Which sex is better at what skills is less important than which skills we value in the first place. 

Yes, I feel sorry for the Google employee who has been fired for writing an "anti diversity manifesto" and circulating it within the company. (Guess what? It leaked.) Losing your job is painful, and doing it in public is even more so. But the conversation around this is heading in such an unproductive direction (do women suck at maths?) that I can't resist wading in.

I agree with the writer that these issues are hard to talk about, but that pushback comes from both directions. Look at the crap Mary Beard is wading through for trying to inject some facts into a discussion about the racial composition of Roman Britain. Nicholas Nassim Taleb keeps honking about "diversity genes" and refusing to listen to evidence that contradicts him. But in his mind, he's Mr Science - sorry, Professor Science - and she's Madam Arts-Subject.

This matters, because when it comes to diversity, there are fact-based positions on both sides. Yet there is a certain strand of Rational Internet Thinker (let's be honest, mostly men) who solemnly tells everyone that we Must Stick To The Facts while advancing deeply ideological stances, which only happen to look "natural" because they are so embedded in our culture. 

But back to the subject at hand. Here's the recap: the memo was headlined  "Google’s Ideological Echo Chamber" and its writer's firing will be taken as confirmation that his thesis was true. Ironically, this will be done by the same section of the right which usually has no problem with firing at will and normally thinks that HR should be a brutally Darwinian process. (Looked at from that perspective, of course Google would fire someone who brought such criticism on the company.) But now there are Principles involved. Probably Free Speech is under attack. Political Correctness may even have Gone Mad. Social Justice Warriors are on the march. Before it's all placards as far as the eye can see, instead I would like to look at what was actually said, and whether it's an argument with any merit. 

In essence, the memo argued that the gender imbalance of staff in tech companies like Google is primarily the result of biological, not cultural differences. ("They’re universal across human cultures," it argued. "They often have clear biological causes and links to prenatal testosterone".) There are differences in ability between the sexes, the writer said, and that's why most top programmers are men. Men like numbers, and the numbers like them right back.

The memo added:

Differences in distributions of traits between men and women may in part explain why we don’t have 50% representation of women in tech and leadership. Discrimination to reach equal representation is unfair, divisive, and bad for business.

The section about typically female traits is also interesting, because of a couple of points the writer picks out.

"Women, on average, have more...

- Openness directed towards feelings and aesthetics rather than ideas. Women generally also have a stronger interest in people rather than things, relative to men (also interpreted as empathizing vs. systemizing).

- These two differences in part explain why women relatively prefer jobs in social or artistic areas. More men may like coding because it requires systemizing and even within SWEs, comparatively more women work on front end, which deals with both people and aesthetics.

- Extraversion expressed as gregariousness rather than assertiveness. Also, higher agreeableness. This leads to women generally having a harder time negotiating salary, asking for raises, speaking up, and leading. Note that these are just average differences and there’s overlap between men and women, but this is seen solely as a women’s issue. This leads to exclusory programs like Stretch and swaths of men without support.

- Neuroticism (higher anxiety, lower stress tolerance).This may contribute to the higher levels of anxiety women report on Googlegeist and to the lower number of women in high stress jobs.  

Well, SOMEONE has been reading their Simon Baron Cohen. The first point is a distillation of Baron Cohen's argument about "male brains" being better at understanding systems, and "female brains" being better at feelings - which he extends to say that autistic traits might be an "extreme male brain". Unsurprisingly, there are other scientists in the field, such as Cordelia Fine and Rebecca Jordan-Young, who find a lot of the neuroscience of sex difference quite flaky.

I'm not a neuroscientist, but from a lay perspective, my take is that yes, there are some biological differences between the average male and female brain, but that these pale beside a) the way our brain architecture is shaped by stimuli (like years of being told you're rubbish at maths) and b) the overall effect of culture (eg companies which value presenteeism, or make it hard for women to return after having children, or cover up for senior men who are repeated sexual harassers etc etc). 

The "higher agreeableness" point was dealt with by Sheryl Sandberg in Lean In. Women aren't stupidly not asking for raises or being assertive in the office because they are delicate little flowers. One of the reasons they are more agreeable at work is because they face heavier penalties if they are not. As Sandberg formulates it: "Success and likeability are positively correlated for men and negatively for women. When a man is successful, he is liked by both men and women. When a woman is successful, people of both genders like her less.” Women are nicer because there are more negative consequences for them if they are not nice.

The last point about neuroticism is bleakly funny, because while women might report more anxiety, men commit suicide in far greater numbers. Which gender is really more susceptible to stress and anxiety? Women talking more about their mental health on "Googlegeist" is being held against them here, when possibly one of the reasons that more men kill themselves is because of the stigma of talking about their feelings.

Overall, the memo makes some compelling points, but it also chucks in a lot of stuff that "everyone knows" about sex differences, which isn't scientifically supported, and also some evolutionary psychology about "protecting females" which strays into the kind of rhetoric found on MRA sites. Its understanding of male and female work patterns can also be naive, for example:

"Yes, in a national aggregate, women have lower salaries than men for a variety of reasons. For the same work though, women get paid just as much as men. Considering women spend more money than men and that salary represents how much the employees sacrifices (e.g. more hours, stress, and danger), we really need to rethink our stereotypes around power."  

I mean, doesn't this just raise a huge number of questions?

How often do men and women do the same work, and for what reasons might they not? (Clue: women do far more unpaid care work and housework.) Are women spending that money on themselves, or are they running household budgets, which is an unpaid project-management task they are doing alongside any paid work? What an individual finds stressful is also entirely subjective.

The author chucks in a reference to "Marxist intellectuals" but doesn't seem to have read any of the vast and fascinating literature on unpaid care and its interaction with paid work. I'd recommend starting with The Second Shift or Wife Work. Angela Saini's Inferior is a good recent choice, too, on women's overlooked contributions to science.

When I talk about feminism with self-styled rationalist men, this dynamic comes up again and again. They will present my arguments as mere anecdote and emotion, which - sad shake of the head - is contradicted by the available evidence. When you point to peer-reviewed studies, or great ethnographies, supporting your point, which they haven't bothered to read, they steam on regardless. It makes the contest deeply unequal. Internet skeptic types talk about the need to engage with writers they don't agree with, and the importance of free and open debate, but often actually don't want to read the contrary view. 

 

***

If you want to read more about the discussion of the science of sex differences which has arisen as a result of this memo, then this piece by Slate Star Codex is interesting - it argues that interest in STEM subjects, not ability, might be the key difference between the sexes. It also completely misses the point. 

Here's a thought experiment. Say you were recruiting for a spoon-juggler. Your advert would probably mention "needs to juggle spoons". But, almost certainly, there would be other skills involved. Turning up to performances on time. Keeping your spoon inventory in check. Not turning up drunk. Not stealing forks from the fork-juggler. 

This is what the argument that women can't succeed in tech because they are innately bad at the skills needed to succeed in tech sounds like to me. We know that many of the early programmers were women, back when the job was considered to be largely secretarial. (Go watch Hidden Figures for more on this, and also because it's just a lovely film and I am so happy for Mahershala Ali and Taraji P. Henson.) We know that the fastest way to depress wages in a job is to feminise its workforce. It's not unreasonable to wonder if we've constructed the whole idea of "success in tech" in such a way that it makes men's success look natural and pre-ordained. Yes, you need to be able to code to be a coder. But there are other skills you need too. 

Yonatan Zunger, who recently left Google, makes this argument better than I could. And he seems to own a pair of testicles, so you know he's more rational and objective than me:

"Essentially, engineering is all about cooperation, collaboration, and empathy for both your colleagues and your customers. If someone told you that engineering was a field where you could get away with not dealing with people or feelings, then I’m very sorry to tell you that you have been lied to. Solitary work is something that only happens at the most junior levels, and even then it’s only possible because someone senior to you — most likely your manager — has been putting in long hours to build up the social structures in your group that let you focus on code.

All of these traits which the manifesto described as “female” are the core traits which make someone successful at engineering. Anyone can learn how to write code; hell, by the time someone reaches L7 or so, it’s expected that they have an essentially complete mastery of technique. The truly hard parts about this job are knowing which code to write, building the clear plan of what has to be done in order to achieve which goal, and building the consensus required to make that happen.

All of which is why the conclusions of this manifesto are precisely backwards. It’s true that women are socialised to be better at paying attention to people’s emotional needs and so on — this is something that makes them better engineers, not worse ones."

As I said on Twitter, this is a pattern we see again and again - a high status job is coded as "male", requiring "male" traits, to justify men's dominance of it. The same thing happens in politics: we are assured that politicians need to be "strong" and "decisive", when many of the most successful male politicians today have incredible people skills. Jeremy Corbyn makes time for everyone he meets, hugging them and posing for endless selfies. Sadiq Khan has that Queen Mum ability to remember your name and a key fact about you. What's the real difference between the Clintons? Bill demonstrated huge empathy and made people he was talking to feel special; Hillary didn't. But still, maybe men dominate politics because they are just more aggressive and ambitious. Yeah, OK. 

Tech suffers from a similar silent rewriting of core competencies to flatter its mostly male leaders.

We have all these conversations about how hard it is for Mark Zuckerberg to make the leap to being a frontman CEO because he's a maths guy, not a people guy. We treat this like he's doing an amazing project of personal growth. We don't go, "wow, they really lowered the bar for CEOs to let someone without some of the key skills have a go at it". Or, "his poor colleagues, having to make up for the stuff he's not naturally gifted at". 

There was a similar reaction when Sergey Brin and Larry Page brought in Eric Schmidt when it was time for Google to "grow up". We didn't say, "How embarrassing, they have to find someone to counteract their deficiencies." We said: "Smart move. Not every human can possess all skills, it's wise to have a range of experience and aptitudes at the top of your company."

So this, for me, is the most interesting takeaway from the Google memo. "Do women suck at maths" is a complicated question, and I'm not sure how far answering it will move the conversation forwards. "Have we structured society so that those competitions between the sexes that men can win are deemed to be the most important competitions?" is a better one.

Helen Lewis is deputy editor of the New Statesman. She has presented BBC Radio 4’s Week in Westminster and is a regular panellist on BBC1’s Sunday Politics.