Digital erasure: how to avoid it happening to you

Mat Honan lost everything. Here's how to ensure you don't.

On Friday night, Mat Honan, a senior reporter for Gizmodo, got hacked. Hard:

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. . .

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone

At 5:01 PM, they remote wiped my iPad

At 5:05, they remote wiped my MacBook Air.

A few minutes after that, they took over my Twitter.

The full account of his travails is terrifying for anyone who lives a largely digital life. In fifteen minutes, Honan lost most of his digital property (photos, emails, documents and so on), and most of his ways of communicating with the outside world. Not just email and twitter, but phone calls, and text messages.

How it happened has only become clear since Friday, and presents a worrying picture of security at Apple. The initial breach, in Honan's iCloud account, was done by someone who successfully convinced Apple support to reset the password without knowing the original password, or any security questions associated with the account. Simply put, that should not be possible. From there, however, a series of easily made but unfortunate decisions allowed it to spiral out of control.

What's particularly scary about Honan's situation is that, in a number of ways, he followed best-practices. His iCloud account password was unique, alphanumeric, and never got leaked or cracked. Yet he still lost everything. But there are two things which may – just – have been able to improve the situation.

Back-ups

It sounds really simple, and you have in fact probably been told it before, but back-up. Back-up everything, and preferably back it up more than once. As Marco Arment says, if you can afford a MacBook Air, iPhone and iPad, you can definitely afford an external hard drive.

More importantly, don't confuse what are two separate services: back-up and syncing. If all your precious photos are stored on Dropbox or iCloud, that protects you against some types of data loss – dropping your laptop in the bath, that sort of thing – but not others. And frankly, most data loss these days isn't hardware or software failure but "wetware" – your brain. It's when you delete a file, and empty the trash, and only then realise that you actually really wanted to keep that piece of data (yes, I have done this (with my entire Applications folder (it hurts))). If you are using a backup service which deletes the backup when you delete the original, that's not a huge help. And even worse is that many of them will delete the original if you delete the backup.

This is especially useful if you have a service – like iCloud – which allows remote wiping. If you turn on a switch which allows all your data to be erased, it's probably worth making sure you have a plan in case you have to hit that switch. If you don't keep back-ups, turn that off.

Password resets

If you are sensible – and many people aren't – you'll have different passwords for every service. Honan did. The problem is that although that removes most possibilities for losing multiple accounts, it doesn't take away the weakest link. If Linked.In gets hacked, that password shouldn't be able to gain access to anything else, but if your email account is hacked, you may well be screwed. Most services are designed to allow anyone with a password or access to the registered email account ​to log-on. Making the former secure and then leaving the latter open is not the best move. So what's the best thing to do?

Step one is to make sure that the email address password resets go to is the most secure possible one. For most people who don't have extra-strong security needs, that means a Gmail account with two-step encryption. Every time you try to log-on from a new computer, you get sent a text (or check a special app) with a code to finish the log-in. Unless someone steals that as well, you're safe.

Step two is to remove password resets from that address. There's no point having a secure email address if you can reset the password by requesting it from a less secure one. Step three is to stop​ using it for anything but account registrations. It will be impossible to keep it totally secure, because of the number of services which still identify you by your address, but it's better than handing it out to everyone.

But the question that still remains is whether Apple and iCloud can be trusted at all. Following Honan's story, it certainly seems a bad idea to link any other accounts to your iCloud. Until the company responds, however, we can't know quite how bad it will be.

Update

Mat Honan has now made public just how the hack happened, and it's even scarier than we thought. There are severe security flaws in Amazon and Apple's password reset procedures that allow someone to take over both accounts with just your name, email address and billing address. This is not, by any stretch of the imagination, confidential data – yet until those procedures are changed, it would be best to treat it as such, and to attempt to limit the amount of damage which would happen if those accounts were compromised.

How to trick Amazon:

First you call Amazon and tell them you are the account holder, and want to add a credit card number to the account. All you need is the name on the account, an associated e-mail address, and the billing address. Amazon then allows you to input a new credit card. (Wired used a bogus credit card number from a website that generates fake card numbers that conform with the industry's published self-check algorithm.) Then you hang up.

Next you call back, and tell Amazon that you've lost access to your account. Upon providing a name, billing address, and the new credit card number you gave the company on the prior call, Amazon will allow you to add a new e-mail address to the account. From here, you go to the Amazon website, and send a password reset to the new e-mail account. This allows you to see all the credit cards on file for the account -- not the complete numbers, just the last four digits. But, as we know, Apple only needs those last four digits. We asked Amazon to comment on its security policy, but didn't have anything to share by press time.

Delete – even if you don't want to. Photograph: Cari McGee/www.carimcgee.com

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Roosh V via YouTube
Show Hide image

Men's rights activist Roosh V isn't just a sexist: he hates the modern world

Roosh and his community have seen that cultural change is chipping away at their privilege, and they're having none of it. 

When an activist known as Roosh V organised 165 “meet-ups” for like-minded men in 43 countries for this Saturday, the backlash was instantaneous. Signatures on petitions to keep Roosh away (even from countries where he wasn't planning to visit) stretched into the thousands. Police in many of the cities where meet-ups were planned said they would be keeping an eye on the events. Counter-protests were organised. And so today, Roosh announced that the meetings would be cancelled, since he could “no longer guarantee the safety or privacy of the men who want to attend”.

Roosh V is a prominent member of the section of the internet known as the "manosphere": he runs popular websites including Return of Kings and his own blog, and began his career by writing guide books about how to pick up women in countries from Poland (“What to do when a Polish guy inevitably tries to cockblock you”) to Colombia (including “an explanation into the Colombian prepago female (gold digger)").

Yet as demonstrated in a recent Reggie Yates documentary programme about men's rights activists, 36-year-old Roosh seems a lot more interested in his own theories about society than in handing out pick-up tips. "This is starting to sound like a conspiracy theory," Yates notes at one point. 

Roosh actually distanced himself from the Men's Rights community, or MRAs (though he arguably does fight for what he sees as men's rights) in 2009, when he argued that the group was filled with men incapable of taking action or improving their "game" with women. He would be more likely to self describe as a pick-up artist, or PUA, though his writing usually focusses on issues beyond simply "how to pick up women". 

While Roosh's views are objectionable and off-the-wall, they’re also subscribed to in full or in part by what may be millions of men around the world. So what does he believe? And how did this alternate worldview develop in the mind of a well-travelled, university-educated American son of immigrants?

Roosh isn't “pro-rape”, but he thinks rape is the fault of its victims

Many headlines this week called the proposed meetings "pro-rape", with evidence taken from a single post entitled “How to Stop Rape” which Roosh wrote in February 2015 (and which he recently claimed was satire). In it, he writes that since “women are not getting raped by violent offenders . . . they are getting raped by men they already know”, then rape (or as Roosh medievally puts it, “violent taking of a woman”) on private property should be made legal. This would, he argues, force women to “take responsibility” for their conduct on dates or while alone with men.

This appeals to a popular trope within the manosphere: that men will be "falsely" accused of rape under progressive rape laws that dictate that drunk women can't give consent, or accused by women who later regret the sexual encounter. The community is particularly aerated about Califiornia’s Yes Means Yes law, which rules that silence or lack of resistence doesn’t mean someone has consented (though consent can still be non-verbal).

Roosh's bizarre “legalise rape” argument is an apt symbol of his general appraoch: it’s a kind of devil’s advocacy, mixed with a form of upside-down rationality. He takes a common complaint among men’s groups and pushes it to an extreme conclusion, to the delight of his fans.

It’s also worth noting that some of Roosh’s pick-up tactics and advice could be seen to encourage rape – it’s probably fairer to call him “pro-rape” on these grounds, rather than his blogpost. In another trope common to the MRA community, he believes women say no in order to play “hard to get”, and that any self-respecting pick-up artist would override "no" up to a certain point. In a two-hour Skype interview with feminist artist Angela Washko, he argues:

“If a girl says no, that's no. But if she's still there and she allows you to touch her again and kiss her again that's not rape. That is not.”

In "When no means yes", a post from 2010, he gives the following "tip": "‘No’ when you try to take off her panties means . . . ‘Don’t give up now!’”

He knows his audience

In some of his writing, or while speaking to certain interviewers, Roosh can seem almost harmless – misguided, yes, but intellectually engaged and cautious about offending. 

In his interview with Washko, the pair manage to agree on the idea that it’s in the economic interests of the world’s richest to force all women to both work and have families, as wages can be lower: “The more people you force into the workforce, the cheaper labor is.”

The fact that women should have the choice to raise children instead of having a career is something both can agree on. 

But elsewhere, Roosh's concerned citizen mask slips. Earlier this week, he told members of his website forum to pool the details of journalists who write mean things about him with the ominous phrase: "We're going after the root of the problem". Elsewhere, he has said he won’t be interviewed by female journalists unless they give him a blowjob, and has stated that, “my default opinion of any girl I meet is worthless dirty whore until proven otherwise”.

This dual personality is something he shares with the comedian Dapper Laughs, who appeared on Newsnight to apologise for his rape joke-heavy comedy and explain that he was satiring men’s sexism, but now tells audiences that at the time he wanted to tell interviewer Emily Maitlis to “get your f***ing gash out!”  

He’s a savvy businessman

Which raises the question: how much of Roosh’s bluster is an act? Roosh must have learned by now that his more incendiary statements earn him attention, and even money through traffic to his sites. Dapper Laughs knows he needs to undercut his earnest, turtlenecked performance on Newsnight to keep earning as a comedian. 

Roosh told Reggie Yates he receives around a million combined hits to his websites every month, but this month, the figure must be far higher. A Vice journalist has pointed out that Roosh boasts about his online metrics on Twitter, and seems to be in competition with fellow controversy-chaser Milo Yiannopoulos. 

Which brings us to another question: did Roosh ever think the meet-ups would go ahead? Was he in fact expecting a media backlash, which would then allow him to show his followers that they are victimised and under attack, just as he's told them?

The whole thing does seem built as a vehicle for media attention: the covert meetings complete with a special code ("Do you know where I can find a pet shop?") which somehow found its way into every mainstream media story about the meetings – including, of course, this one.

Roosh advertised them on public sites, despite the fact that he probably could have contacted many supporters through more private forms of social media and regularly keeps the locations of his own talks a secret. His attempt to smear journalists is playing out in a private forum – strange that he couldn't use similar channels to arrange Saturday's meetings. 

He thinks the Western world is on the verge of a “cultural collapse”

Roosh claims that his science background taught him how, as he tells Washko, “to know what is a lie . . . when someone is full of shit I can tell because they’re just using what? Emotion.”

Travelling, meanwhile, has exposed him "to different ideas, belief systems than other people – I have more data and background in my mind that allows me to reach conclusions that are more accurate”.

This, in turn, prompts this surreal exchange:

Image: Angela Washko.

This defence – of science and worldliness, in the face of closed-minded emotion on the part of feminists – is important to Roosh precisely because his worldview actually seems to rely on an emotional, kneejerk hatred of change. 

Beyond the more typical MRA beliefs, Roosh has a comprehensive argument for how feminism and other liberal, progressive attitudes are about to ruin the modern world. In a document titled “Cultural collapse theory” he outlines a world where women earn “25 per cent more than women on average”, children are taught to “respect all religions but that of their ancestors”, and the reproductive rate falls because women have careers.

Here is the progression of a “cultural collapse”:

This, of course, is a dressed-up version of the familiar dystopia imagined by those who think liberal ideas and cultural change are driving us to disaster. In this context, Roosh’s ideas about women begin to look more like a refusal to get on board with the modern world: the way he sees women would have been very familiar a few centuries ago.

His hatred also extends to other social groups who have recently gained privilege, including transgender people (“If you are genetically a man, but you all of a sudden have this need to dress up like a girl . . . you should seek help"), gay people ("they're trying to encroach on what normal humanity is”), and stay-at-home fathers (“I mean if you ever see me pushing a stroller or changing a diaper, something is wrong. I must be on drugs"). 

The best proof of Roosh’s affection for the past is his opinion on where it all went wrong: I’m pretty sure giving women the right to vote was the start.”

In one particularly pathetic plea during his interview with Washko, he cries “You can’t even have sexy babes in games anymore!” 

…so any kind of cultural change is bad

When speaking to a group of London men in Reggie Yates’ documentary, Roosh emphasises the idea that "women and gays are seen as superior to straight men", and that straight men are, effectively, an oppressed group. “Men are not allowed to speak the views that I am speaking,” he tells his rapt audience. The cancelled meetings, it seems, function as proof of this. 

Yates may think Roosh is touting a conspiracy theory, but at heart, it may be simpler than that. Roosh’s pseudo-intellectualism can be boiled down to a single point: the modern world is chipping away at his privilege, and he – and his followers – don’t like it at all. Roosh is furious that, in his eyes, the media is “encouraging” children to be gay, asking Washko: “Why is the media all of a sudden in the business of shaping the sexuality of human beings?”

As Washko writes in her transcript, she resists the urge to reply: “But it always has been!” The difference now is that the narrative (if it exists, which I’d argue it doesn’t particularly) just doesn’t favour Roosh’s demographic anymore. As one of Roosh’s fans tells Yates, “We’re losing ground.”

While equality isn’t a zero-sum game, true cultural and political change will require privileged groups to lose some ground – to give up some of that privilege. Behind the long words and cultural theory, Roosh and his followers are the men simply refusing to do so.  

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.