CAIRO: In a time where they are particularly at risk, most bloggers do not understand the online security measures necessary to protect themselves, a Harvard University report said.
The report, conducted by Harvard’s Berkman Center for Internet and Society, surveyed 98 bloggers in the MENA region. Twenty-six of these were Egyptians.
“Digital communication has become a more perilous activity,” the report said. “The recent surge in digital activism that helped shape the Arab spring has been met with stiff resistance from governments.”
In the recent months, regimes and opposition groups alike have engaged in cyber warfare. During the Tunisian uprising in January, authorities used targeted phishing operations to steal activists’ passwords, hijack email and social network accounts, and silence dissent. Meanwhile, in Syria, an opposition group called the Syrian Electronic Army has been attempting to cripple the regime by hacking and disabling their computer systems.
Of the bloggers surveyed in the report, one in five had an account hacked or suffered an online attack. Yet activists still don’t focus on online security, the report said.
In selecting email providers, encryption and resistance to government audits were “the least important features.” While 47 percent chose design and ease of use as their first priority, only 20 percent chose security-related aspects.
“The responses appear, at least superficially, to be at odds with the risks and threats,” the report said.
Similarly, only 11 percent of the bloggers said security was their first priority in choosing a social network, with 8 percent focusing on the company’s resistance to government audits and 3 percent focusing on the company’s data-sharing policies.
And in choosing their blogging provider, even fewer prioritized security, with 9 percent focusing on the company’s resistance to government audits. The remainder focused on design and ease of use, customizability, cost, and smartphone accessibility.
Instead of addressing the security problems directly, many bloggers exhibit “behavioral responses to online security threats,” including the use of vague terms and self-censorship. Over half of the respondents reported that their fear of the government limited their online writing.
Part of the problem, the report argued, is simply lack of knowledge.
“In general, perceptions, knowledge, and practices of online security ranged from fair to very poor,” the report said. “Our questions regarding knowledge were challenging ones, but consistent with the threats activist bloggers currently face in some countries in the region.”
Although 77 percent of respondents claimed good knowledge about password security, only 40 percent accurately answered quiz questions. In the field of encryption, 25 percent claimed knowledge while only 7 percent answered correctly.
When asked about malware, only 8 percent understood how to evade targeted email attacks by not opening attachments.
“This last finding is extremely troubling,” the report said. “We have seen many reports recently of email malware attacks targeted in real time.”
“While a large majority of respondents indicate an acute awareness of the risks of publishing sensitive material online…very few appear to follow a strict set of online security practices,” the report said.
The burden is on the social networking and blogging platforms themselves to enhance security, the report suggested.
“The most promising areas for improving online security are in the design choices made by platform providers,” the report said, “and in expanding cooperative efforts between activists, online security experts, and platform providers to improve platform security options and defaults.”
“There is clearly more work to be done in training and informing users,” the report added.