Bruce SchneierReseñas

Hoje mesmo, um estranho bateu à porta alegando estar aqui para desentupir o ralo do banheiro. Deixei que ele entrasse sem verificar sua identidade, ele não apenas consertou o ralo, como também tirou os sapatos para não sujar meu chão de lama. Quando terminou, dei a ele um pedaço de papel que pedia ao meu banco para dar a ele algum dinheiro. Ele aceitou sem pestanejar. Em nenhum momento ele tentou levar minhas posses, e em nenhum momento eu tentei o mesmo com ele. Na verdade, nenhum dos dois teve medo que o outro tentasse. Minha mulher também estava em casa, mas nunca me ocorreu que ele pudesse ser um rival sexual e que eu devesse, portanto, matálo.

I loved the section on data/identity obfuscation. Must read for anyone who is concerned about privacy.

"Hacking is parasitical, mostly performed by the rich and powerful, and it comes at the expense of everyone else" (p 105). Cybersecurity expert Schneier interestingly stresses that hacking is not confined to computer systems but exists wherever money or other advantage can be gained through sneakiness distinct from cheating and outright lawbreaking. After identifying some basic hacks (of ATMs, casinos, frequent-flier schemes, sports) and defenses against them, he focuses on numerous examples of system hacks in the realms of finance, law, politics, human cognition, and AI. Besides hacking *of* AIs, there will be hacking *by* AIs. "Unless we can hack the process of hacking itself, ..., we may struggle to survive this technological future" (p 252).

Very practical, if outdated.

Some good stuff, but the writing and editing left something to be desired. Not a long book, but could have been half the size and still conveyed the same info - especially if you got rid of the repetitive charts.

This was a textbook for an information security class, and we didn’t read all of it over the course of the class, probably because it’s pretty old, and the prof only assigned chapters she thought were still relevant and good introductory explanations.
This is the third Schneier book I’ve read, and I think he’s very good at making technical subject matter accessible to a general audience. He also has a way of scaring the heck out of the reader about all the ways technology can go wrong, especially with baddies intentionally trying to break and ruin things. I would recommend his more recent work over this one, particularly Click Here to Kill Everybody, which is good for raising awareness of the issues surrounding a networked world.

Well, this sure was eye-opening and worrisome. I read it for school, and I'll be interested to see what everyone thinks. Mostly I came out of this feeling like trying to protect my privacy is a losing battle. The author doesn't suggest that, and he has some helpful hints at the end of the book, but the problems he talks about still feel overwhelming.
The book has over 100 pages of references, and I'm a little cranky about whatever citation style he used. Not very user-friendly.
A lot of his solutions having to do with laws to keep government and corporations in check seem very difficult to attain. Not impossible, but I don't see them happening tomorrow. Still, the book is good food for thought.

Disclaimer: this is the book review I turned in for a class, and I almost died writing it, so I don't have the strength to do more than copy/paste. If it doesn't sound like my usual breezy review style, that's why. Many apologies.

Bruce Schneier is a technologist and security expert who has written about security since the 90’s. He is a fellow at the Berkman Center for Internet and Society at Harvard University and has published books, articles, and academic papers about cybersecurity. In his 2016 book, Data and Goliath, he warned about the mass surveillance issues associated with big data. In Click Here to Kill Everybody, he tackles the dangers of our increasingly interconnected planet and the Internet of Things (IoT).

Schneier says, “It used to be that things had computers in them. Now they are computers with things attached to them.” He asserts that even if we don’t think of cars or refrigerators as computers when we buy them, the fact that they are raises serious security concerns. If computers are vulnerable to attack, and if everything is a computer, the threats have escalated from loss of data to loss of life and property, where an attack could crash a car or an airplane, sabotage someone’s pacemaker, or shut down a city power grid. Throughout the book, Schneier uses the term “Internet ” as shorthand for the interconnected computer systems that are “the Internet Things Us.”

Since the book is directed to a general audience, the author is careful to explain terminology that may be new to readers, such as the CIA triad used to describe information security, which consists of confidentiality, integrity, and availability. His explanations are clear and thorough, with enough review when terms are used in different chapters, that a layperson never feels lost. The book is heavily cited (78 pages’ worth) and easy to navigate back and forth from text to citations on an electronic version (his citation method is less user-friendly with a print copy). His citations can also be found on the book’s website https://www.schneier.com/books/click-here (Links to an external site.), and any updates after April 2018 will be found on this page.

The book is written as an overview to raise awareness of the issues and draw a larger audience into the discussion. Schneier says himself he’s offering breadth rather than depth. The book has two parts: The Trends and The Solutions. In Part 1, he discusses why Internet has so many security problems (it was never designed with security in mind), and why security isn’t prioritized by companies or government agencies. He says, “Insecurity is in the interests of both corporations and governments…Corporations want insecurity for reasons of profit. Governments want it for reasons of law enforcement, social control, international espionage, and cyberattack.” Most of Part 1 will be review for longtime followers of Schneier’s writing. Newcomers may be overwhelmed by these chapters because the picture they paint is certainly dire. Schneier provides ample, persuasive documentation of vulnerabilities in such things as infrastructure, health equipment, cars, data integrity, algorithms, and supply chains. He says new risks “arise from the very nature of Internet , which encompasses and connects almost everything, making it all vulnerable at the same time.” In Part 2, Schneier outlines his ideas for securing Internet . Many of his ideas need further discussion and fleshing out, which the author readily admits, calling them “a bunch of great ideas that won’t happen anytime soon.” Most of his solutions depend on the cooperation of tech companies and government, which leaves the reader perhaps more informed by the end of the book but not necessarily empowered.

The research that went into this book is one of its greatest strengths, and Schneier has a clear, persuasive writing style that makes the subject matter accessible to the general public. There’s a lot to absorb, and Schneier probably would have been able to make his case without quite the bombardment of doom that made up the early chapters of the book. It’s clearly a topic he’s passionate about, and for good reason. Even though the reader may not have a clear sense of direction of their role in the larger solutions outlined in Part 2, the information in the book will still raise awareness of the issues and be useful for decisions made as a consumer.

This book is recommended for general collections in both public and academic libraries. The information is useful for consumers in general, and it provides a good introduction to current cybersecurity issues for students and individuals interested in educating themselves on the subject

Ambitious argument for rethinking the world's internet security structure. This sounds as likely to happen as anything radical when it comes to climate change, social justice, or other ways of changing the world. Still, if you work online (and who does not) this could be important to read and think about.

Really informative look at the what helps members of society act rationally and allows society to function. Schneier explains many of the commons models of trust that exist at different layers of society and provides examples of each. I would have preferred to have the examples be a little more in depth and most of them were covered at a very high level. I guess that would make this a good jumping off point to other books which go in depth on any of the failures mentioned in the book. Overall I really enjoyed the book it was a very easy read and I recommend it.

This is a very well written book. It is not for beginners, in my opinion, though. Some technical background in information security will certainly help you understand better the topics covered. I believe it is a very good resource for anyone wanting to know a little bit more about digital security.

I read it first in 2004 and recently I reread it. The edition I have is the 2004 paperback edition (bought it from Amazon.com and had it shipped to Brazil at a time where there were no import taxes for books) and believe it or not after almost 20 years it is still actual.

I'm a fan of Bruce Schneier, I've followed his blog for years, and I enjoy his moderate and practical approach to various security issues. So when he offered signed copies of his latest book at a discounted price in exchange for a review, I jumped at the opportunity.

Overall, I quite enjoyed this book. Perhaps because I'm already familiar, and agree, with many of his ideas, I didn't find too many surprising ideas here. Nonetheless, Schneier does a great job of laying out a broad, fairly consistent framework for looking at how people cooperate and, if the title is meant to indicate a theme, "defect" from various forms of pressure meant to induce that cooperation.

From a wide-angle view, the only book-wide criticism I have is with terminology. For example, Schneier uses the word "defect" (and its variants) to indicate someone who goes against a particular type of pressure meant to induce cooperation. In this taxonomy, both airplane hijackers and people who hid their Jewish neighbors from Nazi soldiers are considered "defectors." I don't think it's a major detraction from the ideas he presents, but in a few cases it requires a moment to suss out how the actor is defecting. Schneier even makes a few comments about the oddity of the terminology, such as in Chapter 14 where he writes, "The police...implement societal pressures against a broad array of competing norms. (Okay, I admit it. That's an odd way to describe arresting people who commit crimes against people and propety.)" That said, Schneier is certainly no [a:James Carse|54828|James P. Carse|http://www.goodreads.com/assets/nophoto/nophoto-M-50x66-e07624dc012f2cce49c7d9aa6500c6c0.jpg], whose propensity to redefine terms is distracting at best.

Actually, not to contradict the paragraph above, where I think Schneier excels is in his ability to simplify concepts and demonstrate their applicability without stripping away too much of their complexity. He shows common links across a broad range of topics — from interpersonal interactions to business transactions to governmental regulation to the spread of religious ideas. He examines each of these by look at each idea from a host of angles, relying on everything from the evolution, psychology, economics, game theory and, of course, his own background as a security expert.

It's relatively quick read (I read it in three sittings), and certainly worth taking the time for anyone who spends any time thinking critically about how and why people choose whether to cooperate.

The chapters of this book progresses nicely through various levels of organizational complexity and the various pressures that cause people to either cooperate or defect. From the way that he builds his thesis, it shows that his background in security gives him a perspective that most of us have not through through to the extent detailed in this book.

Some statements that caught my interest:

The human brain has a neocortex that four times the size of its nearest evolutionary relative. 80% of our brain is neocortex, compared to 50% in our nearest existing relative and 10% to 40% in non-primate mammals. (Page 23)

The main human group size is 150. This is the Dunbar number: the number of people with whom we can have explicit and personal encounters, who's history we can remember, and with whom we can experience some level of intimacy. (Page 24)

"Actually, Dunbar proposed several natural human group sizes that increased by a factor of approximately 3 ... The smallest, 3 to 5 is a clique, the number of people from whom you would seek help in times of severe emotional distress the 12 to 20 person group is the sympathy group: people with whom you have a particularly close relationship. After that, 30 to 50 is the typical size of hunter gatherer overnight camps, generally drawn from a single pool of 150 people. The 500-person group is the megaband, and the 1500 person group is the tribe;" (Page 46)

tragedy of the commons, and was first described by the ecologist Garrett Hardin in 1968. (Page 55)

What I got out of this book:

The larger the group size, the more pressures are needed to encourage conformity (trust) and discourage defection (lying, cheating,...).
Moral pressure works at the personal, local and small levels.
Reputational pressure works at the local, small, and medium levels.
Institutional pressure works at the large to very large levels.
Security pressure works from local through very large levels.
But All of these are more or less weak at the global level.

There will always be defectors. We can't eliminate them totally, only get them to a tolerable level. Getting the pressures right is something that societies are continually adjusting.

I've been a fan of Bruce Schneier for a long time, though I've not yet read many of his long-form content (I read his email newsletter, and have worked my way through parts of his texts on cryptography). This timely book deals with the consequences of our technologies, how certain proposed solutions cannot work to solve them (and will, in fact, make the current and future problems vastly more difficult to solve), and suggests some positive ways forward.

One thing he touches on late in the book is the nature of resilience with regard to security, disaster planning, and recovery. This topic seems to me to be connected to [a:Nassim Nicholas Taleb|21559|Nassim Nicholas Taleb|https://images.gr-assets.com/authors/1206025993p2/21559.jpg]'s concept of "Antifragility" (from his book [b:Antifragile: Things That Gain from Disorder|13530973|Antifragile Things That Gain from Disorder|Nassim Nicholas Taleb|https://images.gr-assets.com/books/1352422827s/13530973.jpg|19092611]) - the idea of creating systems that improve under stress, rather than ones the fail when stressed. I would like further exploration of this in a technological context and policy context.

It was good, 3-stars for "I liked it". It was a bit like a list of issues: a list of problems; a list of effects; a list of dangers; a list of solutions.

The good: There's lots of stuff here, and each is real and important and pressing, so.... good on Bruce Schneier. Also, it is very readable, devoid of complexity and, I think, this will become the book that anyone can and will turn to for an introduction to this field. He's going to sell millions of copies.

The not so good: There was no integrated thesis developed or presented. For example, the ignorance of politicians is left unattached to the ignorances of the public and unrelated to the constant errors made by programmers and technicians. The invasions of our privacy is not related to other thefts or corruptions.

Once upon a time Bruce wrote a technical book on encryption and then accidentally became the world's #1 spokesman on privacy and surveillance, a role that he is not at all suited for and is simply not up to. I subscribe to his monthly newsletters and nearly every month he writes something silly or painfully naive.

So, good and not so good. 3 stars.

Sort of interesting book, but with some significant problems. First of all the book is a very academic study of trust in relationship to society. And while the author attempts to make it occasionally entertaining, it mostly ends up as dry as your average text book. Second, the author attempts to make a case for rational "goodness" without really making his case. Finally and maybe most troubling, there is nothing actionable in this book. This book makes a case that trust is both necessary and pretty much automatic in any sort of functional society. Yeah for us and yeah for trust, but maybe just write a short paper the next time.

Consistent with lots of his writing. Advocates for public interest technologists. Worth reading.½

Excellent book - as a survey of the threats to privacy we face, and solid plans for action. This also prompted me to start re-reading "Dragnet Nation," an excellent survey of how to reduce one's data footprint....

Had this on the shelf for years, but never picked it up until recently as it's a pretty hefty book. A quick skim showed it was quite readable though - pages flick by quickly. Schneier sets out a logical approach to thinking about all the stuff which worries us, in an attempt to think "beyond fear", and turn defence into something we understand better.

The first couple of chapters and the last are the interesting bits, setting out a rough guide to thinking about risk, and ending with a more philosophical approach to what we can achieve at a societal level. The main chunk of the book is a crash course in security and risk - lots of quick running through all the different aspects of it, and sentence after sentence of quick-fire examples.

I didn't learn anything new, but that depends on what you already think about, I guess. Also, obviously dated by a lot of references to 9/11, but the approach to terrorism is still valid today. What I did learn was that you can be logical and rational about the world, rather than overly emotional and worried about it. Which is the point of the book, really.

Worth a look if you're really interested in defending yourself against threats. Probably 3.5 stars, but upping to 4 as it deserves it simply for comprehensiveness.

A worthy follow-up to 2015's _Data and Goliath_. After reviewing the truly abysmal privacy and security conditions afforded by today's digital technologies and practices, and by the growing takeover of everything by the Internet of Things (IoT) in particular, Schneier explains his belief that correction and reform are theoretically possible. He rightly argues that strong government action would be needed but that this would require the governments to stop being a big part of the problem themselves and to avoid wrong-headed policies such as mandating encryption backdoors for law enforcement. He believes that in the long run "surveillance capitalism is not sustainable" (p 209), but it still seems to me that (1) nothing short of wholesale societal rejection of the ill-conceived IoT would be required, that (2) this is just not going to happen, and therefore that (3) life in the relatively near future will no longer be worth living.

“Data and Goliath” by Bruce Schneier. This is a good overview of the internet and privacy. The internet of things is the next frontline on the loss of privacy and the increase in surveillance over us all. I didn’t learn all that much that was new to me because I have been following this issue ever since PCs became a thing. Well worth reading though.

I have mixed feelings about this book. A lot of the book was factually accurate and informative, but sometimes it felt like the author was pushing his beliefs too far.

I wonder how many people remember the first release of Applied Cryptography, and all the hoops you had to jump through (to prove US Citizenship and residency) just to get the floppy disk with the source code. It was so amazing to watch the efforts to scan the pages to retrieve the source code, and share it, outside the US. In some cases, copies of the floppy disk may have found their way to others unable to see either the digital scans, or to acquire their own floppy.

Bruce graduated to the rarefied company occupied by others such as Phil Zimmerman, risking professional ruin, and imprisonment, by publishing this. I have the second edition as well, but this copy is one of my most prized possessions.

I should also point out that (assuming some basic math background, without which you aren't going to understand crypto anyway) this is an excellent resource on most of the popular algorithms of the day, and still useful to understand how it all works.

out of date, not all that helpful, but some interesting asides

A fascinating account of the way in which corporations are invading our privacy for profit at the same time governments are doing so for poorly founded security concerns. Both groups tend to see privacy and prohibitions against unreasonable search, and seizure as outmoded and even dangerous values. Schneier's well researched book documents shocking and insidious assaults on privacy on almost every page. Reading these specific incidents gives the reader a much deeper understanding of the problem than the more vague and global perspective from the mainstream media, even after the specificity of the Snowden revelations. Also helpful are the concrete methods individuals can use to defend themselves, though these are constantly changing due to new technologies such as facial recognition.