Reducing My Attack Surface
August 22, 2020

There's a concept in computer security called "reducing the attack surface--"
that is, lowering the number of vulnerabilities in a computer system by not
running a large number of programs or shutting off non-essential services, so
that an attacker has fewer potential points of entry.

I got thinking about "attack surfaces" in a broader sense the other day, when I
realized that--once again--I'd spent too much time on the internet and not
enough writing. A day later, I was driving to the store and stopped at a red
light in the right-hand-most of three lanes. The light changed to green and...no
one moved. I counted to five. No one moved. The light was still green. As I was
reaching up toward my horn, the left-hand car started moving. The other two
quickly followed suit, and it was then I realized that all three drivers must
have been looking down at their cell phones rather than up at the light.

These two events made me think about ways I could reduce my personal "attack
surfaces." The internet (or parts of it, anyway) want us to spend as much time
as possible viewing them. Cell phones are one giant attack surface, as it puts
the internet--especially those sticky bits, like social media--right by our side
at all times.

I've already reduced one major attack surface by having a dumb phone,[1] though 
in this day and age I pay a price for it, because everyone seems to only want 
to send me links to cool videos or forms that need to be filled out, or to set 
up virtual doctor's visits on my phone. But because I don't have a smart phone, 
I'm often the only person in the waiting room reading a book or the only car 
who notices when the light changes. (Things I see as advantages.)

For me, part of getting sucked into the internet from my laptop is checking
pages to see if anything new has popped up. What are the latest headlines? Any
new posts at one of the many blogs I like to follow? Especially with news sites,
I often find myself clicking on interesting little side-stories as I scroll
through the headlines. My answer to that has been to start using an RSS reader.

RSS has been going through a sort of mini-revival of late, as people decide they
want to move back towards blogging and need a way to let their readers know that
they've got a new post up; or people who'd signed up for newsletters decide
they'd rather not have their email address out there to be monetized. The
advantage I've found in using RSS is that I get the headlines of new posts, but
no pictures or opening lines (at least not with the RSS reader I'm using, which
is just the toolbar widget that comes with Gnome in Debian Linux). So instead of
visiting a half-dozen pages and getting distracted along the way, I click one
link, look to see if there are any updates (often there aren't), and select only
the ones I want to read. A couple more clicks and my browser provides me--in
separate tabs--only what I want to read. The whole process takes just a few
minutes and helps keep me from spending time surfing when I should be working.

Another thing I've done to keep myself offline as much as possible is to set up
my laptop so that it doesn't automatically connect to the internet when I boot
up. I have to manually tell it to connect. This means that I can't go online
unless I make the conscious decision to do so. That moment to pause has kept me
offline on more than one occasion--though to be honest, I'm still having a hard
time remembering to drop the connection after I'm done working online.

If it sounds like I'm consciously making it harder to use the internet, I am.
The internet is a hydra[2] that I've fought (and lost to) many times before.

[1] https://www.andrewgudgel.com/blog/being-high-tech-in-a-low-tech-world.txt
[2] https://www.andrewgudgel.com/blog/slaying-the-hydra.txt

(c) 2020 by Andrew Gudgel 
email: contact [at] andrewgudgel.com