Book Review: The Art of Invisibility by Kevin Mitnick
On my Mastodon bio I state that The New Oil is a website specializing in news, advice, and reviews for the average person, so in that spirit I figured this would be a good place to share my thoughts on my latest privacy-related read. Like many of you, I find myself with a lot of free time these days, so I’m setting aside some of that time to catch up on reading and other content. That includes working my way through some of the “recommended reading” of the privacy community. My local library had a digital copy of Kevin Mitnick’s classic readily available, so I decided to check it out.
About the Author & the Book
Kevin Mitnick is a famous hacker-turned-good-guy. He was arrested in 1995 for “various computer and communications-related crimes.” He now runs a security consulting company where he uses his skills for good, explaining how he performed his various crimes and how companies can defend against them.
The Art of Invisiblity is a non-fiction book that discusses various threats against privacy – mostly digital in nature, such as tracking cookies, surveillance cameras, and more – and how to defend against them.
The book was massively informative. In some ways it’s a great introduction to privacy for people who are totally new to this stuff. Mitnick does a fantastic job of explaining how encryption works, how cookies work, how your real-world identity gets correlated with your digital one, and more. Additionally, he lists real world case studies and research which were super helpful to me. It’s one thing to say “hypothetically, this thing could be used in a bad way” and a totally different thing to say “here’s a real-world example of this thing actually being used in a bad way, even if it was in a controlled environment to prove it could be done.” He also balances the realism of those threats as opposed to fear mongering. For example, in one section he goes in depth into how a smart thermostat could be hacked, but he did explicitly point out several times that every one of these techniques requires physical access to the device.
Because of the real-world examples Mitnick mentioned, I was able to share some of the concepts with my coworkers who have children (one example included Pearson monitoring Twitter for any mentions of their tests) and help them prepare for the world they’re raising their kids into. It also helped me tighten up some of the information in my website, such as how ad-blockers can save you from malware.
Look, I’m gonna be honest: who am I to criticize a world-famous hacker? I can’t even get Kali to work half the time, let alone hack anything. My hacking skills end at being just charming enough to sometimes use social engineering. I readily admit on this website that I’m not an expert. Even if he did get caught, I would argue that failure is sometimes the best teacher and therefore the author probably knows more than me. Having said that, I found some of Mitnick’s suggestions to be inconsistent. For example, early on in the book he gives several detailed suggestions on how to attain an anonymous phone, but then makes almost no mention of the fact that having that phone at home and turned on will quickly defeat your anonymity (because if it stays on at the same location every night, eventually it’s pretty obvious who the phone belongs to). He waits entirely too long (the final chapter, actually) to point out that invisibility is kind of a sliding scale and it’s a really question of how much you need. He also offers almost no advice on Internet of Things devices other than “change the default password and be careful how much they say about you.” He doesn’t offer any kind of advice on putting a VPN or firewall on your router, using a separate network for IoT devices, or anything like that. Maybe that’s coming in a future edition, but I found it kind of lacking. Obviously he took the approach that I do, that not everybody is willing to forgo owning an Alexa for one reason or another, but there's still a lot of reasonable solutions he could've discussed to help people protect their privacy more.
Definitely worth a read. It’s an easy read, written in a very casual (but clear) tone as opposed to being written like an academic paper. He has a great knack for explaining things in a way that make sense, and backs things up with real-world examples and research wherever possible. If you’re new to privacy, consider the book an introduction to digital surveillance rather than actual how-to guide. If you’re a privacy veteran, consider it a “fundamentals check” to make sure you’re paying attention to the basics and you’ve assessed your threat level correctly.