As an early user of the internet and being an active researcher in the creation of modern-day surveillance, I thought it a good idea to share some of what I’ve learned about maintaining privacy online. I’ve also read many privacy advice stories and can’t help but scratch my head at some of the advice being given (including from some well-known people). So here goes.
1. There’s no such thing. That seems like a tough way to start this advice article but you need to first come to the realization that if someone really wants at your personal information, and has infinite resources directed at getting it, there will come a time when that may happen despite your best efforts to secure it. That being said, let’s move on.
2. Secure your email. This is a common bit of advice given to people and yet the amount of google email addresses continues to rise. There are means of encrypting email but it’s only effective if you and the person getting the email both use it. If it’s just you, what you send out becomes vulnerable on their end. Still, if you store email online, an encrypted server is the way to go. Also, aim for a email service from a company not based in a country that is susceptible to being strong armed. I concluded early on in my internet life that securing email is important. I chose the company lavabit in the early days before the Snowden Affair. Once people became aware he had a lavabit account too it was shuttered by the owner (long but important story). Before that happened I opted to cancel my subscription anyway because I came to the conclusion that where you live isn’t a guarantee of privacy (i.e. a democratic state). I switched my personal email to one hosted overseas in a place with a good reputation for privacy but not corruption. Your company or government email (including university ones) are fair game for surveillance. Get a private one for more private messages. Do I store sensitive stuff online? No (don’t have anything anyway) but I don’t like the prospect of people rooting through my stuff.
3.Be smart about social media. Notice I didn’t say avoid it because no one will do that but ever since these things were created it’s common knowledge (or should be) that they’re about being social and communicating publicly. It should be obvious that you don’t post or write something you can’t defend or care about getting released. Beyond that, yes they are used to track user locations and the like, again, shouldn’t be a shocker when Facebook asks for your location. The wise thing to do is always decline and learn to keep your phone off when you want privacy. Consider that any method of communicating can be used from the other direction, and that means any device that can be used for surveillance, like a microphone or camera. I stayed away from social media until December of 2016 when I made the decision that if I wanted to communicate with the wider public about my work, I had to reach people via social media so I caved. Just be sensible.
4.Use encryption if need be. Encryption is a valuable privacy tool but it’s not fool proof though it is pretty good. For browsing use a VPN if you want good privacy. There are plenty of VPN services out there (google it). But what to choose? Again, common sense, follow the rules I’m giving. Don’t subscribe to any that could be pressured to give up your information. You want a service based elsewhere, not just it’s servers, but head office too. You want one that doesn’t store private info and one that has a kill switch so any program you’re using gets turned off if your connection falters. I learned all this during the early days of Napster, Limewire and the Pirate Bay before the days of copyright infringement notices. I learned then, and from my research, what real privacy people had. Encryption often gets defamed as hiding criminals, and in all honesty, it certainly can. But let’s put this in perspective. First, nearly every legitimate company I’ve come across has rules about using their services for illegal activity and will cooperate with authorities if you’re up to no good. But why have things progressed to the point where criminals are able to turn to encryption? It wasn’t because companies were clamoring to provide encryption to criminals, terrorists and the like (not a huge market or good for business). It was because average citizens didn’t want to feel like a criminal for downloading a TV show. VPN and encryption existed before torrent downloading but it exploded when people became targets of governments working with the music and film industry. And because of the relentless pursuit of the common-Joe, we now have this technology being used by the scum of the earth as well as people wanting privacy online. Talk about government not getting its priorities straight. The point is it’s useful if you want privacy for browsing online. Also useful, using search engines that don’t store searches, and using private browsing modes on browsers.
5.Passwords and going offline. Don’t be lazy with passwords. Use full sentences or even phrases with some numbers added for good measure. You can use alterations of phrases to mix things up so it’s easier to remember with different devices. Don’t save your passwords either. If you don’t save them you’ll actually be forced to remember them by constantly typing them out. I go a step further too. I don’t keep a contact list in my email. If it’s ever hacked, no bug can make use of an email list. Some privacy advice columns suggest a master password program. This is stupid. Why have all your sensitive information in one program? To make it convenient for hackers? If you follow the rule that only offline provides the most protection you’ll be more careful with what what you put online and not put your most sensitive stuff on Dropbox or anywhere online. As added protection I use a drawing password for each app on my phone as well as locking it with a numbered password. The reason is so that if someone gets into my phone if I lose it, they can’t access my photos, banking app or whatever is on it. It becomes habit over time and is easy to do. You can certainly encrypt your hard drive or use more professional erasing methods but I don’t think this necessary for most. If you’re worried about your hard drive getting seized you have bigger problems.
6.Be choosy about providers of services. This is a rule related to others. Any hope of privacy comes from at least a basic understanding of geopolitics, something other advice sites often neglect to mention. You need to know who is friends with who and who hates who in the international arena as well as who is corrupt. Don’t use the services of any company that could be pressured by a government you think may turn hostile on you or them, whatever the service provided. If you’re in Syria, maybe don’t use a Syrian company or one from an ally of it. Even a VPN will cough up your information if they are in a country where their government will force them to. The location of the head office is always what matters. You get the idea. In reality the easiest way into your devices is by letting people in such as by opening email attachments from unknown email senders or browsing in places you shouldn’t be browsing in. If you have external hard drives at home, and have a home network, don’t keep them plugged into your computers. If your network ever gets hacked the hacker will have access to anything connected to it. If you want real protection, consider buying a router with VPN software flashed onto it. This means that every device connected to your router will be encrypted. Home devices like Google Home and other household wireless devices don’t have good security yet and are currently easy back doors into your network or can be used in hacking attacks.
Those are my general rules for now for maintaining a reasonably private life online. Ultimately, if you live by rule 1, you’ll be fine. 😉
Have any tips you want to share? Let people know in the comments.