Family, Friends, Apathy: Three reasons your privacy is eroding
This is a post I started in December of last year, then wandered away from for client work. There are a lot of these abandoned ideas that flounder in my drafts folder over the course of a year, and part of my December ritual is to clean them out if I deem them no longer relevant. I think this one is more relevant now than it was then, though the reason has changed. So, what did I intend to talk about? The way other people’s carelessness impacts you, and the way your own apathy compounds the error.
Since my most recent post was about leaving Facebook and already mentioned the privacy violations and user information abuses inherent in its code, let’s start with that network as our example. On Facebook, it doesn’t matter what your personal settings are for privacy. If you interact with people and brands on Facebook anywhere, in any way, your interaction is visible outside your trusted (or, in some cases, semi-trusted) network. As a user I find this infuriating, as the site design itself encourages invasive behavior and an erosion of the understanding of individual boundaries. Brands, however, love this, obviously. What is fine for you as an individual (e.g. clicking like or commenting on a stranger’s post – shown to you because a vague work acquaintance or maybe your cousin “liked” it, friending someone’s unstable family member – whom you have never met – because you think being connected tangentially on Facebook gives you permission to do so, sharing a post when it’s clearly set to “friends only” and not meant to be shared) is a violation for someone else. We wouldn’t behave that way in person, putting people’s privacy at risk (well, except photographers, but that’s a different rant), but people freely do so online. Stowe Boyd saw this challenge coming years ago when he talked about publicy vs privacy.
“So what?” you might ask, “Why should we care?” As I’m sure everyone is aware, times are turbulent right now and we have people currently in positions of power around the globe who are not putting the best interests of their public first. In the end it will not matter whether you are happy they are in power or unhappy they are in power – the changes they want to make to remove protections we’ve fought hard for will impact everyone. Already indications have been made even here in the US that hard-won rights like net neutrality, freedom of speech, and privacy protections are being targeted, and we are just one of many countries undergoing this sea change. This makes it essential to pay more attention to what’s happening in your online world. Facebook is the worst of this behavior writ large, but no site is immune to privacy dangers.
Originally, this post was going to be solely about the way family and friends impact your privacy, but the challenge of privacy was made too broad for that limited scope this year as we’ve had more and more DDoS attacks against our networks and increased tampering in our lives via hacking from nefarious sources, both political and private. Does the way your family, friends, and peers use social media still impact you in a way that should make you wary? Yes. Definitely start there and change those habits and make those boundaries more clear. But that’s not all you need to do right now to tighten your presence both privately and professionally. I am not going to lie to you – making these changes is going to be difficult. We’ve grown used to sharing freely online, as a society. Just changing how you interact with your network will be hard enough – if you want to take the route to the most privacy you’ll have to change the entire way you operate online, in text, in calls, where you host your sites, and more. If you love how easy and fluid life is with cloud services, single sign on convenience using social networks, and fun emoji conversations and memes, well… you are likely not going to enjoy living a more secure life.
Still with me? Good. Let’s get down to it.
What you can do to take action and protect yourself:
Simple, Immediate (30 minutes to 1 hour):
- Turn on Two-Factor Authentication on every site you can.
- Make sure each site has a different password, and that you make each password with a password generator.
- Utilize a password service to help keep track. KeePass, 1Password, Dashlane, and Last Pass all come to mind.
- Cull and sort your friends list on Facebook. This might take longer than an hour if you have a lot of friends, but now is the time to put the “lists” and “limiting” feature set into effect. Make a trusted list of your closest true friends for your personal posts, and put everyone else on lists for work, opposite views on religion or politics, etc. Select the right list when posting. Better, but less likely to happen: stop using Facebook.
- Encrypt your phone. Some phone, like the iPhone, come with encryption that just needs activation, some others you have to take more steps. This guy wrote a good guide (Heads up: his post is political, but his info is solid.)
- Encrypt your computer. This only takes a few minutes on a Mac. The same article I linked to above tells you how to do this on other computers also.
- Use a better browser for searches (no, incognito mode isn’t quite enough). For most people browsers like Tor and news OS-browser combos like Qubes are going to be too hard to use. You can do a lot by simply breaking your Google (or Bing) habit and using DuckDuckGo for searches to start.
Intermediate (1 – 2 days)
- Evaluate how you use your other online and mobile services, from social networks, apps, and blogs to services for work and file storage. Make a list of habits that could be risky, and services that don’t offer proper protection options (believe it or not, complex passwords, passkeys, and two-factor auth are not offered everywhere, even now). Set the list aside so you can think carefully about what you need to change, move, or get rid of to be secure (Uber, for example, now tracks you even when the app is closed. Is that something you want? Think about it.)
- Evaluate your site hosting, registrar for your domain names, and the laws and protections afforded in the service’s host country. Take some time to decide if that is secure enough for you, and how likely it is to change. If you’re fine with it, simply keep the list in case you need to move on to the hard swap listed below later. If you’re not fine with it – steps to change it are in the “super hard” section below.
- Get a good, protected, VPN hosted in a protected country that has good practices. Use it whenever you are not on your protected network. This site made a handy (giant) list of criteria you can use to find a good one for you. Yes, it costs money. Yes, it’s worth it. Yes, it’s probably a business tax write-off (in the US).
- Exchange actual contact information with your most trusted connections, everywhere. We are entering an era where it will be important to know how to reach your network in real time, in the real world. Remember mail and phone calls? We don’t need to abandon our online lives completely, but it would be smart to bring those offline touch points back.
- Download security apps on your phone and computer. Yes, you should have these anyway, but so many people don’t even have basic anti virus measures installed, much less deep protections. On your computer, open source programs can be a great place to start – it generally means the program is updated more often. On your phone, there are a lot of options. Start with Signal App for your texts and calls. It’s trusted by many.
Super Hard (1 week – 3 months)
- Move your sites. This is a pain, and can be expensive. However, depending on what you post and where, you might want to move your sites to places that enforce privacy, data privacy, and free speech. Look for countries like Iceland or Norway that have strong histories of enforcing their laws.
- Learn your local laws. For example, here in the US sites with a common designator (.com, etc) are subject to some invasive laws as of last week. You probably have a business site like this one and don’t post political rants and raves, but if you do rant or rave – maybe make a move.
- Read this person’s excellent 70 day action plan. Yes, his post is politically inspired – this election cycle has inspired many to think harder about security, even before voting day – potentially the one good thing to come out of months of being confronted with politics at every turn. Everyone should have been doing this sooner, frankly. But, politics aside, there is a lot of good online and offline advice there, including some thoughts on using gift cards online instead of your real credit card, getting a fire-proof safe, and more. Basically, it’s a great list of things you can do to prepare without going full “prepper.”
This post is geared toward individuals, but many of the pieces of advice in here are great for businesses also. These are things your IT department might already be thinking about, in fact. It’s common for people to fight IT tooth and nail because their security measures sometimes make things take longer to do, but perhaps now is a great time to give them your ear and secure your business while you are locking down your personal life.
Did I miss anything? Let me know.
image credit: Florian Zeh, Unsplash