Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Develop a Privacy Strategy

Online privacy is, as you now know, a complex problem with no definitive solutions. But it doesn’t have to be overwhelming. In this chapter, I help you think through a high-level strategy you can use to inform your decisions about specific tasks such as web browsing, email, and file sharing (all of which I cover later in the book).

I suggest dividing your privacy concerns into a few broad categories:

First, Fix the Easy Things—that is, make simple changes to your software, settings, and habits that will address many of your privacy concerns but will require almost no planning or effort.
Next, Create Privacy Rules for Yourself. These simple statements focus on a few types of information you always want to take extra care with and a few people you always want to communicate with privately.
Although it requires both time and a frustrating amount of effort, I now also recommend that you Purge Your Info from Data Brokers to the extent possible.
Finally, Cope with Special Cases. Troubling situations may come up that require extra privacy but for which you don’t have an existing system. Think through the possibilities in advance and prepare so you don’t make a foolish decision on the spur of the moment.

For extra credit, Take the Pledge: promise me, yourself, and the rest of the world that you won’t do stupid things online.

Fix the Easy Things

You instinctively take measures to protect your real-world privacy—you draw the curtains at night, use a changing room to try on clothes, and lower your voice when discussing something sensitive in public. Adopting a comparable set of habits for online communication can eliminate some of your most serious privacy risks. Better yet, you can make a number of simple, one-time adjustments to your devices and software that will improve your ongoing privacy without further effort.

I cover many of these “easy things” elsewhere in the book, but I’ll list some prominent examples now.

First, here are some one-time changes you might consider:

For your internet connection: Follow the advice in Keep Your Internet Connection Private, including using WPA encryption on your Wi-Fi network (see Encrypt Your Wi-Fi Connection), turning on your computer’s firewall (see Use a Firewall), and fortifying your DNS settings (see Avoid DNS Mischief).
When browsing the web: Use your browser’s built-in controls or third-party software to confirm that you’re not visiting fake or dangerous sites; see Go to the Right Site. Also, configure your web browsers not to store third-party cookies and other unnecessary private data, and consider blocking ads and trackers, too; see Manage Local Storage of Private Data.
For email: Make sure your email program transmits your password in an encrypted form (see Log In Securely), or better yet, use SSL for incoming and outgoing mail (see Transfer Email Securely).

Next, consider adopting some new customs, such as:

Always use a VPN to connect to the internet—at least when you’re on an open or unfamiliar network; see Use a VPN.
Use a password manager to generate stronger passwords, store passwords and credit card data securely, and reduce the risk of phishing; see the sidebar Choosing Better Passwords, ahead, as well as Protect Passwords and Credit Card Info.
Kick the Google (Bing, Yahoo, etc.) habit for searches; see Search Privately.
If your device supports multiple user accounts, set up an account for each family member or coworker who uses it—with each account protected with a password known only to its user. Be scrupulous about logging out of your account after each session.
Make sure the operating system and apps on each of your devices are up to date. Software updates regularly patch security holes that might otherwise compromise your privacy. (I mention one example later, in the sidebar SSL Implementation Bugs and Issues.)

Those changes made, you can move on to specific privacy rules.

Choosing Better Passwords

In my book Take Control of Your Passwords I go into great detail about what makes passwords better or worse, why so many people choose bad passwords so much of the time, what problems bad passwords can cause, and how to create great passwords without going crazy. For our current purposes, however, I want to point out that using bad passwords massively increases your risk of having private data exposed. Although using a great password isn’t an ironclad guarantee of privacy, it does put a significant barrier in the path of a prospective attacker, and it’s one of the easiest steps you can take to protect your privacy.

Here’s a brief summary of my password advice:

Never reuse passwords. Every site, service, and account should have a unique password, so that if one is compromised, the damage will be contained.
Go long, random, and diverse: Mathematically speaking, the strongest passwords—those most resistant to guessing even by powerful computers—are long (15+ characters), randomly generated, and composed of a combination of upper- and lowercase letters, digits, and punctuation.
Use a password manager: It’s hard for a human to come up with a sufficiently long and random password, and even harder to remember such a password (especially if you have dozens or hundreds of different ones). A password manager app (such as 1Password or LastPass) can generate, remember, and fill in strong passwords for you, and securely sync them across your browsers, computers, and mobile devices. I say more about these in Protect Passwords and Credit Card Info.

About Two-Factor Authentication

Two-factor authentication is when a site or service needs more than your username and password—it also needs another factor, which could be a physical token, a fingerprint scan, or any of numerous other options.

A variation on this theme, sometimes called two-step verification, typically requires you to enter a numeric code sent as a text message to your mobile phone or generated using a mobile or smartwatch app such as Google Authenticator, Authy, or 1Password. (Authy now offers a simplified approach, in which you need only tap a button on a paired phone or Apple Watch.) Because these codes change frequently—typically every 30 seconds to 5 minutes—they’re effectively immune to many types of theft and guessing that could compromise an ordinary password. However, don’t think of SMS and authenticator apps as being equivalent in security! Given the choice, you should always avoid SMS for authentication, because it’s too easy to hack.

Apple, Dropbox, Evernote, Facebook, Google, PayPal, Twitter, and a host of other companies offer two-factor authentication or two-step verification. Although these technologies impose an additional inconvenience in exchange for the extra security, they are increasingly mainstream: for instance, Apple now tries to set up two-factor authentication for all Apple IDs by default, and other companies frequently offer two-factor or two-step verification to users who aren’t already using it. These technologies drastically reduce the chances of an account being hacked, because the attacker would need both your password and your mobile device (or other factor). So I heartily recommend enabling that option whenever you can.

I cover both types of expanded authentication extensively in Take Control of Your Passwords.

Create Privacy Rules for Yourself

One privacy rule I think everyone should follow is this: Be suspicious. Whenever you encounter a request (or demand) to click a link, type (or say) a password, or reveal any other personal information—whether that request came via email or SMS, in a phone call, a messaging app, a webpage, or even in person—ask yourself whether you’re positive that you understand the reason for the request, that you trust the other party, and that revealing that information is truly necessary. The volume and variety of scams I’ve encountered has made me much more alert to potentially unsafe data collection, and although I don’t want you to be paranoid that every request for personal info is a problem, it doesn’t hurt to take a moment to reflect before giving away your data.

Beyond that, I suggest creating a short list of personal privacy rules.

Some pieces of information (refer back to Things You Might Want to Keep Private) are nearly always private in the sense that you likely want to control who knows them. And there may be some people with whom you almost always want to communicate privately, regardless of the topic—your doctor, lawyer, accountant, therapist, minister, AA sponsor, business colleagues, clients, and so on.

Only you can say what counts as private for you. You can’t foresee every situation, but you can identify information and people that deserve extra care when it comes to online privacy. For now, jot down a list of your privacy “triggers.” For example, someone might list:

My credit card numbers
My new pseudonymous novel
My chocolate chip cookie recipe
My mistress
My attorney
My FBI handler

Or whatever. Then, as you read this book and learn about the specific privacy risks and options for various types of online communication, you can form these into simple rules, for example:

I’ll never send a credit card number or Social Security number by email unless it’s encrypted (and I’m confident that the recipient will protect the information on the other end).
I’ll insist that my publisher use a secure web portal for discussing “J.K.’s new novel.” (No one will guess my true identity!)
I’ll talk about my ___ (invention, legal concern, addiction, etc.) only by phone or in person—never in writing of any kind.
I’ll use an anonymous web browsing tool such as Tor (see Browse Anonymously) when researching competing cookie recipes.

Purge Your Info from Data Brokers

Earlier, in the discussion of Data Brokers, I explained how huge companies profit by collecting and selling all sorts of personal data about you—much of it collected as you surf the web, post on social media, and use the internet in other ordinary, day-to-day ways. I also said that Doxxers can tap into this data in order to make private details about you public—but, of course, advertisers, government agencies, and anyone else with money can also access this information.

I wish I could tell you that you can easily remove your information from all these databases, but data brokers intentionally make the opt-out process obscure and difficult—if they even offer it at all. (In most cases, laws give such corporations wide latitude to do whatever they want with your data.) If you can opt out of a given data broker, it may require anything from filling out a form online to mailing or faxing a letter along with a copy of your photo ID.

Fortunately, journalists and other researchers have compiled lists of data brokers, including how to opt out (if at all). There’s some overlap in these lists, but each one adds interesting details, so I suggest checking them all out:

Here are the data brokers quietly buying and selling your personal information, by Steven Melendez And Alex Pasternack at Fast Company (the most comprehensive list I’ve found so far)
How to opt out of Facebook data sharing by Joseph Keller, at iMore
PrivacyDuck (which also offers paid opt-out services)

Opting out from even a fraction of these brokers will involve considerable time and frustration—and for all that, it’s no guarantee, because many brokers don’t let you opt out at all, while some brokers honor requests to delete the data they already have about you yet don’t stop collecting more in the future. But if you’re serious about protecting your online privacy, it’s in your best interest to reduce the number of entities tracking and storing your information.

Cope with Special Cases

Online privacy gets tricky when you encounter a situation you weren’t expecting—one that isn’t covered by your up-front fixes, ongoing habits, and regular rules. For example:

You win the lottery, and suddenly you have a thousand new “friends” who want a piece of the action.
You find yourself embroiled in a messy divorce.
You witness or are otherwise close to a newsworthy event that results in reporters, lawyers, and scammers crawling out of the woodwork and paying you special attention.
You find yourself in a delicate position involving your health, your insurance, and your employer.
You or a family member are suspected of a crime.
You have a fleeting error in moral judgment that may turn out to have far-reaching consequences.

In these and many other situations, your online actions could become subject to much greater scrutiny than normal—you now have to worry about being targeted personally.

No one likes to think about these things, but they do happen, and you’re more likely to get through them unscathed if you’ve spent at least a little time thinking about the online privacy implications in advance.

My first piece of advice is: If humanly possible, avoid saying anything about the situation online in any way. The less digital information you generate that could come back to haunt you, the better.

Second, however tempting it may be, don’t go crazy deleting things, shutting down accounts, ditching equipment, and the like. That looks suspicious, and could draw unwanted attention to your actions. (Besides, it won’t matter, because nothing ever truly disappears from the internet.)

Third, if the situation has any legal implications whatsoever, find yourself a good lawyer and follow their instructions to the letter.

After doing all those things and allowing yourself some time and mental space to think about your situation clearly, if circumstances permit (and your lawyer, if any, agrees), consider cranking all your privacy settings up to 11. That is, go back to everything in this book that you decided wasn’t worth the effort or was too inconvenient, and do it anyway. Use a VPN all the time. Use only Tor (see Browse Anonymously) for web browsing. Limit your email to completely commonplace, uncontroversial topics. Avoid Facebook, Twitter, and other social media until the situation stabilizes.

I hope you never find yourself having to take such drastic measures. (Unless you win the lottery, because I can totally help you out there.) But if you remember that online privacy is inversely proportional to your need for it, you’ll be in much better shape.

That sets the stage for the final topic of this chapter: avoiding stupidity online.

Take the Pledge

Regardless of what measures you take to protect your privacy, there are certain things that should never, ever, under any circumstances, be sent over any network. I would have thought this is obvious, but judging by frequent news reports, politicians, actors, professional athletes, and other celebrities still haven’t gotten the memo that online privacy is the exception rather than the rule.

You don’t have to be rich or famous to have your life ruined by online stupidity. Anyone with fingers and a web browser can find millions of photographs, videos, comments, email messages, tweets, Facebook posts, and other digital artifacts showing humans at their worst. And more often than not, this stuff is put online deliberately by the very people who stand to lose the most…

“Look how fast I can drive this train!” boasted a railway engineer online before recklessly causing a derailment that killed dozens of people.

“I’m sure my wife won’t mind a bit of harmless online flirting with other women,” said a public official whose wife—and constituents—turned out to mind very much.

“Stealing this car will be a piece of cake,” said the guys whose every movement was being recorded on dozens of traffic cams.

“Why, yes, I think it would be a great idea for me to post a video of our drunken college orgy!” said a young lady who will find it difficult to get any respectable job in the future because her prospective employers know how to use a search engine.

Folks, the very best decision—for you and for the rest of the world—is to stop doing stupid things. But if you are going to do stupid things anyway, don’t compound your stupidity by putting evidence of it on the internet, which, as you’ll recall, never forgets. As you’ve seen already and will learn in more detail throughout this book, it’s nearly impossible to guarantee complete online privacy—and the worse you behave, the more likely it is that evidence of your behavior will emerge.

So, I’m not merely going to tell you to refrain from putting potentially incriminating information about yourself online. I’m going to ask you to promise me not to be stupid online. I ask you to join me in taking The Pledge.

Turn on your webcam, raise your right hand, and repeat these words:

I, (state your name), do hereby solemnly affirm before the all-seeing, all-remembering eye of the internet that I will never, ever, under any circumstances, for any reason, or in any manner, knowingly cause or permit any of the following information to travel over any network:

Statements that are hateful, abusive, racist, or otherwise cruel

Nude or sexually suggestive pictures or videos of myself, my friends, my family, current or former romantic partners, or anyone else who might at some point deserve to have a life

Information that could implicate me, rightly or wrongly, in any crime

Any material that violates someone else’s copyright, patent, or other intellectual property

Anything I’d be ashamed for my (current or future) children to see or hear

I further acknowledge that any failure to keep this pledge could disqualify me from ever holding political office, practicing law or medicine, teaching in a public school or university, holding any government or public sector job, owning a puppy, living in a nice home, finding (or keeping) true love, receiving technical support, enjoying ice cream, or pretty much anything else that might bring me happiness.

I therefore, voluntarily and without coercion, undertake to avoid extreme online stupidity for the rest of my days.

Remember my motto: What happens on the internet, stays on the internet. Don’t assume you can erase or fix something later. The only way to be sure your stupid thing won’t live on forever in internet infamy is not to put it online in the first place.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Develop a Privacy Strategy

Create new playlist

Sign In