Learn What You Have to Hide

I’m sure you’re an honest, moral, law-abiding citizen. Good for you! But if you tell me you have nothing to hide, I’m going to laugh in your face. I’m sorry, but “I have nothing to hide” is an absurd statement, no matter who’s saying it. Of course you have things to hide! We all have secrets, and that’s as it should be. But you may not realize how much you want to keep private and how you might inadvertently give it away online. That’s what I want to help you understand in this brief chapter.

Bear in mind that privacy nearly always depends on context. You may want to keep certain information from your employer but not your doctor; you may want to tell your spouse things that you wouldn’t tell your kids; you may share information freely with your lawyer that you would prefer not to have repeated in court. In the next chapter, Learn Who Wants Your Private Data (and Why), I further explore that part of the question—private from whom? You can’t keep all information private from everyone (and you wouldn’t want to), but you can take steps to keep some information private from some people.

Things You Might Want to Keep Private

If you’ll indulge me for a moment, I’d like to run down a list of some categories of information you probably want to keep private in the sense of controlling who it’s shared with online. This is in no way intended as a complete list, but only as a few highlights:

  • Contact information: You may hand out business cards freely, but are you willing to let any stranger know your name, telephone number, and home address? (Some people don’t mind at all, but others find it problematic.) You enter this information nearly every time you make a purchase online, and in many other situations. The address book on your computer or mobile device may also include contact details for numerous other people, including some who may be sensitive about their data becoming public knowledge. So it’s not only your own contact information you need to keep private.

  • Vital statistics: Personal facts such as your date and place of birth, the names and ages of your parents and children, and your marital status are probably well-known among family and close friends. In the wrong hands, that data could help someone hack into your accounts, steal your identity, or even blackmail you. And yet, you’ve probably revealed much of this information on Facebook.

  • Location: Unless you take deliberate steps to prevent it, the mere act of turning on a mobile phone or visiting a website on your computer can reveal your physical location, sometimes down to your street address. This information may be stored, too, such that your movements and online activity over time can be mapped out—and that, in turn, can often suggest what you have been doing in all those locations, or even with whom you’ve been doing it. Do you mind that someone you don’t know can tell where you are now, and where you’ve been in the past?

  • Financial information: You may file your taxes online, and you may submit online applications for credit or other financial services. That’s all fine; tax authorities, banks, and lenders have a legitimate need to know how much money you earn, what your Social Security number is, and so forth. But I’ll bet you wouldn’t want everyone to know that information. Likewise, you can probably log in to your bank accounts online, but it may not be in your best interest for just anyone to see your bank statements. And yet, any information that’s transmitted online could conceivably be misused.

  • Medical information: Everything that your doctor knows about you—your height and weight, past and present illnesses, surgeries, medications, pregnancies, genetic data, and so on—is almost certainly stored in a computer somewhere. If a security breach or human error resulted in any of that information leaking, or if you shared it injudiciously by email or social networking, might that have any negative consequences? The same goes for genetic information about yourself (and your relatives) stored online if you’ve used a DNA testing service such as 23andMe or AncestryDNA.

  • Purchases: When you buy anything online, the vendor keeps a record. Your bank knows about all your transactions, too, if they were with a credit or debit card. Some of your purchases will also be known to online advertisers. All that data is online somewhere—and some pieces of it are more secure than others. Can you think of any purchase or transaction you might not want to be made public?

  • Communication history: Some of us deliberately save every email message we receive or send, but even if you don’t, that information (possibly including messages you deleted long ago) is out there—it’s on a server somewhere, or on someone else’s computer. Ditto for chats, instant messages, tweets, and most other forms of electronic communication. Most of it is probably innocuous, but if you ever sent a message that you wouldn’t want your mother, spouse, or employer to read, you may have a legitimate worry about your online privacy.

  • Browsing behavior: You’re aware, I’m sure, that every website you visit, every web search, every video you watch, and every file you download leaves a trail, which includes information about your location, your computer, and your browser, among other things. Parts of this trail are stored on your own computer or mobile devices as histories, caches, and cookies. Some parts are stored on the servers of search providers, advertisers, and other entities. It’s extremely difficult to avoid leaving a trail and virtually impossible to erase all traces of your browsing behavior after the fact.

I could go on, but I hope I’ve made my point. You want your real-life friends and family to know where you are and what your kids are doing; you don’t want strangers to know. You want to order things online, but you don’t want your spouse to know about the surprise birthday present you bought. You want your sister to know you’re pregnant, but you want to wait before letting your parents or your employer know.

Unfortunately, you can’t always control what happens to information about yourself on the internet. Far too often, for one reason or another, online information about you becomes available to people or organizations that you would prefer didn’t know it—and this usually happens without your knowledge.

Personally Identifiable Information

In the foregoing list, I assumed all the information about yourself that could conceivably “escape” online can be traced back to you. Sometimes that’s true, but not always.

If you read the privacy policies of the websites you visit (an admittedly boring undertaking that I discuss further in What About Privacy Policies?), you’ll notice that they normally distinguish between personally identifiable information and anonymous or aggregate information. This difference is worth understanding.

If a message, database entry, or other snippet of information online includes your full name, your email address, your photograph, your driver’s license number, or some other detail that uniquely belongs to you, it’s personally identifiable—even if the person or company who has that information hasn’t actually identified you with it.

On the other hand, some information—your city, area code, operating system, and so on—is the same for many people. An advertiser may find it useful to know that 145 people in Fresno who also own iPhones visited a certain webpage today, but if you were one of them and that’s the only information the advertiser has, it won’t point to you personally. This sort of aggregate demographic information is valuable to businesses, political campaigns, and other entities even it doesn’t identify you personally. But sometimes a combination of seemingly innocuous facts can turn aggregate information into personal identification (I explain how in On a Web Server).

IP addresses are an interesting case. Every device that connects to the internet uses one, although often more than one device shares an IP address (using a process called NAT, or Network Address Translation), and a device’s address may change from time to time. When you visit a website, it records your IP address. If you happen to be using a device whose IP address isn’t shared, that number can potentially be traced back to you personally. But if you visit the same page at, say, a public library or using a device connected to a public Wi-Fi hotspot, the IP address recorded by the website would not be personally identifiable.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset