Most of us think about information security in terms of what hackers, malware, and other bad actors can do to compromise our systems and data. And while that’s certainly a critical concern, we sometimes forget about another aspect of information security: protecting our privacy. The privacy debate is one that has raged for many years. Today it is often equated with government intrusion, and while this is certainly a legitimate macro-level concern, there are other sinister threats that can be realized when we lose our digital privacy; identity theft, cyberstalking and online bullying, and physical assault due to location disclosure from digital assets (think geolocation inside of devices and geotagging metadata within digital media) are all real-world risks if we don’t protect ourselves. And while privacy and security are not the same thing, good security definitely improves privacy.
Of course, there are limits. Yes, in some ways we would all be more secure if we were to “drop off the grid” – eliminate our online presence, get rid of our cell phones, and cut up our credit cards in deference to all-cash transactions at all times. But that’s not reasonable for most of us. We have jobs, families, and other commitments that require use of technology, an online footprint (even if it’s just an email address) and interaction with other people. However, just because we have to be online doesn’t mean that we can’t take some precautions.
Here are five effective ways that each of us can increase our digital privacy, while minimizing the impact of these controls on the way we use technology day-to-day. To be clear, not all of these solutions will work all of the time: for example, many business firewalls will block VPN, and corporate-issued cell phones often contain mobile management tools that prevent users from disabling geolocation services. Also, some of the more extreme methods of increasing privacy (such as dumping your cell phone completely or completely replacing your OS with Tails, or another privacy-oriented operating system may be impractical. However, these solutions can help make our private lives, well, even more private:
- Encryption is your friend. Proper encryption is one of the most effective methods available for protecting your data. Regarding of whether the data is stored locally on your computer or in the cloud, or if it’s being transferred over networks, encryption is the most fundamental building block of ensuring that your private data is accessible only by you and the persons and organizations you authorize. Encryption can take many forms. For your devices, full disk encryption or at least folder-level encryption can provide transparent access to your data while ensuring that physical loss or theft of the device won’t result in easy compromise of your data. If you’re a user of cloud storage, consider either encrypting the data before it’s saved to the cloud (there are many tools that do this for you automatically), or consider using a cloud storage service that provides PKI-based encryption, allowing you to be the only owner of the private key. When transmitting private data across networks (and across the Internet, in particular), always use secure protocols, even inside the network. Forget telnet and ftp, and start relying on scp, ssh and sftp. For websites, of course, all of us should always look for a site encrypted with “https://” and with a trusted certificate when conducting any type of activity involving personal data or financial transactions. And if you’re connecting to a public network at your favorite coffee house or restaurant, always – always – use an encrypting VPN service.
- Disable digital tracking mechanisms. Technology vendors – and marketers – have over the years developed some incredible ways to track you through everything from your mobile devices to your web browser. While this information is more often than not used for marketing purposes, the fact is that many of us (myself included) do not want to get bombarded by online advertisements that are tailored to my online activities. Fortunately, there are several ways to address this. For most mobile devices (including iPhones, iPads and most Android-based mobile phones), both geolocation services – tracking where the device is physically located – as well as geotagging – metadata included with photos, videos and other media taken on these devices – can be easily disabled through on-device menus. Unless specifically needed, these should be disabled; you can always turn them back on when and if they’re required. For browsers, most include some form of advertisement blocking plug-in, and for those that don’t, most commercial anti-virus software has a similar capability. If you really want to eliminate trackability, you can also consider using a VPN (which was mentioned above as a critical tool when connecting from public WiFi access points), and couple that with an anonymous browser, such as the Tor network.
- Use multi-factor authentication. Passwords are a good thing, to be sure. However, passwords alone are insufficient security for most serious transactions such as online banking. Today, however, there’s no reason to not implement multi-factor authentication (MFA) wherever you can. For online services such as banking, social media, email, and wherever else it’s available, you should use MFA. Often, this is phone-based, where the application sends an SMS token (usually a number) to your phone, which must be entered online to verify that you not only possess the password of the user you say you are, but a physical asset as well (in this case, a mobile phone). For local devices such as mobile phones and laptops, MFA extends to biological factors such as fingerprint scanners and facial recognition. Again, if these are available, consider using them.
- Configure your tools to enforce privacy controls. Today, everything from operating systems to browsers to mobile devices is generally configured with poor privacy controls. Often, this is done for marketing purposes: there’s a lot of money to be made from tracking how frequently people use their devices, what they use them for, and then selling that data. However, thanks in large part to organizations that educate the public about privacy (thank you, Electronic Frontier Foundation!), vendors have recognized they need to provide an ability to disable this kind of passive snooping, even if it’s not configured by default. That means every vendor that has recently started defaulting their OS to capture an inordinate amount of information for marketing purposes (I’m looking at you, Windows 10) also provides switches to disable or severely curtail these privacy intrusions. Check online, find a good tutorial on disabling these reporting mechanisms, and implement better privacy for yourself in your software and devices. One additional tip: if you’re not prone to using your front-facing camera on your laptop, then physically cover the lens. If your laptop is compromised, some malware will attempt to turn the camera on.
- Remember that you are the gatekeeper to your information. Perhaps the greatest threat to our privacy is what we ourselves post online. Social media, while it provides some great platforms for communicating with friends, celebrities and complete strangers, also affords the greatest method for letting people build a profile of us. Although the urge may be strong to post online pictures of your oceanfront suite in Cancun from the hotel room, this can also tell a burglar that your home is likely unoccupied, and with a few simple public records searches, your name and street address can be easily correlated. Similarly, don’t over-share information: if you’re actively seeking employment, don’t post a picture of yourself guzzling margaritas on Saturday night (or even worse, Monday night!), as employers are increasingly using social media to get a more complete picture of prospective employees. And perhaps one of the most critical recommendations I can provide is: do not post pictures of your children online, or allow them to do the same for themselves. I know that celebrities and their friends do it all the time, and the desire to emulate that behavior can be strong – but it can place your children at risk from both predatory adults as well as cyberbullies.
There’s no such thing as perfect privacy, just as there is no such thing as perfect security. However, by implementing some basic, common-sense controls – including controlling ourselves and our online behavior – we can greatly reduce the likelihood of being a digital target.