Develop a Privacy Strategy - Take Control of Your Online Privacy (1.1) (2014)

Take Control of Your Online Privacy (1.1) (2014)

Develop a Privacy Strategy

Online privacy is, as you now know, a complex problem with no definitive solutions. But it doesn’t have to be overwhelming. In this chapter, I help you think through a high-level strategy you can use to help inform your decisions about specific tasks such as Web browsing, email, and file sharing (all of which I cover later in the book).

I suggest dividing your privacy concerns into three broad categories:

· First, Fix the Easy Things—that is, make simple changes to your software, settings, and habits that will address many of your privacy concerns but will require almost no planning or effort.

· Next, Create Privacy Rules for Yourself. These simple statements focus on a few types of information you always want to take extra care with and a few people you always want to communicate with privately.

· Finally, Cope with Special Cases. Troubling situations may come up occasionally that require extra privacy but for which you don’t have an existing system. Think through the possibilities in advance and prepare for them so you don’t make a foolish decision on the spur of the moment.

For extra credit, Take the Pledge: promise me, yourself, and the rest of the world that you won’t do stupid things online.

Fix the Easy Things

You instinctively take measures to protect your real-world privacy—you draw the curtains at night, use a changing room to try on clothes, and lower your voice when discussing something sensitive in public. Adopting a comparable set of habits for online communication can eliminate some of your most serious privacy risks. Better yet, you can make a number of simple, one-time adjustments to your devices and software that will improve your ongoing privacy without further effort.

I cover many of these “easy things” elsewhere in the book, but I’ll list some prominent examples now.

First, here are some one-time changes you might consider:

· For your Internet connection: Follow the advice in Keep Your Internet Connection Private, including using WPA encryption on your Wi-Fi network (see Encrypt Your Wi-Fi Connection), turning on your computer’s firewall (see Use a Firewall), and fortifying your DNS settings (see Avoid DNS Mischief).

· When browsing the Web: Use your browser’s built-in controls or third-party software to confirm that you’re not visiting fake or dangerous sites; see Go to the Right Site. Also, configure your Web browsers not to store third-party cookies and other unnecessary private data, or take even stronger measures such as blocking all ads and trackers; see Manage Local Storage of Private Data.

· For email: Make sure your email program transmits your password in an encrypted form (see Log In Securely), or better yet, use SSL for incoming and outgoing mail (see Transfer Email Securely).

Next, consider adopting some new customs, such as:

· Always use a VPN to connect to the Internet when you’re on an open or unfamiliar network; see Use a VPN.

· Use a password manager not only to store passwords and credit card data securely, but also to reduce the risk of phishing; see Protect Passwords and Credit Card Info.

· Kick the Google (Bing, Yahoo, etc.) habit for searches; see Search Privately.

· If your computer or other device supports multiple user accounts, be sure to set up an account for each family member or coworker who uses the device—each account protected with a password known only to its user. Be scrupulous about logging out of your own account after each session.

· Make sure the operating system on each of your devices is always up to date. Software updates regularly patch security holes that might otherwise compromise your privacy. (I mention one example later, in the sidebar SSL Implementation Bugs.)

Those changes made, you can move on to specific privacy rules.

Create Privacy Rules for Yourself

Some pieces of information (refer back to Things You Might Want to Keep Private) are nearly always private in the sense that you likely want to control who knows them. And there may be some people with whom you almost always want to communicate privately, regardless of the topic—your doctor, lawyer, accountant, therapist, minister, AA sponsor, business colleagues, clients, and so on.

Only you can say which facts and conversations count as private for you. You can’t foresee every situation, but you can identify information and people that deserve extra care when it comes to online privacy. For now, jot down a list of your privacy “triggers.” For example, someone might list:

· My credit card numbers

· My new pseudonymous novel

· My chocolate chip cookie recipe

· My mistress

· My attorney

· My FBI handler

Or whatever. Then, as you read this book and learn about the specific privacy risks and options for various types of online communication, you can form these into simple rules, for example:

· I’ll never send a credit card number or Social Security number by email unless it’s encrypted (and I’m confident that the recipient will protect the information on the other end).

· I’ll insist that my publisher use a secure Web portal for discussing “J.K.’s new novel.” (No one will guess my true identity!)

· I’ll talk about my ___ (invention, legal concern, addiction, etc.) only by phone or in person—never in writing of any kind.

· I’ll use an anonymous Web browsing tool such as Tor (see Browse Anonymously) when researching competing cookie recipes.

Cope with Special Cases

Online privacy gets tricky when you encounter a situation you weren’t expecting—one that isn’t covered by your up-front fixes, ongoing habits, and regular rules. For example:

· You win the lottery, and suddenly you have a thousand new “friends” who want a piece of the action.

· You find yourself embroiled in a messy divorce.

· You witness or are otherwise close to a newsworthy event that results in reporters, lawyers, and scammers crawling out of the woodwork and paying you special attention.

· You find yourself in a delicate position involving your health, your insurance, and your employer.

· You or a family member are suspected of a crime.

· You have a fleeting error in moral judgment that may turn out to have far-reaching consequences.

In these and many other situations, your online actions could become subject to much greater scrutiny than normal—you now have to worry about being targeted personally.

No one likes to think about these things, but they do happen, and you’re more likely to get through them unscathed if you’ve spent at least a little time thinking about the online privacy implications in advance.

My first piece of advice is: If humanly possible, avoid saying anything about the situation online in any way. The less digital information you generate that could come back to haunt you, the better.

Second, however tempting it may be, don’t go crazy deleting things, shutting down accounts, ditching equipment, and the like. That looks suspicious, and could draw unwanted attention to your actions. (Besides, it won’t matter, because nothing ever truly disappears from the Internet.)

Third, if the situation has any legal implications whatsoever, find yourself a good lawyer and follow her instructions to the letter.

After doing all those things and allowing yourself some time and mental space to think about your situation clearly, if circumstances permit (and your lawyer, if any, agrees), consider cranking all your privacy settings up to 11. That is, go back to everything in this book that you decided wasn’t worth the effort or was too inconvenient, and do it anyway. Use a VPN all the time. Use only Tor (see Browse Anonymously) for Web browsing. Limit your email to completely commonplace, uncontroversial topics. Avoid Facebook, Twitter, and other social media until the situation stabilizes.

I hope you never find yourself having to take such drastic measures. (Unless you win the lottery, because I can totally help you out there.) But if you remember that online privacy is inversely proportional to your need for it, you’ll be in much better shape.

That sets the stage for the final topic of this chapter: avoiding stupidity online.

Take the Pledge

Regardless of what measures you take to protect your privacy, there are certain things that should never, ever, under any circumstances or for any reason, be sent over any network. I would have thought this is obvious, but judging by frequent news reports, politicians, actors, professional athletes, and other celebrities still haven’t gotten the memo that online privacy is the exception rather than the rule.

You don’t have to be rich or famous to have your life ruined by online stupidity. Anyone with fingers and a Web browser can find millions of photographs, videos, email messages, tweets, Facebook posts, and other digital artifacts showing humans at their worst. And more often than not, this stuff is put online deliberately by the very people who stand to lose the most…

“Look how fast I can drive this train!” boasted a railway engineer online before recklessly causing a derailment that killed dozens of people.

“I’m sure my wife won’t mind a bit of harmless online flirting with other women,” said a public official whose wife—and constituents—turned out to mind very much.

“Stealing this car will be a piece of cake,” said the guys whose every movement was being recorded on dozens of traffic cams.

“Why, yes, I think it would be a great idea for me to post a video of our drunken college orgy!” said a young lady who will find it difficult to get any respectable job in the future because her prospective employers know how to use a search engine.

Folks, the very best decision—for you and for the rest of the world—is to stop doing stupid things. But if you are going to do stupid things anyway, don’t compound your stupidity by putting evidence of it on the Internet, which, as you’ll recall, never forgets. As you’ve seen already and will learn in more detail throughout this book, it’s nearly impossible to guarantee complete online privacy—and the worse you behave, the more likely it is that evidence of your behavior will emerge.

So, I’m not merely going to tell you to refrain from putting potentially incriminating information about yourself online. I’m going to ask you to promise me not to be stupid online. I ask you to join me in taking The Pledge.

Turn on your webcam, raise your right hand, and repeat these words:

I, (state your name), do hereby solemnly affirm before the all-seeing, all-remembering eye of the Internet that I will never, ever, under any circumstances, for any reason, or in any manner, knowingly cause or permit any of the following information to travel over any network:

1. Statements that are hateful, abusive, racist, or otherwise cruel

2. Nude or sexually suggestive pictures or videos of myself, my friends, my family, current or former romantic partners, or anyone else who might at some point deserve to have a life

3. Information that could implicate me, rightly or wrongly, in any crime

4. Any material that violates someone else’s copyright, patent, or other intellectual property

5. Anything I’d be ashamed for my (current or future) children to see or hear

I further acknowledge that any failure to keep this pledge disqualifies me from ever holding political office, practicing law or medicine, teaching in a public school or university, holding any government or public sector job, owning a puppy, living in a nice home, finding (or keeping) true love, receiving technical support, enjoying ice cream, or pretty much anything else that might bring me happiness.

I therefore, voluntarily and without coercion, undertake to avoid extreme online stupidity for the rest of my days.

By the way, there’s a fine of US$1,024 (or the Bitcoin equivalent) for each infraction of this pledge, payable directly to me. Yes, I take PayPal.