Privacy in an ever un-private world

Whatever your politics may be, privacy should be important to you. We’re in a world where we share ever increasingly more private things about ourselves with a lot of people – many of whom we don’t even know and many times without even meaning to. Simply by browsing the web companies (and even governments thanks to the revelations made public by Edward Snowden) are building digital dossiers on you. They may not have you pegged by name (if you’re lucky) but they can be extremely accurate. Shopping habits, news sites you frequent, which memes you share – all of these things can be used to build a profile about you to a scary level of detail. Most times, this is simply used to sell to advertisers in order to make money. Other times, however, that information lands in the government’s hands. Often we give up our privacy in the name of convenience. We get free services for giving it up – Facebook is a great example. I’m not saying that there’s no value in these services, I’m just saying that sometimes you need to think about what you’re giving up.

Privacy & security is always a balancing act vs convenience & usability. I’ll let you decide how far down the privacy & security rabbit hole you want to go, but here are the top things I think you can easily do to improve your privacy.

Install an ad blocker on your desktop and mobile browsers

If there is only one thing you do, install an ad blocker. There are many ad blockers out there (AdBlock Plus, uBlock Origin, EFF’s Privacy Badger) but the general gist of them all is one thing: Block websites from tracking you across the web. Advertisers don’t just advertise on one website but rather they use web technology to track you across various websites. This is how they build a profile on you. Ever notice how perhaps you were browsing Amazon for a hair dryer and then all of a sudden elsewhere you’re seeing ads for hair dryers? Thank advertisers tracking you across the web. I find it incredibly creepy. With an ad blocker at a minimum you can stop this. What you can also do is stop seeing ads all together. They can be incredibly intrusive to your browsing experience. If you’re on a laptop or smartphone, simply because your browser is processing more things, ads and trackers can chew into your battery life. There’s even well known cases where malware and viruses are distributed via ad networks on legitimate sites (I’m looking at you, Forbes.com) so having an ad blocker can protect you from more nefarious things as well.

Encrypt all the things

“Power to the people” is a very apt phrase to describe encryption. Encryption is the process whereby math scrambles content such that it’s unreadable unless you have the right key to unscramble the content. Really smart people figured this out and when it’s done correctly, encryption is absolutely the best way to keep information private. It’s the only method strong enough to resist nation-state grade brute force supercomputing.

There’s a couple of kinds of data that you want to encrypt: Data in transit and Data at rest.

Data in transit is literally data that is going between one device and another device. A good example is when you check your email. You have your local email application and the remote server that it talks to. The content of your email you want to make sure is safe while it goes over the internet, otherwise it’s like a postcard you’ve dropped in the mail – anyone can read it along the way if they desire. Here we want to secure our data in transit. Thankfully, the technology to make this safe has been around for a long long time and is common. The easiest way to know if your data is safe is if you’re visiting a site that begins with “https://.” That “s” is for secure. Most browsers will also display a padlock so you know it’s safe. Get in the habit of going to https:// sites and in fact, these days many sites will redirect you to their https:// site by default anyway (like this one does. Go ahead, go to http://nerdily.org and you’ll land at https://nerdily.org). The technology that secures this is called “SSL” (Secure Socket Layer) and/or “TLS” (Transport Layer Security). If you’re really interested, read up on them on Wikipedia. You’ll be there all day.

Data at rest refers to data that sits on a device that isn’t transmitted. For instance all your photos on your smartphone. Sure, they may be stored in the cloud somewhere, but local copies exist on your smartphone. When they’re on your smartphone you’d like them protected, right? Thankfully, smartphone manufacturers (such as Apple and Google) have made encrypting this data super easy – often easy enough to unlock with your fingerprint. I highly encourage you to enable these technologies because they’re to the point where you don’t need a degree in physics to understand the intricate detail on how to use it, but also because so much of our lives now live in our pockets, easily accessible. Should your device be lost or stolen your data will be safe without the passcode and in many cases you cannot be compelled to reveal it.  In an even worse scenario, you could be at the mercy of an over-zealous law enforcement officer. I once had a US Customs officer demand my iPhone’s passcode at the US/Canadian border. I politely stated that I would not do that without a warrant and he decided that would be too much of a pain in the ass apparently as I was allowed to re-enter the US without further incident. (Obligatory “I am not a lawyer.“) Computers are also equipped with easy to use encryption to keep your data safe. Use it!

Read the privacy policy and dive into the settings

Got a shiny new app or service you’ve signed up for? Perhaps when you signed up you agreed (unknowingly) to receive newsletters or have your information shared with third parties for advertising purposes. This is one reason I recommend reading a company or service’s privacy policy before you sign up. Sometimes they’re long and hard to read, but many times they have a human-readable version (i.e. one non-lawyers can figure out) that sums it up nicely. Give it a read so you know what you’re giving up.

If you decide to sign up, once you’ve got any associated software installed or accounts set up go digging into the settings provided. Many times software and services don’t come with the most secure configuration out of the box – and this is intentional. It’s even true for ad blocking software that I mentioned above. Many ad blockers now partner with – you guessed it – advertisers to get their ads past the blockers. Many of them allow this by default but you can change that and button things up. Have a good rummage around the settings and if you run into technobabble you don’t understand, you may have hit gold. Google that word and see if you can learn something.

Speaking of Google…

Don’t use it if you’re serious about digital privacy. Google is the epitome of giving up privacy to advertisers. Google is an advertising company first. Their products exist to sell advertising. I’ll admit, the word “google” has become a verb meaning “web search” but there are alternative search engines that are frequently just as good. Personally I use DuckDuckGo whose stated purpose is to search without tracking. They don’t do it. At all. And, many browsers already have DDG integration and you just need to flip a setting. Gmail is also another good service to get off of if you don’t want a digital dossier built on you. There’s a reason Google doesn’t offer encrypted* email – because then they can’t (easily) comb your email in order to display advertising to you.

*In this case I’m referring to the email itself being encrypted such that only the sender or receiver can read it. Your browsing session with Google is secure, though they can read all of your email. Yes, this is a really complicated rabbit hole.

Stay up to date

The biggest attack vector for malware and other privacy stealing baddies is through out of date software. Software is amazing and it’s powered everything from getting man to the moon to allowing you to chat with friends while taking a dump. But, software is made by humans and humans make mistakes. In software those are called bugs and that’s frequently how the baddies gain access they shouldn’t have. By updating your software frequently you can hopefully stay one step ahead. This means making sure your Operating System (e.g. Windows, macOS, Android, iOS etc) is up to date along with the the other software (web browsers, email clients, other apps) you use. Updating software isn’t hard so there’s little excuse to not be running the latest and greatest. Besides, often when you update software you get new shiny features you’ll find useful. Do it!

If you do nothing but the items above you’ll actually be ahead of the curve – it’s not hard! If you want to go further down the privacy road, head on over to the Electronic Frontier Foundation’s Surveillance Self Defense project. The Electronic Frontier Foundation (EFF) is an online privacy advocacy group and I highly encourage you to donate if you find their work useful (I do.)