Last weekend I was chilling on my sofa after a busy week, looking for a film to watch. I came across a documentary called Citizenfour that I heard of a few months ago. This is a documentary about a whistle blower (Snowden) who changed the way people perceive security, privacy and trust. Then I started thinking about Assange’s Wikileaks and realised we’ve been taught a lot about what was happening, what it is happening and what will continue to happen.
In this vein, this blog is about privacy and how privacy every day is intentionally and unintentionally exposed. Governments and organisations have been spying for years and it should be no surprise that it is rife. ISPs eavesdrop on internet traffic and intercept emails, and social media companies use personal information to conduct their own research and share it with third-parties without the user’s approval. The story, as I’m sure you’re aware, goes on and on.
Joining your dots
Linkability is a Metadata concern that impacts privacy. It is all about links, patterns and correlations of data to identify the who, what, where, why and how of a variety of activities. There is always a linkability between the messages we exchange and information we use. This indeed feels like being under surveillance because many inferences can be made and surprisingly accurate conclusions drawn. Two weeks ago, an article explained how MIT identified individuals from creditcard metadata:
“They have used four vague pieces of information — the dates and locations of four purchases — and have managed to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users. That means that someone with copies of just three of your recent receipts — or one receipt, one Instagram photo of you having coffee with friends, and one tweet about the phone you just bought — would have a 90 percent chance of extracting your credit card records from those of a million other people.”
So even the most everyday activities, it seems, can splurge information about your life. Is privacy truly dead?
How to disappear completely
There’s an argument to say you might not care about such things. The effort to retain privacy is outweighed by the risk and rewards. However, for those that are truly concerned, a degree of anonymity can still be achieved: anonymous proxies, browsing via anonymity networks such as the Invisible Internet Project and The Onion Router, using a VPN service, and so on. But don’t forget that nothing can be perfectly anonymous: VPN services might log your IP, timestamps and traffic, and TOR’s privacy has been thrown into question after the latest attack by LizardSquad. According to security analysts, this year will be unpleasant for the mighty TOR thanks to previous successful attacks and information gathered from government agencies and hacking groups. There are some clever ways to de-anonymise users by compromising TOR nodes under certain conditions, using statistical correlations and other techniques that put the true anonymity of the network under question.
In contrast to the arguments make and fingers we point, have you ever thought of how much information we give out via social media? Checking in with your mates at a coffee shop, listing your place of work, marital status, kids, and bragging of how much fun you’re having with photos of your every moment... what I have understood so far is that there is very little awareness from the average person regarding the risk of privacy. We are living in a world where it is unfortunately inevitable to completely protect our sensitive information for many reasons. We are all playing a major contribution to privacy extinction.
Can we undo the change? Social media takes ever more liberties with our data (if you fancy a fright, read Facebook’s privacy terms) as we share more and more data. If it is to change, people must be at the heart of it. They must be given the means to control access to their personal data at all times and make informed decisions on why and what data is being collected, how is protected and by whom is seen and shared. They key is transparency. In reality, meanwhile, what goes online stays online. For any data you enter online you are accepting all the consequences and you shouldn't be surprised when highly targeted ads follow you around the internet.
It’s not just technology that makes privacy: mindsets always play a vital role. Is such a level of anonymity a good thing or a bad thing? What are your levels of privacy? Are you a paranoid hands-off-my-data privacy addict, a share-and-don’t-care type, or one of the hundred shades of grey in between? There are many views here, and everyone’s likely to have their own take on how spying by Governments and companies impacts (or doesn’t impact) their lives, and the related risks of fraud and identity theft. Fuel for endless discussions in the pub.
Privacy: A Tinfoil Hat Guide
After all this you might want to increase your privacy to the max. So to finish up, here’s a 9 point guide to the least you can do:
Read the access privileges that apps request before you download. Be aware of functionalities an app is using. It might ask for access to your contacts and images. Does it need it? Probably not. But will you put up with it to have the app?
Clear your cookies after every session. Especially after you finished your online banking.
Turn on private browsing & HTTPS everywhere. Private browsing disables several standard tracking and data collection features that are common to most browsers. Also make sure you encrypt your communications with many major websites, making your browsing more secure. The HTTPS everywhere extension will take care of that.
Sign-out from websites, social networks, emails etc when you are done. It reduces your web surfing footprint to be tracked.
Sign-up for a VPN service from an approved company. Nowadays, an essential layer of security to your online communications!
Keep your social network private and separate from your work life. Try to not expose too much information to people you do not know. Have your profile private and its contents only visible from your friends, or even subsets of your friends. That innocent facebook check-in at the airport might say to potential thieves: “I’m off for a wonderful sunny vacation for a week, so please go and rob my house.”1
Never store personal and sensitive data on online file synching services. Or if you do: encrypt!
Never use public WiFi networks. As we said in previous blog: never trust public wifi. If it is not properly configured people can capture everything you say and you do.
Never answer honestly to personal security questions. If your password reset is your pet’s name, someone only has to find you on Instagram to see a thousand photos of your beloved cat Mr Tiddles. Lie.
1When I was growing up, my parents would always insist we got the taxi to the airport from the end of the street, so the taxi driver wouldn’t know which house we were leaving our house unattended for a week. It seems people don’t think about the twenty first century social media version.