Feburary Security Newsletter
It's 2019, and if we could sum up technology news from the last year, it would probably sound a little like this: Big Data is invasive, everywhere, poorly protected, and often used without ethical consideration.
Accepting all of that is part of living in the modern world, but it doesn't mean there's nothing you can do to try to have more control over how your data is aggregated. We've decided to collect some suggestions and advice that can help you minimize your data footprint in our digital age.
Here at Armor, we are passionate about privacy and would love to help educate you on what we believe to be the best current services and practices to use. If you want our help working through this Brave New World, get in touch.
Remember, this whole system is built on you volunteering the data.
We end up giving up a lot of data in part because we don't realize we have an option to refuse. Organizations frequently don't need your email address, phone number, or even your ZIP code to complete transactions in person. These data points are asked for to help link your physical activities with your digital ones, but you always have the right to refuse to provide them. Some companies don't train their personnel to deal with these situations, so be prepared that doing so may create a little more tension in your day. Be aware that the same cannot be said of online transactions, which can and do require additional information for anti-fraud reasons. Usually, this does not extend beyond a payment ZIP code, but may vary depending on the payment processor the service is using.
Consider using privacy-minded alternatives to more traditional online services.
Big Data has been on the rise for years, and there are services aiming to meet consumer demands for controlling their data, and depending on what you are looking for, and how you interact with these services, it's possible you will get a more effective experience overall by removing activities like web searches from your data profile. Google uses search history to help inform search results on several of its platforms, meaning it can occasionally be difficult to break into parts of the internet you haven't seen before. This can be helpful, but for research-driven activities, it can lead to an overall detriment in the quality of search results you see. On the subject of search engines, the alternatives to Google and Bing seem to be StartPage (powered by Google, but without the tracking), and DuckDuckGo (powered by several sources, but a significant portion of results come from Bing), both of which offer results from systems that are already trusted, but removed from the aggressive tracking and targeted ads.
Don't confuse Privacy with Security.
While the two are often using similar methods, they are not always doing it to achieve the same goal. Frequently a secure system removes all possibility of privacy, as logs are kept on each and every activity to ensure that suspicious or malicious behavior can be caught, prevented, and learned from. These logs are frequently protected and encrypted, but their existence means that some law enforcement agencies can compel them to be produced. For this same reason, a private system may not be secure, as those same logs used to improve security are not kept, therefore flaws or malicious users may survive in the wild for longer. One does not equal the other, and you should be evaluating which is most important to you on a case by case basis.
By the same token, encryption is not privacy either. Encryption can protect your data, but encryption comes in all shapes and sizes, and even the best encryption can be easily beaten if keys are not protected, or if given a long enough time-scale. True privacy can only be maintained if the data isn't available in the first place, encryption is usually a good compromise if it has to be out there, but it isn't a promise of privacy in and of itself.
Free services are more likely to sell your data.
The old idiom "there's no such thing as a free lunch" is especially true now. If you don't have to pay a fee to use a service, with only a few notable exceptions, it is because someone else is paying a fee to access you through the service. This can mean they are simply paying for the privilege of advertising to you, but more likely, they're also paying to access data about you and your activities so that they can more effectively target advertisements directly based on your interests. For larger services like Google and Facebook, this can also include data from any external websites that use some kind of API linking back to the original service, meaning that these people have access to more than just what you Googled for, or what you did on Facebook. They might have what news articles you read, what YouTube videos you didn't finish, what services you use your Facebook or Google id to log into, and what previous purchases you might have made in relation to those accounts. Subscription and Paid services, on the other hand, usually have a business model that is sustainable without selling user data, and can usually be trusted a little further. As with anything, this comes down to the service in question, and if this is an important issue for you, it pays to read what their terms of service are.
Maintaining privacy is hard work.
It's in the interest of the people buying and selling your data for it to be enough work for you to manage that you will elect not to exercise your rights out of sheer frustration or ignorance. The only person you can really trust to have only your own interests at heart is you. There are still some wonderful donation supported services online, Wikipedia, Archive.Org, and Project Gutenberg, to name three, but the days of people just doing things to be nice or cool online is mostly over. The majority of services people interact with online are designed to make money off their users in some fashion or another, which means they have a vested interest in keeping that revenue stream as large as possible. This is why Facebook's privacy settings are so expansive and confusing. This is why services will occasionally revert to the default settings whenever there is an update. This is why it can be terrifying to download the archive of data that a service has about you, as many services are now offering in compliance with the EU's GPDR (General Data Protection Regulation). There are services and solutions designed to make this work easier to manage, but they will need to be constantly maintained and developed in order to keep up with new standards and new processes. Hopefully the future will make all of this easier to manage, but for now, your best source of privacy is keeping yourself educated on everything you are using online and in person, and how that can result in putting data about you online.