Digital Privacy/Security
There are two major obstacles when trying to develop a private and secure life. First, is the misconception that you don’t have anything to hide. This comes from the idea that you are tying to keep the government out, which is not the goal. You probably lock your door at night so bad guys will not come into your home, you also need digital “locks” to keep bad guys from stealing your digital life. If you invite me into your home are you giving me permission to be super nosy and go through everything in your home, or to walk in our out of your home whenever I want? When you don’t protect yourself you are allowing strangers to walk and snoop through your digital life at leisure, and worst case is they begin to use your identity.
The second problem is digital security feels overwhelming. It is difficult when trying to protect yourself on all fronts. The convenience of the modern digital life is so easy that we don’t think about how to secure it. You smart TV is collecting data about you and your digital assistant is spying on you. You phone tracks you all the time and as an example google recently had to pay a large fine because they continued to track people even when those people opted out of being tracked.
- https://www.criminaldefenselawyer.com/resources/co...
- https://www.wsj.com/articles/google-reaches-391-5-...
- https://www.theguardian.com/technology/2022/jan/29...
- https://techpenny.com/smart-tvs-data-collection/
The goal is to start with a few solutions and as you get more familiar with technology you can increase your security/privacy. You have to start somewhere and the more little things you do the harder it is to steal your digital stuff. Persistent bad guys can get through your digital “locks” but the little things make it more difficult so bad guys will go find easier targets. Think of it like you have a lock on your door and a dog. That combo makes it more likely for a bad guy to hunt elsewhere.
Cell Phones
I-Phone benefits:
- They are more secure but less private
- They work seamlessly with all other Apple products
- There fit and finish is beautiful
I-Phone Cons:
- They are a “Walled Garden” meaning that once you get into an Apple product you kind of have to use Apple.
- You can only download from the App store. This doesn’t compromise security but will compromise privacy. This will be more important as you get further along in your privacy journey.
Android Benefits:
- It is easier to make them more private • You are not stuck in one “garden”, you have more freedom to tinker and play. You have better control of what information your phone sends to “others”
Android Cons:
- They are not as secure, however if you are tech savvy that can be overcome.
- They don’t work as well with other tech products
Now to apps, I have tried to only include apps that you can use on either OS (Operating System). The more apps you have on your phone the more information about you is being sent to third parties. The safer option is to use the web browser rather than an app to accomplish your task.
Messaging, is something we all do everyday but without realizing the information we send is not safe nor encrypted. Savvy bad guys can intercept your messages and what many users don’t realize is phone service providers can and do store SMS messages for up to 7 years.
- https://consumercal.org/about-cfc/cfc-education-fo...
- https://www.lawyers.com/legal-info/personal-injury...
Messaging apps to replace your regular SMS are important because SMS is NOT SECURE. The most widely adopted is probably Whatsapp but this is not really secure. The next is Signal and besides text messages it can also replace your phone calls. You are also able to send documents, files, larger videos as well as photos all E-2-E (End to End Encrypted). You can also synch it to your computer and do all the same things from your computer. The downside for some users regarding Signal is having to provide a phone number to use it. This is where security and privacy deviate a bit. Some folks want more privacy and for that I recommend Session. Session can do everything Signal can do without having to provide a phone number. This allows the security of Signal but more privacy. Its just fewer people use it so you have to convince your friends to adopt it. I hear some I-phone users saying, “but I- Phone to I-phone is secure, I have the blue bubble.” This is true unless you back up your data to the cloud where your information is stored unencrypted.
• Signal. https://signal.org/en/
• Session https://getsession.org
Navigation is next, and many of us use navigation apps to get through our daily commutes and drives. Having WAZE ttell the user about current traffic really helps. This is true and this is one of those trade offs you may not see the need for so weigh your level of adoption. Most of the navigation apps are collecting your specific data. Also if you do not have cell service it does’t work. I use two different options day to day. One is using an old school GPS that doesn’t need cell service and some of them do have current traffic feedback. For an app I use Magic Earth, which is based on the OSM (Open Street Map) project. Not only does it give you turn by turn directions but maps can be downloaded directly to a phone so it works offline. I prefer Magic Earth to OSM because I like the interface better. These apps do not have the same quality of user experience compared to Waze or Google maps but MagicEarth provides solid turn by turn directions and I don’t need wifi or cell service and to work globally.
• https://www.openstreetmap.org/
Computers
We all do so much work from computers we forget that out of the box they are not secure or private.
We as consumers expect ease of use but we forget about security or privacy. Tech companies want it to
be easy but they don’t want it to be private. They want you to have security but would prefer access to
all of your internet activity, meaning they don’t value your privacy. Tech giants want your data for two
main reasons. One is to make the experience better for the user and the second is they make A LOT of
money selling your data. Key things for you to consider is your connection to the internet, your email,
and how you use computers for online shopping.
Lets look at email first because it is the easiest. Gmail is secure but not private. Gmail scans (read) your
email to to check for spam and to ensure you are not receiving or sending something malicious. This
gives them the opportunity to read your emails. Yahoo was recently caught spying for the US
Government and had a worker caught reading private emails.
- https://www.theguardian.com/technology/2016/oct/04/yahoo-secret-email-program-nsa-fbi
- https://nypost.com/2018/08/29/yahoo-is-still-reading-some-of-your-emails/
- https://mashable.com/article/yahoo-employee-account-hacker
There are email companies built on end to end encryption, meaning if you loose your password those emails are gone forever. Secure email providers can not retrieve your emails. Compare that to a standard provider, if you loose your password, you can go through the password reset and all your emails are still there. I prefer to be responsible for my passwords and my communications encrypted. This makes sure that no one has access to my communication but those I send it to. Proton makes this very easy, so much so you don’t even notice. The few times Proton has been required by law to turn over information they could not provide the body of emails because Proton does not have clients cryptographic keys. They were only able to provide sender, receiver time and date of the email. Proton is my favorite.
Next is a VPN, which hides your ip address. Your internet service provider (ISP) can do similar things that your phone service provider can do. When you look up an address online your ISP sees what you are looking up. This means that someone can monitor that. VPNs help stop that. VPNs DO NOT MAKE YOU ANONYMOUS they just help obfuscate some of what you are doing and where you are. I use Proton the same folks that provide the encrypted email. That said I have linked a few other good ones.
• https://www.privateinternetaccess.com/
Using a fake email address does some neat things. First, if someone compromises your email it is only for that email address. Next, if someone is sending you spam or selling your data it only connects to that one place not everything. If you use a psuedo email amazon.adam@gobblygook.com and you get an email that is not from amazon you know that something is wrong. Simple Login helps with compartmentalizing your digital life much easier, almost seamless.
Paying bills and buying stuff is an American pastime at this point. Using a digital credit card allows you to compartmentalize your online purchasing putting a security layer or wall between your actual bank account and the business you are buying from. This allows you to protect your credit card or bank account. It also makes sure that if one vendor is breached your real bank is not compromised just that digital card. I prefer using Privacy.com because it is simple to use and you can be very specific about how you set parameters.
Password managers and Two Factor Authentication (2FA)/Multi-factor Authentication (MFA). This is a big rabbit hole to go down but for now know some sort of multi factor authentication is important. This is something that you need to research a bit but later after you get the hang of the rest of this. Any 2FA/MFA is better than not having it. I use two different hardware tokens for my 2FA/MFA. It is also important that if set up a hardware token make sure you set up 2 of them, one is a backup. A hardware token is a physical device that allows you access to your account when paired with a password. I use a yubikey and an only key.
Password managers let you store all of your passwords in one place. This seems like a horrible idea from everything we have been taught, but if you can remember your passwords they are crappy passwords or you are reusing passwords. Since everything uses a password if you reuse them or a variation of them it is not hard for a bad guy to get into other platforms that belong to you. Remembering one solid password or passphrase is much easier. Password managers also protect you from putting your credentials into fake websites. The last thing they do is allow you store other data in the manager that is important but you don’t or can’t remember it. There are two types of password managers, one is stored locally like keepass and one stored in the cloud like BitWarden. There are a lot of managers out there but these are the two that I trust. I use both of them for different things but to start with look at each one and see which you like better. Until you feel comfortable, write your passwords down on paper. Then when you get comfy you can get rid of the paper.
I hope this was an easy enough intro primer to digital security but it is definitely not complete. There are 3 podcasts that I recommend you start with to get a good feel for everything. The podcasts all are similar talking about privacy and security but all have a different way of doing it. A you get deeper into the world of security remember to take small bites, progress not perfection
• https://inteltechniques.com/podcast.html
• https://surveillancereport.tech
• https://firewallsdontstopdragons.com/podcast/
Find more about me at AdamTicknor.com