In light of this new world we find ourselves in, I figured I’d plan a few tech posts to share some knowledge and best practices relating to privacy and security. I hope this encourages some good conversation, questions, and other tips from readers. More or less, this mostly a good idea/bad idea discussion.
To be clear, this is a mix of technical, conceptual, and philosophical information and represents my views only. When it comes to governments, my concern as a civil libertarian is to preserve all of my legal and civil rights in all situations as possible, and this means preventing anyone except duly authorized parties from accessing my private information.
You may disagree with my stance regarding compliance with government searches of electronic devices (for any physical or electronic search or access to my information, I say “warrant or exigent circumstances, with me or my lawyer present, no you do not have my permission and I will not give away my precious rights”), but I did want to make clear my absolute position on this up-front.
When it comes to privacy and security of my information, there are three realms that concern me:
- Personal – things that you do, use, or carry
- Online – considerations and implications of things we do online
- Home – things to think about relating to your home/apartment
In these three realms, you should always consider your privacy and information security.
I don’t include Work because that is not an area where you have privacy, no matter what you think. Your employer has the right to observe and track you, and many do, so you cannot really protect what you don’t have!
Similar to the Realms, there are Threats. In truth, there are countless Threats, but for the most part, they break down into the following groupings:
Companies want to make money and violating your privacy, selling your information, or otherwise making money off of you beyond sales is a great addition to a company’s bottom line.
People want to steal private information to use for fraud or to sell to others. Ethics and morals are not really in play; they will take everything they can get.
- Government (domestic or foreign)
Depending on your country and status, governments, both domestic and foreign, may want to violate your privacy to understand you, your social connections, and causes (especially protest-related ones). Other goals include gaining insight into a colleague, family member, friend, or neighbor: you may just be a step towards a larger goal.
People in our lives – family, friends, neighbors, coworkers, and more – are not all angels. There are people who like to spy and nose around people’s private affairs in order to have information that’s useful for manipulation, ego reinforcement, blackmail, or as ammunition in a future argument or fight.
Some parties try to collect as much information as possible purely because accurate information in bulk is valuable. Such brokers are often hackers who steal pre-summarized information from a source such as a company’s website’s unsecured back-end. They can also be app and online widget developers who provide a cheap or free thing in exchange for access to your data. Because their goal is bulk data, there is less emphasis on searching for anything of value beyond that information. In many cases, loyalty cards, free apps, software, tools, services, and websites aren’t free- they’re selling you. Not literally, of course, but they are analyzing and selling your behavior and information.
- Social Engineering and Influencing
There are parties who use private information to affect behavior. For instance, a bad guy may steal some private information in order to successfully impersonate an employee to bluff their way into getting a password reset or door unlocked. Or to blackmail someone into securing a password or piece of personal information they need for a different purpose. Private information can even be used to encourage or discourage behavior – such as identifying folks who can be easily convinced to not vote for a candidate due to a certain term in, or subject of, past emails, chats, or messages. In this case, you don’t need to identify folks who you can convince 100% of the time, just folks who are more likely to be influenceable – if you target one such person, who cares, but if you target 100,000 folks like that, a 10% success rate means 10,000 folks not voting for a candidate. And those kinds of numbers can change elections.
As there is a lot to cover and things are in flux, this will be a multi-part series.
Read more →