Cyber Security Tip #2: Improving your privacy

Technology threatens personal privacy in many ways: Cameras watch you on a regular basis, companies track your online behaviors via all sorts of methods, and mobile devices track your location.

While technology has certainly made the task of maintaining privacy far more challenging than doing so was just a few years ago, privacy is not dead. You can do many things to improve your level of privacy, even in the modern, connected world.

Think before you share

People often willingly overshare information when asked for it. Consider the paperwork you fill out at the doctor’s office, which you have likely been asked to complete at more than one facility at your initial appointment with the doctor. While the answers to many of the questions are relevant and may contain information that is valuable for the doctor to know to properly evaluate and treat you, other portions are probably not.

Even if you don’t believe that a party asking you for personal data would ever abuse the information that it collected about you, as the number of parties that have private information about you increases, and as the quantity and quality of that data grows, the odds that you will suffer a privacy violation due to a data breach go up.

Think before you post

Consider the implications of any social media post before making it — there could be adverse consequences of many sorts, including effectively compromising the privacy of information.

For example, criminals can leverage shared information about a person’s family relationships, place of employment, and interests as part of identity theft and to social engineer their way into your accounts.

If, by choice or due to the negligent policies of a provider, you use your mother’s maiden name as a de facto password, make sure that you do not make it easy for criminals to find out that name by listing your mother as your mother on Facebook or by being friends on Facebook with many cousins whose last name is the same as your mother’s maiden name. Often, people can obtain someone’s mother’s maiden name simply by selecting from another person’s Facebook friends list the most common last name that is not the same as the account holder’s name.

Sharing information or images may leak private information about potentially controversial activities in which a person has engaged — for example, consuming alcohol or using recreational drugs, using various weapons, participating in certain controversial organizations, and so on. Even disclosing that one was at a particular location at a certain time may inadvertently compromise the privacy of sensitive information.

Also, keep in mind that the problem of oversharing is not limited to social networks. Oversharing information via chat, email, group chats, and so on is a serious modern day problem as well. Sometimes people do not realize that they are oversharing, and sometimes they accidentally paste the wrong data into emails or attach the wrong files to emails.

General privacy tips

In addition to thinking before you share, you can do a few other things to reduce your exposure to risks of oversharing:

• Use social media privacy settings. In addition to not sharing private information (see preceding section), make sure that your privacy settings on social media are set to protect your data from viewing by members of the public — unless the post in question is intended for public consumption.
   
• But do not rely on them. Nonetheless, never rely on social media security settings to ensure the privacy of information. Significant vulnerabilities that undermine the effectiveness of various platforms’ security controls have been repetitively discovered.
   
• Keep private data out of the cloud unless you encrypt the data. Never store private information in the cloud unless you encrypt it. Do not rely on the encryption provided by the cloud provider to ensure your privacy. If the provider is breached, in some cases the encryption can be undermined as well.
   
• Do not store private information in cloud applications designed for sharing and collaboration. For example, do not store a list of your passwords, photos of your driver’s license or passport, or confidential medical ninformation in a Google doc. This may seem obvious, but many people do so anyway.
   
• Leverage the privacy settings of a browser — or better yet, use Tor. If you’re using the a web browser to access material that you don’t want associated with you, at a minimum, turn on Private/Incognito Mode (which offers only partial protection), or, if possible, use a web browser like the Tor Browser Bundle (which contains obfuscated routing, default strong privacy settings, and various, preconfigured, privacy add-ons). If you do not take precautions when using a browser, you may be tracked. If you search for detailed information on a medical condition in a normal browser window, various parties will likely capitalize on that data. You have probably seen the effects of such tracking — for example, when ads appear on one web page related to something that you searched for on another.
   
• Do not publicize your real cellphone number. Get a forwarding number from a service like Google Voice and, in general, give out that number rather than your actual cellphone number. Doing so helps protect against many risks — SIM swapping, spam, and so on.
   
• Store private materials offline. Ideally, store highly sensitive materials offline, such as in a fireproof safe or in a bank safe deposit box. If you must store them electronically, store them on a computer with no network connection.
   
• Encrypt all private information, such as documents, images, videos, and so on. If you’re not sure if something should be encrypted, it probably should.
   
• If you use online chat, use end-to-end encryption. Assume that all your text messages sent via regular cellphone service (SMS messages) can potentially be read by outsiders. Ideally, do not share sensitive information in writing. If you must share some sensitive item in writing, encrypt the data. The simplest way to encrypt data is to use a chat application that offers end-to-end encryption. End-to-end means that the messages are encrypted on your device and decrypted on the recipient’s device and vice versa — with the provider effectively unable to decrypt the messages; as such, it takes far more effort by hackers who breach the provider’s servers to read your messages if end-to-end encryption is utilized. (Sometimes, providers claim that hackers can’t read such messages altogether, which isn’t correct. for two reasons:
  1. Hackers may be able to see the metadata — for example, with whom you chatted and when you did so, and
  2. If hackers breach enough internal servers, they may be able to upload to the app store a poisoned version of the app containing a backdoor of some sort.) WhatsApp is probably the most popular chat application that uses end-to-end encryption.
   
• Practice proper cyberhygiene. Because so much of the information that you want to keep private is stored in electronic form, practicing proper cyberhygiene is critical to preserving privacy