A n00bs Introduction to Privacy

in #technology7 years ago

Why it Matters

We are living in a world resembling the sci-fi of yesteryear. We carry the vast expanse of human knowledge on our fingertips, we can see each others faces despite being a world apart. We can make our homes “smart” making our lights respond to our movements. We communicate with strangers from around the globe every day. An event there feels like it happened next door, we hear about it almost instantly. We call this magic the internet, the smartphone, the computer.

One hundred years ago, this fell into two categories of imagination. The Dystopian and the Utopian. The Dystopian predicted a panopticon, a world where everyone was watched all the time, whereas the Utopian imagined a world of unprecedented communication and transparency.

The truth, as always turned out to be somewhere between those two extremes.

The internet has allowed loved ones keep in-touch via Skype and Whatsapp, for friends and family to organize and communicate over Facebook, and for Authors to talk directly to their fans via Twitter. Reddit has let millions crowd source the most interesting stories from across the web, and Google has made the entire collection available with a single search. Many of us don’t know what we would do without these services.

The thing is, those services know this, and they take advantage of our dependence on them. Google collects and records everything you type into their search engine, Facebook tracks who you are, what sites you visit and who you talk with. This let’s Google provide you with better search results “personalized for your needs” and let’s Facebook determine what pages you’d like and whom you might know.

This also gives them power over you. Imagine for a moment, that you are an employer. One of your employees has been out for some time on workers comp, and you are getting suspicious, so you hire a private detective. The private detective would follow the employee around for a period of a few weeks, recording everywhere they go, who the talked to and when. They are collecting metadata, just like Google, Facebook and the rest of the technology companies.

What is metadata?

Metadata is the: Who, what, where, when, why, and how. In other-words, that private detective we talked about, if he recorded what the employee was saying, that’s the content of the conversation, everything else about it, that it was at a chiropractor’s, with a physical therapist, at 3:00PM? That’s the metadata. Metadata you see, can be more important than the content, more revealing. If the private detective recorded what the employee said to the physical therapist, but not where he went after, it wouldn’t tell us much. If however, we follow the employee and he goes to a bowling ally afterwords, then we have learned something useful. The employee is probably faking their injury.

As you can imagine this data tells us more than the content could. Let’s say this is your typical Friday:

Get up, get dressed, drive to a McDonald’s, drive to a location, leave location at noon and drive to another McDonald’s, drive back to the location, and later, drive home.

Well, we know that you got up, went to McDonald’s for breakfast, went to work, had McDonald’s on your lunch break, went back to work, and then went straight home. If I was a health insurance agent, knowing that this happened on a regular basis, I’d be raising your premiums.

Here is another scenario: Imagine a child left his home every Sunday, we know that he leaves alone because only his phone has left the residence. He travels for a while, and then we see him at a local church. He then returns home. We also know that his parents go to a Mosque every Friday, and they bring him with them.

As you might imagine, we just learned that the Son is converting to Christianity, but has yet to tell his parents the news. Take any scenario you can imagine, being gay in a family of homophones, being a fitness nut, a gun owner, a computer nerd. All of this is revealed just by collecting that metadata.

If it’s free you are the product.

You didn’t seriously think that they were offering their services for free did you? No, they give away their services to collect this data on you. This allows them to target ads to you that you might click on. It also allows for parent’s to find out their teens are pregnant because of a targeted ad for baby formula and diapers. Not only can this data be accidentally revealed to the wrong person, it can be used to manipulate you. If I know you eat fast food a lot, I can offer you coupons for my fast food restaurant in an effort to get you to go to mine instead of McDonalds. Alternatively, knowing that depressed people consume more, and spend more time of social media, I can attempt to present you with the occasional depressing content in an effort to alter your emotional state to make you more susceptible to advertising

Hackers, Swatters, and Doxxers; Oh My!

Everything is Vulnerable

Imagine that you parked your car in a parking garage. Hundreds of cars are all parked in that same garage. An obvious target for a car thief, no? You might occasionally worry that someone will steal your car, which is why you locked the car doors, and have a car alarm. The hope, is that before they can take off a security guard will come running over to see what the commotion is about and the thief will give up. Imagine though, that rather than a singular thief, the Car garage was swarmed by thousands of thieves simultaneously. It is inevitable some of them will succeed.

This is the case on the internet, except instead of car’s we are talking about the companies that store your data. Every Single day, there are attempts to breach Google, Facebook, and Microsoft. The wonderful users have compiled a list of large data breaches, which while most probably incomplete, is large in and of itself. That list contains hundreds of breaches, some of the companies are repeatedly breached. Everyone from Facebook, Google and Ebay to Gynocologists, Health Insurance Companes, and Target are on the list. It doesn’t matter what the industry is, or the size of the corporation, everyone is not only vulnerable to these cyber car-thieves, they have already had their metaphorical car stolen! So while you might not care that Facebook is using your information to make you sad, you should be afraid of what these thieves are doing with your data.

My Identity

One thing that they could do, of course, is steal your identity. With your Social Security number, which was almost certainly leaked at some point considering the sheer number of breaches that Medicaid, the Social Security Administration, and a multitude of healthcare providers have had, they only need your birth-date and a few other pieces of information. Information you probably voluntarily put on social media, and even if you didn’t, definitely is a matter of public record if you have ever voted, submitted a complaint, or have a drivers license. Identity theft is easier than ever, everything you needs is available with just a click.

Of course, maybe you carefully watch all of that. Perhaps you regularly check your credit record, monitor for any changes and will ensure that any such attempts are quickly thwarted. If you are like most people though, you probably didn’t even know your Social Security Number can be easily found on the internet by anyone. Don’t believe me? Then listen to EPIC. EPIC, or Electronic Privacy Information center, is a nonprofit organization, that specializes in, as the name implies, privacy in the age of the internet. They have an entire page dedicated to SSN’s and how freaking weak they are.

Unwillingly Transparent

Doxxing is a bit more complex, some don’t think there is anything wrong with Doxxing, others think it’s tantamount to harassment. For those who are unaware: Doxxing is the act of publishing information about someone in a manner designed to direct criticism, hate speech, and potentially violence directly to the target. One of the debated aspects of Doxxing is if it should apply to Public Figures or not. Regardless of that, we will focus on Doxxing as it relates to those not considered a public figure. Usually this consists of linking their digital identity to their real life identity, including their residential address, personal email, phone number and perhaps where they work. As we already discussed, much of this is actually a matter of public record. However, it usually takes a bit for work to get. You can’t just put in Joe Smith’s name into google and get his home address. You have to the right website, often needing at least one other piece of information about him, usually his age or maybe the state and county he lives in, in order to get the home address. Not exactly hard work, but it’s enough to deter the majority of people from even attempting to write an angry letter to the target. However, by publishing this information on Reddit, Twitter, or some other public and search-able platform you have eliminated the barrier. Now those who were too lazy to look up the information just have to hate away! Not a very pleasing prospect, to the victim however.

It’s Just a Prank Bro

Last, but not least: Swatting, the act of calling local law enforcement in an effort to get a swat team sent to the victims home under false pretenses. Swatting has some things in common with Doxxing, the perpetrator must know where the target is for this to be pulled off, for instance, and usually the perpetrator has masked their own identity and location, leaving the victim unable to retaliate. Out of the three most common means of abusing information, this is the most dangerous to the victim. The police are on high alert, being informed of an alleged hostage situation or bomb threat, and are told the victim is the one responsible. One wrong move, and the victim could end up killed by the police who have been mislead by the swatter. The problem is police are required to respond to any report of such situations, if they didn’t then an actual hostage situation might be ignored.

Protecting Yourself

Now that you are shaking in your boots, you are probably wondering how you can protect yourself. Fortunately there are somethings you can do to mitigate the risk.

Reduce

Just like in conservation, the most important thing you can do is to reduce the data you produce.

Use a Different Browser, like Firefox and Brave instead of Google Chrome, Apple Safari, or Internet Explorer/Edge.
Your browser is your means of transportation across the web. Browsers like Chrome, Safari, and Internet Explorer/Edge all track where you are going. That green padlock might prevent someone from intercepting the connection to your browser, but your browser has to see everything to show it to you! Firefox can be configured to be more private via add-ons like, Ublock Origin, HTTPS Everywhere, Cookie Autodelete, and Decentraleyes. Brave, on the other hand, is less customizable than Firefox and Chrome, but it is already set to block the most common forms of tracking, and doesn’t track you.
There are more advanced methods available as well, but for those who are used to chrome, these will be a good starting point.

Switch to an Encrypted email provider, or use your own email encryption.

Google, Microsoft, and the majority of email providers routinely scan emails for spam prevention, malware prevention, and filters. They also scan the emails for key words to be used in advertising both within the email website, and throughout the internet in general. There are alternatives however, that promise to never scan for anything other spam and malware prevention, and then there are those that go a step further. Services like Protonmail, Startmail and Tutanota encrypt their emails between those who also use their services. They get their funding from subscriptions and donations, so they aren’t reliant of advertising revenue. Even better? Protonmail and Tutanota both offer a free tier with some minor restrictions.

Additionally, there are some messaging services that are designed from the bottom up for privacy. Signal is the one of the most popular ones available, and for good reason. It’s cryptography is the best out there, it is designed to be nearly impervious to interception, so those sexts should be safe... as long as your partner’s phone isn’t infected with malware. The downsides to signal though also lie in what makes it great. It is easy to use, but relies on phone numbers. It’s well designed, but it’s centralized, meaning if the Company that makes signal is forced to shut down for any reason, you are out of luck.

There are others of course, Riot.IM/Matrix for example is more akin to email than Signal is. You can create your own username and password, in you can even pick from multiple Matrix providers, although at the moment there aren’t many. Matrix has a drawback compared to signal though, it isn’t encrypted by default. This is because, while Signal is primarily designed for one to one messaging, with group messaging as an afterthought, Matrix comes from the opposite direction, designed for group messaging above all. In other words, Signal is a replacement for SMS, Whatsapp, or iMessage, whereas Riot.IM/Matrix is a replacement for Slack, and private chatrooms.

There are many many more services worthy of mention, but we have gone on for some time already, and quite honeslty my fingers are getting tired and we still have to cover some other topics. I’ll make a comprehensive list of all of the various private messaging services, and secure email providers some other time.

There are two ways you can mask where you are, through VPN’s and through TOR. However, because of the sheer amount of shilling revolving around the VPN industry, I'd rather not talk about any particular service. My advice is you go to (thatoneprivacysite)[https://thatoneprivacysite.net/] to learn more about various VPN options. The owner of that site has made it their mission to provide unbiased, accurate information on various VPN services and let you decide what is best for you. Recently, they added a section on various email services as well.

Hello, my name 1000101010

Whenever possible, don’t use your real identity online, and try not to have a consistent virtual identity. Use different usernames for your various accounts, this makes it a bit harder to track you across services, especially when you sign up using a disposable email address. There are several providers of these use once type emails, my personal favorite is anonbox, but there are tons of these types of services out there. The goal with these, is to allow you to confrim a “valid” email address when you sign up for the service, without using an email address that’s tied to you. If you want to talk about any topic that tends to get heated, having an alternate account that isn’t tied back to you is absolutely critical. This makes all of the forms of cyber harassment we talked about earlier much much harder to accomplish. Combined with a VPN or TOR and this is a defense very few will break, governments might be able to, but now they have to dedicate more resources toward doing so, and criminals won’t even bother with so many easy to target people that have almost no defense in place.

The conclusion.

We have only barely scratched the surface, the potential consequences of our new age of information only barely covered, the potential defenses listed just a small smackeral of the veritable smorgasbord available. If you have anything in particular you’d like to see a similar n00b’s introduction to, or have any advice for the n00bs of privacy and surveillance, let me know in the comments.

Sort:  

Nearly everything you do is of no importance, but it is important that you do it.

- Mahatma Gandhi

Congratulations @geekynerdynerd! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 2 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!