I believe privacy is a human right, nothing less than this. I often discuss around this topic with many people…it’s one of my cup of tea, I enjoy talking about that because I know I can have a word and learn something at the same time. Usually after a couple of minutes every skeptical person opposes his/her final sentence about privacy, - shared to be honest by too many people - which is the following: I think it’s important, but in the end I’ve got nothing to hide so to me it’s not such a big deal. It’s obviously a non-sense and it’s commonly known as the nothing to hide argument and my most common reply is the one, so easy and powerful, by Edward Snowden:
Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.
E. Snowden
This answer targets directly the missing point of any skeptical argument: when we talk about privacy it’s not just about what privacy is, but what a right is (and why it matters, or not, to you). A more interesting questions I’ve been asked a couple of weeks ago by a colleague was about my best practices in terms of online privacy and in general how I protect my devices. I could talk for hours about this, but a summary could be the following, based on a few rules:
- Define your opponent
- You don’t need to protect what you don’t share
- Consider yourself as your worst enemy
- Be ready
Define your opponent
Privacy is a human right. You probably know that uncomfortable feeling and what is like when you have your privacy violated: someone reading your messages, someone inspecting your bag or even worse someone breaking into your house. But the truth is that, in some cases, someone could be a private company or your own government. So the first step is to define who your opponent is. For example, a Russian anti-war activist would probably need to protect him/herself against the government more than against his/her email provider sniffing all the emails. You might think you’ve no opponents at all - because you don’t fear your government and because you really think advertisement has no influence on your choices - in this case a good practice should be to consider yourself as your opponent, because your privacy perception is probably lower than your opponent’s. Once you define your opponent you can take the appropriate counter-measures, which in my case rely on using:
- A secure VPN
- A trusted email provider
- Email aliases
- PGP Encryption where possible
- Secure HD encryption
- Different password for literally each account
- Keep learning about privacy and related solutions
I won’t give details about how I apply these solutions, but the application of one or more of these will dramatically increase the privacy of your communication and the safety of your data (two different but very related topics) and help you building your own privacy best practices.
You don’t need to protect what you don’t share
It looks quite obvious, but the first problem about privacy and data protection is that we barely know what we’re trying to protect: it’s for sure our name and/or last name, the email address, credit card information, etc. but can you list all the online services that, during the years, asked you this kind of details? And do you know if they’re all still in business or what their privacy policy was? A good “defensive question” is: was it necessary to sign up to that useless service? If you ask yourself this kind of question every time you’re requested to fill a new form, you’ll - for sure - lower the amount of personal data you put at risk. But what if the answer is yes, I need this service, let’s fill in the form In this case, go for the minimum: just provide the mandatory information, consider if it is necessary to provide your real identity. And since there’s no rule to provide a real-name-email-address feel free to use an email alias.
Consider yourself your worst enemy
Even if data leaks occur regularly with 2-3 big breaches per year and even if the Evil Company has all the means to spy on you, ultimately you’re your worst enemy. It’s sad but it’s true: an attacker can breach your defenses, but you’re the only one who can lower them and this happens more often than we think. An unlocked computer for example is like leaving your home with all the doors and windows open and the same goes for connecting to an unsecured and untrusted website: it leaves enough room for anyone (mainly your ISP and the website itself) to access all the data exchanged between you and that website. Your privacy is constantly at risk: moving out from the internet for a moment, consider all the phone calls you receive asking for any kind of information. I remember a person calling on behalf of an unspecified energy company asking for my data for a check (or was it an offer?). It was clearly an attempt to get some of my data and try to build an attack of some kind (or just resell the data): ultimately if and when you’ll fall for a social engineering attack, you can’t blame anyone but yourself. So always be focused, on the internet as well as in your real life. In the end, internet is just an additional border of your privacy realm you must protect.
Be ready
Well, this applies to everything in life…shit can happen all the time and every once in a while it’s useful to take your time to think about unrealistic scenarios, like what would I do if someone hacks my phone and main email? How could I demonstrate or alert anyone that this happened? things like that…and then try to imagine a solution! Stress-testing this privacy starter-pack is a good way to build a safer one.