Given the recent Ashley Madison breach digital security is on everyone’s minds. Unfortunately In today’s digital world personal security is getting harder to maintain. Everywhere you go online a website wants you to sign up to do even the simplest of tasks. Unfortunately for many of us, this means there’s digital fingerprints left all over the internet. In this post I’m going to help you avoid leaving those fingerprints and show you what you can do to clean up some of the mess you’ve left behind.
What is Digital Security?
In future posts I want to address the overall topic of security, today we’re going to focus on Digital Security. Essentially Digital Security is simply maintaining control of where you’re information is and who has access to it online. While there are a lot of good security practices you can implement, ultimately remember this:
If you put it online, it’s there forever. No exceptions.
That’s the first and most important principle in digital security. Once something is logged online, it is there forever. Sure some sites may actually delete your info, but more often then not when you deactivate an account that information is simply flagged and still sits there in the database waiting to be mined and used. So if you really don’t want something to get out there, then don’t put it out there. I know that sounds like common sense. But too often in today’s world people just assume they have some level of privacy, or in the case of apps like Snapchat were told they had privacy but didn’t. Never trust a third party with information you want to keep secret.
So instead of looking at Digital Security as a way to keep everything hidden, look at it as a set of practices to maintain control over personal information and to direct the flow of that information if it does get out. But again at the very base of Digital Security is keeping the information from becoming digital in the first place.
Why do you need Digital Security?
Sometimes people do bad things and they don’t want that to be exposed. But more importantly we all have the right to privacy and the right to control the flow of our personal information. Julie Borowski puts it best:
Here’s the thing, privacy isn’t simply about hiding bad things. Some people have it apparently in their minds that, “Oh, privacy. That’s for terrorists and cheating boyfriends.” Privacy is the right to control information about yourself. You get to decide what you want to share with who, what, when and where. We all have things we want to keep to ourselves or with a small group of people. Do you want your boss to know about that one night in Vegas? Mmm-hmm. Do you want your friends to know about those embarrassing health questions you have to Google? And you may want to keep that Star Wars action figure collection you have under wraps. Privacy is for people who are not Kim Kardashian. We’re uncomfortable with all our private details and our private parts out there. And that’s called being a normal, decent human being. We should be able to freely pursue what we enjoy on our own terms. Freedom — whether it’s embarrassing, nerdy, controversial, weird — things that will definitely freak out your mom. When government is snooping, you lose choice, control and freedom. There’s somebody watching your every move. You feel restricted. You can’t be yourself. It’s crippling.
More and more each day this right is being eroded at and it’s important to maintain our rights. While rights are inalienable we can lose them even through inaction. So by implementing some good security practices you’ll be able to at least control your data if not completely protect it.
Avoid Leaving Fingerprints
As stated above the best approach to digital security is to keep things from becoming digital in the first place. This is much easier said then done given that so much of our interactions are digital these days. So what steps can you take to prevent information from becoming digital in the first place?
- If a site requires you to sign up for their service, especially retail sites, use the guest option. If there’s not a guest option, ask yourself if the purchase is really necessary, if it is follow the steps below.
- Credit Cards – You obviously can’t pay with cash online, so think about using prepaid bank cards online that aren’t connected to your bank account. Only add funds as necessary and look for cards with no maintenance fees. You may pay a small fee on each transaction, but this might be worth your privacy to you.
- Addresses – For purchases use a P.O. Box in a city one or two hops away from you. Not all places will ship to P.O. Boxes, but maintaining a high level of digital security is going to have some drawbacks. For sites that just want your physical address, use the P.O. Box if possible, or a fake but believable physical address. Of course you may need to question why some sites even need your physical location. BONUS TIP: For added security us a UPS Store box or other similar service. This just adds one more level of complexity to locating you.
- If a site allows you to login with your Facebook or Google+ Account. DON’T! I know it’s convenient, I know it’s easy, but a little bit of difficulty is the price you pay to be secure. By using a single sign-on you connect your data across multiple sites, and give even more information to the data aggregators (Facebook and Google are in the business of selling you) to sell and use to profile you. Trust me they can come up with some pretty creepily accurate profiles. So separate your logins in order to create “safe zones”. This way if one site is breached, the entirety of your online personal life doesn’t get breached also. If you want the convenience of single login look at a service like LastPass, although they’re not completely safe from security issues either.
- Don’t use full names. Either use your initials (still traceable) or come up with a fake online name.
- Know what you’re agreeing to when you signup for a service. Most the heinous violations of online privacy were agreed to by the user in a site’s Terms of Service or (ToS). Use the service tosdr.org to at least get a good summary including warnings, if you’re not going to take the time to read the ToS.
- Browse using TOR or a VPN. These two technologies and how to implement them for the best digital security could take up books. I’ll leave you to research them on your own. Just know that your research is being watched.
- Use a site like DuckDuckGo for searches. It leverages the power of Google’s search engine without giving up your personally identifying information.
- Ultimately, keep it offline. This is going to sound extreme but if you don’t want something on the internet don’t connect the computer it’s on to the internet. With the technologies that exist out there today, if there is a “copper to copper” connection between any two machines it’s safe to assume that what’s on one machine can get to the other machine, even with theses security practices in place. So if you don’t want it getting out, no matter what “it” is, don’t give it a pipe to ride out on.
Of course this is just a brief overview of some of the things you should do. Complete volumes could and have been written on the topic of digital security. The idea here is to add complexity to connecting your data to you. In doing so you become harder to trace and profile.
Practical Advice for Digital Security
So the above steps are great, albeit somewhat extreme. But what if you’ve been on the internet for a while and you’ve already made a mess. Well there’s a saying about spilled milk and it’s container. Honestly what you’ve put out there is out there, and even if you’ve hit delete, and even if you paid $19 for the service, that information is forever going to reside on the internet. That’s a pretty gloom and doom perspective, but it doesn’t mean all hope is lost. The best time to implement digital security is 30 years ago. The second best time is NOW. Start changing your habits. Keep new information from leaking out and then slowly maintain the information you’ve already let out there. Use a site like Just Delete Me to go through and remove the accounts you already have and no longer need. Disconnect accounts from Facebook and Google when possible. Remove photo albums from offline. While traces of you will still be at these sites and these places. The more you remove, the less powerful those traces become.
In the end Digital Security is hard to implement and even harder to maintain, but it is important. Google’s motto is “Don’t Do Evil” but the second they decide it’s “Nevermind” the world is going to have some major problems. So while it’s impossible to be perfect, that doesn’t mean you shouldn’t try. Every little bit will help. And in a TEOTWAWKI or SHTF scenario being able to move along undisturbed and untraceable is going to be important. Even if those scenarios don’t happen, it’s important to be in control of yourself and your life, even your digital one.
What do you think? What steps do you take to stay safe online? How do you maintain digital security? Let us know in the comments below.