[UPDATED 6/16/19: VPN recommendation changes]
For reasons I can’t begin to fathom, people today seem to have zero regard for online privacy. I can only chalk this up to ‘ignorance is bliss’. I can’t imagine anyone voluntarily subjecting themselves to constant, unblinking surveillance. It would be like having a GoPro camera mounted to your forehead and a GPS tracker strapped to your ankle. And yet, this is precisely the level of creepy spying we’re inviting by surfing the web and using our smartphones without protection.
But not any more. Not after today. Today it ends. Today is the day you take back control of your data. Today is the day you assert your right to basic privacy. And what better day than Data Privacy Day?
Data Privacy Day
Data Privacy Day was started in the US on Jan 28, 2008 (following a similar move in Europe two years earlier). Data Privacy Day is sponsored officially by the National Cyber Security Alliance, which runs the Stay Safe Online web site and the Stop Think Connect initiative. (I had a couple great interviews with the NCSA’s executive director Michael Kaiser you might check out.) Frankly, it’s a shame we have to even have this day… but until we fix this, that’s where we are.
It also saddens me that the US is so backward on this whole thing. Europe has been leading the charge for years now, protecting users and keeping corporations accountable. The new General Data Protection Regulation (GDPR) is set to be enforced in May 2018, imposing real penalties on companies for violations (up to 4% of annual revenue). Users in Europe will actually have full transparency into what data has collected on them and with whom it’s been shared. They can even exercise the right to be forgotten. But here in the US, we’re rolling back privacy protections (with some notable financial and medical exceptions). As it happens, we outside the EU will probably still reap some benefits from GDPR as global companies like Google and Facebook implement the new settings required to comply with the European rules. But to get all the same benefits, we need to have real privacy regulation here, as well.
Privacy is a Human Right
Edward Snowden once said: “Arguing that you don’t care about privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.” Fighting for privacy for all is important, even if you don’t personally feel that you need to exercise that right. Glenn Greenwald gave an beautiful presentation on the human need for privacy at a now-famous TED Talk in Oct 2014. (If you haven’t seen this, you really need to watch it. Like right now. I’ll wait…)
In this talk, Glenn outlines the concept of a Panopticon: a devilishly clever design for an institution (read: prison) where a circular set of cells can be simultaneously and surreptitiously monitored by a small set of central guards. The inmates know that they can be seen at any time, but they have no way of knowing that they’re being watched at any given moment. The result? Much higher “compliance”. I would argue that the digital world we live in today is much worse. Unlike a small set of human guards that can’t possibly look everywhere at once, the computers of the Internet can not only monitor all traffic but can even record it for future investigation.
Don’t get me wrong… the Internet is an amazingly powerful tool that has had a phenomenally powerful and positive impact on human development. But while living in the Information Age has enabled great things, the ad-based “free” Internet, unfettered by common-sense rules around data protection, has created a world where you are not only constantly being forced to watch ads… the ads are watching you back.
Stand and Be Counted
There are several steps here that we need to take, all of which you can do right now. But before I rattle off this litany of actions, understand that doing these things is not just about you. Yes, it’s important that you claw back your privacy and control your data. But by doing so, and by bringing along as many others as you can, you’re taking a public stand for everyone. You’re telling your governmental representatives and global corporations that privacy matters. Not only are you aware of how your rights are being abused, you’re willing to spend time, effort, and (yes, even) money to assert your rights. You will vote with your ballot and your wallet. If enough people do this, it will cause change. So even if you’re not personally worried about your own privacy, do the following things anyway – for the sake of all of us.
Here’s your action plan. You can do all of this in a single day, but hey… pace yourself. And if you’re in a position to help others to do these things, please do so.
Part 1: Get Educated and Inspired
If you’re not already worked up, or if you need ammo to convince your friends and loved ones, here are a few great resources. Everyone learns in their own way. Pick the ones that work best.
Part 2: Upgrade to Kick-Butt Privacy
I’m going to tell you right now: some of these things cost money. Actual money. You have to pay for them. But that’s a good thing. If the product is free, then you are the product. Paying for privacy shows that you care about it and supports organizations that are providing it.
- Use Firefox. Chrome is a secure browser, but you can’t convince me it’s private. Google makes 90% of their revenue on ads, and they want to know as much about you as humanly possible. (Safari is good for privacy, too, but is Mac-only.) Once installed, turn on Firefox’s built-in privacy protection.
- Install privacy plugins for Firefox:
- Use a VPN, for both computers and mobile devices. You should use a VPN on any public network (wired or WiFi) for sure. But your ISP is watching you, too, so you might want to use it even at home. Here are some suggestions:
- Use Signal for messaging. While WhatsApp uses the same basic protocol under the hood, go for the original from Open Whisper Systems. They have no other agenda beyond privacy. They have apps for desktop and mobile.
- Use a secure email service. This one is harder… email was never designed for privacy, so it has to be bolted on. This leads to inconvenience and incompatibility. I’m not gonna lie, private and secure email isn’t as easy as it should be. But make the investment, and companies will get the message. NOTE: it takes two to tango! If you’re not using Gmail, but your recipient is, then the entire conversation is compromised. So get your friends to switch, too!
- ProtonMail. Very private and secure, but doesn’t work as well with other email services.
- FastMail. Not as secure, but a good alternative to Gmail that’s not interested in collecting your data.
- Use DuckDuckGo’s new mobile browser. While Safari on iOS isn’t bad, Google owns Android. Just get this app.
- Do a Google Privacy Checkup. And then stop using them. Okay, that will be hard. I don’t know if I can do it completely, either. But there are alternatives you should try. (This article has the full info.)
- Google search > DuckDuckGo.
- Google mail > ProtonMail or FastMail
- Google Chrome > Firefox
- Android > iOS
- Dial back app permissions. This is mostly for mobile apps, but really applies to any software you install. They should be on a strict need-to-know basis with things like your location, address book, credit card numbers, and your personal info. You also need to limit access to the camera, microphone and photos. Be very wary of “accessibility” access, as well – this can be used to scrape sensitive info from your screen.
- If you really want to go full-tilt on privacy, check out the wonderful site privacytools.io. They have a lot of great background info and lists of several super-private tools and services.
Part 3: Cut Way Back on Social Media
Yeah, I know. This is a tough one. We’ve been using social media for so long now… they already have so much info on you, what’s the point in changing now? The point is that you can still control what information you share going forward. But perhaps more importantly, you can strongly convey the message that you care about privacy.
Go to your profile on each of your social media accounts and crank up your privacy settings till it hurts. This one guide covers all the services below. You can always dial them back a bit later, if necessary. Oh – and keep checking these settings every so often. These companies change their terms of service and privacy settings all the time, usually in favor of sharing more, not less.
Part 4: Make Yourself Heard
Doing all the above will enhance your privacy right now. But the whole reason we have to do all this crap is because our elected officials feel no pressure to represent our interests. Instead, they listen to corporations who use highly-paid lobbyists and campaign donations to push an agenda that guts privacy in favor of profits. But at the end of the day, these officials serve at your pleasure… if they don’t please you, make it very clear that you will remove them from office at your next opportunity.
The Electronic Frontier Foundation (EFF) has a wonderful tool for finding and contacting your representatives. They also have a guide on setting up a face to face meeting with your representative. Seriously. They’re there in Washington representing you. They meet with constituents all the time. Be one of them. Bring friends.
There are several other great organizations like the EFF who are out there fighting for your rights zealously every day. If you don’t have time to get politically active yourself, then give money to groups that are already doing it on your behalf. When they send you a T-shirt, a hat or a sticker, display it proudly where others will see it and ask questions.
This is how real change happens. This is what it takes. Stop sitting idly on the sidelines. You can make a difference.