As a follow-on from my post concerning VPN technology, I will outline several topics associated with modern Digital Privacy and provide basic guidance. This should not be taken as definitive and certainly not ironclad advice moving forward but I wanted to share a few things that I believe are helpful!
Digital Privacy Choices (1)
Privacy Choices should be understood as relating to device or account settings that can help manage your exposure to risks online, whether simply limiting personal information dispersion or more effectively blocking retention. In many cases, it is an enumerated right to restrict your information usage by private companies or even public sources (limited somewhat in a legal context but otherwise applicable).
Use search engines to locate listings for your name that include phones, addresses, and other personal information, there are a number of listings: Registered Data Brokers in the United States: 2021 | Privacy Rights Clearinghouse. Big ones outside of a more intensive search (in the United States) are Spokeo and Radaris, which both offer opt-out functionality even if you don’t live in a jurisdiction with an enhanced privacy law (e.g., Colorado starting July 2023). There are many others, and you should also try to restrict your data around voter registration at the very least too (if applicable) as there are smaller firms that display this data and your address specifically, openly.
There are even services such as Aura that will perform these functions for you but do cost money. I have been able to affect changes in my privacy just by doing this in my free time, but your mileage may vary.
If you are a social media user, setting accounts as ‘Private’ should be a major priority. Some business and entrepreneurial folks may not want to do this, but these apps are the #1 security issue across all social strata and even in our government/military. Most of the aggregate pulled in, bought, or captured by data brokers comes from these accounts when not adequately configured for privacy.
In terms of email security, there are several low-cost or even free options (e.g., Proton Mail) to allow for encrypted and relatively ‘protected’ email addresses relative to prime offerings such as Gmail. Personal users should consider spinning one up for sensitive logins such as banking, insurance, or their government-based items (i.e., SSA, toll-passes, taxes – when applicable). Even if used in this limited way, your identity is more protected from both data brokers and hacking. Gmail, among others, has a history of data issues around access protocols. This is not meant to be a legal or impugning claim but a fact.
Privacy Choices are a continuum and always subject to change – just spending a little time researching options will allow you to make the best changes for *you* and the above is merely an introduction!
Digital Privacy Behaviors (2)
Privacy Behaviors relate to ‘global’ practices at the level of your home internet and day-to-day life offline, but loop back to impacts in how you show up online. Our first point of focus will be the networking hardware itself as this is the *prime* offender in leaking your information.
When you contract for internet services, you are often provided or rent a modem/router but you should consider buying your own – you can typically break even on cost within a year in the United States and have more control over your networking security. If this is not desirable, login to your router (typically mapped to something along the lines of 192.168.1.1 if queried on a conventional browser, but research your own device via the guide here or elsewhere: How to Access and Change Your Wi-Fi Router’s Settings | PCMag) at the very least and set a non-default password.
If you do or even don’t buy your own device, the next step is to examine how your network Wi-Fi is secured. Some of us may only have WPA2 – if so, make sure you are using the AES variant of this for your password protection. TKIP by itself at this level is hilariously easy to break given the time adversaries have had with this. Otherwise, use WPA3 for the Wi-Fi password: this is hardened to an extent to avoid the issues with prior security iterations.
Furthermore, creating a password that is optimally 14 characters if not closer to 25-30 in length and utilizing word substitution, special characters (other than ! # $), varied case, and changing at least every 6 months is paramount. Yes, this is annoying. No, it is not a good idea to deviate from these requirements. Password cracking is trivial for using say your mother’s maiden name or other highly personal strings for ‘passwords’ and even secure but short passwords are broken daily.
The next step is to use a non-default DNS – commercially available free options can offer some help, such as 188.8.131.52 or Quad9 but there are many more items to consider. Paid and bespoke mappings are on the market and you could even develop your own if you are so inclined and have the right experience and server hardware.
Outside of this, change coaxial and ethernet cables every few years: this is for performance considerations in addition to security. Unscrupulous individuals can essentially target you based on these components once they are out of spec or identified as part of your network on a long-term basis. This is fairly inexpensive and I do understand that it is annoying but consider it routine maintenance.
If you have a modern router, but lack Cat6 cabling what is the point, really?