Digital Security

In Safety and Security in Life, I categorized risks into four categories. Now I’m starting with the most complex one.

This article shows how to approach digital security without getting overwhelmed, and why privacy is needed to be secure.

Disclaimer: I'm a fan, not an expert. I'm not a financial advisor,
nor a health, security, or safety professional.

Why be systematic about it

We underestimate information risks. Despite huge security breaches being publicized, such as 500 million Yahoo! accounts being compromised in 2014, and countless stories of identity theft being available.

The digital world really isn’t intuitive. Our words, mistakes, and actions can last forever. Including what we do and say in our own homes. We’re even letting devices listen to us 24/7. It’s kinda creepy to think about.

Then there’s the scale. Every year we create more accounts and more data. Corporations and Governments are getting better at collecting and understanding that data too. The more connected we are, the more opportunities there are for things to go wrong.

So let’s get systematic about securing ourselves. Otherwise, it’s easy to get overwhelmed or put it in our “too hard, not worth it” bucket. If we approach digital security with a risk management mindset, we can achieve a lot.

Imagine being able to reduce your risks while driving by 90%. It would be a no-brainer, right? I believe we can do that with digital security!

What I’m covering

All personal information risks are important, so I’ll cover more than digital risks. Leaving a copy of your birth certificate in the trash may be as damaging as leaving it on a USB drive. And telling the wrong person on the phone your credit card number may be as damaging as entering it on the wrong website.

I won’t cover advanced anonymity (read The Art of Invisibility) for people who may fear for their lives. Nor protection for public figures who may be the victim of targeted attacks, such as celebrities and CEOs. I’ll aim for “C-List Celeb Security.” If someone sees an opportunity to grab our data, they will. But otherwise, we’re not on their list of targets.

I’m writing this series of articles to be the most practical and thorough available on digital security. It’s for those who want to level-up their safety and security regarding their digital lives and personal information.

Privacy as security

Security is locking your doors; Privacy is closing your blinds. But in the digital age, almost the entire world can look through your windows. This makes closing the blinds critical.

Government surveillance of digital and analog communications is real, as revealed in the NSA documents released by Snowden. These agencies are responsible for preventing terrorist and other attacks, so from their perspective, it makes sense to invade our privacy to increase security. When we complain about this, a common retort is: ”if you have nothing to hide you have nothing to fear.

But I believe privacy from surveillance is needed for personal security.

Governments are fallible, and innocent people have their lives disrupted all the time. We need to look out for ourselves. And Governments do not have perfect technology. They can be hacked or have their technology copied. If the Government can listen in to your communication, so can others.

The same applies to corporate surveillance. Additionally, their own Government may compel them to give up the data they have on you. The book Data and Goliath goes into surveillance in more detail.

So I will treat privacy as part of security. The less information we share about ourselves, the less that can be used to breach our security. And, remember, privacy is a right!

Living at our Privacy-Friction frontier

It’s near impossible to have complete privacy in the digital world, especially online. Our data goes through many networks and we often do want a website to remember what we’ve entered, e.g. when we’re posting to social media. Unfortunately, to get more privacy we have to give up conveniences. Which is, well, rather inconvenient.

Like exercise, however, we should push ourselves beyond what is comfortable and try things that aren’t easy, because:

  • Privacy is one way. Once our data is out, you should assume it won’t ever be deleted.
  • Irrelevant information today may be private tomorrow. Who knew 30 years ago that sharing your mother’s maiden name may compromise your security now, thanks to security questions.
  • Digital risks are not intuitive. Our brains didn’t evolve in a digital world. It’s reasonable to assume we don’t fully comprehend the risks.

So I suggest living in the most private way that causes a little, but not significant, friction to our lives. I call this the Privacy-Friction Frontier. It gives us maximum privacy without making every digital task a chore. By striving for more privacy than feels easy, we have a buffer in case it turns out we’ve underestimated our privacy needs.

Accepting a little friction might mean encouraging your family to switch to a messaging app with end-to-end encryption. They may complain about the emojis not being as good, but everyone will adapt.

To find your Privacy-Friction Frontier, you need to push the boundaries at first. For example, try browsing only in incognito mode for a week (closing the browser regularly!) and see how that goes. Needing to repeatedly log in to all your accounts will feel like friction. If that’s too much, try the next most private solution. Perhaps clearing cookies more regularly or using browser containers.

As privacy increases, so does the pain of maintaining it. Find your Privacy-Friction Frontier (sweet spot) by starting with advanced privacy, then scaling back until you can deal with the pain.

Other principles

Have rules of thumb for trust. Popular open-source software has been reviewed by many people, while proprietary software has not. Some companies tie their branding to being privacy-focused, giving them a lot to lose if they break trust. While others rely on monopolies or convenience.

Use the principle of least privilege/knowledge. Only provide the minimum access or information to do what you need. And the minimum is likely less than you think.

Be legit. To watch a movie, buy or access it legitimately. Otherwise, watch something free. Unofficial channels are more likely to have malicious content. It won’t hurt you to consume less and you’ll be more secure.

Perform ongoing checkups. Some actions can be done once, such as encrypting your device. But others will require periodic checkups, such as auditing your browser extensions and removing unneeded personal data.

Make access hard, and unfruitful. In the end, it’s about making accounts and data difficult to access, and minimizing the impact when that access is gained.

Taking action

The first step is to secure and clean up our stuff. Then we can change some behaviors and create recurring reminders for periodic cleanups.

Housecleaning

Destroy what you don’t need. Bring out your inner minimalist! Every account, device, or piece of data is an opportunity for an attacker to cause problems. So get rid of everything you don’t need, in a secure way. Shred paperwork, close accounts, and reset and wipe devices.
Bonus: Look into actual digital minimalism.

Upgrade your gear. Shop around for a new browser and search engine that is privacy-focused. A password manager is also a great investment and you could switch some proprietary apps to open-source alternatives that have been publicly reviewed.
Bonus: Look into end-to-end encrypted email accounts.

Harden all the things. In computing, hardening means securing a system by reducing the number of ways it could be attacked. So go through your accounts, apps, and devices and turn up the security and privacy settings. Update everything. Enable multi-factor authentication for your Achilles’ heel accounts.
Bonus: Check your browser’s security using tools like BrowserLeaks or Cover Your Tracks by the EFF.

New Habits

Be safe out there. You probably shouldn’t use public Wifi without a VPN, and avoid public computers if you can! When speaking with companies or governments, don’t share personal information if you don’t have to.
Bonus: Learn about the rights in your country with regards to giving law enforcement passwords or access to your devices and accounts.

Practice good security hygiene. Repeat the housecleaning steps periodically. Especially the Destroy step as you’ve definitely created more data in the meantime. Securely backup your data to blunt ransomware attacks. Have an alter-ego identity with a separate email address that you use for unimportant accounts. Minimize what you share on social media.
Bonus: Actually read privacy policies! You could skip to the section about what they do with your data.

What’s next

The upcoming articles will be hands-on. Going through each aspect of our digital lives that we can improve. Reducing our risks and having more peace of mind.

To get an email for each new article (on this and other topics), subscribe to my Systematic Newsletter.

Matt SchultzSystemizing life 🌱

Comments

I use FastComments for GDPR compliant commenting. If you comment, FastComments will process your personal data. See my privacy policy and FastComments' privacy policy for details.

Systematic Newsletter

My weekly email helps you upgrade your future with first access to each article and an insight into each topic:
  • Personal finance
  • Health
  • Safety and Security
No sponsors, ads, or spam. Unsubscribe at any time by clicking the link in the footer of the emails. Learn more about my privacy practices here.
I use Mailchimp as my email newsletter platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.