Choose Privacy, Always

Choose Privacy

The American Library Association’s Choose Privacy Week was May 1-7.  Oops—dropped the ball on that one.  Still, one of the key points of Choose Privacy Week is that privacy awareness is something we all have to take seriously all the time, particularly online. A common mistake when considering privacy is assuming that it is something we possess naturally and have taken away from us by others. The reality is that privacy is something we have to actively claim for ourselves and work for every day. Our electronic world does not allow for anything less.  People become understandably indignant when their sense of privacy is violated. I’m not trying to blame the victim—indeed, the potential victims are any or all of us. Nevertheless, we need to recognize that today’s world of hyper-connectivity and big data doesn’t allow us the luxury of treating privacy as a given.  

First, let’s get real about privacy:

  • If you’re online, you’ve given up some of your privacy. ISPs do have records of all the sites your IP address has visited, and they all have different policies for data retention as well as dealing with government requests for such information.
  • If you’re on Facebook, you’ve not only given up some privacy but passively helped to erode your friends’ privacy, since Facebook sells not only your data, but also your network of friends and family.
  • If you buy particular categories of items on a regular basis with your credit card, those buying habits are not only collected but are also available for marketers to take advantage of.
  • If you walk around with a GPS-enabled smartphone with location services turned on, you might as well be holding up a big, yellow sign that reads “HERE I AM!!!” 

That’s just a taste.  This lack-of-privacy culture is insidious, pervasive, and wickedly seductive.  It is so easy to shrug our collective shoulders and give in to this craven new world.  I mean, if we’ve already unwittingly ceded some of our privacy, what’s the point of trying to protect what’s left?  Why struggle?  Just let it happen.

You need to ignore such thoughts and start taking responsibility for protecting yourself.  

What is Privacy?
It’s unfortunate, but a lot of people don’t understand the value of privacy or even have a solid understanding or definition of what exactly it is.  A common line, even from a younger, more naive iteration of myself, is “I don’t care who sees what I do; I have nothing to hide.”  You’d think this was an attitude more common amongst our younger generations who’ve grown up in a world dominated by open social networks, but in my role as public librarian I’ve heard it from both ends of the age spectrum and everywhere in between. In fact, according to a recent Pew Research Center report, teens seem to be very aware of online privacy, though maybe they aren’t as concerned with the potential repercussions as they should be.  As an information worker who is familiar with the perils associated with diminishing privacy, this continuing trend is alarming to say the least.  Believe me when I say that everyone has something to hide. It doesn't have to be anything nefarious, but you know you've got your secrets and you're entitled to keep them.  

So, in the spirit of learning how to protect one’s privacy online, it seems vital to both define privacy and understand why it is important.  Privacy, of course, has an entry in every dictionary and general-purpose encyclopedia, so I won’t pull the grade-school stunt of padding my essay with it.  Beyond privacy’s codified definition, I think it is to many a subjective term, meaning different things to different people, usually based on their life experiences. I define privacy as the reasonable expectation that such personal information, opinions, and actions as I choose will be known only to myself and those parties I expressly designate. As far as definitions for privacy go, I feel confident mine is relatively universal, but you should give the below video from the American Library Association a viewing to understand how other people feel about it.  Afterwards, take some time to formulate your own expectation of privacy so you know precisely when it is threatened.  

 

Choose Privacy Week Video from 20K Films on Vimeo.

Please understand that Privacy, however, does have an absolute definition, and it is critical we do our best to adhere to it. Drifting too far puts us in danger of losing it altogether. A changing concept is not necessarily an evolving concept.     

Why Online Privacy Is Important
You might be able to come to some understanding of what privacy means to you but still not understand exactly why it is important. That’s somewhat paradoxical, I realize, but as I stated previously it is a position I remember finding myself in during a past life, and I imagine others find or have found themselves in similar circumstances. If you are such individual, consider just a few of the reasons online privacy is so very precious.

  • Online activities let us flex our identities beyond what our normal day-to-day “real world” lives allow.  Perhaps you enjoy a particular type of media, from books to music to film to videogames, that is frowned upon by your family and/or community.  You could advocate anonymously for a cause you believe in strongly that, again, runs counter to what the people you associate with believe in. You could find yourself in any manner of identity crisis and look to others online for help when none is available to you locally. The Internet allows us to spread our wings and more completely explore ourselves, our interests, and our beliefs.  
  • Many employers are checking the social media of potential hires for indications of behavior that might throw up any red flags. That one lone picture of you with your friends doing shots at party that you forget to restrict only to acquaintances could land you in world of hurt when looking for a job.  
  • Again referring to social media, including networks like Facebook and Twitter as well as personal blogs, once you’ve posted something, it’s there to stay.  You can fool yourself and hit the delete button as many times as you like, but for those who know how to look, the data is there permanently. You might not be terribly alarmed by that in the present. After all, many people try to sculpt an online persona for themselves that they believe truly represents who they are and what they believe. But people change and circumstances change, often radically, and what once was an online identity you were proud of might later be not only humiliating but even threatening in one manner or another.  
  • Unwarranted government electronic surveillance has increased dramatically, practically unchecked, in the past decade as criminals turn to the Internet for communications. It’s easy to let this lull you into a false sense of security, particularly if you’re of the mindset “It’s okay. I’ve got nothing to hide,” but it’s about as far from okay as possible.  Current headlines such as “Obama Administration Secretly Obtains Phone Records of AP Journalists,”“FBI Claims Right to Read Your E-mail, Just Like Other Federal Agencies,” “Buried in Immigration Reform Bill, a Plan to Create a National Photo Database,” and “U.S. to Let Spy Agencies Scour Americans' Finances” demonstrate that it really isn’t paranoia if someone is actually watching you.
  • Or, maybe you don’t need a reason and you just don’t want people you don’t know butting into your personal business, which, as far as I’m concerned, is the most valid reason of all.  

As I wrote above, privacy is not a given and must be controlled by you as much as is possible. We can’t control everything about our privacy any more than we can control absolutely every detail of our lives. Everything about us is chaotic, but some measure of order can be brought to that chaos. The question is, exactly how much control do you want to exercise? Privacy in our Internet-driven world is actually a kind of currency, though not one we’re always aware we’re spending. Controlling your privacy has more to do with awareness of who knows what about you and how they know it rather than trying to cut yourself off from the world entirely. It’s the lack of knowledge about who is getting your data and how that really engenders fear. So, let’s start by finding out a little bit about yourself.  

Searching for Yourself
A fun and scary pastime is Googling yourself. You’ll get varying amounts of information about yourself depending on how publicly you live your life online. Try searching by your full name, your nickname or an online handle you frequently use. Put your search in quotes to get more precise results, though a general search will bring up more hits overall. Try it both ways.  If you’re a frequent blogger or commenter on forum threads, news sites, and other public arenas, you’ll likely find more about yourself. And the picture that information paints may not always be one that you’d like others to have!  If you make your social network profile discoverable by search engine, make sure that the information you share publicly reflects well upon your character.  Remember the golden rule of controlling your online privacy: do not publish anything anywhere that you do not want others to get their hands on, no matter how “private” you might think that information is. Once it’s on the Internet, it’s there to stay and someone can find it.  

Googling yourself will usually only display the information you or others share about you.  But there are other, more thorough ways to find what information about you is circulating through the net. We live in the age of Big Data, when absolutely everything about us is recorded, indexed, and sold on the open market. Companies you’ve never heard of are collecting an alarming amount of information about us without our consent and it is, well, mostly legal, but certainly immoral. This isn’t the kind of information that a simple Google search is going to reveal.  We’re talking about conspiracy theory-inducing information collection that you need the right tools to access.  Well, here are two you can try right now.  I’m warning you, though: get ready to be scared.  

If you’re a member of the Central Rappahannock Regional Library (free to residents of Fredericksburg, Spotsylvania, Stafford, and Westmoreland Virginia!) go to librarypoint.org/research for a comprehensive listing of all the databases the library provides access to for free. Scroll down to the entry for Reference USA and click the link. When doing this from home you’ll need to input either your CRRL library card number or a 10-digit telephone number on file with the library.  Reference USA is a comprehensive listing of U.S. businesses, whitepages, health care, and, eerily, consumers and lifestyles.  Go ahead and click this last option.  Put in your name, city (Fredericksburg is abbreviated, or maybe mispelled, “Fredericksbrg”) and state and select your exact name and address from the results.  Everything about you from the latest U.S. census is there, along with your shopping habits (though online shopping habits don’t seem to be cataloged here—yet).  

That’ll give you a very small idea of what information about you is available online.  Now let’s get an idea of who is collecting information about you. Go to safeshepherd.com and sign up for a free account. You’ll have to give them some basic information about yourself, including your age and address—nothing out of the ordinary.  They will cross-check your information against a large database of data-mining companies and the number of positive hits will frighten you.  Safe Shepherd shows you exactly which companies are tracking you so that if you want you can go to their sites and try to suss a way to opt-out of their information gathering practices, but most of them don’t make it easy. Fortunately, Safe Shepherd has free guides for doing this with several such sites!  But if you want them to do this for you, Safe Shepherd offers a $13.95/month plan that will automate this process for you with every such company and continually monitor your information for further privacy breaches, as well as monitor your information on social networks. You can keep your subscription going continuously or join for a single month at a time to wipe out your information when it seems to be gathering en masse again, as I have done.  Don’t fool yourself. This won’t scrub you clean from the Internet—that’s impossible—but it’s a step in the right direction.  

Next up, I'll discuss a few of the many ways your online privacy can be threatened and how you can take action.  

Privacy Policies
Each Web service you join should have an up-to-date privacy policy within plain view, particularly when you’re signing up. If it doesn't, think twice about joining. I know it’s a lot of information to look through and most of us just click right through it, but we shouldn’t. Rare is the site that doesn’t collect some kind of information about us—as I said, just being online is one of the greatest threats to our privacy.  But this doesn’t mean we’re going to stop using the Internet, so it is absolutely vital to know what info sites are gathering about us—not necessarily to scare us away, but to stop us from sharing any information we don’t want them to have access to. And, not that I'd encourage you to lie, but on the Internet no one has to know you're a dog . . . .

Anonymous Web Browsing
Let’s talk next about becoming anonymous with your Internet activity. As I wrote above, the Internet activity associated with your IP address is logged and potentially open to government scrutiny. Some argue that if you’re using a home wifi connection the best way to make your Internet usage anonymous is to make your network open for anyone in the vicinity to use since there would be no way to prove that any Web activity in question was actually generated by you, but that is, to put it gently, stupid. You're responsible for any network you run, not to mention that doing this is a huge security risk if your computer isn’t correctly secured against intrusion and, of course, it’s no protection against being pulled into court for an online crime you didn’t commit. Even if nothing can be proved, going to court by itself can be as damning as actually being convicted of something.  

Also, don’t think that clearing your browser history or using what is referred to as “private mode” in many modern Web browsers is doing anything to protect your privacy anywhere except at home, and even then, not very well. Your network activity is still being logged by your ISP, and, if you’re using a wireless router at home on default settings, it is also likely keeping a log of what you do.  

A better solution is to use the TOR Web browser.  TOR is an anonymizing service that passes your Web traffic through several open servers throughout the Internet so that when your Web page request reaches its destination, it is nearly impossible to tell where the request originated from. TOR blocks most plug-ins, such as Flash, since they collect their own information about your activity independent of the Web browser they’re running in. Using TOR is also slow, since your traffic is passed through several servers, so you’re not going to be using it to download huge files, such as audio, video, and software.  No, TOR’s true usefulness lies in anonymizing what information you seek and blocking monitoring of where you go. TOR is a free, open-source project and an easy-to-use version of it can be downloaded from https://www.torproject.org/download/download-easy.html.en. TOR also has a list of recommendations for using their software at https://www.torproject.org/download/download-easy.html.en#warning. TOR has been used by activists, journalists, government agencies, and more to securely access the Web, and it can work for you, too.  TOR can protect your online activities, but for those actively trying to monitor you, they can see that you are using TOR, though not what you’re using it for.  

Email
Next up, email.  If you use any sort of free, publicly-accessible email services, such as Yahoo, Outlook, or Gmail in particular, your communications are vulnerable to many threats, especially government snooping.  Fortunately for you, there are many methods of encrypting your sensitive emails. For Gmail, read this article by ComputerWorld writer Darlene Storm. Yahoo has recently (finally) announced that they’re joining the gang and encrypting email transmissions with the HTTPS protocol, but that only protects emails from being intercepted en route to the recipient. Once the message has been delivered, you’re at the mercy of the addressee’s security measures. Users of both Yahoo and Outlook webmail, try the Mailvelope extension for the Google Chrome browser.  That addresses message encryption, but let’s say you don’t want to go to the trouble. That’s understandable, but if you’re a Gmail user, your email is still being scanned by Google software to personalize the ads you see when using Gmail.  If you want truly encrypted and snooping-free email, you need to sign-up for a service called HushMail which both encrypts your messages and does not scan them for targeted-ad services.  

Social Networks
Of course, you can make your email NSA-secure, but if you use social networks for messaging, you might as well not have tried in the first place. Social networks like Facebook are huge privacy offenders, not only because their very purpose is to transmit your personal information to the public, but because Facebook is constantly changing its privacy controls to the extent that after each redesign users are never completely certain how protected their data is or how to re-protect it. Every time there is a Facebook redesign, you should do a Google search for how their new privacy controls work and ensure that the data you choose is still private.  Current privacy control help for Facebook can be found here. And here are Twitter’s privacy controls. A Google search of your favorite social network and “privacy controls” will usually turn up all the documentation you need. Just be mindful of how current the information is. With all this in mind, I should note that even the term privacy "control" is misleading since you can only control your data to the degree Facebook allows. The only true, ironclad control you really have is not to post information at all.

***Even if you properly employ privacy controls, social networks’ consistent place in the news headlines regarding privacy violations paints an overall picture of systems and companies that cannot be trusted.***  

This is troubling news, as I believe we’ve moved into a period where a lack of any kind of social presence can raise as many concerns with potential employers, potentials friends, and even the government as an overly-active and all-telling social profile can. As I stated at the beginning of this article, privacy is something we need to claim for ourselves, so take responsibility for and control of what you share online. It can’t be found if you didn’t share it!  

Encrypting Local Storage
The first, best way to protect your files is to keep them local and make sure your computer is protected with a strong password.  A follow-up step you can take is encrypting your files so that even if someone breaks into your computer, either remotely or locally, they won’t be able to retrieve those files you choose to protect.  My favorite method for doing this is to use a simple but powerful utility called TrueCrypt. Free and open-source, TrueCrypt is easy for crypto novices to use but packs a punch for power users (forgive the alliteration). Follow this simple tutorial to start encrypting your sensitive files right away!

Cloud Storage
External USB hard drives are cheap.  Why, “back in my day” I remember when a 16-megabyte stick of RAM cost upwards of $200. These days you can get portable hard drives sporting, oh, 63,000 times as much storage for $50, less if you look for sales, and you can bet storage prices will continue to tumble. So it must take a hugely convenience-driven society to turn its back on these cheap 5oz pieces of plastic with massive amounts of storage in favor of cloud storage!

Oh, the hypocrisy—I LOVE my Dropbox service, it makes sharing my files across all my devices, including computers, tablets, and smartphones (yes, all of those are indeed plural) mind-bogglingly easy.  But I don’t fool myself into thinking that the files I store there are private.  Cloud storage services like SpiderOak and MEGA promise total privacy and I’m sure they do work hard toward that goal, but it is something they simply cannot guarantee. It’s like sharing personal information online. Once your files have left your own computer and been stored in off-site servers, there are exactly zero ways it guarantees its safety or tracks where, precisely, it is being stored. All it takes is one rogue employee with an external hard drive or a particularly skilled hacker to steal your files.

Am I saying don’t use these services?  Heck, no!  I think they’re fabulous and, again, I’m sure they do the best they can to keep your data private, so unless you go around sharing your login credentials with every Tom, Dick, and Harry, you can assume a reasonable amount of safety—certainly more than social networks will guarantee.  However, if you’re going to be storing anything truly sensitive in the cloud—let’s say financial information, tax information, legal documents, etc.—please encrypt that data using TrueCrypt as described in the previous section. This way, even if your cloud storage is compromised your truly sensitive data will remain protected.  

App Privacy
It would be a horrible offense to simply say that smartphones are great. As far as I’m concerned, their convenience and utility is unmatched. But the privilege of carrying around these portable computers that are always connected to the Internet and often connected to GPS satellites comes at the expense of our privacy.  Never mind that these factors alone make them a privacy advocate’s nightmare, as they make you vulnerable to surveillance by your phone provider, the government, and hackers with the skills to remotely break into your phone (and yes, they’re out there, just ask Scarlett Johansson), but a larger threat looms in the form of apps.  

You know, apps weren’t an original part of the iPhone mission.  It’s hard to imagine that Steve Jobs initially wanted nothing to do with iPhone software that wasn’t directly controlled by Apple. Clearly he was persuaded otherwise and the “app” was born. And the “app” is one of the worst things to happen to your privacy.  

It outrages me how much of your personal information apps can potentially gain. Think about it: on your smartphone (or tablet) live your contacts, your social networks, your pictures, your location, and more. Now, traditional computer software very rarely needed or asked for access to this kind of information. These days, it’s almost a given that your apps will access your information to one degree or another. Of course, this is partly due to the fact that the ability to take virtually unlimited pictures, social networks, affordable GPS tracking, AND smartphones all grew up together in the last decade, so traditional software never really had the opportunity to access such information until now. And with the app-heavy Windows 8 stumbling after Apple and Google’s, ah, “progress” on this front, desktop computers running this operating system are also under suspicion. Suffice it to say, you can trust your technology less than you ever could before.  

Think I’m being paranoid? Read over this Wall Street Journal article on the topic of iPhone and Android app privacy offenses and tell me otherwise. This is yet another instance of trading your privacy for the sake of convenience, particularly where location services are concerned.  That’s not entirely a bad thing. Apps like UrbanSpoon, FourSquare, Yelp, and even Google Maps are obviously enriched by the use of location services. If you look closely at the article, what you’ll find disturbing is the number of these apps that transmit such data to third parties for marketing purposes—another instance of out-of-control Big Data.  

So, how do you control this?  A lot of the time, you can’t, but there are steps you can take to minimize the challenges to your privacy these apps impose.  For iPhone users, you must be running the latest version of the phone’s operating system, currently iOS 6.  If you own an iPhone 3G or the first iPhone, this isn’t an option for you, but on the other hand, the latest versions of most of the offending apps won’t run on your phone anyway; iPhone 3GS, 4, 4S, and 5 users definitely need to update their operating systems, so here are some directions on how to do that. Once your iPhone is updated, go the Settings app and tap on the option for Privacy.  You’ll see options for “Location Services,”,“Contacts,” “Calendars,” “Reminders,” “Photos,” “Bluetooth Sharing,” “Facebook,” and “Twitter.”  The number one option you should be concerned with is “Location Services.” If you’re not a frequent user of apps that feed on such information, turn it off.  Then tap on each of the following categories of shareable information to see which apps have access to what. You can enable or disable each app’s access to said information, so if you feel an app is violating your privacy at all, then disable its access. You should be aware that doing so may disable some apps’ ability to function properly, but that’s the trade you make.  

How about Android users?  Well, as much as I hate to admit it, big fan of Android that I am, it lags way behind iPhone in terms of your ability to control your privacy. When you install any app in Android, you’ll be shown a list of “permissions” the app has, meaning what information it will have access to once installed.  It’s very up-front about this, but that’s where the niceties end. Unlike iPhone, you have zero control over what personal information an app can access. If you’re not comfortable with the permissions you’ll be granting an app before installing it, then don’t install it, but it’s all-or-nothing when it comes to Android apps and your privacy. Sometimes we forget to check the permissions before installing or we’ve forgotten what they are since installing or maybe they've changed with an update; in that case, install the free Android app “Permissions.”  It will display a comprehensive list of all the permissions Android can grant to apps and which apps take advantage of them.  Most of them are harmless or required by the Android operating system itself for the device to even run, but those permissions that might be cause for concern are marked in red and you should ask yourself if it is worth it to keep them around.  

If you’re truly concerned about your Android app privacy, you’ll need to “root” your device (do a Google search for your device and add the word “rooting”) and install an utility such as “Permissions Denied” to actively control an app’s permissions. However, rooting your device is a risky proposition, as attempting to do so without any knowledge of exactly what you are doing can lead to disabling the device all together, never mind the fact that rooting voids most warranties. And if you pull it off successfully, denying apps certain permissions can cause them to stop working.  I’m very disappointed in Google’s supposedly “open” operating system and its failure to address this issue as Apple has.  

I don’t expect many of you are Windows 8 users, but for those unlucky enough to be, here are directions for controlling app permissions for that system.

State Surveillance  
I won’t get into a debate on the merits and dangers of government electronic surveillance. It is far too nuanced and polarizing a topic for a simple blog entry. Here’s what you need to know, and it’s not a matter of perspective or ideology. It’s a fact: our governments do spy on us online. How you feel about that is another discussion altogether and you can probably glean my opinion on the matter based on everything else I’ve written, but that’s not the point.  It is a matter which should not be taken lightly or at face value, regardless of your opinion. You need to stay informed of what’s going on. To this end, I must refer you to the Electronic Frontier Foundation’s Surveillance & Human Rights project. If knowledge is power, ignorance is weakness, not bliss.

And Beyond . . .
Over the last several thousands of words I’ve but dipped my toe in the topic of online privacy, and I wanted to write so much more about privacy in other realms, but then this blog entry would have turned into a book, and, as a librarian, I obviously wouldn’t want to inflict a book on you!  As I say my goodbyes, let me ask you to remain vigilant on the topic of online privacy.  Here are some sites and blogs to keep an eye on:

Your local library is an advocate for your privacy.  If you ever need more information on the topic, please contact us with questions or requests for materials.  

What can you take away from all this? Bottom line?

  • Know what privacy is.
  • Don't take your privacy for granted—fight for it every day.
  • Don't assume anything you say or do online is private.
  • If you don't want something known, don't share it.
  • Stay informed.