What steps can the average user do to secure their data privacy?
With all of the identity verification laws in the pipeline, data breaches, and government overreach (mandated monitoring in new cars in the US), what steps can the average person take to secure their anonymity and data and device privacy?
I’m a tech-savvy person but nowhere near the level of a great many. It seems like in the face of overwhelming odds, making small changes is only a drop in the bucket. I have all the data encryption settings enabled on my phone, but I use services like Dropbox and rely on it heavily. I’ve always thought that if the product is free, you’re the product…but I pay for Dropbox, so they shouldn’t use my data for training AI (but they likely are). Setting up a personal cloud seems like a daunting task, as is getting involved in any of the small projects that people have going (decentralized networks, mesh…things, P2P, etc). I’ve focused more on securing my home networks recently so my Ubiquiti devices are restricted in what they can access, but I haven’t actually pen-tested my network yet. I have PopOS! installed on my home desktop because I got tired of Windows’ invasive…everything, but ultimately I don’t know what I’m doing.
There’s probably a great many people out there that feel like it’s hopeless to try to do anything because it won’t matter as there’s such a heavy push to invade, restrict, and monetize our digital lives. What can the average person do to take control of our devices and data?
Use websites instead of apps. Even with the granular privacy settings they can gather much more info about you from an app install than from a web page.
Realistically if one is serious about this, you need to at least:
host your own "cloud" storage on a physical server you own yourself (and that you back up regularly with a physical device stored at a different address for things like fire-protection.
Encrypt all traffic between your devices (including your server, two servers if you don't go to back up physically at an offline location for those who like their back-ups that way).
Encrypt all your storage units
Not allow biometric access to any of your devices.
It gets way, way more complicated with online services and leaving data from use. I won't get into that because it's extremely complicated and depends on what services one uses, what data traces on accepts what other entities get and so on.
Even more so if one is to escape cameras in public places and so on.
I'm also sure people have services they "trust", arguments and reasoning for why a lower standard is acceptable to them, or why some technical work-around reders a data-tracking, law enforcement-abiding service somehow outside that scope.
I'd argue that would break with the standards asked for in the OP. The level of convenience you'd have to give up to secure actual anonymity and/or device privacy would leave a life not looking like a 21st century life. That's the reality.
If you don't trust your device to keep your biometrics locally as manufacturers claim, there's no reason to believe you can type passwords into your device securely.
Others can force you to open a device biometrically. Some places that's legal, others not.
That has to do with data security, not privacy as the OP was asking for. Besides, Android and iOS support periodically requiring you to re-authenticate with a master password to unlock biometric support. This gives a good balance between usability and security. Biometrics also give the added security of not requiring you to punch in your password every time you need to use a secure service. Cameras being more and more common, it's potentially riskier to have to type your master password outside of your own home. Biometrics are not necessarily a less secure form of authentication. There is no hard rule that typing is always better than scanning.
If a state actor has ambushed you, captured your device, and is capable of forcing you to scan your biometrics, they are also capable of hitting you with a wrench as in the famous XKCD comic.
It's very hard to maintain privacy without security, so I don't think they're neatly separable concerns.
That xkcd comic is overused IMO. There's a meaningful category of threat modeling where you assume the bad actors are malevolent enough to use restraint but not going to torture you, ie. regular cops and not the CIA or even a random pickpocket who will flash a phone at your face as they run away but won't beat you up in a busy area. In the US a biometric passcode is not as protected and you can be compelled to unlock a device with a fingerprint/face scan as part of a search and they're not going to bust out the wrench for a passcode. Courts in the US hold that forcing a passcode would violate the fifth amendment so there's additional legal protections. As for the periodic requirement to use a master password, that doesn't help very much, police and criminals have tools to keep a device awake indefinitely after one unlock. Better is to know how to put the device into lockdown mode and do that whenever you are in a place likely to involve police or pickpockets.
Having said all that, I think the better approach is biometric on the device itself (and know how to put the device into lockdown mode anyway) and then use individual apps which require a passcode/pin to access ala signals PIN.
PSA — since most people probably don’t know how to do this — on an iPhone you can quickly press the lock button five times to disable FaceID. It’s not something you’ll probably ever need but good to keep in mind just in case. It can be done easily with the phone still in your pocket if you sense things are getting dicey. Less reliably, but if you can’t complete the other step in time, FaceID usually won’t unlock your phone if your eyes are closed.
I don’t have an Android device so I’ll defer to others for the equivalent tips on that platform.
Long press the power button and select Lockdown. You can also restart from there and it'll require the pin upon reboot.
There's also a theft setting where your phone will lock if the phone thinks it has been stolen (idk the parameters) and one where it will lock if it's turned off of all data for a short period of time (which happens if police take your phone.)
I don’t think that’s the concern of the original commenter. You can be physically forced to unlock a phone using biometrics, while you cannot (unless you’re being tortured or extorted) be forced to give up your pin.
As somebody who begrudgingly works for a data broker, let me say this. With whatever civic power you are able to muster, lean on your representatives to enact meaningful and toothy legislation around this.
Nothing gets my company’s ass in gear quite like receiving an email from a resident of California (with proof of residence) requesting that we remove their data from our platform.
Our customers are often banks and government agencies, but also background companies and likely private groups as well - though the data we can legally provide them is a subset of what we have. We have a lot of focus on security but no company is 100% secure and any company is only one successful (now AI-powered) attempt at social engineering away from a breach.
Thank you for bringing up data brokers, which to me is the final boss of making your data private. I've been on a yearlong project to remove my PII from the internet and navigating the web of data brokers with their dark patterns and paywalls is downright bleak.
I'm curious to learn more about this. I've done my fair share of going through opt-out forms (a list available at: https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List), but that's just opt out. How in depth and serious do data brokers take these deletion requests from California residents? Is there a good way to do this in bulk? Lastly, how effective are these requests in stopping future data collections? I want data brokers to treat me like radioactive waste so they wouldn't even touch my data in the future.
Ok so I read through that github page twice and I’m not seeing my company on there anywhere, nor any of the partner companies that we work with that do similar things. I can’t comfortably name my company without removing some of my own anonymity, but we’re not tiny, publicly traded, and yet somehow also not on the list of 500+ data brokers on California’s list. Which I find odd or even legally problematic if I understand the requirement there.
I can’t tell you anything else about the CA resident process we have because I don’t know anything else about it, I just know I’ve heard from people who have worked here a long time that we act quickly on those. They say we take those requests pretty serious, and similarly that if someone contacts us saying they have a stalker or they’re a DV victim and ask for removal, we act fast on those too (maybe needing proof? Maybe not?)
I’m not for sure but I think any other request is just…mostly ignored probably. Since it’s the equivalent of a store handing over some physical goods that they plan to sell but for free just because you asked. Well, financially speaking it’s the same, ethically speaking it’s totally different.
There won’t be meaningful change here until more states (or the whole country) take California’s or the EU’s route. Which I really hope we do one day.
The key thing is to not give up! Privacy Guides (an organisation that, full discourse, I co-founded) published an article about this. It sounds like you're already on the right track - but if you need some help or advice feel free to visit our website: Privacy Guides (hope this isn't too much self promotion!)
I can recommend Cryptomator as a layer that runs on top of Dropbox, securing you from Dropbox accessing data you don't want them to.
Not just Dropbox, quite a number of providers listed here in addition to anything S3- or WebDAV-compatible. Or, you can just encrypt onto your local storage and rclone it anywhere you want.
Check out PrivacyGuides, they have a lot of great information on the topic. It is the go-to resource for most online privacy–related information.
This (and part 2) are newer and less well known resources, but they're more convenient if you need something written in a more step-by-step way.
I hate to say give up, but I don't really see how you can do anything about it. Let's assume you disengage from everything, everyone is still selling everything about you that they can, credit records, property records, renting, mortgages, bank transactions. Unless you want to actually do cash only, and live in a squat or something, it's really hard to have many eyes on a reasonable slice of your life.
This is defeatist and looks at the problem as all or nothing. You can take steps to protect your privacy, and while there will still be gaps in that protection it's better than just leaving everything out in the open. It's a game of layers, and you can choose to do more or less depending on how much energy you have to devote to it. Saying that you might as well do nothing at all is how we get to this point.
I am saying that none of this shit pays for itself. It's not free to live a life worried about this stuff, full of little tech rituals that are so easily bypassed. You may as well keep crystals on top of your computer and charge them every day with incantations. For every hour spent improving your online privacy posture you could have been enjoying your life.
I have multiple yubikeys, self host my own password manager blah blah. Maybe i'm just old, but my phone never stops ringing because one CV had my phone number of it 15 years ago. Multiple credit agencies have been breached with my records on them, my bank force swapping my account to a rewards account, now all my transaction history is fair game according to the t&cs. It's a full time job to try and keep in front of it and you will fail. It's not defeatist to say you can't fly. You've got a better chance of sprouting wings than not having your data bought and sold to the point that you may have well done nothing.
I would rather have expended all that energy somewhere else, possibly in political activism, I dunno.
Theres a few browser settings you could use, imo you know you’re doing it right if some of the notoriously fishy websites like Facebook break.
Most important one I always flip on is the one to clear all cookies and browsing data on close. It logs you out of everything, but persisting logins is super insecure anyway.
At the very least you should pass the EFF's cover your tracks: https://coveryourtracks.eff.org/
You shouldn't. Most modern anti-fingerprinting techniques are actually focused on making your fingerprint unique and different each time so it can't be tied together between sessions, NOT on everyone having the same fingerprint.
A much better test is https://fingerprint.com. If you open it in a private window with a VPN turned on and it still shows the same fingerprint ID, that means your browser is easily trackable.
There’s an os for that too
This isn't really my area, so I'm just asking out of curiosity. Why is persisting a login insecure? Like in which scenarios is that a concern?
I think its not so much a thing any more but used to be ways for websites to piggyback on that persisted login and access the data you were getting with it.
Like if you were logged into fb and had other tabs open.
These days its mostly just like, dont browse porn while you’re logged into anything else cause sometimes youll end up logged into the porn website with your actual Google account or something. So like, if you log out every time you close the browser, you limit what other websites can automatically log you in under Google and know who you are in that way.