This statement was originally published on privacyinternational.org on 7 July 2016.
By Eva Blum-Dumontet
Everyone wants to know what you need to do to be i) happy, ii) fit, iii) secure. And the easier and more list-y it is, the better.
The Guardian recently published an article that left PI's techies sceptical, to say the least. “Extreme online security measures to protect your digital privacy – a guide” offered nine pieces of advice to stay secure online, including covering your house with a few layers of aluminium (!!!).
While there is no one-solution-fits-all when it comes to security and certainly no app or operating system that will make you secure the moment you download it, there are things you can do to protect your privacy. Without further ado, here are our seven moderate online security measures to protect your digital privacy.
1. Fight for your rights
For all the fancy tools you can download, nothing will protect you as well as a strong legal framework and very demanding consumers and citizens. With the Investigatory Powers Bill currently debated at the House of Lords, we in the UK, have many reasons to be concerned: ISPs and mobile network providers will be expected to keep a record of our internet traffic for 12 months, mass surveillance of communication's data will become legal, and both intelligence services and the police will have the right to hack into your devices. And while the IP Bill is unprecedented in the access it grants intelligence services, surveillance laws are being passed all over the world. From the Interception of Postal Packets and Telecommunication Messages Bill in Ghana, to the Prevention of Electronic Crimes Bill in Pakistan and the Digital Economy Bill in Thailand, be prepared to see a bill affecting your right to privacy coming up near you very soon. So before you wrap your house in tinfoil, stand up for your rights.
Be a demanding consumer – ask why your devices are insecure, demand the use of encryption, question companies and governments on why they demand our data, what they do with it, when do they delete it, and what, beyond the bumf in privacy policies, do they really do to fight for us?
2. Threat models matter
There is no one-solution-fits-all when it comes to security. There is no point handing Band-Aids to someone who is having a kidney failure, so before you download the latest 'secure' software, ask yourself the right questions: what are you trying to achieve? What do you need to protect and who do you need to protect it from?
Once you have defined your threat model, find the application that works for you and that mitigates the risks you have identified.
3. There are (not extreme) measures we should take
It's not as exciting as covering your home in tinfoil but there are simple things everyone should do: use a password manager to ensure you create strong passwords and to ensure you never use the same password more than once, never download an attached file that you were not expecting, and avoid clicking the “remind me later” button when your software tells you it needs to be updated.
4. Zero risk does not exist
You can never be 100% secure online. That's why we talk about risk mitigation and not perfect security. If you have extremely sensitive information, keep it offline. Stay off the telephone to have a secure conversation. Don't be seduced by the app of the day; for sensitive conversations, go analogue.
5. VPNs will not save you
The author of the article suggests VPNs (virtual private network) will allow you to browse the web incognito. But let's be clear about what VPNs do and don't do. VPNs allow you to surf the internet from an assumed location. They're great if you want to watch content you can't access in your country, or to conceal your ISP from hackers or government spies. But your VPN provider will still be able to see everything you are doing so effectively you only move from your ISP watching you to your VPN provider watching you. Incognito? Not really.
You also need to look at the legislation of the country your VPN provider is. In the UK for instance, there are data protection laws that protect you and that your ISP has to comply with. If you pick a VPN provider in a country without a strong legal framework you may be doing yourself more harm than good.
6. Stop worrying about Windows
“Don't use Windows” warns the Guardian. Why though? An Apple computer can be just as dangerous as a Windows machine, and as long as you keep all your software updated there is nothing inherently wrong about Windows. In fact, most malware come from people clicking on malicious links, not the security of the operating system. When it comes to security most mistakes come from the users' actions (or inactions) and threats that have not been identified, rather than the technology letting the user down.
7. Keep your friends close and corporations closer
Fight for your rights – your consumer rights. When you are paying money every month to your ISP and mobile network provider, or putting your data into the hands of social network sites and search engines, you should expect them to treat you decently. They should protect you and your rights.
More and more companies are publishing transparency reports where they publically reveal the amount of data they share with governments all over the world. The demands for privacy have also meant that companies like Apple are now offering encryption by default. If you're in the UK you can join us in asking your mobile network providers to oppose police hacking.
For us, the perfect world is where your data is yours for you to control and determine how it is used. This should be the default situation for all people, everywhere. Privacy and security by default is the only way forward for the future to make any sense.