As technology extends further into our personal lives, so do the reaches of the hackers and businesses profiting from it. Is your online privacy really that private?
The Smart Girl’s Guide to Privacy (No Starch Press, 2015) by Violet Blue is here to help girls (and guys) navigate the whirlwind of social media, online dating and smartphones that can make life a dream—or a nightmare. For every trustworthy website, there are countless bullies and scam artists who would harvest your personal information for their own purposes. But you can fight back, right now.
To find more books that pique our interest, visit the Utne Reader Bookshelf.
You’d be surprised by how far one creep or criminal can get with your phone number. It’s hard to believe that one little thing can cause so much trouble, but keeping your private life under wraps comes down to controlling certain pieces of information as much as you possibly can. You’re about to find out exactly what information I’m talking about and how to protect all of it.
It’s really important to safeguard pieces of personally identifying information, like your phone number, online. Social media and advertising companies are continually compiling dossiers on you, trying to match information across services and devices in order to piece together the most complete profile they can. The more complete the info, the more valuable it is when they sell it to and trade it with third parties. From these third parties, your private information becomes public in people-search databases. As if this weren’t bad enough, malicious hackers look for clues to your private information in everything you do online.
The armor you build around that identifying information protects every aspect of your privacy. Of course, what you do in private or choose to share with friends is your own business. But if you want to be confident that your information remains personal, only share identifying info with people you trust.
For example, if you enjoy sex or explore aspects of your sexual identity using technology, that experience should belong to you. Only you should get to decide whether it was a good or bad thing to do. Sexuality is one of the most important ways in which we identify, establish, and maintain our boundaries. Just as importantly, you should get to decide if that experience (whether it’s sharing intimate photos, talking dirty on the phone or via voice chat, sexting, having any kind of online sex, or just disclosing something on a sexual topic) gets shared with anyone else. Personal information and experiences should be private and under your control, unless you decide otherwise. If you do decide to share that information, you should know exactly what you’re agreeing to.
Private exploration, sexual and otherwise, is something we do to better understand ourselves. We experiment with different ideas about who we are and different ways of expressing our identities. Sometimes, we may even play around with being something (or someone) that we’re not like at all in the real world. Private spaces are where we get to safely figure out who we are.
Privacy is critical to being able to decide what you like, discover what feels right and wrong for yourself, and find and keep your boundaries. That’s just the truth and always has been. What’s changed is the role technology plays in our private experiences. If you have a sexual moment in your room, that moment is still all yours unless you choose to share it. But when you have a private moment or experience online, you’re taking a risk with your privacy.
Until the online revolution, our private spaces for exploration were our bedrooms and bathrooms, our homes, our phone calls, and our inner fantasy worlds. Now, those spaces can include texts, emails, photos, videos, and direct messages to trusted friends or family members. Online, private spaces include email inboxes, chat rooms, Internet Relay Chat (IRC), social media profiles, non-public messaging systems (Twitter direct messages [DMs], Facebook chat), dating websites, message boards, and all the places where your personal information resides. But those spaces are only private if you can really trust the people you share that information with.
For example, if you send or communicate something private while at work, at school, or even on Facebook, it might not be private because it might not actually be “yours” anymore—legally and, to some degree, practically speaking. The places where you experience private time online and on your phone are usually watched and monitored by the companies who host those services, too.
The problem is that not everyone understands or agrees on what constitutes a private space online, and some people don’t know what information they need to protect and keep private. Even one piece of private information can unlock a trail that will expose most, if not all, of the other information it’s attached to.
No one has a clear idea about which systems can be trusted completely, which systems should never be trusted, and which systems to watch very carefully. Worse, many online companies, including some of the big ones you’d think you could trust, have made it their business to take advantage of that confusion and misplaced trust by leveraging privacy laws that are way behind the times to collect, sell, and trade your private information as data, in their databases. That’s a problem because it takes away your control over things that could expose or hurt you, like your identifying information and metadata (detailed background information on you) that these companies collect when you use their services. The sad fact is that these companies care about their bottom lines and their corporate advertisers more than they do about you as a consumer, so don’t believe otherwise for a minute. Companies like Twitter, Google, and Facebook need to convince you to share your private information because their advertisers “need” access to what rightfully belongs to you.
But you have a choice, and it’s not your job to keep corporations wealthy by empowering them to invade your personal space. Your private information and activities should remain private, including all of the following:
• What you say or express in private chat or direct messages
• What you say or express in emails
• What you say or express on the phone
• What you say or express in your personal relationships
• Your text messages
• Personal photos that you share
• Your activity on dating websites
• Information related to your sexual activities and sexual orientation
• Information related to your health and medical records, including searches, doctor visits, and associated communications
• Information related to your gender identity
• Time you spend doing things that you want to keep to yourself
• Anything you keep in private files on your computer or phone
Next, I’ll explain what information you should watch most closely and how to ensure that your private activities stay private.
Lots of things tempt us to give up our email address, phone number, physical address, ZIP code, and so on—sometimes harmlessly.
The information you should guard most closely is your personally identifying information (PII), or just personal information. Even a few pieces of PII can be used to identify, contact, or locate you, allowing malicious people to attack you, stalkers to find you, and entities to get more information about you than you want to share. Companies like Facebook and Google use your PII for profit. Don’t just give it away.
The following sections list what you should consider personal information, and each is named after a stoplight color so you can see which items are critical. The items on the red alert list can be used directly against you, and you should never give out or share these with any person, company, app, or website that you don’t know or trust. The yellow alert list contains items that you should be very careful with because malicious hackers and stalkers can use them, but they can’t hurt you with this information unless they have other pieces of information, too.
If anyone or any company asks for any of the items on your red or yellow lists, be on guard. But don’t freak out if you’ve already given these things to other companies, no matter how shady they are. Even when things go screwy, it’s almost never too late.
Everything in this section can be used to directly hurt or harm you, steal your identity, make you physically unsafe, threaten or expose your loved ones, steal your money, or access your online accounts. DON’T give this information out, and DON’T publish it online. DO keep close track of where it has been seen and who knows about it.
Red alert items can’t be changed (or are very hard to change) if something goes wrong, so you should watch what happens with everything on this list like a mama hawk:
• Real, full (family) name
• Address of your home, workplace, or school
• Social Security number
• Government ID numbers (driver’s license number and passport number)
• Date and place of birth
• Biometric information (fingerprints, facial recognition, voice recognition)
• Computer’s IP address (a unique number that identifies your computer on the Internet)
• Specific location (geolocation numbers, like those from your phone or in tagged photos)
• Credit and debit card numbers, security codes, and expiration dates
• Bank account numbers
• Answers to common security questions
Let’s talk for a moment about those answers to common security questions. These can include your pet’s name, your mother’s maiden name, the city you were born in, and often other things that are easy to guess or dig up on your Facebook profile. A million years ago, when Paris Hilton’s phone was hacked, the intruder reset her phone’s password by getting one security question correct: her dog’s name, which was findable on every gossip site in the world.
Note: Credit card and bank account numbers are on the red list because while they can be changed, you can usually change them only after there has been a problem. Passwords can also be changed, but anyone who has them also has access to much of your red list information.
Yellow items can be used with other information to harm you, so avoid giving them out unless you trust the people or companies you share them with. If you choose to share them, keep a close eye on where they appear and who can see them.
Some yellow items can be changed if your personal information falls into evil hands, but changing them isn’t easy:
• Name you use day to day, if different from your legal name
• Primary screen name(s)
• Email address (if it’s not public)
• Telephone number
• Race, sexual orientation, and gender
• Mailing address (if it’s different from your residence; otherwise it’s red)
• Country, state, and city of residence
• ZIP code (or postal code)
• Google Voice number
Fortunately, you can make dummy versions of yellow items to use when you don’t trust an app, website, social network, or person. Google Voice is on this list because if it’s linked to your cell phone number, getting locked out of your Google account means that you’ll be locked out of both numbers.
Note: Even if yellow items are revealed to bad entities, they still won’t sink your ship.
If the red and yellow items seem like a lot to manage, or some of the items have already ended up “out there,” don’t worry. I’ll show you how to fix and recover from those big and small privacy mistakes and how to manage your privacy easily going forward.
Items on your green list are okay to share. This list includes information about you that can’t be used to hurt you or that’s a dummy version of the real thing. For instance, if the numbers of your single-use credit card are stolen, you’ll only lose the amount on the card. That’s way better than losing a real credit card, which is tied to your credit score and often various online accounts and could cause a big headache.Here are some examples of green items:
• Secondary screen names or account names (say, a throwaway email address that forwards to your primary address)
• Mailing address or PO box
• Digital, online phone number, such as a Skype number
• Email addresses that are not linked to a vital service, such as your bank account
• Photos and videos that don’t embarrass you or reveal private information
• Social media profiles on sites where you’re confident you understand the privacy settings
• General likes, favorites, and things you enjoy sharing on social media sites
• Single-use or gift credit cards
Apply the red, yellow, and green system to apps and online accounts to judge them for safety. An online account or app that asks for red information gets a red grade. If an app asks for a lot of red or yellow information but doesn’t actually require that information in order to function, same thing: the site, account, or app is high risk. Even if it has the best security team in the world, it still gets the red or yellow rating because if it gets attacked, you’re in more trouble (and have to do more post-attack cleanup in your life) than with a green app or account.
As a rule, don’t give out personally identifying information too readily. If you wouldn’t give some bus driver or a creepy mall cop your home address and phone number, remember that just because websites ask for (or demand) personal info doesn’t mean you have to give it to them. And you can often give fake information to get to the next screen.
Of course, you have to give real billing information when you buy things, but if you’re registering with a free site that feels like it’s getting too nosy about your business, give it fake information. You’re not breaking any law under the sun if you do that. Just don’t use someone else’s real address; you’ll definitely get in trouble for that.
Don’t be fooled by websites that offer some sort of reward or prize in exchange for your contact information or other personal details. Usually, your name, browser and computer information, and email address are worth much more to them than whatever they’re offering you because they can sell your information to other marketers, who will also resell it. You won’t win an iPad, but the marketer will win a few more bucks if you give them your information. And female data sets are always worth more on the market than male ones, because women usually make more buying decisions and spend more money than men.
A couple more things: avoid sending highly personal email to mailing lists and keep sensitive files only on your home computer. Your workplace or school is legally monitoring your Internet use and email on its network, so don’t do anything private or sensitive in nature (like banking) on a work or school network. In most countries, employees have little if any privacy protection from monitoring by employers.
Reprinted with permission from The Smart Girl’s Guide to Privacy by Violet Blue and published by No Starch Press, 2015.