Privacy online for authors (and ordinary entities)
Online privacy sometimes seems a bit like the Fountain of Youth: everyone wants a piece, and no-one really knows how to get there because it’s at least partly alchemy.
We’re coming up on Data Privacy Day, so here are a few really-to-relatively simple things you can do, as an absolutely standard-model human being, optionally one who writes, to improve your online privacy without doing anything drastic, like trying to delete your online footprint. No mermaid tears required.
Disclosure: Who died and elected me privacy god? I work in data privacy and compliance, BUT nothing I say here represents the company I work for.
The concept of TANSTAAFL, first
For them as haven’t read their Heinlein, I’m going to introduce you to a really key concept around ‘free’ services (online or anywhere else).
That concept is TANSTAAFL (There Ain’t No Such Thing As A Free Lunch). Facebook is not free. Facebook is suctioning up your data and selling to anyone who’ll pay. That airport ‘free’ WiFi is not free for broadly similar reasons.
‘Free’ apps that promise to give you marvelous selfie filters and want access to your location, your contacts, and everything else? Nope! They’re not free either. You’re just paying them in data – yours, and if you give them access to that coveted Contacts list, your friends’ data, as well.
Get a VPN
Yes, really. A VPN (virtual private network) basically gives data moving to and from your device Star Trek shields as far as the unauthorised are concerned. It’s the go-to for some additional privacy online.
In slightly more technical terms, it encrypts your data. It slows data transmission down slightly, which is why people with slow Internet to begin with aren’t huge converts to VPN, but it means that no one can see what you’re up to. This is especially worth it in situations like mobile phones and those oh-so-tempting ‘free’ WiFis in cafes and airports. Put a VPN from a reputable provider on your cell phone. Put it on your home computer. Put it on your tablet.
Techradar’s Top 10 VPN services (I personally disagree with the inclusion of NordVPN, which had a breach a few months back, but I guess there’s nothing like publicly-bitten, really paranoid thereafter…)
You don’t have to give up Netflix or Fitbit. Better VPNs work with Netflix, and if you don’t want to shell out but do want Netflix, you can take the dumb-but-practical route and switch the thing off while you binge on The Witcher. Fitbit throws the occasional shit-fit about VPNs, but switching regions is a simple fix that takes all of a few seconds.
Use Multi-factor Authentication
Also known as two-factor authentication, 2FA, MFA…just for the love of all the squishy, squirmy deities, DO NOT use the text message option for 2FA unless there really is nothing else. (Reason: SIM card jacking, among others.)
Basically, humans are fallible. If you can remember a password, someone else can break it. If you happen to be dumb enough to use login: admin, password: admin, you end up shelling out billions in ‘we fucked up’ money. Multi-factor auth means that someone needs your login, your password, AND something else (that’s where that ‘multi’ comes in).
MFA comes in many forms. You can use an app on your phone, like Google Authenticator. You can buy a physical key, like a Yubikey. Your fingerprint can form a part of MFA. It can, gods help us all, be a text message with a code in it.
Because MFA is an extra step in the login process, a lot of people moan about it. Feel free to moan all you want, just use it. Use the method that makes the most sense for you, that takes the least time and effort (for me, that’s my phone and Google Auth. For you, it may be a Yubikey on your keyring. Whatever blows your skirt up).
Get a password manager
You remember how, just up above, I said humans are fallible, and if you can remember it, someone else can break it? Yeah, that. Well, newsflash, that 123qwerty password isn’t secure. Keeping your super-hard-to-remember password on a Post-It under your keyboard isn’t secure. Keeping an Excel sheet on your desktop with your logins and passwords isn’t secure. Setting all your favourite shopping sites to keep you logged in until the world ends, no, is not secure.
But remembering all those symbols and numbers and upper and lower case passwords is hard! Yes, it is. Sometimes adulting sucks. Sometimes, you can find a really easy easy way around the suckage. Password managers are suck-avoidance. A lot also offer a ‘free’ option. (Yes, I do remember what I said about TANSTAAFL.)
A semi-decent variant, like LastPass, will plug into your browser of choice, have an app, let you add logins and passwords, auto-launch sites for you, generate secure passwords, and auto-update your settings when you change a password.
A password manager, effectively, means you need one decent password that you put the brain sweat into remembering, and use MFA with it, and the password manager manages all the rest of them. Awesome, right?
Don’t auto-accept cookies
…most places in the first world, with the exception of the USA, have laws that say you aren’t obliged to. Large companies, for the most part, aren’t big fans of those laws, which is why when you go hunting in ‘select options’ in cookie banners (assuming there even is an option to select or decline), you’ll often have to dig down to find the options, or decline with each third party site individually. (Hint: a lot of those companies will have hidden any options they offer equally thoroughly.)
WTF are cookies anyway? Cookies are tiny files (we’re talking bytes here, not MB), that a site drops on your device. Some of them are harmless, the equivalent of ‘we want to remember you prefer the French-language site so you don’t have to tell us every time’. Some of them sit there and do nasty things like tell every other site you land on where you’ve been, what you did, what you’re interested in buying today (ever wondered how you can look at a new kitchen whisk on Amazon and get hit with adverts for domestic appliances everywhere for the next six months? That ain’t alchemy either).
So now we’ve covered why companies aren’t keen on laws that say they shouldn’t track you and market shit to you without your actual consent…how do you exercise those anti-cookie rights? Well, unfortunately, cookies are such an established part of the internet that in a lot of cases, and especially if you deal with a lot of US sites outside California, the answer is ‘you can’t’. In the EEA, companies are obliged to provide you specific information about what cookies they want to place and get your active, specific, and informed consent to any marketing cookies. A lot of them don’t, either because they’re trying to figure out how, can’t afford a good solution, or just don’t want to and hope they don’t get a DPA land on them before they get set up.
Three simple things you can do that will help:
- Use incognito browsing. You’ll encounter a lot of shrieking from sites that can’t identify you on sight, but that can be educational too.
- Delete your cookies periodically (say, at least once a week, if you can’t be bothered to do it after each online session. There’s security consciousness and there’s masochism…)
- There’s a browser app called Consent-O-Matic developed by a team of privacy researchers in Denmark (after they found out all about the shadier cookie practices out there), where you install it, tell it you want to let people see which pages you spend time on and don’t want to be tracked by online advertisers for the rest of your life, (for example) and when it comes across a cookie tool it can handshake with, it sets those options for you. I recommend it.
That’s all, folks…
So, hopefully I’ve now scared the shit out of you and you’re off to investigate the wonderful options for trying to keep people from peering through your online windows. It’s a brave new world.
The good news is, 107 of the world’s 210(ish) officially recognised countries already have some form of privacy law in place as of 2019, and more are looking into one, so things are improving. We’re just in that lovely Twilight Zone where legislators take a couple of years to consult, draft, and pass laws protecting you, and a good hacker team can get into a system in under 18 minutes (yes, that’s minutes, with an ‘m’.)
In case after reading all that you feel in need a good, solid dose of escapism (here’s the TANSTAAFL in action part) – my sci-fi box set is on Kindle Unlimited, featuring interstellar mercenary cults, pretzel politics, and enough dirty fighting to bring a tear to your eye. Fund a starving author to write more escapism.