January 27, 2017
Every January, I do a digital tune-up, cleaning up my privacy settings, updating my software and generally trying to upgrade my security. This year, the task feels particularly urgent as we face a world with unprecedented threats to our digital safety.
We are living in an era of widespread hacking and public shaming. Don't like your political rivals? Beg Russia to hack them, and their emails mysteriously show up on Wikileaks. Don't like your ex-spouse? Post a revenge porn video. Don't like your video game opponents? Find their address online and send a SWAT team to their door.
And, of course, the U.S. government has the capability to do even more. It can spy on much of the globe's Internet traffic and has in the past kept tabs on nearly every American's phone calls. Like it or not, we are all combatants in an information war, with our data under constant siege.
So how can ordinary people defend themselves? The truth is you can't defend everything. But you can mitigate threats by reducing how much data you leave exposed for an intruder to grab. Hackers call this minimizing your "attack surface."
The good news is that there are some easy steps you can take to reduce the threat. Here is what I am doing this year:
Every year, I ditch old buggy software that I don't use and update all the software that I do use to its most current version. Exploiting software with known holes is one of the ways that criminals install ransomware – which holds your data hostage until you pay for it to be released. (Read the FBI's tips on avoiding and mitigating ransomware attacks.)
This year, I'm working to lengthen my passwords to at least 10 characters for accounts that I don't care about and to 30 characters for accounts I do care about (email and banking). After all, in 2017, automated software can guess an eight-digit password in less than a day.
Most importantly, don't re-use passwords. You don't have to think of unique passwords yourself 2014 password management software such as 1Password, LastPass will do it for you. EFF technologist Jacob Hoffman-Andrews makes a very good case for password management software being the best defense against a phishing attack. (Phishing is how the email of John Podesta, Hillary Clinton's campaign chairman, got hacked).
The good news is that it's never been easier to send encrypted text messages and make encrypted phone calls on the phone apps Signal and WhatsApp. However, please note that WhatsApp has said it will share users' address books with its parent company, Facebook, unless they opted out of the latest privacy update.
Of course, people who receive your messages can still screenshot and share them without your permission. On Signal you can make it slightly harder for them by setting your messages to disappear after a certain amount of time. In WhatsApp, you can turn off cloud backups of your chats, but you can't be sure if others have done the same.
The websites that you browse are among the most revealing details about you. Until recently, it was hard to protect mobile web surfing, but this year there are a lot of good options for iPhones. You can use privacy protecting standalone web browsers such as Brave or Firefox Focus, or install an add-on such as Purify that will let you browse safely on Safari. In an excess of excitement, I'm currently using all three!
Of course, blocking online tracking also means blocking ads. I hate to deny worthy websites their advertising dollars, but I also think it's unfair for them to sell my data to hundreds of ad tracking companies. Brave is building a controversial system that pays publishers for users' visits, but it remains to be seen if it will work. In the meantime, I try to subscribe or donate to news outlets whose work I admire.
You wouldn't leave your most sensitive documents in an unlocked filing cabinet, so why do you keep them in unencrypted cloud services such as Google Drive and DropBox? Those companies can read your files, as can anyone with a link to your documents. One option is to password protect your files before uploading them. But I prefer a cloud service that encrypts for me. In my usual overkill approach, I'm using Sync.com to synchronize files and SpiderOak for backup.
Consider whether you really need to store all your old emails and documents. I recently deleted a ton of emails dating back to 2008. I had been hanging onto them thinking that I might want them in the future. But I realized that if I hadn't looked at them until now, I probably wasn't going to. And they were just sitting there waiting to be hacked.
Hackers have spied on women through the womens' webcams and used networks of online cameras and other devices to bring down the Internet in Liberia. Like many people including the Pope and Facebook CEO Mark Zuckerberg, I have covered the cameras on my computers with stickers and magnetic screens to avoid peeping Toms. But until device makers heed the Federal Trade Commission's security recommendations for internet-enabled devices, I won't introduce new cameras and microphones into my home.
Fears that President Donald Trump might build a Muslim registry prompted thousands of Silicon Valley tech workers to sign a pledge stating that they wouldn't participate in building any databases that profile people by race, religion or national origin. But only three of the hundreds of data brokers that sell lists of people have affirmed that they would not participate in a registry. Two other data brokers told a reporter that the price for such a list would range from about $14,000 to $17,000.
It's not easy to remove personal data from the hundreds of data brokers that are out there. Many of them require you to submit a picture of your photo ID, or write a letter. But if you do it – as I did two years ago – it is worth it. Most of the time when a new data broker emerges, I find that my data is already removed because I opted out from the broker's supplier. I compiled a list of data broker opt-outs that you can use as a starting point.
The size of the problem and the difficulty of the solutions can be overwhelming. Just remember that whatever you do – even if it's just upgrading one password or opting out of one data broker – will improve your situation. And if you are the subject of a hateful, vitriolic internet attack, read Anita Sarkeesian's guide to surviving online harassment.
ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for their newsletter.