A Privacy Expert's 3 Tips to Protect Yourself Online
The 'Dragnet Nation' author says it's about more than passwords
The technology we’ve come to love is fast becoming one of our worst enemies and you need to protect yourself as a result.
In her book, Dragnet Nation, author Julia Angwin describes this new world as one “of indiscriminate tracking where institutions are stockpiling data about individuals at an unprecedented pace.”
To find out more about Angwin’s concerns and how she thinks we can — and should — protect our privacy, I just had a chilling conversation with her.
(MORE: 9 Ways You're Being Watched)
A 'Deeply Unsettling' Digital Footprint
In researching her book, Pulitzer Prize-finalist Angwin (who reported on privacy and tech issues for The Wall Street Journal and now does for ProPublica) set out to see what kind of digital footprint she’d left on the Internet. She tried obtaining her data from online and offline data brokers. Only a few let her see what they’d collected and much of that was cursory. Still, what they did share, Angwin writes, was “deeply unsettling.”
It included: every address where she’d lived dating back to college; every phone number; the names of almost all her relatives; a list of nearly 3,000 people with whom she’d exchanged emails plus records of about 26,000 Web searches she made over the past seven years; glimpses of her shopping habits; and internal communications with her employer about her reporting plans.
Next, Angwin tried to opt out of as much technology as she could to obscure her digital tracks. She quit using Google services; created a fake identity to make anonymous purchases; carried her cell phone in a special metal bag to block its location-tracking signals (and, unfortunately, phone calls); disallowed many online advertising-tracking services; and used encryption to send emails.
(MORE: How to Create a Secure Password)
You may not want to go that far, but Angwin offered suggestions:
Next Avenue: How paranoid should we be about our digital footprints?
Angwin: To be honest, I think it’s very rational to be unsure about how paranoid we should be. The reason I say that is because we don’t know the true cost of our data.
We trade it, for instance, to get Google services for free — or to be on Facebook for free. We give these sites our data and think: “This is a great deal.” It seems like a reasonable transaction, but the problem is there are no laws that regulate what, say, Google can do with that data. We can’t adequately judge the risks. And that explains why we are anxious.
Some people say there’s little need to be concerned about data sharing and tracking if you have nothing to hide. What do you think of that argument?
The way to look at that question is to remember that information is power. So when you give people information about you, they have more ability to gain leverage in a negotiation.
For instance, some of the articles my investigative team did at The Wall Street Journal showed that companies are increasingly looking to use personal data about people to offer them custom prices. Staples offered different prices to different people on their website depending on their ZIP code. It felt if you didn’t live near a competitor’s store, it could charge you a higher price.
So pricing can become individualized. I’m particularly concerned by the fact that I’m a little bit price-insensitive when I do late-night shopping for children’s clothing. When I suddenly realize my children have outgrown all their pants and I go online, bleary-eyed, to shop, it could be very likely companies will realize they could charge me $10 more and I wouldn’t notice it.
Is there anything about data tracking that should make boomers especially concerned?
A lot of sensitive data is being gathered about people’s health conditions online — and a lot of information about one’s financial status, too. You might not want these things to be shared widely, but you can’t control where that data ends up unless you use the crazy technologies that I used. And even then it’s not clear you’d really succeed.
What three tips would you offer consumers to protect their privacy?
The very top thing is that everyone needs better passwords. The most popular password continues to be 123456; the next most popular is “password.” It’s time for all of us to realize even if you have nothing to hide, you really don’t want hackers breaking into your account.
How can people get smarter about their passwords?
I recommend using password-management software that essentially set a lot of your passwords by generating random strings of numbers and letters. That’s good, because the truth is our brains are not very good at that task.
I use 1Password, but there’s also LastPass, KeePass and PasswordSafe.
I leave most of my passwords to my password manager, except for some key accounts (for me, it’s my email and banking accounts) that I set on my own. For these, it’s really important that you make the passwords as long as possible.
I try to make mine 30 to 40 characters. Hackers can break a six-character password in several hours; when its nine characters, it takes a couple of days, so by the point a password reaches 30 to 40 characters, you’re pretty much in the clear with today’s computer power.
For more information on how to build a better password, check out the privacy tools on my website, JuliaAngwin.com.
And your second privacy tip?
Unless you love being tracked by all these online advertisements that follow you around and collect information about your browsing habits, sign up for a software program that is good at blocking most of the ad-tracking technology.
I use software called Disconnect and there’s also one called Ghostery. You can add these to your existing web browser with a click, basically.
And your third tip?
My third tip is not for everyone, but I felt very good switching off Google search — which tracks my history and stores it forever. These logs could be incredibly revealing since they would show everything I’m thinking about: the plans I’m making, the places I’m going.
I didn’t want that data stored at Google forever; I didn’t know what they’d eventually do with it.
So I switched to DuckDuckGo, which doesn’t keep any logs about my web history. I thought that was a pretty easy move to make for a very high privacy payoff.
Now that you finished your book, how much are you still doing to hide your online identity? Do you still carry your cell phone in a special bag? Do you still have a prepaid “burner” phone that can be used for a short time and then ditched for another?
I do almost everything, except for the burner phone. That was kind of a failure. It was so confusing because my family didn’t know when I’d have my regular number and when I’d have my “burner” phone.
But I still turn off my phone’s wi-fi when I’m not using it. And I still do this ridiculous exercise where I go into my phone’s privacy setting and reset the advertising identifier to make it harder for advertisers to track me. I did it last night actually. It’s just like clearing cookies on your web browser.
I still use a password manager, I still use encryption for email — when the other party uses it, too.
There are not that many people with whom I have encrypted conversations, but I do have an encrypted cloud service and I still encrypt my hard drive and my phone backup. So I encrypt as much as I can.
You also say that Americans need to change the conversation about privacy. How do we do that?
There is an important conversation starting to be held in this country, Congress and other places about whether we should put some legal limits on the data that is being collected about us.
How can we contribute to this conversation?
We don’t have a lot of mechanisms to contribute, because there’s no lawmaker running on a privacy platform whom we can vote for. So I’m using technology tools as a way of voting.
For instance, I opt out of body scanners at the airport. The truth is they say they don’t store the photos for very long and they’re not identified to my name. But I want there to be metrics to show that people think it’s too invasive.
Similarly, when you look at the explosive growth of DuckDuckGo’s search engine since Snowden’s revelations, that’s another metric that people can use to show how much they care about this topic.
What I’m really asking for is some level of assurance about the safety of my data. If I could feel confident that my data isn’t going to be used against me, I’d be perfectly happy to share it. But right now, we have no such assurance.