“Privacy is Power: Why and How You Should Take Back Control of Your Data” by Carissa Véliz 2020

Excerpts from Chapter 6. What Can You Do

Think twice before sharing

1. Next time you post something, ask yourself how it might be used against you.
2. Generally, the less you share online, the better.
3. Don’t share unreflectively.

Respect others privacy

1. Before posting a photograph of someone else, ask for their consent.
2. When you invite someone over to your place, warn them of any smart devices you have.
3. Children are also owed privacy. It is not right to upload pictures to social media of other people’s children without their parents’ permission. Not even if they’re family.4 And you should respect your own children’s privacy too.
4. Don’t do a DNA test for fun… you’ll be jeopardizing not only your own privacy, but also the genetic privacy of your parents, siblings, offspring, and countless other kin for generations to come.
5. Do not threaten to publish other people’s private messages or photographs to get them to do what you want.
6. Do not expose other people’s private messages or photographs. Exposing other people when they have given you access to their private life is a betrayal, and it contributes to a culture of mistrust. Do not be complicit in exposure.
7. If someone shows you something that exposes someone else’s privacy, express your disagreement, and do not share it with others.

Create privacy spaces

1. Consciously create privacy zones in order to claw back some areas in which creativity and freedom can take flight unimpeded.
2. If you want to have a particularly intimate and cosy party, ask your guests not to take any photographs or videos, or not to post them online. If you want your students to be able to debate freely in class, set up some rules stating that participants are not allowed to record or post what goes on in the classroom. If you want to organize an academic conference that will encourage the exploration of controversial topics, or of work in progress, shut off the cameras and microphones. Ditch the phone when you’re spending time with your family – leave it in another room, at least sometimes. There are some interactions that will never flourish under surveillance, and we will miss out if we don’t allow space for them.

Say ‘no’

1. …when we are asked for consent to collect our personal data. The consent notice feels like an obstacle to what we set out to do – access a website – and the easiest way to get rid of the hurdle is to say ‘yes’. It takes being mindful to resist the temptation, but it is worth it.

Choose privacy

1. Whenever we do have an option, it is important to choose the privacy-friendly alternative – not only to protect our personal data, but also to let governments and businesses know that we care about privacy.
2. Choose ‘dumb’ devices over ‘smart’ ones whenever possible.
3. If you don’t need to be heard or seen, choose products that do not have cameras or microphones.
4. When choosing a brand, think about the country of origin and conflicts of interest that the makers of devices might have.
5. The most important thing about messaging apps is that they offer end-to-end encryption, and that you trust the provider will not misuse your metadata, or will not store messages in the cloud insecurely…. The safest option, from the point of view of external threats, is probably Signal.
6. Emails are notoriously unsafe. An email might feel as private as a letter, but it is more like a postcard without an envelope.
7. When choosing an email provider, look for privacy perks like easy encryption, and consider the country in which it is based.
8. When choosing an email provider, look for privacy perks like easy encryption, and consider the country in which it is based. At the moment, the United States has looser legal restrictions on what companies can do with your data. Some options that might be worth looking into are ProtonMail (Switzerland), Tutanota (Germany), and Runbox (Norway). If you are patient and tech-savvy, you can use PGP (Pretty Good Privacy) to encrypt your emails.
9. Do not give out your email address to every company or person who asks for it. Remember, emails can contain trackers. If you get asked for your email address in a shop, it is usually possible to politely decline. If the shop assistant informs you that they need an email in order to sell you something, give them a fake one
10. If you are forced to share your email because you have to receive an email in order to click on a link, try using an alternative address that contains as little personal information as possible to deal with untrustworthy parties.
11. To escape as many trackers as possible, find the setting in your email provider that blocks all images by default.
12. Stop using Google as your main search engine. Change your default search engine on your browsers to one that does not collect unnecessary data about you. Privacy-friendly options include DuckDuckGo and Qwant.
13. If you want to limit the amount of information that can be linked to your profile, it is a good idea to use different browsers for different activities.
14. Brave is a browser designed with privacy in mind. One of its many advantages is that it has a built-in ad and tracker blocker; it is also faster than other browsers. Vivaldi and Opera are also good options. So are Firefox and Safari, with the appropriate add-ons. Firefox has a feature, the Multi-Account Container, that isolates cookies according to containers you set up.

Use privacy extensions and tools

1. Using adblockers also sends a clear message to companies and governments: we don’t consent to this kind of advertising culture.
2. Privacy Badger, developed by the Electronic Frontier Foundation, can block tracking and spying ads. DuckDuckGo Privacy Essentials also blocks trackers, increases encryption protection, and offers a privacy rating from A to F that lets you know how protected you are when you visit a website. In addition to protecting your privacy, blocking such invasive tools can speed up your browsing. HTTPS Everywhere is another extension developed by the Electronic Frontier Foundation that encrypts your communications with many major websites. You can find other extensions that can automatically delete your cookies when you close a tab, or clear your history after a certain number of days.
3. Think of the most private thing you ever do online. For that, you might want to consider using Tor, a free and open-source software that allows you to be anonymous online. Tor directs internet traffic through a worldwide volunteer overlay network of thousands of relays. When you request to access a website through Tor, your request will not come from your IP address. Rather, it will come from an exit node (analogous to someone else passing the message along) on the Tor system. Such a labyrinth of relays makes it difficult to track which message originates from which user. The advantages are that the websites you visit don’t see your location, and your Internet Service Provider doesn’t see which websites you visit. The easiest way to use this software is through the Tor Browser.
4. Virtual Private Networks (VPNs) are also a popular privacy tool. A good VPN can channel your internet traffic through an encrypted, secure, private network. VPNs are especially useful when you want to access the internet through a public network such as the Wi-Fi you can find at an airport or other public spaces.
5. A public Wi-Fi network makes you vulnerable to whoever set it up and to other people who are connected to it. Using a VPN protects you from everyone except the company behind it, which gets extensive access to your data. Make sure you can trust whoever is behind a VPN before using it. It is not easy to know who is trustworthy, but sometimes it is relatively obvious to know who isn’t. It is not surprising, for instance, that Facebook used its VPN, Onavo Protect, to collect personal data. As a general rule, if the VPN is free, you are probably the product, so stay away.

Change your settings

1. You should assume that all settings for all products and services are privacy-unfriendly by default. Make sure you change your settings to the level of privacy you aim to achieve.
2. Consider using your browser on a private mode (though keep in mind that such incognito modes only delete traces of your online activity on your computer; they do not protect you from external tracking).
3. Check your settings once a year – companies change their terms and conditions all the time.

Don’t CyberHoard

1. Getting rid of data that you don’t need any more is the virtual equivalent of spring cleaning. The less data you hoard, the less risk you accumulate.
2. A less radical solution is to create a backup of the data you have online, storing it on an encrypted hard drive, and deleting it from the internet.
3. If you ever want to sell your laptop, for instance, make sure you erase your files for real. The best way is to encrypt your hard drive (which you should do anyway), and delete the key.
4. Never ever use ‘123456’, ‘password’, the name of your favourite sports team or personal information like your name or birthday for passwords. Avoid common passwords.19 The most important feature of a password is its length. Use long passwords, with lower and uppercase letters, special characters, and numbers. Don’t use the same password for all sites. Ideally, don’t use any password for more than one site. Consider using a trustworthy password manager that can generate strong passwords and save them for you. Consider using multifactor authentication, but beware giving out your mobile number to businesses that will use it for purposes other than your security. The ideal two-factor authentication is a physical key like Yubikey.

Use Obfuscation

1. ‘Obfuscation is the deliberative addition of ambiguous, confusing, or misleading information to interfere with surveillance and data collection.’20 In a context in which you are not allowed to remain silent, sometimes the only way to protect your privacy and express protest is to mislead.
2. Consider giving companies to whom you do not owe your personal data a different name, birth date, email, city, etc. If you want to express protest through obfuscation, you can choose names and addresses related to privacy myemailisprivate@privacy.com.
3. Sharing accounts or gadgets is yet another form of obfuscation. A group of teenagers in the United States were worried about tech giants, school administrators, college recruiters, and potential employers looking at their social media. They found a way to protect their privacy on Instagram – they share an account. Having a network of people sharing an account makes it harder for prying eyes to work out which activity belongs to whom.
4. Sharing devices is even better for privacy, as someone looking carefully at the data could infer which data belongs to whom based on their device, rather than their account.
5. Minimizing digital interactions is a good way to enhance privacy.
6. Keep paper records, use cash, buy paper books, leave smart phone at home if you don’t need it

Buy Newspapers

1. The free press is one of the pillars of free and open societies. We need good investigative journalism to tell us about what corporations and governments try to hide from us but shouldn’t.
2. But for the press to work well, it needs to be independent, and if it is owned by power it risks serving power instead of serving citizens. We have to pay for the press so that it works for us. Buy (and read) newspapers. Keep well informed.
3. Buy newspapers in paper, so that no one can track what you read. A second-best option is to visit newspapers’ websites directly. Get your news from the source.

Demand privacy

1. Demand that businesses and governments respect your data.
2. Let’s start with data brokers. There are too many data brokers to list them all here, but a few big ones are Acxiom, Experian, Equifax, and Quantcast. Privacy International has made this process much easier by providing templates and email addresses.
3. Demand privacy from every professional you interact with who asks for your data.
4. In order to demand privacy from companies and governments, it is important to know your rights.
5. If you have a complaint and have not been able to resolve a privacy issue with a company, you can contact your national data protection authority, or the European Data Protector Supervisor (depending on the nature of the complaint). Rights are worth little if they only live on paper. We have to bring them to life.
6. Contact your democratic representatives. Send them an email, call them. Include them in your tweets about privacy. Tell them you are worried about your personal data. Ask them about their plans to protect your privacy. Vote for the right people.
7. When a company disappoints you with bad privacy policies, give them a bad review on websites like Trustpilot, and make sure you mention privacy in your complaint.

Don’t depend on them

1. Make sure you have your contacts in more than one place (preferably on paper), for example. Keep your personal connections alive in more than one way, so that at any moment you can close your account with any platform without too much loss.

Are you in tech?

Do you want to be seen as one of the people who broke democracy? Or do you want to be remembered as one of the people who helped fix the data landscape by offering users a way to navigate life in the digital age while retaining their privacy?

1. Maybe you work in one of the big tech companies we have been discussing. Maybe you work for a small start-up. Maybe you’re designing your own app. Whatever the case may be, if you are part of the workforce constructing our digital architecture, you have a big role to play in baking privacy into your products from the start.
2. Companies and governments are made up of individuals, and while some individuals have more power than others to steer an institution in one direction or another, every individual is morally responsible for whatever they contribute to that institution. Programmers and tech designers are especially important in the digital age. They hold the expertise to make the machines do what we want them to do.
3. If you work for tech and suspect you might be working on a project that could end up hurting people, you might want to consider pushing your employer towards more ethical projects, or even leaving your job and looking for work elsewhere (if you can afford to).
4. People in tech can look to academics and not-for-profit organizations worried about privacy for advice. Following the work of people like Bruce Schneier, Cathy O’Neil (I recommend reading her Weapons of Math Destruction), and Yves-Alexandre de Montjoye, among others, might give you ideas. The Electronic Frontier Foundation, Privacy International, European Digital Rights and noyb (from ‘none of your business’) are good sources of information. There are some ethics consultancies you can seek advice from; make sure they have a good reputation, and that there is someone trained in ethics involved (sounds basic, but it’s not always the case). There are some organizations that help start-ups get off the ground which offer an assessment by an ethics committee as part of their programme.
5. Privacy and ethics have to be requirements from the very start of any tech project.

Do your best

1. Talk about privacy with your friends and family. Tweet about it. If you have a book club, read about privacy. In fiction, I recommend Zed by Joanna Kavenna, The Circle by Dave Eggers, and of course 1984 by George Orwell.
2. Turn off the Wi-Fi and Bluetooth signals in your smartphone when you leave home. Cover your cameras and microphones with a sticker. Take precautions when going through customs in countries that are known to be privacy-unfriendly. Look out for opportunities to protect your privacy. And don’t expect perfection.
3. Even if you don’t manage to protect your privacy perfectly, you should still try your best.

Refuse the unacceptable

1. Our heroes are not people who inhabit injustices comfortably. They do not accept the world that has been given to them when it is an unacceptable world. They are people who dissent when it is necessary.
2. Do not submit to injustice. Do not think yourself powerless – you’re not.

Buy the book