Over the past few months I've become increasingly more security and privacy conscious. This has led me to upgrade the tools I use on a daily basis to ones that support my ethos and make some kind of further statement about the world I would like to live in. In this post, I write about the tools I now use and share some thoughts on the society in which I use them. If you're just after the recommendations, you can skip to those by clicking here.
US Attorney General William Barr claims that 'making our virtual world more secure should not come at the expense of making us more vulnerable in the real world', failing to recognise that the virtual and real world are the same thing. Contrary to the popular retort, claiming back my privacy and caring about security is not about 'having something to hide', it's about having something worth protecting: everything. If you had told someone at the dawn of the world wide web that almost every mode of interaction would be mediated by it, they'd probably have called you crazy. It is specifically because they encompass everything we do that security around our digital lives is of paramount importance.
If you doubt that our digital lives have much of a bearing on the real-world, give somebody the password to your email inbox and watch them take control of almost everything you own. Email shouldn't be – but is treated like – identification. I can log into my bank account with it, I can reset passwords, I can email technical support who will, by pure dint of the fact I am using the email address registered to an account, hand over sensitive security information.
We live in an unprecedented era of surveillance where corporations are joining the State as a privacy and security adversary. These companies are eager to jigsaw the minuscule breadcrumbs of your life in order to sell your data and attention to advertisers. We've seen companies abusing their power or being so lackadaisical with the data they gather – frequently with only de-facto consent – that it ends up in the hands of others who are happy to abuse it. Given enough time, becoming the subject of a data breach is almost a given. How severely it impacts you depends on how well you protected your other assets.
We cannot expect governments, corporations, or other large, faceless organizations to grant us privacy out of their beneficence. [...] We must defend our own privacy if we expect to have any. – A Cypherpunk's Manifesto
A lot of the things I’ve done to improve my privacy and security are far beyond what is really required. It's also worth noting that some of this comes at both a financial and convenience cost and that there's always a cost-benefit analysis to be done when deciding which of these tools to implement yourself. Historically there has always been a trade-off between security and convenience (as there continues to be between financing tools with our data and financing tools with our money) but as people become more aware of how their data is held and has the potential to be used against them, developers begin to create tools to maximise privacy and minimise the time and effort spent achieving it.
As with everything on this domain, I am not paid nor do I get commission or anything for free by recommending these companies to you. This is an impartial list of the tools I use in my daily life to claw back my privacy and make things more secure. I encourage you to do your own research and work out what tools suit your needs.
I have moved from...
I have adopted use of...
I have turned on...
I have turned off...
Despite all of these efforts, one of the major things I’ve learned is that when it comes to protecting your privacy, the best thing to do is to simply shut up. Don’t hand over what you don’t need to and obscure data where you can. That’s partly what excites me so much about Apple’s new single-sign on button, which generates single-use email address to share with apps.
Staying quiet is another reason why the program I wrote to delete tweets on a rolling basis in 2015 still works so well. That continues to run on my Twitter account, @admstnr.
Removing stray profiles is something I've been doing over the past few months too. Consolidating and reducing my footprint whilst securing everything that remains means there's less to compromise. I learned this the hard way when HaveIBeenPwned told me an account I hadn't used since 2012 was part of a data breach in 2018...
If your interest has been piqued, I've created a Twitter list that curates the messages of my favourite tools. Feel free to subscribe to it and dig around to find tools that work for you or to email me with suggestions, tips, or to chat further about this topic. I'd love to hear what you think.
For privacy to be widespread it must be part of a social contract. People must come and together deploy these systems for the common good. – A Cypherpunk's Manifesto
My monthly newsletter is a summary of what I've been reading, writing, listening to and enjoying. Get it on the first Sunday of each month.