Take back your online privacy

This post was originally published on my now-defunct personal site. It’s been republished here on Fathom as the ideas found within it have informed and inspired our approach to business, privacy and philosophy.

There has been pressure building for many years.

On January 26, 1700 an earthquake with a magnitude of about 9 struck off the West Coast, causing a massive tsunami. It created a wave of destruction that levelled forests, devastated First Nation villages, and even struck as far away as Japan.

Geologists and other experts can’t predict exactly when the next one will strike, but that it’s inevitable. There are records that estimate they hit every three to four hundred years. And note, it’s been just over 300 years since the last one.

And no, I’m not setting up a trailer for a new Dwayne Johnson movie...

This is why I’ve got a grab and go kit and specific supplies aimed to do two things. The first is to help my family survive should anything catastrophic hit and we’re cut off from help (like a wave takes out a bridge or washes a road into the Pacific). The second is peace of mind. With a plan in place, I feel less stressed on a daily basis about it (i.e. I don’t even think about it).

I like planning for the worst, because having a plan removes it from my mental load. I don’t even have to think about the worst very often because I know I’ve got enough food and potable water for about four weeks. I’ve got supplies stored in case there’s a “a Tsunami is hitting in 20 minutes, get to higher ground” type warning (which is possible, depending on where a quake strikes).

But, to be honest, I’m less worried about an earthquake or killer wave than I am about the internet. Which may make me a digital-prepper, but I truly think that our online privacy is under assault so heavily that a digital grab and go kit is a necessary addition to its physical counterpart. And, for the same reason I’ve prepared my earthquake kit, I want to survive digitally if something catastrophic happens, but more-so, I don’t want to constantly stress out about it by not having a plan.

This attack on privacy, like earthquake cadence, has been building for years. We’ve continued to trade free access to services for personal data. And the companies we trade this to keep getting more and more greedy. We currently live in a surveillance state online that keeps getting worse while most of us continue to become more accepting of it.

Even online, we all deserve privacy. Not because we have something to hide, but because as the news cycle constantly shows us, big companies that track our every move and purchase are both awful at keeping that data safe and worse at knowingly renting it out to any other big company who wants it.

While I don’t think this means we should all drop off of every social network (well, maybe just Facebook), use carrier pigeons to share private information with others or quit the internet completely, I do think we should all have privacy plans in place, to whatever level of comfort makes sense.

We all know, even the luddites amongst us, that we are the products for several companies. Meaning, our information, preferences and data are bought and sold like commodities. Luckily though, there are companies who are happy to charge us a small fee instead of giving us free but monitored access to their products.

My own digital grab and go kit is a work in progress and has been for over a year.

My grab and go must haves:

• 2-factor authentication (not via SMS which can be SIM-jacked) for all online services. I use a USB key, but Authy also works or the authentication a password manager (1Password has this). If you do use SMS for 2fa, make sure you’ve called your carrier and locked your SIM with a PIN code.
• A password manager like Remembear or 1Password, so every single online account uses a different password. I use 1Password. I also use different, random, email addresses for every service, like paul+[randomstring]@mydomain.com (most email services let you do this). That way even your username is hard to guess by hackers.
• A private browser (Firefox) that encrypts shared data for syncing between devices and a private search engine (DuckDuckGo) for queries.
• A VPN on all devices. NordVPN works great, but so does Tunnelbear (and they have bears!) By using a VPN, my ISP can’t track what I do, nor can anyone else, even if I’m using a public WiFi. You can check to see how well your VPN is working with a service like this.
• A service like "have i been pwned" to find out which of your accounts have been compromised. Try it out, chances are that an account you’ve had somewhere has been compromised in the past.

Further down the rabbit hole:

• A private email address, that isn’t tracked by Google, like one from ProtonMail which is encrypted end-to-end.
• Encrypted private cloud storage so even the company and its employees can’t see your files (did you know Dropbox employees have access to every file you have on their system?). I like Sync.
• Ad blockers  like Ghostery, or DuckDuckGO’s extension, or just use a browser that blocks ads like Firefox Focus.
• Private chat/messaging app with end-to-end encryption, like Signal or Telegram.
• Turn off all location-based permissions on your phone. Facebook and Google keep horrifyingly detailed logs of your travels and movement.
• Never grant access to your contacts on 3rd party apps on your phone.
• Little Snitch is next level paranoid, but it’s really interesting to see how many apps on your computer are constantly sending data all over the internet.
• This is a pretty comprehensive list for security online.
• Stop using Google Analytics as it's now illegal.

Nuclear options:

• Delete your Facebook account.
• Delete your Google account and all Google services.
• Switch to alternatives, like a Google Analytics alternative.
• Remove all smart home devices, which are listening or watching everything you do. They may not be passing that information to someone else, but it’s possible that could happen.  I’m not here yet, I still use Nest products (although the cameras are on the outside of my house, not inside anymore).
• Stop using any/all services that hold private information and don’t encrypt it for you. Look for things that boast “E2EE” (end-to-end-encryption).

This is easier said than done since Google makes some great products, like Google Docs (which I still use because I haven’t found a suitable alternative for remote collaboration with “suggestion” mode).

To counter this, I think that we should support companies that support protecting our data, even if it means paying for their services (meaning they won’t have to sell our data to be profitable).

You don’t have to be paranoid to care about your privacy online, it’s something that should be fundamental but has completely eroded over time. This is why I’m focused on privacy-centric software, like Fathom Analytics (and more to come) and why I keep taking steps to improve my digital grab and go kit.

Just like earthquakes and tsunamis, the pressure around digital security and privacy is building every single year. These huge companies continue to prove they do not care about us or our privacy. So it’s worth being prepared, even if it’s just to encapsulate the worry and stress inside a plan instead of bearing it solely inside your own mind.