There's no doubt that we are the most heavily surveilled and monitored generation to have ever existed. The secret police forces of the Cold War would never have imagined a world where tracking people would be so easy. In many cases, we have given up our privacy and anonymity in order to access online services. In others, it's been government policy, often couched in terms of national security, that has resulted in an erosion of our privacy. But what can we do about it? Is it possible to regain anonymity?
Over the next couple of weeks, I'm going to delve into these questions and look at how you can protect your online privacy. This isn't just going to be some analysis and navel-gazing. I'll be looking at specific tools and techniques you can employ to protect yourself online from hackers, ransomware attacks, doxxing, fraud and being tracked.
The starting point
Over the last few months, I've been hearing about various online attacks. Most have been specifically focussed on individuals with motivations stemming from wanting to hijack desirable social media handles through to malicious attacks aimed on publishing personal information or swatting - the practice of falsely reporting a serious crime in order to having heavily armed police raid someone's home and put them in danger.
Two podcasts episodes, in particular, motivated me to harden my online privacy.
The Snapchat Thief: A Snapchat user, Lizzie, has her handle stolen. The Reply All crew investigate this, getting them into the world of SIM swapping, social media theft and some of the dark underbelly of the dark web.
Lessons Learned From My Latest Doxxing Attack: Determined hackers can find a lot of data about us quite easily, even if we think we've taken steps to protect ourselves.
What will we be covering?
The first thing to note is that it is impossible to make yourself 100% invisible online. The idea is to make life as hard as possible for bad guys.
The main things I'm going to focus on are
- How to assess your online vulnerability
- Why passwords matter and password managers
- How to get disposable email addresses
- Our phone numbers are now critical identifiers
- Looking at the Yubikey for protecting your login
- What is SIM-swapping and why you need to care
It's possible that as this series progresses that the topics and ideas I cover will change. If you have some specific topics or areas you want me to cover and follow up, let me know.
I'll be chatting with various security experts along the way and getting comments from companies we depend on to protect our security.
Where can you start?
Both those podcasts I started with offer some good advice. Some places to start are:
- Delete your social media accounts or, at least, reduce your footprint and use pseudonyms
- Look for services that give you disposable phone numbers and protect your mobile number
- Use strong passwords and ensure the passwords and email addresses are unique for every site and service
- Don't forget physical security - don't share your mobile humber of credit card information aloud when in public
- Don't think you're not a target - everyone is a target
Whether you're an individual or responsible for the security of a business, basic cyber-hygiene is critical. Making life hard for bad guys is important.
Just as you wouldn't leave your laptop on the front seat of your car with the window down, taking basic precautions is important.