How to secure your digital identity during the era of endless data
Life during the times of the pandemic have changed what it means to meet people. First dates are now held on Zoom and scrolling through Netflix to decide on a first date-movie between the new Adam Devine movie or that one starring Jason Bateman and Rachel McAdams.
Wanna meet someone new or someone your friends don't know yet? You're in luck, the pandemic created a slew of new dating apps as if it’s their own mating season. They are everywhere. OkCupid, Match.com, Bumble, the ever-present Tinder, JDate, just to name a few.
At my wits-end of isolation and ready to meet some new friends, I downloaded an intentionally unnamed dating app and started the online "shopping" of a new social life. After letting a half-hour slip away reading profiles and ogling pictures, I started focusing on the usernames in the app. Hmm... that's interesting. After 5 minutes of Googling, combining details left in the alluring profile, I learned
- Who she is
- Where she works
- How much she makes
- Her current address
Without exchanging a single message, I found so many personal details about a person I have never met and shouldn't even know.
I’ll refer to her as Brooke123. I can find my way just happen meet her on the street and already know so many details about her. I could invite her back to her own apartment, if everything goes well, of course. I won't presume anything.
This point here isn’t to guide you how to data-drive your dating life, but use this information to keep yourself safe from identity fraud. In a world where data is mounting, it’s important to find a way to live knowingly anonymous and secure. Brooke123 might have wanted me to find all of her personal information and who would win her heart and live happily-ever after, but it’s highly unlikely.
Living securely, anonymously, and safely while keeping the comforts we live in today is a balancing act. You can share anything you want, from your:
- Full name
- Social security number
- Search history
- Geographic location
- Your blood type and list of medications
If you're single and looking for an eligible partner to swoop in and show up on your doorstep, go ahead and post your phone number on social media.
I’m going to assume otherwise and that you’re looking to live a bit more secure and are somewhat aware of the importance of security. Here are a list of things you can do to protect yourself.
If you do want to remove your personal information from the Internet, nothing I say will help, however I can help prevent you from leaking information in the future.
Here are a few important steps ranging from easy to not so easy. Don’t be overwhelmed. These are all steps you can take one at a time.
If you don’t do anything else, at least follow this one. First and foremost, encrypt all of your Internet traffic. This task is nowhere near fool-proof, but it's incredibly easy to do and additionally incredibly easy to forget you’re even on one.
Use a VPN (Virtual Private Network). ALWAYS. EVERYWHERE. EVEN ON YOUR HOME INTERNET.
Jumping on a VPN is easy. No matter what device you're using to connect to the Internet, you can get on a VPN. Especially if you use public wifi in a Starbucks, but even on your home Internet. Guess what, your phone can connect to a VPN too. Even when you're using your telecom to connect to the Internet, you can and should use a VPN. If you don't encrypt your traffic, you're basically just giving your Internet usage away for free.
You can use a free VPN to complex VPN options. Personally, I recommend NordVPN (a referral link), but there are many other options. If you want to be an l33t hacker (advanced), use Tor (The Onion Router) or if you want to just plug'n play, get a Tor travel router like Anonabox and use it.
If you're a human who searches the Internet, use duckduckgo instead of Google (an alternative search engine focused on privacy). Don't post your full name on anything (unless you want it on there or it's for official things, like the DMV). Change your username on Zoom to just your first name or your nickname. If you're hanging out with real people who know you they won't care.
Sign off Gmail and do away with it forever. Google's business model is literally to monetize your personal information. Use an encrypted email product like ProtonMail (they even have a built-in VPN) and protect your communication. Believe it or not the robots at Google do read your email and they do convert your text into a robotic version of you and what you like.
Google Chrome is a super popular browser and you might even be using it to read this article. However, it does a lot of tracking while you’re browsing the Internet. It also hogs a lot of your computer power… have you noticed when you have a billion tabs open your computer starts to drag? Yeah… that’s Google Chrome hogging all your resources.
What can ya do, you ask? Easy… Brave is a browser that is built using the Chrome browser that is focused on your privacy. It’s easy and you’ll feel right at home if you use Google Chrome when you use it. In fact, you might even forget you’re using Brave because it feels just like Google Chrome.
Go download it like yesterday at brave.com. This post will be here when you get back.
Facebook is just as evil -- err, has just as much power as Google does.
When you post your life, the trips you take, the romantic relationships, the fight you had with your parents, you’re not just sharing it with your friends. You’re sharing it with the world. Brooke123 broke up with her partner after a “minor” fight only a few months ago.
If you absolutely, positively, necessarily need a Facebook account and/or don't want to delete your Facebook account, create a new account, don't put your full name, and re-add all of your friends. Then download your old Facebook data and throw it into a burn pit and watch your vulnerable data be eviscerated into ash.
Consider for yourself if sharing your party photos is worth jeopardizing your personal information. You don’t need Facebook to connect with your friends; you can just call them. The FOMO (Fear Of Missing Out) isn't real.
Back to the idea of using encrypted methods for communication, use an encrypted chat messenger instead of sending messages through plain text in text messaging. Why? If I'm listening to any Internet traffic on the network I'm on, I'll capture any text messages you're sending. Guess what... anyone else can too. Yes, even your boss, your girlfriend, your nosy neighbor, and everyone else at the Starbucks on the corner.
Apple iMessaging is better than SMS, but I cannot recommend enough to switch to an app like Signal or Telegram. Not only do you get to completely detach yourself from your telecom provider (it's such a well-designed, sharp, diabolical, feel-the-knife-slide-into-your-fleshy-inner-part-and-twisted-slowly, painful process to change your) phone number, but it'll give you the ability to text from any platform (like your phone, your iPad, and your computer).
Please for the love of god, don't use WhatsApp unless you absolutely have to (Facebook owns all of your data, chat messages, and posts). It’s not encrypted text. If I was more interested in Brooke123, I could find my way into her WhatsApp chat history…
If you really still need a phone number, make an account on Twillio and wire up a throw-away phone number. There are many different open-source applications that are already hooked up to Twillio you can use for free, so don't shy away from exploring their options. It's not so scary (plus they have a no/low-code option if ya don't want to fall into the joys of building your own software -- seriously, it's fun).
One of the easiest steps you can take is to upgrade your passwords. Admin123! is not a secure password even though it has letters, numbers, and punctuation. Create better passwords by using a tool. Use something like 1Password or Dashlane to create crazy secure and store your passwords.
Without using a password manager, you’re asking for your accounts to be broken into. Even if you don’t use a password manager, change your password into a sentence. The length of your password is more important that the number of symbols and punctuation.
Brooke123 might not know it, but I’d put money down that I can probably guess her simple passwords from her birthday and the name of her first dog.
Unless you've been living under a rock for the last 20 years, you've heard of the rule of never sharing your passwords, but how do you share passwords, financial data (like with your accountant), or share your HBO account with your family? We all do it, HBO... except for me... I do pay for your services.
First rule of sharing any sensitive data you don't want someone else to have other than the person you are sharing with is to share with different communication channels.
- Just sharing a password? Share half in text and the other half in email.
- Sharing a username and a password? Share your username in chat and a password in voice (call them)
- Sending sensitive data? Add a password to your zip file and set a timer for it to delete. Then call your accountant and tell them they have 15 minutes to download it before it disappears.
Don't pay for things using credit cards, if you possibly can. Try to pay with cryptocurrencies as much as possible in any way. If you need to use a credit card ('cause the service you're paying for is lame), buy a non-reloadable, disposable gift card. Sounds like a pain in the butt, but it's worth it to save your identity.
Heck, you can grab a gift-card at a grocery store (if you're in the US, maybe other places too, but I can't speak intelligently about other countries -- if you do live in a different country and can buy gift-cards at your local convenience store, tell us, please).
If you do use cryptocurrencies, generate a new public address for every site. It's really hard to track people with a bunch of random characters for everything you pay for.
Not using cryptocurrencies yet? Start off with something easy, like Coinbase. It’s easy-ish to get started and it's becoming.
I've lost track of the number of conversations I get into with people who want to keep their location data stamped on their pictures they share or apps that you share your location with, but:
- Go into your iPhone or Android
- Navigate to "Settings"
- Click on "Location Services" (or something similar)
- Turn off "location" sharing
- Click on photo options
- Turn off location metadata
How am I able to find out where Brooke123 lives? The photos she shares on Twitter and Facebook have her location and time. I know when she moved, when her cat looked cute, and that she has one generation older iPhone than I do.
SHE SHARES IT ON HER PHOTOS.
Don't want other people to find out where you live? Stop sharing it.
Or just don't share your photos online.
In other words, the boring things:
- Setup 2-factor auth everywhere you can
- Don't use your name in your profile name
- Don't share photos of your airline tickets or driver's license (those barcodes are easy to decode)
- Don't put any information into a site that doesn't have a lock on the browser bar. The lock means the data is encrypted. If you absolutely have to enter data, at least make sure it's safe.
- Don't click on buttons in your email. Copy+paste the location in your address bar
Yeah yeah... this is a lot of information and a lot of steps to take, but it's so much easier than getting your identity stolen. If you don't follow everything here, that's up to you, but at least give it some thought.
Some of these steps are easier than others, so maybe start slow and get on a VPN.
If this is too much overload, move to Wyoming and live off-the-grid. Invite me to your housewarming party. I hear off-the-grid parties are the best.