In a world where increasingly more of our activities are moving on-line, we can hardly overestimate the value of data security and privacy. Today we are not only responsible for ourselves in this regard. Our actions, or lack thereof, may well endanger the people we help and work with. We are not defenceless, though. Being sensitive, obeying a few basic rules and consciously choosing our communication channels can make a significant difference to our cyber security. Gosia Fraser, a freelance journalist on the impact of technology on human rights and the development of societies, provided us with some sound advice on this topic.
Privacy? Is there anything left to defend?
The argument that in today’s world we no longer have anything to hide and the Internet tycoons already know everything about us does have a number of supporters. This is because the tech companies have got us used to thinking that they have our data and nothing can be done about it anymore. This makes it even easier for them to convince us to give up more of our footholds and share even more information. The issue is that, as holders of the fundamental human right to privacy, we tend to compromise this right ourselves.
It is reasonably common knowledge that corporations monetise information about us, for example through the use of targeted advertising. We are less likely to think about the fact that by sharing our data, we are giving them a real say in our decision making processes. This is an aspect to which we should devote much more attention in the future.
Yes, there is much to defend
– Gosia Fraser says.
Do we need to be anonymous to protect privacy?
Privacy does not equal anonymity. Privacy means the right to be left alone, it means being able to decide about ourselves and what others know about us. We can make a whole spectrum of choices. Some post details of their lives and share photos from the hospital on-line. Others choose not to create any social media profiles. It’s our choice – Gosia Fraser explains.
For an average Internet user, total anonymity is hardly achievable. We can try to turn off trackers and tracking mechanisms, but then the website we’re interested in may become completely unusable for us.
We can use our anonymity as a tool to achieve specific goals, which need not always be bad. The privacy-protecting Tor browser is very often portrayed as a tool of cybercriminals. While it should be a basic work application for human rights practitioners. It is worth bearing in mind that not all of us live in liberal democracies. For numerous citizens of authoritarian regimes, maintaining privacy or complete anonymity is one of the basic daily challenges.
Where and when should we pay attention to data security?
Today it is hardly possible to identify areas where exercising caution in privacy matters would not be advisable. It all starts with the relationship between citizen and state. Increasingly often, also in our country, we hear about surveillance operations carried out by governments. In Poland, we should pay particular attention to the surveillance and anti-terrorism laws of 2016. Meanwhile, I wrote about the Pegasus system being used in Poland back in 2018.
The coronavirus pandemic has become an argument for depriving people of their right to privacy in health-related areas as well. In my opinion, there are no grounds for any kind of compromising, not even for the sake of society
– Gosia Fraser concludes. There is another important aspect related to the topic of Covid-19, our activity and privacy – the use of wearables. These devices have enabled companies to obtain data about us that was previously very difficult for them to access. Weight, heart activity, location – this is the most sensitive information we can generate about our lives. The worst part is that we then send them to servers that are in an unknown location.
Access to devices such as smartwatches and fit bands is very easy. They are relatively inexpensive, simple to use and instantly get on-line straight from our wrist. On many occasions, along with sensitive data about our activity and health, they also collect contacts of our relatives and other information of which we are unaware.
Security and privacy protection in social activities – Toolbox
A critical issue for people involved in social activities is encrypted communication that can keep them safe from unauthorised access to the data being sent. Male and female activists tend to very often post about their beneficiaries through instant messaging. They need to reflect on what would happen if their contact information, location, background, sexual preference, or medical issues were to be disclosed.
Strong passwords and two-factor authentication (otherwise known as two-step login) are other extremely important elements that affect safety and security. Two-factor authentication provides extra security layers, e.g. after entering a password in a browser on a computer, we are asked to confirm that we want to log in on a mobile application. A proven password manager will also come in handy for secure and convenient password management.
Here we should distinguish between what is privacy and what is security? For example, the Chrome browser, developed and updated by Google, is the most secure solution available. At the same time, we have to remember that it does not by any means guarantee our privacy, as it belongs to one of the biggest on-line invigilators.
Security and privacy – Toolbox for female and male activists
Signal
A secure, cost-free, open-source instant messenger that offers end-to-end encryption. It was developed and is continually updated by a non-profit organisation, Signal Foundation.
Tor Browser
A web browser that provides absolute anonymity in the Web. It operates using the so-called onion routing, which loses our digital footprint.
Mozilla Firefox
A convenient browser that places a strong emphasis on privacy. It is equipped with, inter alia Facebook Cointainer, which enables us to control and separate our on-line activities from Facebook.
Privacy Badger
A browser extension that prevents advertisers and other third-party tools from tracking our on-line activity
NoScript
A browser extension that disables all scripts on web pages, including malicious ones. CAUTION: you should know the tool well and set it up before using it.
Threema
A secure instant messenger that offers end-to-end encryption. It is only available in a paid version.
KEEPASS
A free, open-source password manager that is used to generate and securely store passwords. It is available for all operating systems.
Google Advanced Protection Program
Additional safeguards for CSOs, journalists, and people who collect sensitive information and who are particularly vulnerable to targeted attacks. Security features include preventing unauthorised access to your account, protecting your personal information, and additional protection against downloading harmful files.
Please don’t use Messenger. Don’t use WhatsApp. If any agency approaches Facebook and requests access to your account, they will get it.
– Gosia Fraser concludes.