With everyone staying home the use of online platforms for communication has increased and with that the inherent problems that some platforms have when it comes to protecting security and privacy increases too. So why not use this opportunity to share some best practices I follow in order to keep myself and those I communicate with safer? I have to disclaim that even though I’m a software engineer with many years of experience, I am not a security/privacy expert. However I think I can still share useful information, so here it goes.
What is the difference between privacy and security
Privacy and security are related. Privacy relates to any rights you have to control your personal information and how it’s used. Think about those privacy policies you’re asked to read and agree to when you download new smartphone apps. Security, on the other hand, refers to how your personal information is protected. Your data — different details about you — may live in a lot of places. That can challenge both your privacy and your security.
When communicating over email always be mindful of the To/Cc and Bcc fields. If your email is going to small group of friends and they all know each other, using To or Cc is appropriate. But if you are communicating to a group and not everyone knows each other, respect everyone’s privacy by using the Bcc field.
When responding to an email that contains multiple people think very careful when to use the Reply All function. Does everyone really need to know that you think a joke someone sent was funny? Maybe just reply to the original sender.
If you can remember your passwords, then your passwords are terrible! Good passwords are the ones that are almost impossible to remember. So the idea is to use a Password Manager: this is an application you can install on your computer and smartphone where you can store all your passwords, so you don’t have to remember them. You will need to remember only 1 password: the one you use in order to access the Password Manager.
Password Managers make it very easy to use a different password for each application/website. That way if one password is compromised, the rest of your passwords are safe.
Instead I highly recommend people use FaceTime when everyone in the call have an Apple device. When that is not possible use open source alternative Jitsi or Google Hangouts.
Be mindful of what you share on social media. Do you really need to post your date of birth, phone number or home address on facebook?
When posting pictures that include others, be mindful of their privacy: Maybe ask your friends if it is ok to tag them before you do.
Consider disabling location services for some social media apps. Do you really want facebook app to know all the places you go to during the day?
Do not connect your social media information: I don’t mind to have silly pictures of me on facebook. I’m ok having my work information posted on LinkedIn. But I don’t want a work contact on LinkedIn to easily find those silly pictures on my facebook profile. Be in control of what you share on each social media platform and avoid interconnecting them.
Logging on a new website
Many websites/apps require you to sign up before you can use their services. When this happens always prefer using the email sign up option and avoid using the Facebook Signup/Google Signup option. Even though the FB/Google Signup is convenient, when you use it the website/app automatically gets access to some of your personal information, while signing up with email just gives them that: your email address.
When taking screenshots on your computer or smartphone to post them on social media or share them elsewhere, always be mindful of what will show up on the screen shot. You can always crop the screenshot to remove areas of your screen that don’t need to be shared. And you should also blur or remove other parts that might expose aspects of your (or others) privacy.
Websites use a technique called tracking in order to tell how a visitor landed on their page. So for example when a website looks at a weekly report, they might see that 90% of their page viewers came from a shared link on facebook, and only 10% came from a Google Ad click. This helps websites make marketing decisions because they can analyze traffic trends. When this happens your browser will show something like this on the address bar:
The website address is only the first part. Everything after the ‘?’ (shown in blue) is the facebook tracking stuff. If you want to share this website with a friend over email or SMS make sure you delete everything after the ‘?’, and confirm that the website still loads correctly without it on a new browser window. This protects your own privacy because that long code after the ‘?’ has information that points back at you. It also makes the links look much cleaner.
Bonus topic: Sharing someone else’s work
This topic has nothing to do with privacy or security but I decided to add it here too, because I think it is important to create awareness on this problem: When sharing something on social media always try to share it from the original source. Many times an artist will produce a song/cartoon/drawing/etc and if you visit his website/youtube channel the artist can make some money because of advertisement. But if you share it from a different source, not only the artist no longer receives anything, but you are giving the benefit to the other person that copied and reposted the art. If you receive something and you don’t know who the author is, try a quick search and see if you can find the original author and share that instead. There is always the extra benefit that the original art will always be higher quality/resolution than the copy one.
Here are two images: one was stolen by a stupid Cliparts website and they even have the nerve to ask for attribution.
And then you have the original image full size and resolution from the wonderful The Oatmeal.