Terms

  • Preservation: prevent loss of your data.
  • Security: prevent someone from reading or modifying your data.
  • Privacy: prevent unauthorized viewing of your activities.
  • Anonymity: prevent connecting your activities to your identity.
  • Ownership: attach your identity to data and be able to control its use.
Someone else's definitions:
  • Security: lock on your door.
  • Privacy: blinds in the windows.
  • Anonymity: no name on your shirt.
From someone on reddit:
Security is about access, it's when you set rules to protect something. Privacy and anonymity are about identity. Privacy is when someone knows who you are but doesn't know what you're doing. Anonymity is when someone knows what you're doing but doesn't know who you are.

Encryption: controls ability to read plaintext data.
Authentication: controls ability to read or modify data.





Why should I care about privacy ? I have nothing to hide. I'm not a criminal.



Privacy matters because there are criminals and corporations out there trying to rip you off.

From HFTI:
Privacy isn't about hiding something. It's about being able to control how we present ourselves to the world. It is the right to keep things to yourself. It's about personal dignity.

From Frederike Kaltheuner's "Privacy is power":
Privacy was once misconstrued as being about hiding and secrecy. Now it's understood to be something much more pressing: power dynamics between the individual, the state and the market.

As recent scandals have illustrated so vividly, privacy is also about the autonomy, dignity, and self-determination of people - and it's a necessary precondition for democracy.

From Keith Axline article:
"Privacy Is Just the First Step, the Goal Is Data Ownership"

"All human beings have three lives: public, private, and secret."
-- Gabriel Garcia Marquez



Suppose you do some searches about cancer, or diabetes, or alcoholism. Do you want that info popping up the next time you apply for health insurance or car insurance or a job ? Even if you don't have cancer, diabetes, or an alcohol problem ? Easiest for the company to just deny you the insurance or the job, rather than investigate or take a risk.
Dilbert

Suppose you're a woman with an abusive ex-husband, or a creepy ex-boyfriend ? Do you want them to be able to track your location in real-time, or track you even if you move to another city ? Or to know where your new job is, or who many of your friends are ?

Suppose some of your friends or family care much more about their privacy than you do about your privacy. Exposing your info to the world could expose some of their info to the world. It even could affect future generations of your family: suppose you post about some genetic disease you have, and years or decades later this affects your descendants ability to get medical insurance ?

Some people do depend on privacy for their profession, or their life. They work in journalism or activism or investigations. Maybe they live under oppressive regimes, or investigate organizations which have a history of retaliation against opponents, or work in the justice system (where criminals might retaliate against them). If the rest of us don't value our privacy, there will be fewer tools to protect them, too.

From noir_lord on reddit:
+/-
Some people (including myself) are not comfortable with a faceless corporation knowing
  • What medical problems I have (ever googled a medical problem for yourself or someone else?).
  • Who my contacts are (if you use their webmail) and what we are discussing.
  • Tracking just about every page you visit.
  • Build up a remarkably accurate profile of who you are and your life.
  • What videos you watch.
  • What topics you are interested in.
Now each of those on its own is somewhat unsettling, but when you combine all that together and then you don't really know how your data is handled now and how it might be handled in the future, then it starts to get really unsettling.

The thing with all this data is that it just accumulates, and over time the companies can really build up an accurate profile of you, and that is just f***ing creepy.

From Daniel J. Solove's "Why Privacy Matters Even if You Have 'Nothing to Hide'":
+/-
Some responses to the "I've got nothing to hide; you have something to hide only if you're doing something wrong" argument:
  • Do you have curtains ? Why ?
  • Can I see your credit-card bills for the last year ? Why not ?
  • I don't need to justify my position. You need to justify yours. Come back with a warrant.
  • I don't have anything to hide. But I don't have anything I feel like showing you, either.
  • If you have nothing to hide, then you don't have a life.
  • It's not about having anything to hide, it's about things not being anyone else's business.
  • You are willing to let me photograph you naked ?
...

... the nothing-to-hide argument stems from a faulty "premise that privacy is about hiding a wrong." Surveillance, for example, can inhibit such lawful activities as free speech, free association, and other First Amendment rights essential for democracy.

...

Another potential problem ... is one I call exclusion. Exclusion occurs when people are prevented from having knowledge about how information about them is being used, and when they are barred from accessing and correcting errors in that data.

...

Yet another problem ... is distortion. Although personal information can reveal quite a lot about people's personalities and activities, it often fails to reflect the whole person. It can paint a distorted picture [and that can have consequences].

...

What if the government mistakenly determines that based on your pattern of activities, you're likely to engage in a criminal act? What if it denies you the right to fly? What if the government thinks your financial transactions look odd - even if you've done nothing wrong - and freezes your accounts? What if the government doesn't protect your information with adequate security, and an identity thief obtains it and uses it to defraud you? Even if you have nothing to hide, the government can cause you a lot of harm.

"'Nothing to hide' only works if the folks in power share the values of you and everyone you know, entirely, and always will."
from Tom Scott's "Why The Government Shouldn't Break WhatsApp"

From /u/162bfizzy on reddit's /r/privacy:
+/-
> You could also just ask them for all their logins to their
> accounts and see if they would give it to you, and if they
> say no, well then they obviously have something to hide.

No, it doesn't. It means that it's none of your business.

Actor 1: Are you afraid of dying?

Actor 2: No, not really.

Actor 1: Ok, let me kill you.

Actor 2: No.

Actor 1: See, you're afraid of dying.

Actor 2: No. I said I didn't fear death, not that I wanted to die. Do you understand that those are two entirely separate things?

We all segment privacy in our lives. I share my social security number with my bank. That doesn't mean that I want to share it with you. They have a legitimate need for it. You don't.

Same thing as if you asked me for the keys to my house. Absent an invitation, you have no legitimate reason to be in my house. It has nothing to do with whether or not I have anything to hide inside my house.

OP's friends refusal to give up their passwords to OP, who presumably has no legitimate need for them, doesn't prove anything.

The argument itself is a logical fallacy usually the result of the person making it thinking in bumper sticker or meme style debate models.



Reasons someone might want to attack you:

+/-
  • Your info (personal data, credit card info, etc) can be sold for money.

  • Your computer stores info that connects to your money (your bank accounts, credit cards, tax filings).

  • Your computer stores credentials that connect to your employer's network.

  • Your computer stores info that is valuable to you (family photos, etc), which can be encrypted and ransomed back to you.

  • Your computer stores info about other people (Contact lists, etc) that can be sold.

  • Your internet-connected computer can be used as an agent in a bot-net (to send spam or attack other computers).

  • Your computer can be used a point to inject malware to get onto other computers (in your LAN or your work or school).

  • Your resources (e.g. US phone number, US ISP connection, etc) can be used to get something that a person outside USA can't get themselves (e.g. Google Voice number).

  • Your reputation (identity) can be used to fool your friends/family into falling for scams sent from "you".




Why Privacy Matters
Srikrishna Sekhar's "Why worry about privacy?"
Ruth Coustick-Deal's "Responding to 'Nothing to hide, Nothing to fear'"
Patrick Allan's "Why Your Privacy Matters, Even If You're Not 'Doing Anything Wrong'"
New Yorker cartoon



Rather confess to murder than have search history revealed

Another way to look at it: will anyone ever develop a grudge against you, and look for ammunition against you ? Ways to embarrass you, or harass you ? Perhaps you'll get involved in a divorce, get in a dispute with a neighbor, get in a feud with a coworker. Or some idiot on the internet might come after you. How much information do you want to make available to them ?



From someone on reddit 1/2014:
+/-
As an employer I run every name and email address I am given by a potential hire through Google and Facebook. I look at everything public to make sure there isn't something completely f**king insane.

Things I don't do: I don't hold what their friends say against them. I don't Friend them or try to look at things that are private. I don't hold it against them if they don't have an account or I can't find it.

I do look at public photos and statuses. I don't care if they go to parties. I do care if they skip work to do so or because of it.

So far I'd say 80% of the applicants are fine. But in that other 20% I have found obvious racists, people who actively hate gays, people who play games every working minute (while at work).

Funniest was someone who had set their account to public and constantly complains about being at work FROM work and asked friends to come by and visit and talk, at a job where that was not appropriate.

For people who apply as interns, I let their school know to have them remind the student to lock down their account. For people who apply for real jobs, I don't say a word.



Some say: Innocent people have nothing to fear from government spying:

+/-
I'd certainly feel uncomfortable and creeped-out if someone followed me around all day, videotaping everything I did, documenting every place I went and everything I did, watching me. Should it be okay for the govt to do this ?

Why was protection from unreasonable search put in the Bill of Rights (4th Amendment) ? It fits this situation exactly: govt is supposed to have a good reason for invading your privacy.

Some huge government investigations have targeted and ruined the lives of innocent people: the McCarthy hearings, the Atlanta Olympics bombing (Richard Jewell was innocent), and the anthrax attacks (Steven Hatfill was innocent) come to mind.

Government powers have been used to target people with unpopular views, or journalists reporting news that politicians didn't want reported: FBI under Hoover, Nixon's enemies list.
Wikipedia's "COINTELPRO"



My response to someone who asked "Why is this NSA scandal such a big deal ? I'm not doing anything illegal.":
+/-
Some reasons:

1- NSA scandal is just one symptom of a bigger issue: govt checks and balances have broken down. Intelligence spending and activities are out of control, military spending is out of control, citizens got panicked by 9/11 and let govt take major new powers and now govt is out of our control.

2- NSA is just one point along a spectrum of threats to you. It is the least likely but most powerful threat. It points out that you are vulnerable to scammers, stalkers, eavesdroppers, online criminals, etc. It reveals that our online security and privacy tools and laws are weak.

3- Technology, and the threats from it, will only get more powerful and more invasive in the future. Insurance companies and advertisers and your wacky neighbor will all get more powerful tools to threaten your privacy.

4- Things you do that aren't illegal still may be private. Why do you have curtains on your windows ? Why do you close the door when you go to the bathroom ? Would you mind if someone published your tax returns, your salary and net worth numbers, your credit-card statements, your bank account statements, your medical records ? Why ? You're not doing anything illegal.



Evgeny Morozov's "Your Social Networking Credit Score"
The Economist's "Lenders are turning to social media to assess borrowers"

Jay Stanley's "Plenty to Hide"
John C. Dvorak's "On Privacy: It's Not What I'm Hiding (Or Not Hiding) That Matters"
This Modern World's "Sensible Thinkers Think About Leaks"

Paraphrased from Tijmen Schep on BBC's "Business Daily" program "Facebook, Big Data and You":
The majority of the money is made from selling a "risk profile" about you, rather than from advertising to you.

Data brokers do not deal in anonymized data, they specialize in collecting and creating personal data about you. They may have thousands of data points about you, including things such as an estimate of when they think you will die, what diseases you might have, etc.

There is "your data" and "their data". Your data is your Facebook Likes, your use of apps, location data from your phone, your purchases, etc. Their data is all the profiles and scores they derive from your data. Their data is proprietary to them, owned by them. They may be willing to tell you which of "your data" they possess, but they won't tell you what "their data" says about you.





Future threats to privacy will be greater



From Intelensprotient on reddit:
... you do not need to be registered with Facebook for them to make a profile for you. Once you have visited any page that is affiliated with them, they will create a file about you and collect each and every visit to every site that has a "Like" button or a Facebook plugin. The amount of data collected this way can be tremendous, which few people realize. Google is even more extreme, as they collect data from every place that has AdSense, Analytics and similar services, which basically covers almost everything the average person visits. Those services may not always be as obvious as a "Like" button - for instance, some are implemented by displaying a single transparent pixel image.

...

You cannot know what kind of surveillance methods and laws will be implemented in the future. Already, biometric information gathering such as the identification of people from video recordings is becoming more and more successful, even prompting for the EU to begin implementing a system that can link people in public places to their Facebook pages and other photographs. Similar plans are implemented by the US. Other technologies include public voice surveillance, supervision of vehicle movement or behavioral analysis in public spaces. All this data can and will be linked and combined with what is collected about you online.

...

More about the future: new technologies such as Google Glass and face-recognition and license-plate-recognition and CCTV will connect your "real" life and your online life more tightly, and in real-time. Facebook, law enforcement, even big retail stores are starting to do facial recognition. Things you do in public without giving your name, or giving fake data, and using cash, may still be connected back to your personal info. What you do online won't stay only online; what you do offline won't stay only offline.
George Dvorsky's "How Your Body's Unique Biosignatures Are Used for Surveillance"

In the future, CCTV and consumer cameras only will get better and better. In public, or through your window, cameras may be able to read the screen on your phone, hear your conversation from a distance, photograph you in infrared at night. One of the first users of this is the police force that brought us "stop and frisk": Joe Coscarelli's "The NYPD's Domain Awareness System Is Watching You".

And "The Internet Of Things" is coming: your own devices (car, house, refrigerator, toilet, etc) will make more and more data available, and some of that could be used to reveal your activities.

Another hint about where tech may go in the future: scanning your face and posture and movements to diagnose your health. Maybe a good thing in a doctor's office. Maybe a bad thing when a retailer is doing it and selling the data to insurance companies.

Some ideas gleaned mostly from lifehacker's "How You're Unknowingly Embarrassing Yourself Online (and How to Stop)":
+/-
  • Many things people post about may be technically illegal. They may be rarely caught or prosecuted. But bragging about them online creates a permanent record, and who knows what authority might see them someday and decide to act ? Posting about downloading movies or music for free, about how drunk you were when you drove home last night, about how you got back at your Ex by doing some nasty prank.

  • Someone researching you in the future may not like what they find. A potential employer, a potential mate, an insurance company. How will they react when they see you complaining bitterly about your current boss, bragging about how many one-night stands you have, how much you drank or smoked last weekend ? And they may not distinguish between 18-year-old you and 28-year-old you.

  • People who have sensitive jobs, or may ever find themselves in sensitive jobs, have to be especially careful. Teacher, politician, priest, banker, reporter, law enforcement, any bonded job (bank guard, cashier, treasurer, etc). Teachers have been fired for online pictures of them doing things that are deemed bad examples to students.

  • All of the online world carries risks; it's not just a problem with social networks such as Facebook. If you comment on YouTube or newspaper sites or blogs, you might be identifiable. Using pseudonyms can help avoid this, but may not avoid it completely.

  • Risks come from your friends and their behavior, too. If a friend or someone else at the same party posts a party-video or party-pictures, and you're tagged on it, or identifiable in it, you may have a problem. Suppose one of your friends Photoshops your face onto a picture of someone doing something obscene, and the resulting image gets out into public ?

  • Some posts can violate rules at your current job, or even violate SEC regulations. Or just massively irritate your boss or coworkers.


Susan Landau's "Law Enforcement Is Accessing Locked Devices Quite Well, Thank You"
Benjamin Herold's "Schools Are Deploying Massive Digital Surveillance Systems"
Cathy O'Neil's "How Big Data Transformed Applying to College"
Cory Doctorow's "Weapons of Math Destruction: invisible, ubiquitous algorithms are ruining millions of lives"
Mark Di Stefano's "7 Real Life Ways Metadata Can Be Used Against You"
Zack Whittaker's "US border officials are increasingly denying entry to travelers over others' social media"
Wolfie Christl's "Corporate Surveillance in Everyday Life"
Ralph Nader's "Corporate espionage undermines democracy"
Justin Jouvenal's "The new way police are surveilling you: Calculating your threat 'score'"
David Auerbach's "We Can't Control What Big Data Knows About Us. Big Data Can't Control It Either."
Cindy Cohn and Trevor Timm's "Busting Eight Common Excuses for NSA Mass Surveillance"
Thor Benson's "We Need to Regulate Technology That Can Detect Your Emotions"
Yaniv J Turgeman and Eric Alm and Carlo Ratti's "Smart toilets and sewer sensors are coming"
Brendan I. Koerne's "Your Relative's DNA Could Turn You Into a Suspect"
Rick Falkvinge's "What's Privacy Good For, Anyway?"
See Identity Theft section of my Computer Security and Privacy page



Future threats to security will be greater, too. One scenario to consider: Today's cloud backup may be encrypted so well that no one can crack it. But that encrypted data may still be available somewhere in the cloud 20 years from now, and maybe 20-years-future technology WILL be able to crack today's encryption.



How do investigators find people ?

  • SITS: Shelter, Income, Transport, Social contacts.

  • Mistakes by their partner, who doesn't know or care about privacy.

  • Contact through every number or address ever used, try to fool them.

  • Information revealed on social media, even very old posts/comments, by target or friends/family.






The costs of maintaining privacy are too high







Some societal nuances to privacy







Companies



My response to an article saying "Google and Facebook and Twitter have not created new products that stand alone like a car or a new house; they have created things that invade every other aspect of the economy and our culture. That is a different level of power.":
+/-
I think this is overblown. I could stop using Facebook and Google and Twitter tomorrow, with some effects but not big effects on my life. I can give them false info, give them minimal info, use alternatives to them, do without them.

Government and military and police have the potential to have unavoidable, huge effects on my life. They take some of my money (and give me services) without much choice on my part. Sometimes they cause other people to attack our country. They have access to my tax information, credit info, bank account info, phone records, etc.

Some companies have large physical effects on my life and my health. Fossil-fuel power companies, and other companies that put who-knows-what into the air I breathe and the food and drink I consume.

Other companies have pervasive effects throughout our economy and/or culture. TV networks. Phone companies. Walmart. Exxon.

The two political parties control much of what happens in the government and culture and economy.

Super-rich people could destroy me with lawsuits, or buy laws that affect me severely.

No, I think Facebook and Google and Twitter are pretty low on the list of powerful entities to worry about.

Karl Bode's "If You're Pissed About Facebook's Privacy Abuses, You Should Be Four Times As Angry At The Broadband Industry"
Privacy.net's "What does the US government know about you?" (about more than just the government)



Companies that could have large access to your activities:

  • Your OS vendor (especially if they do "telemetry", or server-based voice command processing).

  • Your anti-virus vendor.

  • Your browser vendor.

  • Your browser add-on vendors.

  • Your search engine vendor (especially if they do "search suggestions").

  • Advertising networks/brokers (if you don't run an ad-blocker).

  • Other vendors who have code/data on many different web sites, such as Facebook "Like" button, or Flash add-on (if you don't run blockers).

  • Your cable TV vendor, if you're using their box or features.

  • Your router vendor.

  • Your ISP (Internet Service Provider).

  • Your DNS (Domain Name Service) provider.

  • Your email provider.

  • Your phone service provider.

  • Your phone OS provider.

  • On older versions of Android, vendor for any of your installed phone apps.

  • Your bank, credit-card company, and credit-reporting agencies.




How do companies justify selling your information ?

+/-
  • They are giving you a great free service, and they need to make money to keep it going.

  • With more info, they can give you more relevant ads and news items and pointers to new Friends.

  • They give you lots of ways to control the privacy/selling of your info.
    [But sometimes have been caught cheating on this.]

  • You agreed to it when you signed up for the service. And you could stop using their service and close your account.

  • They sell your info in general/aggregate, not your specific name, address, phone number, etc.



Don't rely on a company's promise to safeguard your data, even from police:

+/-
Terms of Service often say "we reserve the right to change these TOS in the future".

If the company gets sold/acquired/merged, the new company may change the terms/policies.

Kate Cox's "Search warrant overrides 1M users' choice not to share DNA with cops"



Some ways technology is stretching old notions of privacy:

Technology makes possible:
  • Constant, multimedia surveillance of people.

  • Connecting together various flows of data about a person.

  • Publishing that data globally.

  • Storing that data publicly forever.

  • Making that data easily searchable or analyzable.

  • Extracting information (such as mood or health) from that data that could not be extracted before.




How could your information be used ?

+/-
[From most likely to least likely:]
  • To advertise to you.

  • To adjust prices offered to you.

  • To gain knowledge about how people similar to you would behave.

  • To gain knowledge about your contacts (friends, family, associates).

  • To influence your opinion or behavior or vote (maybe to discourage you from voting).

  • To deny services or employment to you.

  • To attack you.


From someone on reddit:
Never post on social media about your physical condition in the aftermath of a traffic accident, this can be used by insurance companies to prove your injuries weren't as severe as claimed. Seemingly innocent statements like "I'm okay!" will be misconstrued, especially by insurance companies.




Product labeling we need (for IoT, Internet of Things):

+/-
  • This product does/doesn't require a constant internet connection to operate.

  • This product does/doesn't require user account registration to operate.

  • This product does/doesn't require connection to an external service to operate.

  • This product does/doesn't send data to manufacturer during operation.

  • This product does/doesn't allow manufacturer to read/access/modify data in the product.

  • This product contains firmware/software that can/can't be updated by the user.






Defenses



Privacy when applying for jobs:

  • Use virtual postal address and phone number, not real ones, and a unique new email address, on the resume.

  • Don't put names and phone numbers of references on your resume; that would violate the privacy of those people.

  • Instead of giving your Social Security number and birthdate, write "available upon hire".

From reddit:
> If I ever want to get a job, how do I cope with the data
> collection? When using job portals you need to put a whole
> lot of information online just to have more companies look
> at you and decide whether you're the right person for them
> to hire. You may include your birthday (and / or age maybe),
> your address, your education, where you worked, what other
> activities / diplomas you've got, even a picture of you and
> so on. It is actually more data that you'd ever put on
> Facebook and maybe more data than Google would know about
> you based on your years of search (or maybe more important
> in any case), and it's public, like, anyone can create a
> business account and collect all of this data. You may
> even get them your data if you want to be employed.
>
> So I am curious to know: How do you protect (or did you
> protect) your data while looking for jobs? What is the
> data you might regard as less sensible that can be
> available for any "business" (account, of course) and
> what is not? Did you manage to protect all this data
> and get hired? Or maybe tips on how to get a job while
> keeping the data private at the same time.

The only advice I've heard applies more to printed resumes, may not work on web forms: leave some data marked as "available upon request" or "available upon hiring". Phone number, birthdate, Social Security number, address. And maybe use a new temporary email address while applying.




Privacy from your employer:

  • Get new, virtual postal address and phone number (via mail-forwarding or other service) and a unique new email address, and then tell them "hey, I've moved, here's my new info". Don't go in to HR and say "I want more privacy, I want to hide my real info".

  • If employer gives you a work cell-phone and expects you to carry it 24/7, get a burner phone and tell them "hey, your cell-provider doesn't have coverage where I live, you'll have to call me at THIS number instead", and put the work-phone in a Faraday bag every day as you drive home from work.




Key data you might want to keep private:

  • Your name.

  • Your physical address.

  • Your email address.

  • Your credit card info.

  • Your phone number.

  • Your picture.

  • Your activity.

  • Your medical information.

  • Your biometric information (fingerprints, DNA, etc).

Note that there are two kinds of data: things you can change, and things you can't. If someone steals your credit-card info, you can cancel the card, change the number, etc. If someone steals your medical history, you can't change that.

Some of the data most valuable to companies are your "social graphs": how you connect to other people, things, places, companies, jobs, etc. For example:
  • Your friends, family, places, jobs, schools, politics, religion: Facebook.

  • Your purchases: Amazon, credit-card company, PayPal.

  • Your locations, stores: Apple and Google via smartphones.

  • Your jobs, employers, skills, coworkers: LinkedIn.

  • Your credit-cards, debts, mortgage: the credit-reporting agencies.




Disinformation:

+/-
In places where it's not illegal to lie, such as stores requiring you to give data, and wrong data would not hurt you, you might want to:
  • Misspell your name slightly.

  • Give a fake mailing address.

  • Give a fake email address.

  • Give a fake phone number.




The law (in USA):

+/-
[Mostly from Daniel Zwerdling's "Your Digital Trail: Does The Fourth Amendment Protect Us?"]

Two legal ways the govt or others can get your data:
  • Warrant: requires "probable cause"; has to be signed by a judge.

  • Subpoena: requires "relevant to an investigation"; can be signed by a prosecutor, some other govt agents, in some states even by a lawyer (such as in divorce case).
Fourth amendment of the Constitution protects against search and seizure.

But location of your data matters:
  • In your home: requires a warrant.

  • If it's shared with someone else (web company, phone company, your bank, your credit-card company, etc): either subpoena or warrant. There may be even lower standards if the data has been on there more than 6 months, so is considered "abandoned" by the law (1986 Electronic Communications Privacy Act).

But there are other standards. For example, once NSA collects masses of phone-metadata, it isn't supposed to search within it and use pieces of it without a "reasonable, articulable suspicion" (RAS) that it is related to terrorism. [from Ryan Lizza's "State of Deception"]

And your cell-phone data may get swept up with that of criminals, with each phone company applying its own rules about what data is given to police. [from David Kravets's "Cops and Feds Routinely 'Dump' Cell Towers to Track Everyone Nearby"]

There are special legal protections for some kinds of data. HIPAA protects health status and medical records of individuals.

Of course, legal protection doesn't mean much if your data is collected and then the database is stolen. See for example Wikipedia's "Office of Personnel Management data breach" and Dan Munro's "Data Breaches In Healthcare Totaled Over 112 Million Records In 2015". But if you don't let them collect it in the first place, it can't be stolen.
Daniel Solove's "Why I Love the GDPR: 10 Reasons"



Kashmir Hill's "10 Incredibly Simple Things You Should Be Doing To Protect Your Privacy"
Dave Greenbaum's "New Tax Fraud Scam Reminds Us: Protect Your Social Security Number"
EFF's "Digital Privacy at the U.S. Border: Protecting the Data On Your Devices and In the Cloud"
Sarah Kessler's "Think You Can Live Offline Without Being Tracked? Here's What It Takes"





Miscellaneous



The Hard truths of Cybersecurity:

+/-
[From The Binary Blogger (modified to apply to home users instead of businesses):]
  • Various hackers/criminals have all your information already. Billions of records are stolen/breached every year. That doesn't mean we stop protecting stuff. [Just because China has your info doesn't mean the script-kiddie down the block has it too.] Protect your new info as best as possible. Change your passwords, maybe change your credit-card number, monitor your accounts, monitor your financial identity.

  • Social engineering and bad patching practices are responsible for most breaches. People are the weakest link, both directly (phishing, mistakes, downloading bad stuff), and indirectly (laziness about patching).

  • You don't have to have perfect security, but do your best. Many threats are simple or opportunistic, and can be stopped easily (firewall, up-to-date patches, unused services turned off, etc). The hacker or scanner-software will move on to some easier target.

  • Attitude is more important than having the best tools. You can have great software, but if you don't know how to configure it or you ignore alerts from it, you'll have problems.

  • Motto of the show: The more aware you are, the more secure you can be.




Protecting some data is worthwhile even if you can't protect all of it.

It's an arms race: we citizens (and the corps and govts) are getting new tools and laws all the time. You're creating new private data every day: your location, activities, etc. And you can reach back and try to obfuscate old data that's out there, by overwhelming it with new data. Or make it irrelevant, by changing phone number, email address, physical living location, car license plate number, etc. The fight is not over, or hopeless.

Find a level of cost/benefit tradeoff you're comfortable with, and don't worry about the 100% case.

Don't get paranoid.
The Kinks' "Destroyer" lyrics



Really about anonymity: Wladimir Palant's "How much privacy do you have left on the web?"

Eva Blum-Dumontet's "Winning the debate on encryption - a 101 guide for politicians"

Evan Dashevsky's "Admit It, You Don't Care About Digital Privacy"

Ian Bicking's "'Users want control' is a shoulder shrug"

Heard on a podcast: some car-repair places (especially big national changes) will grab the registration and insurance documents out of your glove-box and copy the data into their computer, so they can sell it.

Don't use privacy/security techniques to break the law, especially for tax evasion. Governments will spend anything necessary to catch tax cheats. From Justin on The Complete Privacy & Security Podcast episode 073: "There ain't no privacy in prison."



Internet activity made police go blind

My "Computer Security and Privacy" page