# Protecting your privacy online Dan Conley dconley@protonmail.com ## Two parts of this talk 1. Philosophical improvements: reconsider *how* and *why* you use the internet 2. Practical improvements: concrete things you can do to improve your privacy # Part 1: Philosophical improvements ## The internet is a big place * Just because you don't think anyone *will* look at something you post doesn't mean they *can't* (and won't) * Everything you post publicly is available forever * (mostly) ## The internet is a big place * It's okay to be a stupid, goofy kid online! But do it in a way that won't haunt you as an adult. * (This does not include hate speech/harassment. Those are never okay. Be better.) * Privacy settings are a door. Close it. Let in people you want. ## You matter * (We interrupt this presentation for a brief motivational speech) * "I don't have anything worth stealing" - yes, you do * Identity. Credit history. *Friends*. (we'll talk about Facebook in a bit) ## Your place in a group matters * Computers let us crunch lots of data very quickly. * Things that would be impossible to predict as a person can be done easily with computer data models * Cambridge Analytica misused personal information from Facebook to create [253 predictions based on someone's data](https://www.theguardian.com/news/2018/may/06/cambridge-analytica-how-turn-clicks-into-votes-christopher-wylie) ## Think about what you post online * Who can see it? * Can it be taken out of context? * Who *else* is involved, and are they okay with it being posted? * Does it contain children? ## BSA has regulations * [Guide to Safe Scouting](https://www.scouting.org/health-and-safety/gss/) * remember no 1x1 contact even electronically * cyberbullying * [Social Media Guidelines](https://scoutingwire.org/social-media-guidelines/) * aimed at youth and adults * recommends keeping Facebook groups public, **but** * _are you posting private information of other people publicly?_ * personally, I _never_ post pictures of my kids on a public feed: I wouldn't want my Pack/Troop to either # Part 2: Practical improvements # Get rid of Facebook ## Since you're going to ignore me and use Facebook anyway * Check. Your. Privacy. Settings. * Set everything to friends only * Friends-of-friends means that all it takes is for one person to accept a rando for you to be exposed * Don't accept requests from people you don't know! It's just Facebook. * Use Two Factor Authentication (2FA) (explained in a bit)
Stop using Google
ibid
but they have... a lot of data
they don't look at it, but still
they are not your friend
In general,
switching.social
is a good site
## If you don't use a site, delete your account * Data breaches happen! * If your data isn't there, it won't be in the breach # Use a password manager ## Stop using bad passwords * Having a post-it or entry in your Notes app is *very bad* * Someone gets that note and they have all your passwords * Having the same password for every site is *also very bad* * Data breaches happen! If they have your email and a leaked password, they have access to *all your sites* * It's not the "complexity" of the password, it's the length ![xkcd 396, about password strength](password_strength.png) ## Password managers to the rescue! * Let the manager generate a long, random password * Autofill into the site: you never need to even know it * Works on desktop and mobile ## Password manager options * [LastPass](https://www.lastpass.com/) (what I use) * [1Password](https://1password.com/) * [KeePass](https://keepass.info/) # Use Two Factor Authentication (2FA) ## Things happen * Have I mentioned data breaches yet? * What if having your password *wasn't enough* to get access? * Check the whiteboard for my Google password * Good luck using it ## An intro to 2FA * It combines something you *know* (the password) with something you *have* (generally, a phone) * A code is either texted to you or is displayed in an app * No code, no login ## 2FA options * [Google Authenticator](https://google-authenticator.com/) * [LastPass Authenticator](https://lastpass.com/auth/) (what I use) * [Authy](https://authy.com/) ## Adding a site to your 2FA manager * Find it under "security", "password", etc * It will show you a QR code * Scan that with your app and you're all set * Enter the code to be sure it works * Generally you're given backup codes (store these somewhere *safe*) ## An important thing to remember about 2FA * DO NOT RESET/GET RID OF YOUR PHONE * That's how you get in to sites! * If you get a new phone and didn't disable 2FA, now you can't get in * This is where those backup codes help, or you can call support * Some apps let you back up your codes, but that seems dicey # Block trackers ## Cookies: more than a dessert * My son was *so* disappointed at Take Your Kid To Work Day * Cookies are how you stay logged in to websites * But then can be more... *nefarious* * If you look at a notebook on the Staples website, then go to a board game site and see an ad for that notebook, you can thank cookies ## Determining if a cookie is good or bad (without testing for raisins) * [Privacy Badger](https://www.eff.org/privacybadger) * [Disconnect](https://disconnect.me/) * Also [AdBlock Plus](https://adblockplus.org/), but that blocks ads * I'll let you determine if you want to support websites via their ad-based business model ## An axiom If you don't pay for a website, you aren't the customer. You're the product. ## More sinisterly... > Stored personality characteristics may be used as targeting criteria for advertisers ... to increase the likelihood that the user . . . positively interacts with a selected advertisement
-
Facebook
## Use a VPN * Kind of out of scope * Encrypts your web traffic and sends all request to a specific location * Prevents your network from seeing the request; just the end network * Useful for sending data to a different country (with less restrictive access and/or better privacy laws), or when using "free" airport wifi # Closing thoughts ## I'm not trying to scare you * I realize I sound like a fire and brimstone preacher * _repent! repent your sinful tweets and your snapped chats! for a reckoning is at hand!_ * It's really easy to not realize how much information we're just giving away to people who may not do good things with it. I make mistakes too. ## Don't panic * You can never be perfect. You can only be more perfect. * Completely cutting Google, Amazon and Facebook out of your life is [nearly impossible at this point](https://gizmodo.com/i-cut-the-big-five-tech-giants-from-my-life-it-was-hel-1831304194) # Questions? These slides can be found at
http://slides.danconley.net/protect/