[Freedombox-discuss] Online Privacy

[John Walsh]

Hi Everybody,
I have been think about online privacy for a while from what I have learnt
from reading on this list and elsewhere. Below I have tried to join the dots
to online privacy and I would be grateful for your feedback. Part of me
thinks this is obvious to most people on this list, but I assure you it
wasn't that obvious to me. Still, that being the case I will add it to the
wiki with any corrections from your feedback to help future people like me. 

How to protect your Online Privacy


The key to protecting your privacy is minimizing the risks to your privacy.
The first risk to your privacy is using your real name or your nickname
instead of a pseudonym. Security Services communicate using pseudonyms to
protect their privacy, e.g. Bravo group talks to Alpha group.

 

A second risk to your privacy is using open communications instead of
encrypted communications. Encryption is the digital equivalent of using
registered mail instead of postcards to communicate.

 

The third risk to your privacy is that someone you know and trust
deliberately leaks your messages and files. Under these circumstances, your
only practical option (Digital Rights Management is not practical) is to
mark your communications with a "Secret" disclaimer for your direct
connections only i.e. friends only. Mark your communications with a
"Confidential" disclaimer for the direct connections of your direct
connections i.e. friends of friends only 

 

A fourth risk to your privacy is using a cloud provider (Facebook, Google,
LinkedIn) who can access your communications and logs for their purposes and
that of a third party. In most countries, you can legally protect your
communications (Email, VOIP, posts) and logs by running all your
communication services from your own home. 

 

The fifth risk to your privacy is rare, although it's possible your domain
name registrar or your ISP will reveal your personal details to a third
party. Under these circumstances, your only option is to publish and
communicate anonymously using such services as the Tor Project's Hidden
Services. You could also use the Tor Project's Hidden Services to protect
your freedom of speech, rather than risking a take-down notice of your own
website/domain.

 

The sixth risk to your privacy is that you inadvertently leak the wrong
information to the wrong person within your own social network e.g. your
boss sees an embarrassing photo of you. Therefore, you should separate
(virtual desktop) your data (messages, calendar, files, contacts) and
services (email, VOIP, web publishing) along your personal, professional
(work) and anonymous (activist) communications lines. It's possible to pull
these multiple points of presence (personal, professional and anonymous)
together into one unified presence for each user account.

 

The seventh risk and possibly the greatest risk of all is when you connect
with someone new online, you will reveal some personal information. This
risk is unavoidable, but you can still take some precautions. The first
precaution is to automatically verify an introducer's credentials, by
checking the signatures on their PGP/GPG key using the Web of Trust. The
second precaution is delay accepting an introducer's request until you have
followed their public (website) commentary for a time. The final precaution
is when you do accept an introducer's request you release the minimum amount
of personal identifiable information as possible, through the use of
relationship based profiles. Once connected, all content pseudonyms are
substituted for real names just like telephone numbers are substituted for
contact names with CallerID.

 

AFAIK, the software already exists for everything except for the seventh
risk and I have put my own spin/wishful thinking on what I would like to
see. I hope everything else is factually correct. All feedback is welcome.

 

fiftyfour 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20111110/4532fad9/attachment-0001.html>