Personal Privacy Purge

I was there Gandalf, I was there 3000 years ago…

…when the Internet was completely unregulated, free-form, self-hosted and ad-hoc. It was literally just a bunch of servers, wired together and navigable via simple search engines and bookmarked links.

Then: There was no regulation, no censorship, no seatbelt and as a result the Internet had some issues. On the other hand, safety came through fragmentation: the tech behind each website was different, the data spread across millions of servers, tech stacks and data formats. Bad people could post insideous opinions, sure, but most likely only a few like-minded nut-jobs would ever see them. You’d likely never read a post by an anti-vaxer or flat-earther, unless you knew where to find them.

Now: Fast forward a quarter of a century and the Internet is not the same. Our phones keep us connected 24x7 and our lives are lived online - yet the average person might only use a handful of services each day: Facebook, Instagram, Netflix, Amazon… These huge, consolidated platforms preside over vast hoards of personal data. That data - our data - is the fuel that powers the machinery of the largest corporations ever to exist.

Soon: Looking forward from here, I see an online future dominated by AI. I don’t for a moment believe AI will surpass the human intellect, enslave or annihilate us… It’s going to be much worse than that. AI will be the final consolidation of the Internet. A sickly-sweet AI assistant will wrap every service we rely on, becoming a proxy for our entire online presence, paid for with secrets. AI will sell the way we think and behave to the highest bidder and we won’t even notice it’s happening. Everything we share online will be fed back into the machine to further hone that skill.

So yeah, I think the internet is changing fast - personal data is already the world’s the most valuable commodity - and if data is so valuable, I’d say that now is a pretty good time to be locking down your online presence.

If you don’t pay for the product, you are the product

So let’s start with Social Media shall we? I signed up to Facebook two decades ago, playing my part in the frenzy of over-sharing that still grips the world today. I moved to Twitter some years later and I liked it; it made me feel connected to people who inspire me. My facebook went dormant in 2014 and my last post on Twitter was in 2023 (when the whole X thing happened).

I thought leaving the accounts online and dormant would be pretty safe - but looking back it was equivalent to leaving my passport, photo albums and a big pile of cash on a folding table on the front lawn.

Doubling down on the irony, I used AI to show me how to manage the long and tedious process of downloading all my data before I deleted the accounts. I even made my all my tweets available on my website - because I quite like them for what they are, I just want to be very clear that they belong to me!

It’s not just the data you have on display that’s getting monetized though. If data has value, then hosting my emails in Outlook.com or Gmail is like putting my savings in a bank. If they’re using my assets to make money, I want my cut! In the end, for a bit of extra piece of mind, I moved to Proton - where I get a solid service for a pretty reasonable price, with the privacy of a Swiss bank account. Proton fully encrypt all files and emails and provide robust privacy guarantees.

“If you have nothing to hide, you have nothing to fear”

It’s not clear whether this quote is better attributed to Joseph Goebbels or Tony Blair but it is certainly relevant today. I’m by no means a free speech absolutist, whistleblower or shady denizen of the dark web but I do value my privacy. It pays to know how much of your online presence is being tracked.

Is Big Brother watching?

Your ISP (Sky, Virgin, BT etc) connects you to the internet and can see every site you visit (yes, even if you switch on Incognito mode). In the UK, the Data Protection Act and UK GDPR rules limit logging to things like billing or fraud prevention (in parts of the US, for comparison, ISPs can keep everything and even monetize your browsing history!). Under the Investigatory Powers Act 2016, UK ISPs can be ordered to retain logs. This happens in secret, across entire ISPs, whenever it’s suspected there is a national security risk that warrants it.

So it’s safe to assume that your ISP is logging your browsing activity. Personally, I’m not concerned that MI5 might come after me but I am uncomfortable knowing that my browsing history is sitting on a server somewhere - waiting for a hacker to come along and use it to scam me or sell it to the Kremlin!

It’s also fair to assume that you can’t trust public WiFi. It’s trivial to set up a fake hotspot in your local coffee shop and intercept user’s internet connections. Most traffic is encrypted these days, but not all of it. I’d rather be safe than sorry!

Virtual Private Network

So I signed up for ProtonVPN. For the non-tech savvy reader, a Virtual Private Network (VPN) runs on your computer or phone and routes all web traffic through an encrypted “tunnel”, past your ISP and the hacker in Starbucks, to one of their servers somewhere on the internet. You can decide to browse from pretty much any country on earth, if you so desire. As a Swiss-based business, Proton are not obliged to store any logs. The performance is pretty good too.

There are a few gotchas. Trainline charge me a booking fee if I have my VPN turned on; I get weird adverts and suggestions on YouTube and sometimes the language settings on smaller sites are incorrect (for obvious reasons).

All in all though, I feel much safer using a VPN. Now I only have to worry about data leakage if I log into a site.

Data on devices

All this new emphasis on keeping my data secure online got me thinking about how I store it ‘offline’. Files on my hard disk, old photos on a USB disk in the cupboard, historical pay and tax records, contracts and legal documents…

The threat to my data here is less about faceless corporations exploiting it for profit, it’s more about a burglar stealing my laptop and getting access to my personal data.

The solution turned out to be incredibly simple and equally powerful. Since I have a Mac, I can encrypt my local data pretty easily, as well as deleting it remotely if needed. For extra secure data and removable disks I turned to VeraCrypt. VereCrypt adds government-grade encryption to your toolkit, across all operating systems. You can encrypt local files within virtual devices, or entire disks - all with AES256 encryption - which would take your average burglar several million years to crack!

It’s done

I’ve really enjoyed my sojourn into the world of cyber security. I feel like I’ve regained control of my personal data and learned a hell of a lot as I went. No doubt, some level of cyber security awareness is vital to more or less everyone these days.

One interesting fact I learned doing my research is that under UK law, you can be imprisoned for refusing to provide access to encrypted or password protected data - should the police have reasonable suspicion it contains something bad. VeraCrypt even allows you to add more encrypted space inside the encrypted volume so you have “plausible deniability”. It’s a veritable mashup of ethics and technology - and for God’s sake, don’t forget the password, because that’s not going to be much of a defence!

Maybe I was right all along - the best way to protect your data is through obscurity.