So here we are, to discuss something I’d rather not talk about with people that would rather not read about it.
I’d rather not talk about it because it makes me sound like a paranoid loon, and nothing that I have to say is good. You don’t want to read about it because nobody likes being told that they should work harder for their own benefit. But that’s kind of what this is.
I’ll try to keep it entertaining, that’s all I can promise
So it’s been awhile since I’ve posted, and even longer since I’ve talked about Privacy. Six years in fact, so I think we’re do for a refresher and an update.
In the last article I talked a lot about Privacy in regards to Government tracking and control and we spent a little bit of time on how very little of your data is needed to build a pretty reliable picture of the person that you are. I talked a bit about Target, predicting pregnancies and other things that pretty clearly establish the potential risks of allowing someone just a tiny piece of information.
What I didn’t do, however, was give anyone the tools (information, mostly) that they would need to keep their information private and secure. So in the efforts of giving you something that’s actually useful…
I’m going to start here because nothing infuriates me more than some asshole calling me to try to sell me something that I don’t want and didn’t ask for. For anyone that tells me I’m being unreasonable or unfair: These companies do not adhere to FCC guidelines in regards to robocalls or number spoofing. They do not deserve my respect.
So here’s the start: Unless you owe someone money or someone is loaning you money they don’t need your phone number. Don’t sign up for surveys, drawings, or those sites that say “we’ll get estimates from the top 5 whatevers!”…it’s ALL bullshit and allows your information to pass through a whole bunch of grubby paws.
Convenience will kill you on this – never ever give your number out unnecessarily. Compare the time saved (by ‘conveniently’ putting your information into one site, and for the next week explaining that you either can’t afford the work or that you’ve already paid someone to do the work. Then tack on the time every Mon-Sat 9a-9p that someone wants a survey or to offer you a free Mariott Resort stay. Still convenient?
Need a car insurance quote? Look up the phone numbers of your local insurance representative and call or email them directly. Even so, be careful to check the user agreements where they establish who they’re allowed to give your information to (and what information they’re giving)…which unfortunately brings us to the very boring…
End User License Agreements
Ok, so the big joke is that nobody reads these agreements, and for the most part it’s true. After all, they just more or less protect the company, right?
Well yes, mostly that’s what they do. And you really don’t need to read every single one of them to get a gist for how they’re laid out and the parts that are important to you.
PLEASE stick with me, this stuff is boring as shit, but I can teach you a few shortcuts. Once you start seeing the crap that you give companies the rights to you might just start getting a little paranoid as well.
So most EULA are laid out the same way:
- Table of Contents
- Definitions of terms
- Terms (Legal garbage)
- Agree Button
The table of contents (if you don’t remember your Middle School library) is where you’re going to want to start. There may be quite a few lines listed, but don’t be disheartened – companies deliberately do this so that you don’t read the agreements (doesn’t that piss you off?)
For the purposes of this blog I’m going to use the most recent EULA that I have scanned (and will not agree to) as an example: Instagram (the method for finding the EULA on any website is usually the same. For Instagram, go to “Help Center”. As Privacy is a big deal, there’s a link on the left menu for the “Privacy and Safety” (ooh, official sounding!). Click on that and brace yourself.
Before you panic, MOST of this isn’t anything that’s going to concern you. You’re not interested in pissing people off, so unless you’re going out of your way to post questionable content the “Community Guidelines” are going to be the same everywhere: Don’t be a douchbag. See how easy it was to not read that section?
Now, knowing that Instagram is owned by Facebook I didn’t bother to go through a lot of the next sections – when I read these things I’m looking for the most damning requirements, and whether what I post is visible or not is at the bottom of that list. If I were to navigate through the other sections and not find a dealbreaker I may come back to read these, but I suspect that we’ll find the juiciest requirements under “Data Policy”.
Christ, they can make anything boring. And they start right out of the gate telling you what information they’re going to collect. Do you care? Of course not, it’s Facebook. They’re collecting everything you give them access to (it’s more than what you post, but let’s assume that they only collect what you post and where you post it from). We can scroll down.
Oh…”II. How do we use this information?” and “III. How is the information shared” might give us a reason to protect ourselves. Let’s scan the bullet points (bold headings)…
“Provide, personalize and improve our Products.” is probably benign…you want your personalized colours and pictures to let everyone know your– hold on, what the fuck is this?
Ok, so that’s a little weird…did you know that you had a “type”? They’re telling you right here that you are just like a whole host of other people; your uniqueness stripped away (except for their means to get your eyes on their advertisements!). But you know, as bad as that sounds, I bet we can do a little better.
Doesn’t “the social good” sound kind of Big Brother level Orwellian? Who defines what is in “the public good”? While they give us a benign (even beneficial example), we also know that they allowed the US elections to be manipulated, so pardon me for being a little apprehensive.
Now, you’ve gotta keep scrolling. Like I said, these things are long and dry because they want you to get bored and move on. But the bottom is an obvious place to put juicy information isn’t it? So you can’t just skip to the bottom. Pay attention to the headings and look for anything that jumps out…it shouldn’t take you very long to discover…
Using the same ‘method’ of “Scroll and scan the headings” it doesn’t take very long before we get to something that sounds good:
Hmm…so they say that you retain the rights to your work, but that they’re free to manipulate it and use it for advertising purposes? Ahem. Have you ever seen those car insurance ads where they show a picture of a friend of yours and you’re like, “Weird that this friend of mine that takes the bus everywhere got new car insurance?” It’s because that person gave them permission to do that. Do you think they’ll honor requests to remove your data should you change your mind?
And lastly: Do you trust them enough to allow them to change the terms of this agreement whenever they like? Did you enjoy going through this process? Is it worth it to have to reread the agreement literally every time they change a toggle switch?
I do not. If I’m posting stuff on Instagram it’s because I want to share pictures with people I know (which email works very well for, but it’s just not as convenient). Either that or I’m trying to build a brand and if I’m trying to do that, giving FB creative control over what I’ve created is a guaranteed way to get fucked in the end. Thanks but no thanks.
So it probably took longer to read what I’ve written than it actually did to scroll through the user agreement. Make a promise to yourself that you won’t agree to anything without at least skimming it for incriminating shit and you’ll save yourself a lot more headache.
The most boring part is out of the way! But there are two more things I’d like to touch on, neither of which is as dry or boring as this last bit, I promise!
Sharing Email Addresses
When you use the same email address for multiple services it’s vastly easier for Data Warehouses to build a profile of you. For example, Netflix knows what movies and TV shows that I tend to like, which probably says a lot about what kind of person I am. How much of a better picture would they have if, for example, someone were to combine that information with your purchase history on Amazon? Ebay? How about where you work and how much you make a year? Your address?
When you share email addresses you’re giving someone access to information that you probably don’t want them to have, so my solution to this problem is to create a different email address for everybody that I do email business with. Again, don’t freak out – this is easier than it sounds (and easier than I make it).
I host my own email server so I have complete control over how it does business. On one hand it simplifies everything because, well, I have complete control over how it does business. On the other hand, in order to set something like this up is a pain in the ass if you’re not a nerd, so I don’t recommend end users do this.
Fortunately most email providers (Google, Yahoo, Microsoft, etc) give you the option of having “email aliases”. I’ll explain below using bogus email addresses below (the bots are going to go crazy over this)
So I want my friends and family to be able to reach me at something that makes sense, this is going to be something like firstname.lastname@example.org
Now, if I give that address to Paypal and they get breached or sell that address to some SPAM generator I have two options: I can either deal with getting the SPAM or I can change my address, letting all of my friends and family know and hope that they update their address books because…well Christ, what a pain in the ass.
Instead, try an alias email@example.com – it will still come to your inbox, but if you start getting spam you can just delete the alias. You update the website that matters (if you still want to do business with them) and delete the alias…you won’t get anymore SPAM on that address because the address is dead. firstname.lastname@example.org and email@example.com can keep all of that crap separate and save you a whole lot of headache if you decide to try to “unsubscribe” from…well…anything.
This brings me to my final point (or two)…
Passwords & Keeping Track
You can use any method you’d like to keep track of your addresses and passwords, but I have some suggestions for you if you really are interested in privacy.
Don’t use a service. Don’t use your computer’s (or browser’s) capacity to save your password. Again, the convenience is where they get you. How secure is the encryption? How protected is your browser from someone deliberately trying to get that information? If you don’t know the answer to those questions, assume that it’s not secure and find a “better” way. Below is my method which, so far, seems to have kept me pretty safe.
Like email addresses, sharing passwords is a bad idea. If your email password and your Amazon password are the same (with the same email address, yikes!) and someone gains access to your email account they can do all sorts of damage. If you use different passwords and one company gets breached, the other remains unaffected.
So here’s what I do: I have a ‘base’ password, and I use a portion (or all) of the website name is another part of the password. For example, my usual password might be ‘G0ofb@ll’, but there’s no reason I can’t use ‘G0ofb@ll@maz0n’ or ‘eb@yG0ofb@ll’. Well, no reason other than it’s really inconvenient and difficult to remember a large number of complicated changes that you’re making to your habits…but there’s an easy (enough) solution that already exists and is fairly universal: Spreadsheets.
A random Excel (or equivalent) file named whatever the hell you want can contain all of your email addresses and passwords. And you can set a password on that file (and usually you can encrypt the file as well, which is almost necessary anymore). So you have one file with one really good password that keeps all of your other information safe…you’re never ‘forced’ to change that password because it’s not built into some other system, and if you need to swap computers you can move the file easily enough with a USB drive.
You’re never going to keep people from trying to get your information, but giving up simply isn’t an option. People should not just be able to take what they want because they say that they want it – I want a billion dollars and I don’t see anyone just handing it over, so want doesn’t mean shit.
These companies are not your friends. They do what they do because they want more money, and they will sell you out as soon as their own mother for a quick buck. They can’t be trusted and as with anyone that can’t be trusted you have to be on your guard, lest they take advantage of you.
I know some people that have asked me, “But what harm could the information do? A little advertising isn’t a big deal.” but those people are missing the bigger picture: Imagine the company that you work for being able to scroll through their user’s directory and identify who is gay or straight? Who might or might not be a feminist or a racist? Who might be Republican or Democrat? Or even those filthy filthy Independents. Who here can say, in the current political climate, that they are safe from those who would cause them harm?
I do wish companies were a lot more invested in protecting people instead of selling them out, but what are you going to do? Money causes people to do bad things for stupid reasons.
I’ve disabled comments on the Blog due to an overload of SPAM, so if you want to comment on this (or other articles), suggest other topics, or just want to say ‘Hi’ you can reach out to me on Twitter @roknrolzombie