Privacy, A Reality Check.

Posted on By Ginger T
Digital Expsoure, Privacy

Privacy, A Reality Check.

Happy New Year, 2025 could be the year for you to refresh your Privacy knowledge, or take a first look at your Privacy.

When I speak to people about Privacy either in passing or more in-depth, the common reply I receive is, “I have nothing to hide.” That may well be the case but, it is not always about hiding anything, it is about protecting what we have. The more platforms, websites & services we sign up to the more we are increasing our exposure risks.

What do I mean by that?

I follow breaches as they are reported, exfiltrated data, taken from a company or entity. On the balance of probabilities the more platforms, websites & services you sign up for the more likely your personal identifiable information will end up on the dark-web, clear-web and places like Telegram. This then increases the risk of you being subject to a criminal act, and undoubtable an increase in smishing & phishing scams. Simple steps such as using aliasing services and unique passwords helps both your online privacy and security.

But it is not just about the illegal use of your data, it is also about the legal use of data. Do you read the ToS or Privacy Policy of the platform, website & service you are signing up to?  I bet the answer for the vast majority will be, no. Once you sign up, your data can be sold legally to whoever the platform, website & service chooses too, and guess what, yes it can end up in the hands of criminals.

Why because personal data is a commodity traded and sold to make a profit.

People will call me paranoid or tinfoil T. It is not about being paranoid, it’s about taking reasonable steps to protect your data, your personal identifiable information. Look to reduce your exposure vulnerability surface of your online presence. You do not need to make drastic changes, moving to a different Browser & Search Engine is a relatively easy option for most.

Let’s be realistic.

What if you are neurodivergent or know someone that is neurodivergent. The Privacy space can be a difficult space to work in. Yes, we know Microsoft is relentless in its pursuit of your data, however they offer some excellent products to help people who are neurodivergent, or partially sighted.

Immersive reader on Microsoft Word is an excellent product to assist people who are neurodivergent. Some of the privacy focused Word alternatives cannot offer these types of tools. And, that is okay, Word is a paid for product and has the backing of Microsoft: the alternatives can be free products support by a community of volunteers.

Take some reasonable steps to reduce what Microsoft hoovers up. Look at your Privacy settings, consider blocking certain data from being transmitted by using O&O Shut Up, Portmaster or a privacy focused DNS service.

Have you ever used a privacy focused keyboard on your mobile phone, bare bones, is a phrase I would use to describe them. They may not be suitable for people who are neurodivergent, or partially sighted. Understand the difference between, neurodiverse and neurodivergent, there are many excellent tools that will help those who are not neuro-typical or have specific learning requirement. But they may not always be good for Privacy. These are factors we need to weigh up when understanding our Privacy strategy.

Michael Bazzell as I am sure you all know is one of the pioneers in the Privacy space. His podcasts now long time finished were an excellent source of Privacy knowledges and tips. Probably the go to. People have called me extreme when it comes to Privacy. I am far from extreme, I take reasonable steps that those who have no interest in Privacy, consider extreme. There is a difference! MB is considered to be extreme, even his book is called, Extreme Privacy.

But, MB is also a businessman, he does use Social Media for his business but he is very disciplined in how he uses it. There is what appears to be personal v business models in play. I am sure MB understands the importance of Social Media to his business, and he will look to harness it. It is no coincidence that MB was also a trailblazer in using OSINT and understanding technical opportunities when he worked in Law Enforcement. I do wonder if at some stage he had an epiphany moment that propelled him into the Privacy space.

Others who operate within the Privacy space such as: –

Nate – The New Oil
Henry – Techlore
Casey – Firewalls Don’t Stop Dragons

All are very passionate about Privacy but are easily accessible and do not go to the lengths MB does. Well, I say that Nate does use Qubes OS, hell, Whonix winds me up at times, I couldn’t imagine using Qubes. Talking of Operating Systems, this potentially is where we are entering a more  difficult space for the masses. People will use Windows at work, they will have no choice, so they naturally use Windows at home, after all it comes as standard on PCs & Laptops you buy from the mainstream stores. Learning about the multitude of Linux distros, settling on one you like and knowing how to install one of them is more complex than changing your Browser & Search Engine. We have to allow for this when we are talking to people about their Privacy Strategy.

I want to talk a little bit about, ‘Threat Modelling’. It is not a phase I’m particularly fond of. I feel that the vast majority of people reading this or who are interested in Privacy thankfully will not experience what I would call a genuine threat. That is something which puts your personal safety in danger.

Undoubtable there are people who must deal with or be aware of the threats that may exist towards their personal safety and need to understand their digital exposure risks. Journalists, Politicians, Dissidents, high profile people in business and show business etc.

The recent murder of Brian Thompson, the CEO of the American health insurance company UnitedHealthcare, maybe a point in case.

It is probably important to have a reality check and understand the difference between genuine threats and being over exposed on the internet and understanding your digital exposure risks. (I talked earlier about exfiltrated data, being one of those risks). What’s important is understanding where your Privacy needs fit in with your life. Have a Privacy Strategy. What is it you are trying to achieve or wanting to protect?

Social Media is an issue if you are interested in Privacy, but at the same time it can be an immense source of information. You can still use Social Media, but maybe consider not having accounts that use your real details or reveal your real identity. Adjust your Privacy settings, quite straight forward for most. I know people within the OSINT community who will also lock down their privacy settings carte blanche. It is not something I preach; privacy settings can affect what we are able to achieve from an OSINT perspective. I guess what I am saying, is understand why you are doing what you are doing, and how that affects your aims & objectives. Don’t just do it because someone said so.

Back in 2021 I wrote a blog on Digital Exposure, and I created the below diagrams. They are a visual representation of understanding the effects of the actions we take.

www.cqcore.uk/introduction-to-digital-exposure-profiling/

Whatever you do in the Privacy Space, it has to work for you. There is no point locking your life down if it inhibits your ability to function and be productive. There are always more reasonable steps you can take. It is true, unfortunately, that being interested in Privacy can make life difficult, what we may class as good Privacy hygiene, platforms, websites & services may see it as suspicious behaviour. And that can be a right pain at times.

As I said earlier, it is not about being paranoid, it’s protecting what we have or is ours. If you went on holiday, you wouldn’t leave your house unlocked with a sign in the window, “Gone on Holiday, help yourself” so why post it on Social Media. If a cold caller, called one day and asked you to provide them with your personable identifiable information, you would say no. But for some reason we trust the internet, we trust the unseen and unknown.

There is one caveat I will place on the Privacy Space, the further you go into it, the more likely that it is you may have to pay for services, and I understand in these current times that, that is not always possible for some. There is however still an awful lot you can do for free. Below are some resources you may find useful; they are in no particular order and cost nothing to read: –

https://github.com/Lissy93/awesome-privacy
https://thenewoil.org/en/
https://www.privacyguides.org/en/
https://inteltechniques.com/
https://www.techlore.tech/

You don’t need to be extreme, we can all take reasonable steps to improve our Privacy. Improving your Privacy online will also help improve your security online. People I talk to, don’t see the connection between online Privacy and online security. They think online Privacy is for people who are paranoid.

Understand where there maybe digital exposure risks, understand your vulnerability surface. Take little steps and build your knowledge, improving your Privacy online will also help you improve your security online.

It does not have to be an arduous task.

You may also like

Hostile Profiling
Introduction to Digital Exposure
May 2, 2022
Hostile Profiling
Facebook Lockdown
January 11, 2020
Hostile Profiling
A New Year, New Privacy
January 1, 2020
Hostile Profiling
What’s Up, with WhatsApp
July 31, 2021