Safer Internet: Develop a Privacy Strategy

Quotes

Policy / Law

  • terms and conditions"Privacy policies" specify how your information will be used / shared -- no guarantee of protection or enforcement; if you have some time, read/scan -- rather than blindly accept
  • Most companies do not provide details about robustness of their security practices (because they're clueless, embarassed?)
  • Terms & Conditions and Privacy Policies can change without notice, usually not for the benefit of users
  • e.g., Linkedin: User Agreement (T&C), Privacy Policy; also: Ad Choices; Community Guidelines; Cookie Policy; Copyright Policy
  • Government regulations & laws lag the technology;
    if they exist, they often favor corporate donors and surveillance agencies over consumers

Behavior

  • best practicesAccept that some changes are necessary; to get the most out of this class, some homework is required. Advice & tools change over time -- security is akin to game of "whack-a-mole"
  • Invest attention and energy upfront to be proactive before problems occur.
  • Learn good habits, such as backing up regularly, updating software, choosing strong passwords, storing passwords securely, logging out when not using your computer; connecting to known, encrypted WiFi networks, etc.
  • [Refs]: "How the Experts Protect Themselves Online (compared to Everyone Else)"
  • [Refs]: "'Security fatigue': Computer users tired of too many passwords, warnings"
  • [Refs]: "The psychological reasons behind risky password practices"
  • Pray? Cyberinsurance?
  • type A BTV / movies often do not accurately portray security threats / practices
  • [Refs]: "Hollywood's take on cybersecurity"
  • Before: minimize personal information that you provide / volunteer
  • After: purge info from data brokers
  • [Refs]: "Privacy Tools: Opting Out from Data Brokers"
  • Avoid installing malware inadvertently, e.g., clicking on links in suspicious emails, panicking & responding to scary popups
  • "Social Engineering" can often defeat many otherwise secure systems -- especially if request comes from harried "boss", desperate "friend", incarcerated "grandchild", irate "customer"
  • PEBKAC[Refs]: "Majority of Americans fall for email phishing scams" (quiz)
  • "PICNIC": ...
  • the "Pledge": don't do anything stupid! {TCYOP-3: 36-38; TCYOP-2: 33-34; TCYOP-1: 32-34}

Planning

  • risksConsider risks & needs by:
  • location: home, school, work, vacation
  • task: banking, searching, communicating, entertainment
  • device: phone, tablet, computer, etc.
  • type of information: required, optional, sensitive, personal
  • convenience: all mail, calendar, search, payments, passwords with one trusted provider, or different places?
  • companies you use: what is their business model? how "free" are their services? do they track you? e.g., Facebook, Google (advertising) va. Apple (hardware)

Technology

  • plan"Technology is...
  • "1) Everything that's already in the world when you're born is just normal;...
  • "1) When a distinguished but elderly scientist...
  • keep calmMake one-time changes, such as more secure passwords, system & browser settings, privacy options on social networking sites, etc.
  • [Refs]: "9 Facts About Computer Security That Experts Wish You Knew"
  • Since it would overwhelming to do everything that we'll discuss immediately, be selective and phase in gradually over months.
  • Ongoing: check vendor sites for updates; refer back here to course summaries & reference articles

Summary

References