Three Steps I Take for Data Privacy
Three Steps I Take for Data Privacy
What I do to stay (a little) more safe online
Hi, I’m Raffi, and welcome to my newsletter. Each Friday, I break down the conversations in technology, AI, and the world around it. If you’re not a subscriber, here’s what we talked about this month:
How states are stepping in to regulate privacy policy.
Is keeping kids safe online the one thing Congress can agree on?
Subscribe to get access to these and future posts, as well as previews of Season Two of the Technically Optimistic podcast, launching soon.
Last week, I wrote about how much data we unknowingly trade away for the convenience of having everything we need in the palm of our hand. To give you an idea of just how much data, a recent class-action lawsuit against the shopping app Temu claims that it gives the company access to “literally everything on your phone” — and then turns around and sells that personal data to third parties.
Data is such a huge topic that I’ve dedicated the new season of the Technically Optimistic podcast to it. We know that data powers the world we live in. But generally, that data comes from you. This isn’t news — we know that data is constantly being extracted from us. But we tacitly agree that the tradeoff is worth it: It powers the recommendations we receive for everything from shopping to social media. And it makes most apps free. That’s because the product, as they say, is us.
The question you should be asking is, Where does convenience end and surveillance start? Are you really willing to give away sensitive biometric data — your voice, your fingerprints, your face — that can be used to create deepfakes? Or medical information that could be used by your insurer or, in a state where abortion is banned, the law? Or your web-browsing history so you can be fed discounts on things you’ve recently searched for? (When I testified in front of the Committee of Energy and Commerce’s subcommittee on Innovation, Data, and Commerce in the House of Representatives to discuss the American Data Privacy and Protection Act on behalf of the Emerson Collective in October, I said that, “Amazon knows every product a customer has ever viewed, how long they dwelled on a specific page on their Kindle, as well as all their searches across all of Amazon’s retail partners. And that’s just Amazon.”)
Are you really okay giving it away just to get a free app that helps you find a deal on running shoes?
In my Congressional testimony, I said that people should be given the choice to revoke consent and delete their data from the app, and that it should be mandatory that apps give you a way to opt out of data collection and pay a fee instead. Until then, we don’t always have the option of opting out. So as a thought-starter, I wanted to share the small amount that I do to minimize tracking and maximize privacy. Other than read privacy policies — which I actually do, even though only 9% Americans seem to agree with me that it’s worth the time — here are three things I do:
Firefox Yes, this dates me as someone who’s been in tech since the 90s, but so be it. As we’ll cover in Season Two of the podcast, web browsers are “loyal clients,” meaning you can control what you see, what cookies do, etc. However, Chrome, the most popular web browser, is a surveillance mechanism for Google. It doesn’t seem quite loyal to me, so I’d rather use a browser that is completely under my control. I prefer to use Firefox, but you could also use Brave, the open-source, privacy-focused browser created by the former CEO of Mozilla. It blocks most ads and is free, though you can donate to the Mozilla Foundation. (NB: I’m on the Mozilla Foundation board.)
Signal Who could survive today without instant messaging? However, you should wonder where your messages traverse. Do you want others to have visibility into what you send? I mean, it’s basically like someone opening your mail before it gets delivered. I say no. I use Signal, which is end-to-end encrypted. That means that even if they wanted to, Signal couldn’t see what I send. The envelope stays sealed. It’s free, too, though you can donate to the Signal Foundation.
Hide My Email I literally used to not give out my email address when I signed up for things. Or rather, I used to append things to my email address, like raffi.krikorian+netflix@gmail.com. That way, I could see when people were selling my email address or mailing lists. If I started getting emails from _not_ Netflix, I would know. and I could block it. Apple’s Hide My Email makes this automated and better. They hide my email from the service, so it can’t aggregate information on me. It also means I can now block this individual address. You can also use SimpleLogin, an anonymous email service.
Is there a tradeoff between convenience and security with these steps? Yeah. I’m erring a bit on the security side here, but for me, it’s worth it. I hope that you’ll think about it, too.
Why not send me your thoughts — and tips on what you do to stay secure — from your Hide My Email address at us@technicallyoptimistic.com?
Worth the Read
I like to say that my mother-in-law understands why we don’t increase the speed limits on highways. (I’m not picking on her! Just a proxy.) But she doesn’t understand the implications of having a video doorbell. There are a lot of things to understand! What can the company see (if anything), what can the police request if they subpoena, etc. But here’s a new one: What can other people see when there is a bug?
In 2023, the amount of data breaches of U.S. organizations hit an all-time high, and the number is increasing. Honestly, it's because computers are hard: Cloud configuration and servers, keeping software up to date to protect against attacks, and human error are all part of it. The answer isn’t necessarily to store everything locally. But maybe it's to minimize the amount of data we actually store and entrust. (See the last newsletter for more on this.)
Did you write something pithy in a subreddit recently? Good news: Your words may be replicated by an AI chatbot soon.