We are the first generation in human history who can be monitored at such a precise level - *Kevin Mitnick
Identifying your threat model is just a fancy way of asking “What aspects of your privacy and personal information are most important to protect?".
I believe most of us want and expect a certain level of privacy, but it's clear now that many technology products are just a front for mass data collection activities. Tech companies have made a business model out of claiming ownership of things that we assumed to be private and personal.
I have around 200 accounts in my password manage. Each of those companies also has the information of thousands to millions of other users in their system. I have no idea how many "partners" they each share my information with, or what their capabilities are to keep that information secure. It's a given that at some point many of them will be breached and lose my information, or they already have. There are no laws in the U.S. which regulate this, sets any standards, limits how much they can track, store, who they can sell it to, or that gives us any rights over our data whatsoever.
Who is your adversary?
There is a difference between protecting your privacy from hackers, protecting your privacy from advertisers, protecting your privacy from law enforcement, and protecting your privacy and data from the government. Eva Galperin | Internet Expert Debunks Cybersecurity Myths | Wired
Are you looking to clean up your digital footprint?
Are you a parent looking to teach your child how to protect themselves?
● Are you a business owner who needs separation from personal data?
Are you tired of being tracked, and recorded?
You may not care that Google knows what kind of music you like and makes recommendations based on it, but that doesn't mean that you want them also reading your emails, or using your photos to train their AI (Artificial Intelligence) models
Whatever your reasons, someone elses will be different. Some people close their window blinds at night, others don’t. How people approach privacy is no different. It is not one size fits all. What you protect, how, and why is up to you and your needs.
Let's talk about some common ways that our privacy is exploited, and our data tracked, stored, shared, and sold.
Social Media
Social media sites are the kings of invasive data collection and mass surveillance, and they do so with absolutely no legislative oversight. Where it seemed at first they were only monitoring our likes and dislikes targeting us with relevant ads, they have now grown to be full-fledged mass surveillance organizations collecting data about everything you do online, and on your devices whether you’re using their services or not.
Social media phone apps can track your location, track your location, other apps on your phone, who your contacts are, where you shop, what you purchased when you were there. They know who you're likely to vote for, how much money you make, who you're related to, your sexual orientation, about your relationships, where you live, and so much more.
It all happens in the background, even if you’re not using the app and aren't on their platform.
Our devices
Every device you use was made by a company that is tracking how you use it. . Your phones and computers have multiple radios that are constantly sending out signals announcing their exact position on the planet. Main stream operating systems use your device to feed their own data sets and research.
Every app that you install has its own set of data points that it’s tracking including what other apps you are using. Every service you sign up for to use those devices as they are intended including your ISP, mobile service provider, cable company, streaming entertainment services, and so on is tracking how you use that service, when you use it, where you use it, and what other services you use it with. It’s a hot mess.
Websites
The ads that appear on websites, apps, and on social media are tracking you through a variety of tactics including browser fingerprinting, device fingerprinting, cookies, location, and many other ways. Ad networks accumulate a stunning amount of personally identifying information about you and your habits in order to make split second decisions about which ad to show you everywhere you go online and off.
Data Brokers
Your data is a multi-billion dollar industry. Every day your devices, service providers, retailers, search engines, social networks, loyalty cards, and financial institutions are tracking every move you make and sharing (or selling) it with data brokers. Data brokers collect data themselves, buy or combine it with data from other companies.
On average a data broker has 1500+ different data points about each one of us. They are the middle men who crunch, analyze, mix, and then resell it to corporations, governments, law enforcement, or make it available for consumption through public, and private databases.
To make matters worse, some data brokers are also federal contractors who provide data for government mass surveillance and investigation programs.
Government
In most cases, you need your government to know who you are for things like citizenship verification, driver’s license, voting rights, property records, tax information, and so on. However, some governments have spent billions building mass surveillance systems to gather and store exact details and metadata from every device and user on the planet, and many belong to cooperation pacts that share that information internationally.
Trying to hide your digital fingerprint long term from a government is difficult. If this is your concern the best advice is to not use any internet-connected device or phone at all or fight for privacy legislation to change things and protect your rights.
This is an issue that we need to solve with legislation.
Trusted Organizations
Even the organizations that you can trust with your most sensitive information sells you out quicker than a toupee flying off in a hurricane
The DMV tells companies that you just purchased a new car. Your home purchase and property information are public record. Genetic ancestry sites sell your DNA profile to pharmaceutical companies.
Employers are reading your social media profiles. Credit card companies share your purchase information with social media companies, advertisers, and data brokers.
In short pretty much everyone has their hand so far up your data cookie jar, that if they pulled it out they’d probably be crowned King of England.
Criminals
At least one or more of the companies that have your personal information will mishandle, or lose it to people that you do no want to have it. The more accounts, and profiles you have the greater your risk that one of them is going to get "hacked" and cough your info up like a running back fumbling on the goal line.
When your information falls into the hands of criminals they may use it to do all kinds of things to you including but not limited to: sell your info to other criminals, spam you, phish you, open lines of credit, exhaust your credit cards, take over your bank accounts, steal your tax returns or government benefits, steal from your company, create fake ID/Passports, scam your family and contacts, stalk/harass you or your family, black mail you, and worse.
It’s not personal, you’re just collateral damage to achieve the goal. That means everywhere there is a treasure trove of user information is a "honey pot" for "hackers".
Your contacts
Yep even grandma can be a threat to your privacy and personal information. Odds are most of the people you know have smartphones, and that you're a contact in that phone which can include but is not limited to your name, address, home and work phone number(s), email addresses, birthdate, their relationship to you, company you work for, and any other information that they may have added.
Also, many of the apps that they install on their phones including casino/gaming, messaging, social media or just random weather apps ask for access to their contacts and most people just give up that permission without thinking twice. If you're in their contacts list, now that company (whoever it is) has your contact information.
Our privacy is our responsibility
Once you have an idea of what your privacy concerns are, and who you want to protect it from (your threat model) you will begin to
Develop habits to protect it at all times
Use solutions that address those concerns specifically
Be more discerning about with whom you share your information
Ask questions about the use and security of your information
Weigh the benefits of "free" vs. how much data you need to give up
Tech companies and device makers aren’t going to volunteer to stop tracking us. For many it is their only business model. The privacy options in the settings pretty much amount to placebos that just make it harder to sign in to your account, or be presented with even more targeted ads. So far I have not seen anyone offer a setting that allow you to completely opt-out altogether. Not even for a fee.
The good news
Many of these digital surveillance companies feed off of each other and share information. If you affect the sources of the info you affect everything that feeds off of it. While many of the tracking methods employed are dirty, embedded by default as a business model, and require more effort to thwart…most are dependent on your apathy, lack of knowledge, and blind trust.
It’s never too late to start
The community of privacy rights organizations such as EFF, Privacy Rights Clearinghouse, device makers, privacy-focused operating systems, browsers, open-source software, tools, alternatives, and privacy resources is huge and growing. We have options. MANY options today.
You are not alone, and you're already starting to do something about it, so pat yourself on the back. You already know more today than you did 2 weeks ago.