It truly makes me so happy to see VPN usage soaring, with so many people finally becoming aware of just how vulnerable their internet traffic is. VPNs used to once be some obscure technology for enterprise applications, or something that only the truly paranoid or devious needed. Now seemingly all of my friends either know about or use VPNs. But unfortunately, VPNs are just one piece of the puzzle. And it’s a very large, and complicated puzzle. Just as privacy efforts have made hudge strides, so to has the technology used to spy on us. While a VPN may encrypt and protect your Internet traffic, there are a multitude of other ways companies can track and surveil you. Let’s take a look.
Passwords and Data Breaches
When I first started using the ‘WWW’ as it was frequently called, it was common practice for people to use simplistic passwords that they could remember, and typically they used the same password for everything. There was a certain level of naivety because the internet seemed so innocent and benign. And of course, people always justified their lack of security based on the old concept of having “nothing to hide”. Sure, before I paid my bills online, applied for loans online, and did online banking, I too had “nothing to hide.” Our apathy was not due to outright lack of concern, but sheer ignorance. The concept of a data breach was completely novel. I would learn the hard way.
My first data breach was in 2011 when the Android Forums website was hacked and 745k user accounts were subsequently leaked publicly. The compromised data included email addresses, user birth dates and passwords stored as a salted MD5 hash. Less than a year later In March 2012, the music website Last.fm was hacked and 43 million user accounts were exposed. Several months later Dropbox suffered a data breach which exposed the stored credentials of tens of millions of their customers. By the time HaveIBeenPwned.com was launched in 2014, there had been 30 major data breaches resulting in 163,653,984 leaked accounts.
No more excuses
In the early 2000s, using the same password for every account was partially excusable. Not anymore. Every major browser available today has built in password generators and managers, and there are a plethora of apps that will sync your passwords across desktop, browser, and mobile device. 1Password entered the game early on in 2006 as a Mac-only solution but today there are a multiple highly trusted options such as 1Password, Bitwarden, and Dashlane. Many of these password managers will alert you when your email and/or password is discovered in a data breach. I recommended changing out your passwords several times a year.
If your browser could talk
Have you heard the expression, if these walls could talk? Well let’s apply that to your browser – if your browser could talk, what would it say about you? The good news is that there are many browsers that couldn’t talk even if they wanted to. Never forget that Google is not an email company or a search company, but an advertising company. Everything you do in their browser is logged and used for personalization purposes. Personally, I am not comfortable with a company who aims to police the Internet and openly admits to manipulating search results logging my browser history. And yes, this applies to Incognito Mode as well.
Remember the old TV character Sgt Schultz who’s famous line was “I know nothing”? That’s what we should be looking for in a browser. An amnesiac browser that doesn’t log or store anything, and isn’t interested in logging or knowing what we do. Recommended browsers are Brave, Mozilla Firefox, Ungoogled Chromium, and LibreFox.
Your location
Even the most bulletproof plan to protect your identity can be sabotaged by the phone in your pocket. The GPS and accelerometers in your phone are highly sophisticated pieces of equipment that can provide pinpoint accuracy. Further, most cars nowadays feature “infotainment” systems that feature cellular, GPS, and even wifi functionality. If you find yourself in the middle of an investigation, expect this data to be subpoenaed by law enforcement.
By analyzing the data collected by cell phone and vehicle telemetry, it is possible to track an individual’s movements, routines, and habits. This data can be used by both government and private organizations for various purposes, such as monitoring and tracking individuals, improving location-based services, and targeting advertisements. Despite the potential benefits, the use of cell phone telemetry for tracking individuals raises serious concerns about privacy and the potential for abuse.