That is a fact: we are living in an inter-connected society. This is the era of the so-called "Big Data" where everything is logged, processed and analyzed. Online services has a history of your actions and life: what you did, where and why you did it. It is still unclear why these information are collected: in some case, it is to sell you personalized ads, in others, this is to monitor what you are doing and prevent so-called terrorism. But one thing is sure, cross-data analysis is very powerful and say more about you than most of your friends.


What is known about you

Privacy awareness is not new and has been discussed since a long time. However, the recent disclosures of Snowden (and the answer from the NSA officials) and research studies illustrated not only the extent of the data collection but also how analyzing and connecting different data sets is already enough to know a lot about you. For example, innocent likes (such as liking Curly Fries) on facebook are enough to know your sexual orientation, political beliefs and even potential IQ. And just your phone metadata is enough to learn about your friends and opinion. I let you imagine the potential power of connecting all these data together: a simple computer program might know about yourself than your closest friends.

Basically, today, if you are a user of social media platforms and use the computing services "in the cloud", there is a fair probability agency services know more or less everything about you - political opinion, places visited, friends, acquaintance, diseases, crush, job, etc.

Does it matter?

The argument I often heard from the average facebook/google+-addicted guy is: "I have nothing to hide" or even "I control the data I am sending". But you don't. And cannot. An simple example? Just going on facebook with your regular internet browser provides enough information on your browsing history (through the HTTP referer). Just having the facebook app on your phone is enough to track the places you go. As pointed out, your friend list, the likes on your profile are already enough to know a lot about yourself. Browsing on amazon to buy a book and then go on facebook/google+ or any other social media? The book you was looking at (specified by the previous URL) is already a good source of information.

This example is just a very basic usage of a meta-data and in our inter-connected world, there are obviously more relevant data to use to learn about you. You might think that it does not matter but you have no control about how the data is handled or managed because you do not own them (the condition of use of a service explicitly state that data is owned by the company) or are under other law enforcement rules (for example: the collection of your browsing history is in the logs of a company and under the law of the country where the server is located - and as for tax, companies will be more than willing to relocate to overcome potential restrictive laws). You might trust government efforts in in changing their privacy policy but the real change is still awaiting and being implemented. In the meantime, massive surveillance infrastructures are still here, which can be also understandable for security issues and at the end it does not really matte: your data will still be used and analyzed by other parties (either government officials, private companies or isolated individuals). And this is your job to protect yourself.


And if these data does not matter, why not releasing all these information by yourself? Why do not you publish your opinion in controversial topics, your sexual orientation, the pictures of your last time you puked? Why do not you write about the crush you had some months ago, the one your wife is (probably obviously) not aware of? Why do not you publish the pictures of the girl you kissed during your last work trip? After all, if collection and analysis of your personal data does not matter, there would be no reason for publishing them? But you do not. You do not want your wife to know that you thought about cheating on her. You do not want other people to see embarrassing pictures where you are miserable, drunk and probably saying stupid things you might regret. You do not want your colleagues or your boss to know your sexual orientation, your political opinion. But you do everything to let them know. For sure, these things happen to most of us. But we want to keep them private and have the ability to control what we tell people about us. We are the solely owner of these data, because they define us: my thoughts, opinions or dreams belong to me and nobody else. I want to keep them private and share them only with a few persons I trust (which I eventually call friends, not facebook friends acquaintances). facebook-cat2 By releasing this information to a third-party and let them use it at their own will is dangerous because you never know what could be done with it. Today, cross-data analysis is very powerful and you have no idea of what it could provide tomorrow. These data can be used by online recruitments agencies to get an adequate and precise profile of candidates for a job. And do not laugh too much because your data help your employer to predict when you are about to quit. If you are going for divorce, there is a fair chance that somebody is trying to use these data to attack and threaten you. Most of us think this data is used only for providing a better ad experience but this is easy to use them for another purpose. By having control of your own privacy, you then know what is done with your data and avoid any third-party to control and analyze it. And there is what you can control because you are aware of it but there are also many other threats that are not so known - just few weeks ago, people found out that your TV might capture your private conversations. Why not your phone, your car or your fridge? Crossing all these data together might be really interesting, isn't?

What can you do about it?

For sure, social media is a convenient way to interact with other people. Technologies bring a convenient way to communicate, plan and organize parties. This should help us to improve our lifestyle but not restrict our privacy. Unfortunately, we have been so confident that only few data was used and potential harmless of the analysis that it became a routine to use these services. We have trade our privacy with convenient services because we became lazy. And the actual data collection and surveillance activities are already so common that appropriate actions might seem very restrictives.

[caption id="attachment_1240" align="aligncenter" width="676"]Dropbox agreement: service is provided "as-is". Dropbox agreement: service is provided "as-is".[/caption]

There are few things you can do to protect your privacy. Note that these are necessary but probably not sufficient.

[caption id="attachment_1244" align="alignright" width="169"]Permissions (not completed) of the facebook Android app Permissions (not completed) of the facebook Android app[/caption]

  1. No cloud service. Stop using e-mail and storage services from the "cloud". Drop gmail, apple mail, dropbox or hotmail. Now. Stop thinking a cloud provider is safer or more reliable: what you are doing is just to put the problem (store data, make regular backup, setting up your e-mail system) on another one shoulders. There is no guarantee that your data is secure and safe: if a software bug corrupts the data in the cloud or the data center is hit by a natural disaster, this will be too bad for you! Learn by yourself how to handle and backup your data and stop relying on third-party service providers. Own your data. It might cost you a few bucks at first but you will exactly need how your data is managed and where it goes.
  2. Do not trust third-party cloud storage services: you do not know how they use your data now and what they will do with it. And you do not even know what will happen if the company runs out of business, this already happened several times before.
  3. Use open-source or (even better) free/libre software. Commercial products are covered by trade secrets and it has been demonstrated that commercial software vendors add potential backdoors at the request of governments. And even if the backdoor was introduced per a government body, everybody can exploit it, which increase your exposure to potential threats. But attacks are not limited to backdoors: even software you download online, most of them have malware embedded in the default installer, even when you get them from trusted website. And even applications on popular markets contain malware and trojan. Use open-source software alternatives: the source can be reviewed by technology experts and security issues are fixed as soon as they are discovered. This is necessary but probably not sufficient: even open-source tools have important defects (see the goto fail issue that affected all iOS products or the heartbleed bug that exposed plenty of personal data). But by nature, they are reviewed/analyzed and potential bugs are quickly fixed.
  4. Use https by default and drop http connections. When using http connection, the router between you and the server can collect the metadata you are sending, which is already more than enough to learn about yourself.
  5. Do not use social media app on your smartphone. Look at the permissions required by the app and imagine how powerful is the analysis one can do with it. Use social media website on your regular computer and start from a blank page (avoid to submit http referer).
  6. Encrypt your e-mail as much as possible using appropriate encryption services. E-mail readers such as Thunderbird provides all the necessary convenient features to encrypt your incoming/outgoing e-mail. For sure, you cannot do it for all your e-mails (for example, if you are an independent contractor, you will not ask your customers to encrypt their communication - they will rather use another contractor!) but the more you do, the better.
  7. Stop using social media applications on your phone: it provides access to the content of your phone. Look at the permissions requested by the facebook app and think about the impact of accessing this data. The application can read/write/modify your text messages, access to all your calendar (i.e. where you go, who you met) and contact (who you know). The facebook messenger can also records audio (and so, listen to what is happening around), know your location (which already says a lot about you). And other social media apps have a similar policy. By stopping using these apps and using them only inside a browser, you avoid to give permission of using your phone sensors and devices (GPS, microphone, internal and external data storage, etc.).

Finally, the main thing you can do is to leverage this numeric world and what it offers (convenience of connect with others with social media, events finder, etc.) to make us more open rather than focusing on cyber relation. How many times we see people in a party starring at their mobile phone? Instead of giving away our privacy and spending our time online, let's be open and re-connect to the real world. Let's take back our privacy and embrace real-life experiences and adventures.