Minimizing Your Digital Footprint

Privacy vs Security
While there are very close ties between the two principles, they are inherently different and need to be paid close attention to when being active in online defense. Privacy refers to your right and ability to control your information and how your information can be used. Privacy can present you with opportunities for you to provide information to an authorized source, but security is what protects your data from unauthorized access and use.

To map out the differences, I have frequently compared two apps, Telegram and Signal. Telegram offers privacy in the form of hiding your legal name and phone number from other users, but does not encrypt your messages and stores your personal information — even your IP address. Signal relies on your phone number, but encrypts your messages and phone calls automatically. Signal has far more privacy options than Telegram, and only your phone number is ever stored on their servers.

When looking at it in this manner, Telegram would be considered private but not necessarily secure, and Signal would be considered public with your phone number and carrier but secure enough that a subpoena would only result in Signal sending the grand jury timestamps.

Where Privacy, Security, and Anonymity Meet
Another common misconception is that privacy and anonymity are the same, and in cybersecurity terms, there are a vast array of differences. You may have a secure encrypted channel and feel safe. It should just be between you and your recipient, right? There’s one thing that may be overlooked too, and that’s metadata. Professionals can see who you were talking to, when, for how long, how many messages there are between you, and what type of communication you had at any given point (text, call, voice message, etc). This information is not encrypted and is easily discoverable by hackers.

While IMEI and IMSI already pose the threat of revealing most of this information, there is one thing a user or application is capable of, and that’s scrubbing the EXIF metadata from photos and videos before storing them or sending them to others. The best defense would be to use your encryption, ditch the metadata, and use a SIM card or phone number that does not have your name on it (your classic burner) for privacy, security, and anonymity to be one.

10 Things to Keep in Mind
For your everyday mobile cybersecurity needs, consider the following to minimize the amount of data others can obtain about you and your whereabouts:

  1. Use Signal
  2. Use Tor browser or Brave with Tor
  3. A VPN is not anonymous! VPNs only shift your traffic from your ISP to a third-party VPN server. A provider can be subpoenaed for the traffic that they store, or a provider itself can be hacked (which leaves you and everyone else dead in the water). If you wish to use a VPN, use ExpressVPN or Proton VPN
  4. Beware of PRISM providers and try some alternatives instead: SpiderOak (CrossClave, One Backup), Protonmail, and LavaBit. (Google Pixel users can especially benefit from GrapheneOS)
  5. Privacy is about autonomy — you share what you want to share and keep private what you don’t. A minimal footprint starts with what you decide not to disclose
  6. Cover your device cameras up with electrical tape or a proper cover
  7. Every time you install an app, check those permissions and lock them down. iOS 15 has a feature that enables you to see when an app accesses your camera, microphone, or location. There is an Android equivalent in the form of an app: Burner Guard
  8. Use an ad-blocker like AdBlock Plus
  9. Break up with Alexa, Cortana, and Siri. Unplug or remove all smart devices — they are most invasive to your privacy and will snitch without hesitation
  10. Use a burner phone properly! Pay for it in cash, avoid major retailers like Walmart, avoid a contract at all costs, make sure the phone is unlocked so you can slot any SIM card from any carrier, leave the phone off until it’s needed in a location, and do not connect it to the internet (this will enable MAC address tracing). Use the phone only for texts and calls, and then power it off before you leave for another location. Do not give away your home, work, or accomplice’s locations

Want to see more cybersecurity content included on this page? E-mail ai_alchemist@tuta.io to have this article expanded.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store