Last updated on 2020-10-04
This post is also available in: Español
We have discussed how human beings have a fascination for conspiracy theories. Stories of fear that we create to alleviate a bit the anxiety of not being able to know with certainty the intentions of those who control power. Some of these stories are based at least in part on true events to which creative people add touches of fantasy and drama. Others are completely invented myths, but in any case, the price for that illusion of having revealed the deepest secrets is very high because fantasy is confused with reality and we have no way of distinguishing the true conspiracies that keep us enslaved.
It is a bit the story of the lying shepherd: so many times does the shepherd announce a wolf that does not exist, that when the wolf really appears, nobody believes him.
Well, this is what is happening, while people are distracted trying to explain that the earth is not flat, that vaccines do not cause autism or trying to see if celebrities make Illuminati symbols or become reptiles, they move forward like lambs to the slaughterhouse of the real manipulations.
The promise I made to you was to continue unveiling the true Matrix and today we are going to talk about the most powerful manipulation tool they have: the Internet.
Making sense of the risks
I grew up in a poor neighborhood in Bogotá, Colombia in the 80’s. Back then and in such environment, safety was a main concern for citizens in general but parents in particular. The risks were out in the streets, near schools and road crossings, so it just took a bit of common sense to establish safety rules: don’t talk to strangers, be mindful of traffic lights, walk fast and look back frequently and put a reinforced steel lock in your door.
The risks in connected life are not so easy to understand, assess our counterattack. I have heard repeatedly things like “I don’t have anything to hide, so I don’t care for online privacy”, or “I don’t buy anything online, so I am safe”. Both assertions reflect the main issue that cybersecurity entails across the board: We don’t understand the risks and we buy the faux sense of safety that standard measures like Antivirus and long passwords provide.
Another fact of the Internet is that it has democratized crime. Back in the 80’s I had to survive risks that no child growing in a suburb of Toronto could even fathom. Today, however, both rich and poor have the same risks when going about their business on the Internet. In fact, people from wealthy countries have higher risk of suffering online scamming, theft or manipulation since criminals focus their efforts where they can produce most profit.
Invisible dangers
Thanks to the awareness programs carried out by educational institutions, enterprises and other organizations, there is a relatively high awareness of the most prevalent types of cybercrime. One example of this is phishing, which encompasses the tactics used to lure victims into providing their private data by attracting them to a fake copy of a financial institution’s login page. Another well-known modern danger is ransomware, which enables a criminal to lock down all the data stored in the victim’s computer until a ransom is paid.
Other risks, however, are hard to pinpoint and even harder to get protected from. Non-financial risks tend to be overlooked and/or dismissed both by users and organizations. Naked photos leaking is one infamous entry in this category of cybercrime. The measures that must be taken to avoid it have been widely discussed in the media, being the most effective of them to avoid storing and sharing any private photos and videos.
However, when it comes to online privacy, there is a lot more in jeopardy than just intimate photos.
The danger of being a target
In 2019, Carole Cadwalladr was a finalist for the 2019 Pullitzer Prize for “reporting on how Facebook and other tech firms allowed the spread of misinformation and failed to protect consumer privacy, leading to Cambridge Analytica’s theft of 50 million people’s private information, data that was used to boost Donald Trump’s campaign” (Source: Pullitzer.org). Thanks to her research, the world came to the realization that we live in a world where we might no longer be the sole owner of our decisions.
To be fair, mediatic manipulation of masses has been always present in the form of political propaganda, indoctrination and maybe even the use of subliminal imagery hidden in graphic adverts. However, never before were there such powerful and cheap tools to directly influence the public at the individual level.
In the past, marketing professionals had to segment the public by geography, demographic, gender, age and maybe a couple of additional variables and direct multimillionaire media campaigns to those segments. Today, thanks to social networks and the very long trail of breadcrumbs that we leave behind when we browse the Internet, companies can be so specific that they can target individuals with a high potential of becoming a client, user or voter.
The research by Carole Cadwalladr for The Guardian showed how the British political consulting firm Cambridge Analytica used advanced data analysis techniques to process, model and profile data from more than 50 million Facebook accounts. They were able to identify the Facebook users more likely to be convinced to vote for Donald Trump in the 2016 USA Elections and to vote “Leave” in the 2017 Brexit referendum. Those users were strategically targeted with posts, not ads, which highlighted -usually via fake news- the dangers of electing Hillary Clinton or staying in the EU.
People whose Facebook posts showed discomfort or concern for immigration would be hit by scary stories of criminal immigrants or fake news about funds being withdrawn from retirees to be given to immigrants. Unaware of the possibility of being individually targeted due to their old Facebook posts, most victims of this ruse would have believed the stories were real and push aside their concerns about Trump or Brexit and decided their vote accordingly. (Source: The Guardian)
Cambridge Analytica was ultimately forced to close operations on May 2018 but the technology they used cannot be shut down. Furthermore, their technology itself cannot be made illegal, just like knifes cannot be made illegal even though they are sometimes used as weapons. This means that we all must be aware of what criminals can do and take action to protect ourselves.
A horror story
I am going to describe a hypothetic -yet plausible- scenario for your consideration: XYZ Pharmaceuticals has gotten approval for their new antianxiety medicine in the country ABC. They know anxiety is a growing problem in that country, especially among middle age professionals, particularly those with kids and economic distress. The company hires CA2 Advanced Consultants and they promise to increase the awareness of mental health so that the target population in ABC are more likely to visit the psychiatrist and get medicated.
XYZ’s intentions are not evil, however, having signed a profit-sharing contract, CA2 decides to go beyond an awareness campaign. They create a campaign that targets individuals with high chances of developing anxiety and bombards them with real and fake news of imminent dangers for their health, child’s safety, economic failure, etc. People who innocently shared their concerns for the world’s future, the ongoing pandemic or possible sexual offenders near their home, who incidentally were above 40 and recently had searched for anxiety related keywords on Google, would become the perfect target for the “campaign”.
How to protect your privacy
Since you have made it this far, I will assume that by now you understand the huge deal that it is to protect your privacy. While there is not a single product or action that you can use to be 100% protected, I will share some specific strategies that will help you to lay low before the “target hunters” and stay reasonably safe while going about your online life:
1. Stop posting and liking on Facebook: I will put it bluntly: Facebook is a data hog. It lives and thrives by collecting and selling your data with little regard of your best interest. Every time you post anything, you are giving away a piece of your mind. No matter how trivial your post is, it shows what kind of humor you like, what politician you dislike, what brands you are fond of, etc. Every time you like anything, you are teaching Facebook (and Facebook’s clients) what kind of things you like and which you don’t (yes, Facebook can infer this from your scrolling).
The only way of being safe here is not posting anything. You can still use Facebook to entertain yourself reading posts, although Facebook learns your interest by measuring the time you spend reading certain posts. You can also use relatively safely Facebook Messenger, although you must be aware that conversations there will also be scanned to find meaningful keys to your mind and your pocket.
2. Stop using Google for personal searches: In general, I do trust Google better than Facebook. Over the years that Google has been in business it has not been involved in as many scandals as Facebook. However, I believe that their search service is the most dangerous to trust on for a couple of reasons: (1) whatever you enter there is directly used to sell ads and (2) you are much more likely to be honest to Google than Facebook because you think your searches are private.
For this reason, I never use Google for searching any of the following:
- Intimate questions (Sex, feelings, fears)
- Medical queries
- Political interests
- Purchasing decisions
- Personal decisions (marriage, adoption, quitting your job, etc).
I am aware that this list leaves out most of your searches, and for that reason Google is never my first go-to site. Instead I use DuckDuckGo for everyday searches and leave Google for the highly specialized search where the results are so hard to find that you have to Google it. DuckDuckGo has a strict privacy protection policy and does not profit from your data. However, what is probably most important is that since the rest of your life is probably in Google (through Google Maps, Google Photos, Android and Gmail) then it is safe to leave the puzzle without some key pieces.
3. Use a privacy browser: Another habit change, mind you easier than the previous two, is to stop using Google Chrome and move to Brave Browser. This relatively unknown browser is based on Chrome, which means that the extensions that you might use on Chrome work there. The great difference is that Brave does not track your online browsing, does not sell your data and blocks ads right off the box.
4. Don’t fall in the “ecosystem” trap: One of the most successful corporate strategies that the “big tech” has come up with is to put you in an ecosystem where you feel cozy and spoiled. Apple, Amazon, Facebook, Google and Microsoft have created virtual cities where you can do everything you need to do online, but you can also do it faster or easier if you don’t leave. Apple is probably the most successful applying this concept bot on the flip side, Apple and Microsoft are the two companies from the list that do not sell your data. For all the others you are not their client but the product. For this reason, my approach to these ecosystems is to diversify as much as you can. If you are already trapped in Apple’s magic kingdom, your information is probably safe, although your future budget may not. Microsoft don’t really have a very comprehensive ecosystem but see all the other tech giants as a necessary evil; trust them to the bare minimal and if possible, use only one or two of their services. I personally left WhatsApp and Facebook but stayed in Instagram. My mobile experience belongs to Google but as I said, I don’t use their searches nor their browser.
5. Be careful with your smart devices: We live in a time where everything seems to profit from being “intelligent”, from electrical plugs and bulbs to vacuums, doorbells, TVs, stereos and pretty much everything that uses electrical power. I will not enter the discussion of what devices really benefit or not from being “smart”. What I want to focus on is how incredibly insecure many of those devices are. News have reported the issue of hackers gaining access to Amazon’s Ring doorbell cameras, stealing network credentials and using the recorded video footage (Source: EFF).
Smart cameras are particularly sensitive if you set them up to record the inside of your home, however, any smart device in your home is in risk of being attacked by hackers. Since those devices often store your home network’s password unencrypted, the real risk is that the attacker can get access to your internal network and through it to your personal data, other smart devices, etc.
The recommendation here is to stick to trustworthy brands, keep your devices’ software updated and if possible, do not connect them directly to your home router, instead, buy a cheap WiFi router, set it up with a different password and hook up your smart devices to it. This creates an extra security layer and isolates the smart devices in a separate network without access to the rest of your devices at home. In my home, I have an Asus router for this, with the added ability of sending all my smart devices traffic through a VPN. Which leads me to my next advice:
6. Use a VPN: Virtual Private Networks are services that encrypt the Internet traffic from your device to the Internet so that it cannot be sniffed or hijacked on its way and prevents attackers to identify the source of the traffic. Sounds great but VPN services are not without their risks. Since your traffic is routed by the VPN provider’s servers, any breach in those servers may compromise your data. Nevertheless, VPNs provide an extra layer of privacy if you do not want to be identified while you browse the Internet. One use case for it is if you want to research sensitive topics that you don’t want to be traced back to you (intimate, political or health related for example).
As I mentioned, I also use a VPN to route all the traffic coming from my smart devices. This way, a hacker sitting in my front lawn will not see traffic from cameras, smart plugs and thermostat but a single encrypted stream of data. There are many VPN services but my personal choice is NordVPN just because they had a special deal when I got it. Keep in mind that your VPN will only protect your privacy if you use it alongside additional measures like strong passwords, two factor authentication, anti-tracking browser (See #3) and avoid posting personal data.
As you can see, protecting your privacy online may be complex and cannot be achieved by purchasing one single product or service. Instead, it requires you to be educated on the risks and stratagems that cybercriminals use to steal your data. By understanding how the value chain of privacy exploiting works, gives you a perspective from which it is easier to assess your actions and judge their risk level.
The list I made is limited to my personal research and cyber-protection strategies at the time I wrote this article. However, the technology evolves every day and with it the threats that lurk beneath it, so it should be an exercise of cyber-safety to keep up with the news of privacy subjects, specially breaches and incidents. Just like we were told that a big pandemic would hit us sometime in the first half of the 21st century, consider yourself advised: We will se another Cambridge Analytica-like scandal sometime in the next 10 years. Be prepared.