A few short weeks ago, we were conducting a security training for a group of journalists in Palestine. The journalists were deeply aware of the potential threats facing them—and by not one, but three governments—but didn’t have the first idea of how to mitigate against those threats. “It’s too confusing!” claimed one, while another said it was futile.
Unfortunately, these reactions are all too typical. We’ve heard from a variety of populations all over the world. Despite all of the awareness-raising around surveillance that has taken place over the last year, many individuals feel disempowered, helpless to fight back. Efforts such as the February 11 initiative the Day We Fight Back aim to empower individuals to lobby their representatives for better regulation of mass surveillance. But legislation and policy are only part of the solution. In order to successfully protect our privacy, we must take an approach that looks at the whole picture: our behavior, the potential risks we face in disclosing data, and the person or entity posing those risks, whether a government or company. And in order to successfully fight off the feeling of futility, we must understand the threats we face.
In a recent piece for Slate, Cyrus Nemati hems and haws over the complexities of creating a private online existence, ultimately choosing to give up on Internet privacy and embrace the convenience of sharing. While working at an organization that advocates for digital rights, Nemati found himself anxious about his personal privacy and took steps that made browsing “a chore”; later, after getting married and wanting access to social tools, he claims he “learned … to love a less private Internet.”
The truth is that most of us simply can’t protect ourselves from every threat 100 percent of the time, and trying to do so is a recipe for existential dread. But once we understand our threat model—what we want to keep private and whom we want to protect it from—we can start to make decisions about how we live our lives online. You’ll find yourself empowered, not depressed.
Threat modeling is an approach undertaken by the security community. It looks at the specific circumstances of the individual and the potential threats facing him or her and makes a diagnosis (and a prescription) on that basis. Threat modeling looks at what a person has to protect (her assets), who she has to protect those assets from (her threat), the likelihood that she will need to protect them, her willingness to do so, and the potential consequences of not taking precautions.
A teacher in suburban California doesn’t have the same set of online privacy concerns than a journalist in Palestine. And the kinds of steps the teacher might take to protect his personal photos from nosey students and their parents are quite different from the precautions the journalist might take to protect her anonymous sources from being identified by the government. Some us don’t want our Internet browsing habits tracked by companies like Google and Facebook. Some of us don’t want the NSA reading our emails. But without enumerating our threats and our assets, it’s easy to choose tools that are inappropriate or unnecessary to the task at hand. The schoolteacher probably doesn’t need to PGP-encrypt his email or run every privacy-enhancing app and plugin, like Nemati did in his privacy hipster phase. The journalist might find that taking the time to use PGP gives her peace of mind.
Nemati’s frustration may not have come from failing to list his threats and assets as much as may have come from misidentifying them. He writes that he “treat[ed] himself like a criminal, obsessed with keeping a very low online profile”—a perfect recipe for frustration, bearing little to no resemblance to how an actual criminal might behave. A successful criminal understands his threat—law enforcement—and recognizes the steps he needs to take to evade them, which may or may not include keeping a low profile online. Nemati might instead face the threat of his parent, spouse, or boss viewing his online activity and work to hide those activities from them. He might also be worried about criminals who want to steal his login credentials and gain access to his bank account. This requires an understanding of security settings, social media, and browser privacy settings, for sure, but not the elaborate privacy kabuki Nemati describes.
Don’t get us wrong: We’re sympathetic to Nemati and the many Internet users like him we meet every day. But we also know that the choice between a crippled Internet experience and an Internet in which privacy is a mere afterthought is a false one. Instead of heading down the rabbit hole of deep paranoia and subsequent nihilism, we recommend that you tackle the task of becoming safer online the way you would any other task: step by step. By starting slow and building on your repertoire of tools, you can protect yourself. For a list of 10 things you can do right now to protect yourself against surveillance, check out this blog post from the EFF, where we work.
Total privacy on the Internet may not be possible, but meaningful privacy is within your reach. And you don’t have to go crazy trying to achieve it