July 20, 2012

Conversation with a Privacy Professional – Part II

by with 2 comments

With only a few months at SpiderOak under my belt, and new to the world of careful consideration around privacy and security, I’m learning things I’ve never considered. I’m always the first to adopt social media, I use Gmail without a second thought, and historically haven’t really cared who has my (what I thought was) basic info.

But I sat down with a “privacy professional” who breathes this stuff and has been concerned with personal privacy most of his life. And true to his nature, we kept his identity private. For the sake of this piece, let’s call him Walt. If you missed Part I yesterday, you can read it here.

“As a programmer, I’ve learned a few details of how those industries work, and now I give out the minimal information about myself. When I go to the store, I don’t fill out the membership or credit card forms, never give my social security number or date of birth to anyone, nor do I give my middle initial,” Walt said.

“Google keeps a full history of everything you’ve searched for. Imagine how well they can profile and target ads based on years of search history combined with what you’re interested in right now. I recommend not signing in when searching with Google, disallow or clear browser cookies, set Flash to for “click to play”, clear flash cookies, and use a commercial VPN service.” A VPN arranges for all Internet traffic to first pass through a secure remote location before traveling on the un-encrypted Internet. “This means that all my internet traffic when I am browsing doesn’t come straight from my location, and therefore can’t be traced back to my home or city. It also keeps my ISP from having a database of every website I’ve visited. It costs a small fee, but it’s worth it to me.”

“Companies have enough resources to profile me without my help. My friends can know where I live, or what I like, but I’m not going to tell world’s corporations.” Walt said. “I’m not as paranoid about the government as I am about what companies do with my personal data, or private individuals.”

If you’re familiar with SpiderOak, you’ve seen our “Zero-Knowledge” privacy policy. We don’t share your data with anyone, and unlike Google, not even our employees can see it. As we touched on in our most recent newsletter, when a law enforcement agency asks us for your data, we let them know your data is encrypted, and we can’t decrypt it, and they can’t either without your encryption keys. Thus far, that has always put a halt on the inquiry.

Companies like Facebook intentionally seek and use your personal information; spammers use phishing tactics to trick you into giving important personal information (like your bank account); and then some companies use or share your information it accidentally. Walt told me about a man Virginia whose laptop was stolen, and unfortunately had everyone in the state’s medical records on it. We’re seeing right now that as people have quickly adopted technology, companies or individuals with sensitive client information are having to do some back pedaling. Lawyers, accountants, big companies, and health care professionals are looking to safe alternatives (like SpiderOak) to store their information.

Thanks to Walt for sitting down with me, and showing me why I might want to be more thoughtful with my personal information. It has definitely given me a lot to think about.

If you’re interested in reading more on this subject, here are some interesting articles:

  1. Interesting article. Would going further indepth be overkill?

    I have a laptop that takes my picture when it starts up.

    I noticed that there is a product called "HealthVault" which allows you to store your medical informaton 'for free'. The company behind 'HealthVault' state that they are not, nor do they intend to be, HIPAA compliant. Their terms of service implies that you are waiving your legal right to keep your medical history private by using their product.

    If only there was a competitive product…

    Be seeing you