Skip the navigation

The paranoid's survival guide, part 1: How to protect your personal data

March 3, 2014 06:30 AM ET

Ready to minimize your data footprint? Here's where to start.

The basics: Six standard operating procedures for online behavior

Draw the line: Decide what's personal

The traditional definition of personally identifying information (PII) -- health records, credit card numbers, social security number, etc. -- is so 20th century. The big data age of the Internet is upon us, and even data not previously considered to be PII can feel very personal when viewed in a broader context. "Bits of data, when combined, tell a lot about you," says Alex Fowler, chief privacy officer at Mozilla. Those aggregated bits, which constitute the new PII, may include such information as your email address, browsing history and search history.

"The definition of PII -- information that a person has a legitimate interest in understanding and protecting -- is going to be broadened as we move further into the information society," says Fowler. "It's a different footprint than what your parents ever thought about."

"Think about what you consider personal information," Fowler adds. "You need a working definition."

Don't share your personal information -- even when asked

Are you responding to surveys by phone or online? Filling out warranty cards? (You need only your receipt to make a warranty claim.) Providing optional preference and demographic information when signing up for an online service? "Most of us give out information trivially," says Abine's Shavell, not understanding that all of that information ends up in profiles that may be used by the collector and later shared with data aggregators and others.

Story continues on next page.

When you absolutely must remain anonymous

Tor is an essential tool to use when the sender needs to disseminate information and anonymity is essential. "It is the perfect tool for political dissidents who don't want their names attached to information," says Robert Hansen, a security researcher and director of product management at the vendor WhiteHat Security. (Tor also appeals to organized crime and other people who don't want the law to catch up with their activities.)

But, there's a cost to using it. "It's a hassle," and it can degrade a person's Web experience, says Casey Oppenheim, CEO at anti-tracking software vendor Disconnect.

Tor consists of an open source browser you can download and a network that acts on your behalf to conceal your identity by preventing others from tracing network traffic back to you.

"Tor tunnels your traffic through a volunteer network of 5,000 relays spread around the world. Tor protects your content in transit by wrapping layers of encryption around your data without modifying or touching your data in transit," explains Andrew Lewman, executive director of the Tor Project.

Your data keeps hopping from one node to another until a limit is reached. At that point it exits the Tor network and continues on to its destination. (The last node to handle the data is called the exit node). "Tor is essentially a very large, distributed VPN that's free," and it works well when used properly, Hansen says.

But it can also be dangerous if you don't understand how to use it properly, as the Tor Project's warnings make clear. "Tor can help you remain anonymous -- if the account you logged into on the other end isn't tied back to your real identity," Hansen says.

"That last machine, the exit node, knows who you are if you submit your information in plain text, and that can break your privacy." Users should understand that all of the nodes in the Tor network are operated by volunteers, Hansen says. If you're logged into a service such as an online loan application, the owner of the exit node may be privy to all of that information.

It's also not a good idea to use Tor to download an executable unless you can verify it hasn't been tampered with, Hansen says, because the owners of the exit node could, if they wanted to, modify the content and change it to a malicious binary. But, Lewman points out, "Tor exit nodes are no more risky than your ISP's caching proxy servers and other points along the path."

Hansen's recommendation: "Use Tor only over HTTPS, and only when you don't want your name associated with whatever is going to happen over HTTPS."

Even then, he says, it is important to remember that some entities out there, such as certain government agencies, may still be able to decrypt the message and identify you.

-- Robert L. Mitchell

Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!