Can some of your security measures actually make you more vulnerable?
Hasan Elahi is a Professor and Director and the George Mason University School of Art and a fascinating artist in his own right. I'll forgive you for not knowing who he is; I only learned about him and his art (which "examines issues of surveillance, citizenship, migration, transport, and the challenges of borders and frontiers") when I saw his 2011 TED Talk. As is often true with artists, Elahi challenges the status quo and offers an unusual take on privacy: "you protect your privacy by giving it up."
Elahi's journey began on June 19th, 2002, when he was traveling via air from the Netherlands and pulled into a secondary screening interview with the FBI at his connection in Detroit. They asked a spiraling series of questions starting with:
"Where were you on September 12th, 2001?"
"Where were you on September 10th, 2001?"
... and so on. You can see where this was going. Unlike many of us, Elahi was able to pull out his laptop, open up his calendar, and discuss in thorough detail where he was and what he was doing. One and a half hours later, he was free to go about his business... sort of.
Months of follow-up investigations and queries as to why Elahi was any watch list finally led to a tacit exoneration. At the seeming end of his ordeal, the FBI agent handed him some contact information and said, "if you have any issues, call us." To that end, Elahi called before every flight. Calls soon turned to e-mails. E-mails eventually turned into an art project.
That art project has been on display for well over ten years now. His web site, Tracking Transience, is an absolute mess of photos and text data. It includes pictures from his apartment, his travels, his food, where he uses the bathroom, as well as receipts from his bank account, and even just location coordinates. The interface is somewhat-purposefully awful; the central idea is that one can share every detail, but just like real life, it's hard to sift through.
Privacy Through Noise
What I learned from Elahi was that even an ordinary life can generate considerable noise. If you want to hide, limiting your noise may be the opposite of what you want; you may want to create so much noise that it requires considerable analytical brainpower to sort through. Our minds are incredibly capable of sorting through our individual noise and the noise of those close to us, but an intelligence analyst or investigator? Substantially harder.
Elahi talks about how, despite his art project, he is still an incredibly private person. You may see years of successive photos of his apartment and notice small changes, like when he changes a rug or purchases a new piece of furniture, but it still requires a mindful analyst to document it. He isn't helping them by posting any amplifying data. To put it another way, he's not providing any discriminators.
A discriminator is something an analyst can use to determine what data is significant and what is noise. Because Elahi's data is almost exclusively noise, it lacks discriminators. A simple example of this is your passwords. Say you're like many users and have three passwords that you wantonly reuse. You may have the throwaway password; it's short and handy for when you want to access that bulletin board for car repair or other things you're not worried about. You probably have a slightly more secure password you use to log into something that has your personal information, like your Amazon account. Finally, you have a tougher password for highly-protected information, like your bank account or your e-mail.
Say an analyst gets ahold of all three passwords. You have implicitly created a discriminator. They can see which accounts are important and require significant attention, which ones are less so, and which ones are garbage. Obviously, there are important (and necessary) ways to defeat this, but it's still worth considering. This is just an example. You're already doing this when you tighten one social media account but not another. For instance, I use Facebook as my "backyard" - a relatively private area with family and friends. My LinkedIn is similar, but focused on professional colleagues. My Twitter and Instagram as my "front yard" or public areas. Through this approach (which occasionally blurs, depending on how my connections choose to use those platforms), I have knowingly created discriminators.
My intent with this discussion is not to encourage you to try and destroy your internet presence. Likewise, I don't entirely agree with Elahi's thesis that the best privacy includes leaving everything public. I think the value in his approach is the understanding that whatever strategy you choose creates discriminators. Depending on your threat model, that could present new challenges.
Hasan Elahi paints a fascinating approach to privacy through nigh-invasive self-published surveillance. What he fails to offer are discriminators, that make an analyst's job easier. He prescribes one extreme: leave everything open and experience the kind of anonymity that normally only comes with metropolitan life. The other extreme is the scorched earth response: destroy everything and move into a cave. The truth is somewhere in the middle.
When you check your name on a search engine, the goal is not finding what data you need to suppress or eliminate; the goal is finding what data exists about you should you find yourself in a situation where you need to talk to it. Likewise, I think the value of Elahi's thesis is not in trying to eliminate discriminators completely, but to acknowledge where you might have created them and be prepared to talk about them. His experience also underscores the notion that you will not necessarily achieve privacy by burying your identity in the sand; embracing and controlling your public persona has value. I encourage you to watch his TED Talk (below) and let me know what lessons you learn from it!