You absolutely need privacy even if you are absolutely "clean"

Ever since Edward Snowden blew the whistle on how much our government and corporations spied on us, and just how much data they have on each person, privacy has become a critically important topic. Yet, surveys show that average Americans are concerned, but not enough to take action. In other words, a lack of privacy worries them, but it depends on the situation.

Unfortunately, the surveys show that a lot of people don’t understand why privacy is important. Some don’t even care about their own privacy. Even former Google CEO Eric Schmidt showed his lack of understanding when he made this surprisingly tone-deaf comment, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

This is popular thinking that, in my opinion, is dangerous and wrong. For someone of his stature to make such a careless comment is bewildering. It shows even someone like him didn’t think through the critical importance of privacy.

Privacy is not just about whether your activities are problematic morally or legally. If Mr. Schmidt really has nothing to hide, how about telling me his e-mail password? This question is a very good test for those who think that privacy is not important. Almost everyone will balk at such a request.

It is my hope that this article helps people understand the importance of privacy and not be so complacent at what governments, corporations and other entities hold over us. Here are the reasons why you still need privacy even though you believe you are absolutely “clean” with nothing to hide.

Privacy protects you from malice and malevolence

Many people believe that if you have done nothing wrong, then you don’t need to worry about privacy. This thinking assumes there are no malicious and evil people in the world (a very naive assumption, obviously). It also trusts that present and future institutions, corporations, businesses, governments and the people within will always be benevolent and incorruptible. Privacy is important because it protects you from people, institutions, businesses and governments who have less than honorable intentions.

Some may argue they trust the institutions, corporations and governments, but they should not. I have three counter-arguments against that.

Can entities can be trusted in the future, for example, when the current cohort of people running them is long gone (e.g. retired, replaced or supplanted)? Remember, electronic information lingers indefinitely in cyberspace and on servers. The bits and pieces of information that we regularly hemorrhage is for all intents and purposes, indelible. Obviously, that means entities will have access to the information in the future. Even if your current institutions are well-intentioned, they will always control your information. To illustrate this point further, consider this (hopefully) extreme case in the Netherlands, during World War II:

Because the Dutch civil records were so complete and full of data on its citizens, the Nazi’s had an easy time finding Jews (and other “undesirables”). There was no easy way to hide. The data on every Dutch national was collected with good intentions but didn’t stay that way. Of the 140,000 Jews that lived in the Netherlands prior to 1940, only 30,000 survived the war. The Nazi regime could easily determine who was Jewish (whether fully or partly of Jewish ancestry) simply by accessing the data.

Can they guarantee that no rogue elements will ever exist within these entities? For example, organized crime has already infiltrated parts of the Mexican government. Or in China, corrupt officials are reported to have worked in cahoots with untrustworthy elements of society. Recently, Google had to fire an employee for breaching the privacy of a teenager. The NSA has even fired employees for spying on citizens outside their legal purview. The civil servants spied on spouses, ex-lovers and journalists, among others.

These days, companies outsource their call-center operations to countries where wages are relatively much lower. Many of these call-center operators have access to personal (and even private) customer information. Who can guarantee that criminals will not eventually target these operators?

Even if you can trust that these entities will always behave ethically, can you trust them not to be careless with your personal and private information? Consider the ubiquitous (almost daily) stories of data breaches. In fact, 2021 was a record year for data breaches.

According to the Identity Theft Resource Center's 2021 Data Breach Report, there were 1,862 data breaches last year, surpassing both 2020's total of 1,108 and the previous record of 1,506 set in 2017. The numbers reflect a year of high-profile cyberattacks that targeted everything from the country's largest oil pipelines to companies entrusted with the personal information of millions of American consumers.

By now, we all know criminals and perhaps foreign governments are constantly on the lookout for ways to steal information from corporations and institutions. Therefore, the more personal and private information you deposit into the hands of third-party entities, the greater your risk.

You may have nothing to hide from good and honorable people and entities, but you certainly have much to hide from those who are evil, malicious and dishonorable.

Privacy protects you from suspicion and wrongful accusations

Without the protection of privacy, your chances of being suspected, misunderstood, judged incorrectly, taken out of context and treated unfairly increases substantially.

A person is far more complex than the bits and pieces of information that describes him/her. Even if the government has information about you, it can never really know you (like friends, family or spouses). The reason is that bits and pieces of information about you often lack context. Without privacy, at some point you will almost certainly be pigeon-holed, put in a box, misunderstood or misrepresented. To help you understand this, let’s consider some overly-simplified examples that, with a little imagination, can easily be taken out of context and used against you:

• Imagine that you have the web surfing data of Tom. In this data, you notice that he has been frequenting the underground membership web site of a child-pornography ring. Is Tom a pedophile? Well, the answer is no! He is actually an undercover cop trying to infiltrate the child-pornography ring.
• Dick’s library records indicate that he has been reading a lot of books about communism lately. Is he turning communist? No! He is reading them because he is researching communism for his school term paper.
• In 2020, Jenny replied with the words “all lives matter” in a response to a friend in a conversation on Facebook about the many aspects, opposing sides and rallying cries on each side of the George Floyd riots. Someone unknown to Jenny, but connected to her friend on social media, took that one piece of the discussion and forwarded it to Jenny’s employer (listed on her LinkedIn page) accusing her of White Supremacy. Jenny was fired.

In the hands of a very clever schemer, your private information can be easily misconstrued and twisted out of a context to spin you into whatever he wants you to be.

We are living in an era where lots information about you are turned into detailed sets of searchable electronic data. This mass data, no matter how detailed it is, promotes a false belief it illustrates you accurately. This is not true and, unfortunately, many of those in authority believe otherwise.

You can never be absolutely “clean” legally

Let’s say that you are absolutely upright morally and your conscience is crystal clear. Does that also mean that you are also absolutely clean legally?

Nowadays, laws and regulations are insanely complex. Legislation often runs thousands of pages. Some laws antiquated and may even contradict each other. On top of that, for each piece of legislation, there can be many ways for an average individual to interpret it.

Also, there is no way anybody can be absolutely faultless legally. In other words, while you are trying to live the most perfect, law-abiding life, someone somewhere can accurately accuse you of breaking a law at any given time.

For example, do you know that in the United States, at least, it is a felony to violate a website’s terms of service? How many of us have read all the terms of service of every website we use? Can you be absolutely sure that you have not violated any of them?

So, what keeps us from going to jail? Common sense, goodwill and most importantly, privacy.

Privacy is our last line of defense against getting wrongfully convicted. As Leo Laporte said in a Security Now! podcast (emphasis mine),

So, the point being that I think, if [the government] have enough data about what you do, they can find stuff. They could build – they could build a case against you. So, it’s really a question of do they want to build a case against you or not. And one of the reasons they say, they explicitly say, the reason we save this data is so we could build a case against you should we want to go get you someday. So, you just really have to trust them.

Maybe we each should strongly consider what we put online about ourselves.

- Peak Prosperity -

 

About the Author: This article was written by Terence Kam, founder and cybersecurity consultant at iSecurityGuru.com. You can follow his company on LinkedIn. Or subscribe to his writings on Medium, where he writes on a wider variety of topics.

This is a companion discussion topic for the original entry at https://peakprosperity.com/you-absolutely-need-privacy-even-if-you-are-absolutely-clean/

Privacy is a natural extension of property rights. As an owner, I have the right (not permission) to decide how the property is used. I decide who has access to it. Just as I can lock the door to my house, I have the right to lock out trespassers from my communications.
There are many dangers to not respecting the right to privacy, as the author enumerates. But more fundamentally an attack on privacy is an attack on property rights. It is an attack on the notion of truly owning something, where the owner may do as he pleases without requiring the consent of another, whether government, a majority of his fellow citizens, or some authority figure.
THAT is why someone who “has nothing to hide” should care about privacy. Give that up and your right to own anything by right is eroded.

The internet is by nature and design devoid of privacy and we should not treat it as anything other than what it is. Convenient.

The freezing of the accounts of people who donated to the truckers is a case in point, made retroactively illegal for being ‘wrong think’ and the illegal hacking of names conveniently not investigated and prosecuted by virtue posturing politicians. We need to learn from the Swiss.

I just logged into a financial web site which used auxiliary questions to verify identity (high school, first car, favorite color, etc) How many of those questions could be answered by mining the otherwise “private” information?

OK, I get it, Privacy is crucial. But, at this time, how do we “un-public” ourselves and return to our virginity? Wait for the whole thing to burn down? Be forced to make some kind of terminal stand against “the machine”? Gimme some guidance here, please. This may be my last post on PP… ;^) Aloha, Steve.

Great article, even though it is ~ 30 years too late…
Sorry, thatchmo, what is done is done, and there will be no re-virginizing. Our history of online contributions will inform our social credit scores if we do not succeed in stopping the implementation of digital identity systems. Oops, my bad, I should not have said that!!! Now I am in big trouble! ?

Buying Bitcoin Without Doxing Yourself
I have not digested this article, but figured others are thinking about privacy and Bitcoin purchasing
Published at the Trevor website.
https://blog.trezor.io/buy-bitcoin-without-kyc-33b883029ff1

That’d make for a good article: best online privacy practices.
Don’t think of it as either/or. Think of it as layers of an onion. More steps you take to compartmentalize info the better; part of this is preventing the aggregation.
What’s done is done. But you can improve things going forward.
Who would use your info? Governments (yours and others), big tech, various companies (eg grocery chains), political activists (doxxing), possibly employers, with various goals, some of which are innocuous.
A few tips:

• minimize tracking between sites
• VPN and encryption
• use separate emails and user names for different sites
• minimize sharing personal or identifying info
• avoid Google, FB, big tech sites and tools. If you used FB, don’t just close the account, delete it (not sure how much that helps but it can’t hurt)
• minimize use of smart phone apps
• if a service or product is free, you (or your info) are the product

You can’t scrub backwards, but you can scrub going forward. People change their preferences and attitudes over time, so “you” can too. Slowly move away from your evil leftwing/rightwing ways as you learn and grow as an individual. Meanwhile, a new person arrives in town.
Back when I ran a small business, I set up an email account for, let’s say, Sara Schmidt, VP. She was on the Web site with a nice picture and everything. Sara wasn’t a Vice President. She was a Virtual Persona, but people make assumptions when they see VP on the business card. Sara can do stuff online and in the real world that presumes a real business person, with a human name tied to a real corporate account instead of gmail or whatever. I could do this back then because I was a solo practitioner, with no other staff. It’s easier to do these days. Web sites can be purchased from the same place you get the domain name. You can find a friend or relative to receive any mail or packages and act confused about the “occasional misaddressed item” that sometimes arrives at their doorstep. Delivery folk don’t care what the name is on the envelope or package; they’re solely focused on the address. That address does NOT have to appear on the Web site. Very few sites that don’t rely on foot traffic publish their addresses these days, and for good reason.
For more sensitive sites, like this one, you can register with a ProtonMail or other secure email address tied to your handle. There are a number of services like this available. Handles are a common practice in social media, so no eyebrows are raised.
You should use Tor or a VPN to access this site and other “doom-related” sites. Most links to non-mainstream sites work just fine. When the site logs your IP address it’s not traceable back to you. If you’re already accessing a site using a real IP address, know that site logs get huge and are regularly truncated, because the admins are more interested in disk conservation than handling some Fed request for really old data they’re not required by law to keep. So your old IP will eventually roll off the logs. Be sure to update your profile regularly as well (any little change will work – I regularly change my avatar). Profile changes are generally in a separate log.
When using Tor, don’t connect up and go straight to logging in and messaging on a sensitive site. Cruise around to a number of other sites for a random length of time. then do a post, then cruise around some more, another post, and so on. One investigative tactic that exposed a hacker was recording the time he connected to Tor and correlating it to his logging in to his favorite dark web site. Very consistent. Stood up in court to get the search warrant.
So now you have three identities. Your current reality, which can learn and grow into a more upright citizen post Covid. Your VP, which can go shopping on Amazon and such using gift cards purchased for cash, and can also participate in physical meetings where you’re not sure you really want to join that organization yet. And your doom identity. Nuff said.
Meeting in the real world as a VP needs some tradecraft, like riding a bicycle or walking to the location instead of driving up in your car. You should also practice using your VP name in low-risk environments like restaurants and stores that don’t know you. You need to get used to responding appropriately when your VP name is called or used. I’ve picked up a couple of cold pizzas due to that. If someone at camp calls out your VP name you need to respond instinctively so folk don’t get suspicious. Practice is necessary. Like the undercover teachers say, you need to live your alternate identity and backstory for awhile so it’s comfortable and familiar. People pick up on inconsistencies, like claiming to be from a southern state and having no trace of a southern accent, or worse, having a bad southern accent. Your VP needs to be from the same place you’ve spent the majority of your time.
If you’re going to do the secure email / VP thing, first find out how much two PAID secure email accounts, the target domain, and a simple web site will cost. Use Tor to do all this research. Now get a gift card (not refillable (less traceable)) to cover all of this plus some extra. Travel to a store that you’ve never been to, preferably out of town, to buy the card for cash at some mom-and-pop shop that doesn’t care that you’re still wearing a Covid mask and sunglasses.
Register the domain and buy the web site using your VP name and gift card. Then set up your VP as the site admin and create the VP non-admin email. Now you have an identity like sara.schmidt@normalbusinessname.com, but the site ownership and admin account go to the secure email address. Most secure email providers are overseas and not really interested in cooperating with law enforcement.
Now none of this is going to hold up the Feds for very long. That requires some serious tradecraft and real coin spent on false identity documents. That’s well beyond the scope of this article. But this moderate approach has worked quite well for me. I’ve gone to more survivalist group meetups and campouts than most, and a lot of them made me really glad they only knew Sara for a few hours. But that’s another topic. Yeah, Sara had her own business cards and burner phone.
As with most things, patience and longevity yield significant benefits. A gradual change in attitude doesn’t draw suspicion. A sudden change, with an alternate identity popping up that sounds just like you, does.
–mw

Buying Bitcoin Anonymously and for Anonymous Use
I have not done this yet, but am exploring the issue and am about to give it a try.
Privacy is a right. Nothing here is illegal. However, if discovered, the IRS could demand back taxes. Be a small fish.
We are working around the Know Your Customer / Anti Money Laundering (KYC/AML) rules that the government imposes on banks and exchanges. But not on individuals.
If you convert fiat to BTC at an exchange (which has all of your identifying data) then the block chain has the information on it that a skilled analyst can follow. Similarly, when you sell BTC (converting BTC to fiat) at an exchange, this data is provided to the IRS and all of the .gov.
But, if you come by BTC anonymously putting it directly into a de-identified hard wallet like a Trezor T, that BTC is not associated with you personally. The meaning of de-identified. An analyst knows that a particular BTC is in a particular wallet, but WHO is associated with this is not clear.
Similarly, when that BTC moves to another’s de-identified hard wallet, that transaction can’t be linked to the individuals involved. This is a person-to-person (P2P) transaction.
The first step is to establish a ‘dark-Trezor’ that will never be linked to an individual personally, and never linked to an exchange or bank account. You will never be able to convert these BTC back to fiat. The BTC on this ‘dark-Trezor’ will only be used to make direct P2P payments to another’s ‘dark-Trezor.’
Method 1 (information from the article here)
So, Person A:
Buys a Trezor T
Downloads and installs the Trezor Suite software on his desktop computer.
Initializes the Trezor T and saves the 24 seed words on paper (instructions on how to do this at the Trezor Suite Software instal site.)
Buys a cheap disposable phone (as the next step requires a phone number)
Do NOT link your disposable phone to yourself. Do not carry it with you.
Get cash out of your own bank account (<$1,000)
Log into Trezor suite and select “receive bitcoin.” A onetime address is for your dark-Trezor is created.
Now drive to a Bitcoin ATM near you. (Coin ATM Radar)
Purchase <$1,000 worth of BTC, using cash, giving the one time address of your dark-Trezor.
At this point, you have $1,000 worth of BTC on your dark-Trezor that is not associated with any individual identity. Fees are higher, but the BTC is KYC free.
To conduct a transaction, send BTC to another person’s wallet–their equivalent of a dark-Trezor. Do not send anything to an exchange. Do not try to sell the BTC for cash at an exchange. Think of this BTC as permanently out of the fiat world, only to be sent to others dark-wallets.
Method 2 (Disclaimer: I have not done this personally yet…)
You and a buddy download the Lightning App. You mail your buddy a crisp $100 bill.
He logs onto Lightening App and sends you $100 over the Lightening Network.
When the $100 of value arrives at your Lightening node, you leave the $100 of value in the form of BTC and then send it to your dark-Trezor for storage.
Method 3
You find a buddy who is into BTC and willing to play a role in this.
Take $1,000 cash out of the bank and hand deliver it to the buddy.
The buddy then sends BTC from his dark-Trezor to your dark-Trezor.
Now the funds on your dark-Trezor are anonymized.
Method 4
Sell stuff for BTC.

Selling stuff for sats. With BTCPay Server it’s easy to sell stuff online for bitcoin. Most buyers will appreciate it when you allow Lightning payments, which BTCPay supports. A nice thing about this form of stacking is that you can operate with very little margin: similarly to home mining, you are essentially exchanging fiat spent on the sold goods for bitcoin thus obtained, and you are not necessarily aiming at having a short term operating profit — your real profit is the KYC-free bitcoin.

I would like to amend the post above.
I have found that Lightning Network and the Strike application and not completely anonymous or free of the KYC procedures.
And, alas, any exchange where you electronically transfer money to purchase BTC can be traced (though with difficulty). So no Bisq or Hodl Hodl.
The only way to be completely anonymous is to buy BTC in person, with cash.
This is the only way to completely avoid associating your name or (real) phone number, bank account or credit card with the BTC.
I would still keep these dark funds in a separate hard wallet that does not ever do business with an exchange. This is a ‘dark-wallet.’ My feeling is to not put very much funds into such a system lest it attract attention. You won’t be able to convert the BTC back to fiat, except in a private physical meetup for cash.

Quoting (mostly):
How to Buy Bitcoin Anonymously in Person
Method 1
Bitcoin ATMs are a great way to anonymously purchase Bitcoin in person. Bitcoin ATMs differ from traditional ATMs in that they send transactions across the blockchain and into a wallet. Similar to an exchange, you will need a wallet and wallet address to use a Bitcoin ATM.
 
First, locate a Bitcoin ATM. Once you find a Bitcoin ATM close to you, select the buy or sell option and then use a phone number [from a disposable phone!] or email address for 2-factor authentication. You can then either use a QR code or manually enter in your wallet address. Then insert the amount of cash you would like to deposit into your Bitcoin wallet. You will get a receipt, and the Bitcoin should be in your wallet shortly. [Fees at BTC ATMs are often ~10%]
Method 2
Another way to buy Bitcoin is from another person, [in person] directly, with cash or electronic payment. This way of buying Bitcoin would involve a physical meet up where you would pay someone cash, and they would send BTC to your wallet. This option helps avoid costly fees that ATMs can charge. However, you do face risk of [being robbed or cheated.] Some online exchanges like Bisq and Hodl Hodl are fairly private and skirt the KYC and AML procedures, but the electronic transfer of funds is recordable and discoverable. So it is not completely private.
Method 3
Sell stuff (like used furniture) in person, but ask for payment in BTC. Give the buyer only the one-time transaction code for your wallet.

And my last thought is to remain a small fish.

I am concerned that it won’t be long before all sites not in compliance with the “narrative” will just be shut down and scrubbed from the internet. Are there ways to protect losing touch with the alternate sources?

“…sites not in compliance with the “narrative” will just be shut down and scrubbed from the internet.”
Now you’re down to old fashioned copiers and manual distribution, like in the movie Conspiracy Theory. However, if we’re that far down the rabbit hole, you’ll be dealing with a bunch of much higher priorities than keeping up with Chris.

Privacy Of Social Activities Online

Still, privacy is very important these days and I don’t think it’s a ‘clickbait’ issue, because your virtual profiles are an extension of your organization. They are where you share content and connect with your audience. You try to maintain engagement with these channels as part of a brand with the right voice and style. Creating that identity and building trust with your audience takes a lot of time. Be that as it may, in the event of a hack or leak, it takes minutes. Assuming there is a hack or a slightly different leak, it would be a simple matter of destroying the virtual entertainment scene for the business.
However, no matter whose problem it is, the sense of betrayal and doubt your audience might have after the episode makes you think twice about giving back to your organization. You believe that people need to know that transmitting their data to you through any channel is protected. Moreover, because each of your channels uses your name, logo, social Shagle app, and brand voice, the legitimacy of one directly affects the others. Information security is important wherever you have an online presence, from entertainment web resources to your website, to wherever you share your content as an affiliate.