It’s Data Privacy Day across the globe and your online privacy and security is becoming increasingly more important. If you follow Mozilla Foundation and read our News Beat, watch our panels, pore over our Privacy Not Included product guides, etc. (and if you don’t, what are you waiting for), then you know at least a few of the best practices you can employ to stay private when browsing the web or using apps on your phone. Still, we can all use the occasional refresher. This Data Privacy Day we reached out to the experts: five folks who live and breathe privacy and security to ask them what you should do to preserve yours. Because your data privacy matters every day, not just on January 28.
Eva is the director of cybersecurity over at the Electronic Frontier Foundation (EFF). Her recommendation: care about privacy!
“I still see a lot of privacy nihilism — people who tell me that the government sees everything anyway, so why should they bother to hide,” says Galperin. “This is simply untrue. Everyone deserves data privacy and everyone has aspects of their lives that they would like to keep private, not only from the government and law enforcement, but their friends, loved ones, co-workers, enemies, and stalkers.”
Strong privacy isn’t just users’ responsibility, policy plays a role too. “I want to see law enforcement stop trying to undermine strong end-to-end encryption. Encryption backdoors make all users less safe and less secure.”
Brian Obilo is a 2021 Mozilla fellow based in Nairobi. Obilo focuses on cybersecurity, cyber security awareness and resilience approaches.
Obilo offers tools you can use to ensure you’re being safe online: Have I Been Pwned to see if your email address was recently part of a data breach, Google’s Phishing Quiz to see if you’d fall victim to phishing attempts and Kaspersky’s Password Checker tool to make sure your passphrase is a strong one (Kaspersky is a popular security brand, but in general be careful about putting your password into online tools, folks!).
When it comes to his hopes in the way of cybersecurity in 2021, he hopes people start to include Africa in the online security conversation. “It’s important to note that Africa was one of the first regions to have a convention on privacy, the African Union Convention on Cyber Security and Personal Data Protection, back in 2014 — years before the EU’s General Data Protection Regulation (GDPR),” says Obilo. “Countries like Kenya have also started deploying their own data protection laws. I’d like to see companies start focusing on data protection in Africa, and not just see it as an afterthought to Europe.”
One final note from Obilo: “Rachel Tobac made a sea shanty about using unique passwords. It’s the best thing I’ve seen on the internet this week.”
Maria Markstedter is the CEO of Azeria Labs and was Forbes cybersecurity person of the year in 2020. Markstedter’s TL;DR? “When in doubt, encrypt. When not in doubt, be in doubt.”
When browsing, Markstedter, like most, suggests going the extra mile to stay private. “I generally recommend using browser extensions like uBlock, uMatrix or EFF’s Privacy Badger to block trackers, ads, and scripts by default,” says Markstedter. “At the same time, it is important to reduce the number browser extensions you have installed to a minimum, since they can pose as an additional attack vector.”
Markstedter notes, however, that we won’t have true privacy until these sorts of features are system defaults. “While there are privacy protection tools available, they are only used by privacy aware people who choose to set them as their default and are neglected by the majority of users,” says Markstedter. “Users need more control over their privacy. Especially the older generations who would not consider using privacy tools. Making privacy a default setting is what we should aim for in the long run — both on the browser level and operating system level. Browsers can help by allowing users to choose their privacy settings during the installation of their browser or setting it as a default.”
Runa Sandvik is a security expert who’s previously worked for the New York Times, the Press Foundation, the Tor Project and more. According to Sandvik, staying safe is simple.
“The best possible steps anyone can take include:
- Use a password manager to ensure you have strong, unique passwords for all accounts
- Use two-factor authentication wherever possible
- Install software and app updates as soon as they become available”
Julia Reinhardt is a Mozilla fellow with a focus on trustworthy AI. She describes herself as “someone who clicks into the cookie banner and turns all of the cookies off but the necessary ones.” (Author’s note: Me too!)
When not "fellowing" for Mozilla, Reinhardt works on data transfers between U.S. and Europe. "It's complicated getting things right in that space," says Reinhardt. "The U.S. hasn't changed its stance on government surveillance and the E.U., in return, has gotten rid of the US/EU Privacy Shield — a mechanism many small- and medium-sized companies relied on for data transfers." Going forward, Reinhardt hopes the U.S. will change its stance and strongly consider a federal privacy law. "The private sector can't do this by itself, we urgently need government action. If only to ease European uneasiness about U.S. tech practices. It would also be a win for ordinary users worldwide."
Reinhardt also points out the risks associated with convenience online. “I think a lot of people still don’t realize the risks associated with ‘social log-ins.’ The temptation to make logins faster by clicking “Log in with [insert service here],” thereby using already-existing user information from Facebook, Google and others for a third-party site. This is more convenient, true, but it also exposes them to more risks because their profile data and preferences are shared with other sites. This increases the potential for behavioral tracking, which I find creepy, and also makes them more vulnerable to criminals who hack into their accounts.”
So what’s the fix? Julia strongly recommends a password manager. “Data privacy is not a nerd issue in 2021 anymore. People are becoming more aware of the dangers of exposing your personal data. Social log-in buttons are convenient but it’s just as convenient to log into each service with a safely generated password that I store in my password manager. I use mine extensively and I beg folks do the same! (Ideally with multi-factor authentication.)”