The Principles of “LifeSec”
Trigger warning racism, stupidity
If you wanted to end your career in a hurry, it would be hard to beat the example of Justine Sacco. As the communications director for a large company, you'd think she'd know better than to drop this tweet just before hopping on a plane for a business trip:
For the 11 hour duration of her flight, the tweet spiraled further and further into cyberspace while people expressed outrage or gleefully waited to see her panic when she stepped off the plane to thousands upon thousands of posts under the hashtag #HasJustineLandedYet.
No matter how tired or addled we are, most of us would never post something like this and, even if we did, the odds of going viral are still pretty low.
It might go unnoticed entirely or, once you came to your senses, you might be able to edit/delete it or even intentionally obscure it to make it harder to find. But those are under very specific conditions that mostly depend on you acting before it's noticed.
That's why your best defense is not repair, it's prevention.
Always assume that the people who hate you most – the ones who'd want to do you harm – get a notification on their phone every time you post anything online. Not just the people today, but possibly years down the line when you're looking for a job, dating, or simply run across a particularly hateful person online who's happy to dig up your past and shove it in the face of your spouse or boss.
Is it possible what you post will never spread further than you intended? Is it possible to remove information before it's noticed or make it harder to find? Sure! But that's never guaranteed and isn't worth the risk. If you're not comfortable with something being visible to everyone, everywhere, forever, reconsider posting. |
Where are you from?
When you're traveling and someone asks, "where are you from?" What do you say? Do you give them an address? Street directions? Turn-by-turn steps to reach your front door? I'd guess not.
Not that you have to be silent or rude, but conversation doesn't demand highly specific details nor does your conversation partner usually care! For your benefit and theirs, always ask, what is the least amount of information I can give?"
Don't underestimate the double-win of becoming more safe AND becoming a better conversationalist by learning to omit needless details! |
In my case, I live in the Seattle area. That means if I'm overseas, I say "American". If I'm someplace in the US, but exotic like Hawaii or Oregon, I say, "Washington". And if someone in Washington asks, I say "Seattle Area".
There will be times you make a judgement call that people are safe enough to share more details even down to the neighborhood – people at work, the other parents at the sports match, etc., but that's the exception. On average, be only as specific as necessary.
Pro tip! Your phone's map tool doesn't need to know where you live either. When setting your 'home' location, set it to somewhere in your neighborhood instead. Then, if your phone is hacked, lost, or your data is sold, you didn't paint a target directly on your house. |
What about your family?
Every time you're tempted to write information about your family, pause. Is it really necessary to list their names ever? Not that I've ever seen.
Instead, why not just say "my wife", "my kids" (assuming there's a reason to bring them up at all). Instead of age, "baby", "young", "teens", and "adult" are specific enough. Why list genders? Why be specific about the number? Instead say, "less than 2", "more than 3", or just "I'm a parent" if the number isn't important.
Are you or someone you love LGBTQ? Faced self-harm? A psychotic break? Rehab? Had a religious conversion? Things that might be sensitive if other people knew? You should share sparingly (if at all) and as generally as possible.
It might be important in some conversations to mention I've got at least one LGBTQ kid, but not the number, not the age, not the gender, not the name, not anything specific. Default to the absolute minimum necessary (and always ask if you need to share that detail at all).
Focus on what is being asked and why and then answer the minimum. Whatever is close enough. For example, when asked for your birthday, it's rare that they actually need your birthday. Usually it's for age verification (in which case, any date that's about your age will work) or for an annual free coffee or cookie at your favorite cafe (again, any date will work).
In the few cases where someone pries uncomfortably, try asking, 'why do you want to know?' Maybe there's a valid reason you don't know about, but otherwise, it's best not to give more information than is necessary. |
Have you heard of doxing? Most people focus on the public release part, but the key is that they had a dossier of information to release in the first place. Where did they get it?
Generally, Doxers simply dig and combine from public data online – stuff that was carelessly left in the open or that people didn't think was a risk in isolation – but what happens when it doesn't stay isolated?
In the Department of Defense, we were trained to limit "data aggregation risk" – where the combination of details can paint a larger or more precise picture (sometimes even elevating Unclassified information to Classified by aggregation).
That's why should think carefully about playing along with one of those "your birth month is your Hogwart's character!" posts. Rarely (if ever) fill in details in online profiles and social sites. Think carefully about whether you're legally required to even use your real name or birthday.
When supermarkets ask you for a phone number, try using (your area code) 867-5309 (the 'Jenny' number) instead (555-1212 is a good second). If someone asks for your SSN and you're positive they don't actually have a right/need for it, zero out the two middle numbers. It's automatically an invalid social so you're not harming a stranger by providing it. |
Little bits of information add up fast so make sure to limit the availability as much as possible. The less detail in the less locations information is, the harder it is to find and combine.
Whether you are acting on your own capacity or as an ally/activist, arguing with hateful people online is risky. Depending what you say, who you say it to, in what venue, under what circumstance, you could be volunteering to be a bigot's new pet project.
Or maybe you did nothing wrong at all and the bad guys just found a conversation they weren't part of and took exception to something you said in particular. Either way, you're now in the crosshairs.
The bottom line is to be hard to attack. Post generically. Fudge unimportant details. Use fake information (where legal and appropriate). Guard your photos. Deny websites/stores/etc. information they don't strictly need. And carry these principles of data protection with you in real life too.
A lot of ID theft prevention is making sure people don't have your information who don't need it (see my Data Defense articles for more). |
When making conversation, when at the store, filling out a form at the dentist – like a martial art, use the minimum motion and force to get the job done. Use the least information possible at all times and in all ways.
Then, even if someone becomes interested in you for the wrong reasons, if it takes far more attention and effort to harm you than they have, you win.
Loose information makes you a target and it makes you an easy target. It's up to you what to share, but do so aware of the consequences and risks. Most importantly, adopt LifeSec principles all the time and it becomes easy to:
- Remember that what goes online, goes everywhere; forever. Don't post anything that you're not willing to have dragged back up and used against you later.
- Learn to be evasive and general. Not only does this make you a better conversationalist, it's safer too!
- Think about how your data can be combined. Don't fall into the trap of thinking "this will be ok because it's just a little bit of information". People and AI can line all the different data up into one clear picture.
- Be a hard target. Don't get discouraged and think there's no point; no matter what the risk might be, if you're more trouble than you're worth to the bad guy, that can be enough!
And that's the basics.
If I wasn't clear, this isn't 'do this sometimes', but a way of life. Adopt LifeSec as a way of life and you'll be safer not just online or offline, but all the time. For you, for your loved ones. You become, by nature, a hard target. |