Data Privacy Week/Day Spotlight: Overrated Tools
This week is Data Privacy Week (and today is Data Privacy Day). To celebrate, this week I made a series of short blog posts highlighting tools, services, products, and techniques that I feel are underrated to help improve your privacy.
Today, as we wrap up the week with Data Privacy Day itself, I want to go in a different direction. I'm a strong believer that you can learn just as much in failure about what not to do as you can in success about what to do. So today I'm going to focus on three overrated tools and techniques that everybody focuses on very intently, probably a little too much.
Let's start with VPNs. A lot of VPN companies promise more than they can deliver like total anonymity, freedom online from censorship and tracking, and more. This is a lie. Even the best VPNs pretty much only do two things: hide your IP address from the websites you visit, and hide your traffic from local snoops such as your ISP or work router. That's it. And your IP address is only one small way that companies track you. Fortunately in recent years there have been a lot of writings about this very topic, but still many people seem to be lulled into putting too much faith into their VPN provider. Don't. See my page and IVPN's Do I Need A VPN? for more details.
Next let's talk about instant messaging. A lot of people put massive amounts of concern into their daily messengers. It seems like every day I see people having near meltdowns over very small, minuscule things in their messenger of choice: “X is centralized,” “Y is based in the US,” “Z uses Encryption A instead of Encryption B.” While I'm a big fan of using end-to-end encrypted messengers (it's a must for anyone who wants to be close to me personally), let's take a step back here: how often do any of us really send anything important? Granted, this argument could apply to every area of our digital lives, but some people really put an unjustified amount of work into protecting their daily communications when all they're sending is memes and “want anything from Wendy's?” There's no need to get bent out of shape over having something that's NSA-proof when it means so little. There's a reason I recently moved this category to the “least important” section of the website.
Finally, on that note, email providers. At least once per week, usually more, I see posts on Reddit of people asking “what email provider should I use?” Does it really matter? You're not sending state secrets, and unlike encrypted messaging you're probably not even securing both ends of the communication. Yes, it's important to cut that threat surface in half by using a zero-knowledge provider so that the rogue employee can't open my inbox, but the email I received from my bank is still plaintext on their end. The email I sent to my boss is still visible on Gmail's servers. Only one half of the contents are encrypted, and while that's definitely better than nothing, it's really not worth having a paranoid episode trying to pick the one server that's located in Antarctica and run by hedgehogs who can't read court orders.
Now, it should be noted: I endorse and encourage the use of all these services. I list all of them on my website and strongly encourage you to use them. Your privacy – even the stupid memes and grandma's chain letter – are yours and nobody should have the right or ability to read those without due process. I'm not saying this stuff isn't worth doing. What I am saying is that in my experience/opinion, I feel like people put way too much time, energy, and effort into these particular tools for what they get out of them. Like I said, people will dive deep into the history of every time an encrypted messenger's CEO took a dump, but all they're sending over the platform is inside jokes and plans to hang out. It's about being proportional. You don't need to put hundreds of hours of research into a platform that isn't going to be containing any sensitive data. Just a few solid hours of research is plenty. Time is the most valuable resource we have: we can never earn more or get it back. Don't put unnecessary amounts of time into things that will get you very little in return. Do your research and make smart choices, do use these products, but remember that in terms of protecting your privacy, there are many other areas that will give you much higher and more effective returns. Be smart with your time.