I’ve been teaching stand-alone workshops at the Washington State Univerity Libraries since I arrived way back in 2000. One of these is a workshop I call “Digital Privacy and Security: Tools for Daily Living.” For this column I want to share some of the information and resources that I present in that workshop, focusing on password security and activity trackers. This is not a comprehensive list as I don’t have a lot of space in this column, but also digital privacy and security is an ever-changing ecosystem of new threats and new tools to combat them. I like to focus on low-threshold applications that are free or low-cost and don’t take a lot of work on the part of the user.
Let’s start by taking a look at the website haveibeenpwned.com. Toss in your various email accounts and phone numbers and find out how much each has been potentially compromised by data breaches and made available on what is known as the “dark web.” You may want to sign up for notifications of future breaches, but now it’s time to act and change the passwords for all affected accounts. This can be tough — I know the pull of inertia when it comes to doing this. When I let it go for a while I end up with more to fix than I’m comfortable with. One reason for my issue is that I used to recycle a lot of my passwords and the base password was pretty weak so I could remember it. Big mistake! Even if you use multifactor authentication (and you should, pain in the neck that it is) it’s still important to keep digital hygiene in mind and start with a sturdy password. Another reason is that I used to keep track of most of my passwords on a sheet of paper and relied on constantly changing them when I couldn’t remember. Using a password manager can really help by keeping track of your passwords. They also tell you when they are weak and make it easy to automatically generate a strong password. Even if you don’t use a password manager many will have a free password generator (i.e., Dashlane’s free one atdashlane.com/features/password-generator) or you can use something like Secure Password Generator (passwordsgenerator.net) which makes it easy to factor in the restrictions a site may require, i.e. no nonalphanumeric characters. Many password managers offer a free level where you can use it on one device, but in my experience, you end up subscribing to it because of the value of having it on all your devices. A password manager is generally more secure than using built-in browser password saving. Of course, your password manager has to have its own very strong password which is usually nonrecoverable, so be careful!
Next, let’s start exploring activity trackers by taking a look at a website, coveryourtracks.eff.org/learn. This tool, from the nonprofit Electronic Frontier Foundation, or EFF, provides a lot of information about how trackers collect your personal information through cookies saved on your computer. These also take advantage of what is known as your browser, or digital, fingerprint — all of the hundreds of elements that make your browser specific to you, such as your IP address and location. There is also a Test Your Browser button that will report whether your browser is unique, making your actions on it trackable and less private, and adding to the likelihood that your search results will be in what author Eli Pariser calls a “filter bubble” that results when your online searches become so personalized based on your previous searches and habits that the algorithm that provides your results can leave out websites that don’t fit in your established bubble, leading sometimes to an echo chamber effect. Smartphone apps also often track information. A recent “Privacy Not Included” report from Mozilla (the parent company of the Firefox browser) notes mental health and prayer apps as major offenders(mzl.la/3PeEMM2).