Steven Waterhouse is the CEO and co-founder of Orchid, a privacy tool built on Ethereum designed to let people explore the internet freely.
With the global coronavirus pandemic confining billions to their homes, masses of workers everywhere are adjusting to remote work for the first time. This shift is forcing us to negotiate a new reality where there is no demarcation between work and personal spheres. In this moment, we must be extra vigilant about data privacy. Just as it’s essential we wash our hands to ward off disease, we must now establish habits of data privacy to protect our digital lives.
Everything we do online – the documents we share, the websites we visit, the messages we send – leaves a trail of data behind. If we’re not careful, this data can be used to surveil us, manipulate us, and worse. But there are ways we can improve our security and privacy on the internet. I’ve spent years focused on strengthening internet privacy, managing widely distributed, remote-first teams. Here’s how people can protect their data while working remotely.
Start by implementing two-factor authentication (2FA) on all your accounts. This ensures no one can break in by guessing or stealing your password. They also need a confirmation code sent to you by text or email. 2FA adds a strong second line of defense to your online identity.
Basic 2FA typically uses a phone number – which may be good enough if you trust your phone carrier. However, a wave of “SIM swapping” or “phone porting,” especially in our community, means you often can’t. A better solution is to use an app like Google Authenticator, which generates codes in an app on your phone. For even more security, don’t connect your phone number to your Google or other accounts. Google and others will rather annoyingly keep reminding you to add your phone number, but as long as you have the authentication app you don't need it.
It’s important to be aware of security at the level of our internet connection as well. In a world of remote work, we must rely on our home wired and wi-fi networks to connect us. This raises challenges that require good privacy practices.
A network is only as secure as its weakest device. That’s why it’s a good idea to set up a “guest” Wi-Fi network and use that to connect nonessential devices like TVs and electronic assistants. This way, if a Sonos (for instance) has a security flaw, a hacker can’t exploit it to backdoor into your more important devices. Splitting your essential and non-essential devices onto separate networks this way significantly reduces your risk.
Pay attention to your router: some are better than others. A particular favorite of mine is the EERO Wi-Fi system, which includes malware and ad blocking software. It also allows guests to connect using a QR code – which the host can subsequently revoke. Regardless of what option you choose, do your research and make sure you understand the trade-offs.
Once online, there are more privacy best practices. It’s a good idea to split your internet use between two browsers (e.g., Chrome and Firefox). If you use the same browser for everything, your work and personal profiles will become commingled. An army of bots constantly builds a profile based on your browsing history, and if you don’t separate work from personal, your work and personal histories will be mixed together. And remember: Incognito mode does nothing for online traceability. It simply deletes your history so your housemates can’t see what you’ve been doing.
Even with your devices and browsing safely ring-fenced, your internet service provider can see everything you do. Depending on your jurisdiction, certain services, including messaging and conferencing apps, may be blocked. To mitigate these issues, I recommend using a virtual private network, or VPN. VPNs route traffic through their own servers, making it harder for third parties to see what we do online. Some of the best VPNs include LiquidVPN, PIA, Tenta, Boleh and VPNSecure.
Remote work requires messaging and conferencing, and it’s important to consider privacy and security when choosing these as well. Zoom, the popular video conferencing app, has taken off during this age of social distancing. During the crisis, it has seen 14 times as many downloads as its fourth-quarter average. But there are real concerns about Zoom’s commitment to online privacy and security. The app’s meetings are not end-to-end encrypted, and privacy groups have criticized it for its admin features, which allow hosts to see location and device data about participants.
On the messaging side, WhatsApp messages have full end-to-end encryption. WhatsApp enables storage of messages in your chat history in iCloud and other backup services. Turn this off to be more private. But there are concerns Facebook, which acquired the app in 2014, plans to merge it with its native Messenger app, which raises serious concerns given scrutiny around Facebook’s privacy practices. If you want to get even more private, Signal is a good alternative. WhatsApp actually uses the Signal protocol, but unlike WhatsApp the Signal code is open source. Signal gathers much less metadata than WhatsApp. Metadata is information such as whom you spoke to and when you spoke to them.
The coronavirus has forced millions around the world to adjust to a new work paradigm almost overnight. Even when the crisis passes, some changes in working patterns are probably here to stay. By establishing good habits and using the right tools, we can go a long way toward protecting ourselves in this new reality. If we all work to establish good data hygiene, we can even improve our online privacy even while we work remotely.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.