In the course of writing my book, Dragnet Nation, I tried various strategies to protect my privacy. In this series of book excerpts and adaptations, I distill the lessons from my privacy experiments into tips for readers.
The following excerpt appeared in The Wall Street Journal on February 21, 2014.
If you search for my kids online, you’ll find barely a trace of them. Not only do I not post any information or photos of them, I have also taught them to erase their own digital footprints.
My children, whom I will call Woody and Harriet, are 6 and 9. They use fake names online—always. They use software to block online tracking, and instead of Googling homework assignments, they use a search engine that doesn’t store any data about their queries. They have stickers that cover their computer cameras. Harriet, my older child, uses an encryption program to scramble her calls and texts to my cellphone, using passwords that are 20 characters long.
Why go to such extremes at such a young age? Because if I don’t do anything to help my children learn to protect themselves, all their data will be swept up into giant databases, and their identity will be forever shaped by that information.
They won’t have the freedom I had as a child to transform myself. In junior high school, for example, I wore only pink and turquoise. But when I moved across town for high school, I changed my wardrobe entirely and wore only preppy clothes with penny loafers. Nobody knew about my transformation because I left no trail, except a few dusty photographs in a shoebox in my parents’ closet. Try that in the age of Facebook.
Even worse, if my children leave their data lying around, they will face all the risks of what I call our “dragnet nation,” in which increased computing power and cheap data storage have fueled a new type of surveillance: suspicionless, computerized, impersonal and vast in scope. Criminals could use my kids’ data to impersonate them for financial fraud. Extortionists could seize control of their computers’ Web cameras and blackmail them with nude photos. And most terrifyingly, their innocent online inquiries would be forever stored in databases that could later place them under suspicion or be used to manipulate them financially.
Persuading my kids to care about privacy wasn’t easy. To them, “privacy” was just a word that meant “no.” Privacy was the reason they couldn’t post videos on YouTube or sign up for kids’ social networks. Privacy is the reason I complained to their teachers about posting pictures of them on a blog that wasn’t password-protected. So I began my family privacy project by explaining to my daughter how strong passwords would let her keep secrets from me—and her nosy younger brother.
We began by using a password methodology known as Diceware, which produces passwords that are easy to remember but hard for hackers to crack. Diceware is deceptively simple: You roll a six-sided die five times and use the results to pick five random words from the Diceware word list, which contains 7,776 short English words. The resulting passwords look something like this: “alger klm curry blond puck.”
Harriet loved building strong passwords. Soon I began paying her to build passwords for me too. Eventually she branched out and started selling strong passwords to friends and family members for $1 each.
Excited by her successful business venture, Harriet soon became curious about some of the other experiments I’ve tried to reclaim my online privacy. She loved the fake identity that I created for some of my online accounts (“Ida Tarbell,” borrowing the name of a turn-of-the-century, muckraking journalist) and decided to use a fake name for her online accounts as well.
Harriet was also entranced by the encryption tools I used to turn my text messages and emails from plain text into huge blocks of code that could only be read by the intended recipient. So I set up an encryption app called Silent Circle so that she and “Ida” could exchange encrypted texts and phone calls.
Harriet also got interested in a program called Ghostery that I use to block online tracking. She particularly liked Ghostery’s logo—a cute little blue ghost that sits at the top right corner of her Web browser. So I installed Ghostery on her own computer, an old netbook that we got free when setting up our high-speed Internet connection. She began to view Ghostery as a videogame, with the goal being to find websites with the most trackers. “Mommy, I found one with 41 trackers!” she crowed, running into my room toting her computer.
Harriet even started to like DuckDuckGo, a privacy-protecting search engine whose logo is a cheerful duck in a bow tie. I set it up as her default search engine, and she happily showed the duck off to her friends.
To keep outside snoops away from the family iPad, we found an app from Brian Kennish, a former Google engineer who quit to build privacy-protecting software. His powerful Disconnect Kids app captured all the traffic leaving our iPad and blocked any contact with a list of known mobile tracking companies. I thought the app’s invisible whirring was quite clever, but Harriet was disappointed that it lacked a videogame aspect: She couldn’t see how many trackers it was blocking.
After Harriet had used Disconnect Kids for a while without breaking any of her other apps, I decided to install Disconnect Kids on my own iPhone. Sure, it was a kids’ app, but I had been struggling to block ad tracking on my phone—and this was the best solution I’d seen yet.
Now, whenever I glance at Disconnect Kids’ dancing green robot on my iPhone, I remember that my kids and I face the same online challenges. After all, what’s the difference between privacy-protecting software for kids and adults when all of our data is being swept up equally indiscriminately?