My very own NORAD
December 28, 2007 7:29 AM Subscribe
As part of my work for a client I've begun researching online privacy, cryptography, and other sundry ways of protecting oneself online. And I'm now completely creeped out and must switch NOW to uncrackable passwords, multiple email accounts, encrypting the crap out of everything I do, and generally making sure that only the things I want public on the internet are publicly accessible. But we run into the question - how do I do that without driving myself nuts trying to remember my passwords, convince everyone I know to use encrypted communication, and maintain a reasonable amount of privacy in my web surfing? And how do I do that after 8 years of webwhorage where I wasn't too concerned who knew what about me?
Specifically, I'm just wondering how you manage your privacy, and if there are any software shortcuts you're aware of to make it all a less confusing experience. The crux of it is, I'm moving from a social user of the internet to a professional one. I've always maintained a pretty easy-to-find personality on the internet, and I've liked it that way. My work hasn't been connected to my social endeavors at all, and I've never been in a position where my webself was a danger to my job; it helped, actually, because I used to be an English tutor, and my students were always curious about who I was and what I did with myself outside of class.
But now I'm going into translation, and if I'm going to make a career of it, that won't hold water. Clients are going to demand that I can keep their names, and their projects, under wraps, but at the same time they're going to have to be able to find me, AND not be too wigged out that I posted that thing about eating placentas on that BBS the other day. I'm not embarrassed at this point that anyone who wants to can find that based on the info on my metafilter profile, because, well, that's the social side, and all the work I'm getting now is from people who already know that I will occasionally joke about that. For example. In the future, when the people employing me aren't drinking buddies and exes, I could see that being a problem. And that time isn't far off.
As I understand it, I'm going to need new emails, new aliases, new passwords, and new bio information on lots of sites, which will in many cases, like technorati and digg, mean double accounts. It will also mean the work aliases have to be just as public, if not MORE public, than the personal ones, because it's those that will make up my references and resume in the future. And I'm going to have to lock down my existing accounts a lot tighter than they are now and separate some of the activity. And that's alright. If you've experienced this, how do you keep all of your personalities and data straight and secure? What limits do you place on yourself? From someone who's been using the same emails, aliases, and lax attitude toward security for the last few years, this is going to be a big adjustment, so any and all advice is welcomed.
Specifically, I'm just wondering how you manage your privacy, and if there are any software shortcuts you're aware of to make it all a less confusing experience. The crux of it is, I'm moving from a social user of the internet to a professional one. I've always maintained a pretty easy-to-find personality on the internet, and I've liked it that way. My work hasn't been connected to my social endeavors at all, and I've never been in a position where my webself was a danger to my job; it helped, actually, because I used to be an English tutor, and my students were always curious about who I was and what I did with myself outside of class.
But now I'm going into translation, and if I'm going to make a career of it, that won't hold water. Clients are going to demand that I can keep their names, and their projects, under wraps, but at the same time they're going to have to be able to find me, AND not be too wigged out that I posted that thing about eating placentas on that BBS the other day. I'm not embarrassed at this point that anyone who wants to can find that based on the info on my metafilter profile, because, well, that's the social side, and all the work I'm getting now is from people who already know that I will occasionally joke about that. For example. In the future, when the people employing me aren't drinking buddies and exes, I could see that being a problem. And that time isn't far off.
As I understand it, I'm going to need new emails, new aliases, new passwords, and new bio information on lots of sites, which will in many cases, like technorati and digg, mean double accounts. It will also mean the work aliases have to be just as public, if not MORE public, than the personal ones, because it's those that will make up my references and resume in the future. And I'm going to have to lock down my existing accounts a lot tighter than they are now and separate some of the activity. And that's alright. If you've experienced this, how do you keep all of your personalities and data straight and secure? What limits do you place on yourself? From someone who's been using the same emails, aliases, and lax attitude toward security for the last few years, this is going to be a big adjustment, so any and all advice is welcomed.
I'm a bit confused... why would you need a work Metafilter or digg account?
Further, it seems like you're going a bit nuts on this. If you remove your real name from things like your Metafilter profile, no one will be able to find your username unless they're trying to prove a connection. You can be secure going forward by creating new accounts and throwing the old ones away, but that doesn't solve the problem of your past being Googleable, so you need to remove those links anyways.
posted by smackfu at 7:46 AM on December 28, 2007 [1 favorite]
Further, it seems like you're going a bit nuts on this. If you remove your real name from things like your Metafilter profile, no one will be able to find your username unless they're trying to prove a connection. You can be secure going forward by creating new accounts and throwing the old ones away, but that doesn't solve the problem of your past being Googleable, so you need to remove those links anyways.
posted by smackfu at 7:46 AM on December 28, 2007 [1 favorite]
Best answer: Seconding password safe, but welcome to the wonderful world of security. What you need to develop is perspective. How much value do you place on your mefi account? Does that differ from your bank account? What are the reasonable steps to protect yourself?
And honestly, the real issue with employers is what can someone find through cursory googling of your name. For me, that means maintaining a collection of "professional" sites online, and registering for "hobby" sites under a handle. Duplicate accounts really aren't necessary in a lot of cases.
posted by bfranklin at 7:50 AM on December 28, 2007
And honestly, the real issue with employers is what can someone find through cursory googling of your name. For me, that means maintaining a collection of "professional" sites online, and registering for "hobby" sites under a handle. Duplicate accounts really aren't necessary in a lot of cases.
posted by bfranklin at 7:50 AM on December 28, 2007
Best answer: Take a good long stroll through Bruce Schneier's essays. The wired articles cover a good deal of what you are interested in lots of bite sized bits. He wrote password safe and steers a good course between safety and paranoia.
posted by shothotbot at 7:55 AM on December 28, 2007
posted by shothotbot at 7:55 AM on December 28, 2007
IMHO Passwords are only as good as the password itself. It must be easy to remember, but not personal. It must be difficult to crack, but not difficult to remember. I firmly believe that it is easier to remember one really good password than it is to switch them frequently (Which is why post-its were invented). So in my life I have two main passwords; one 6 and one 11 alphanumerics long, and a system for throwaway passwords. So for example the really good passwords are compound words not found in dictionaries, mixed with intercaps and numerals, e.g. F00tballW1ves. The throw aways are related to the site itself, e.g. for metafilter it may be "Gunghometafilter"
posted by Gungho at 8:05 AM on December 28, 2007
posted by Gungho at 8:05 AM on December 28, 2007
Remember one good password, and use it to generate unique passwords for each Web site you log into.
posted by nicwolff at 8:17 AM on December 28, 2007
posted by nicwolff at 8:17 AM on December 28, 2007
seconding the recommendation of bruce schneier, i've learned interesting stuff from his blog.
my other suggestion would be to take a deep breath and gain perspective. you probably possess vast erudition which couldn't be duplicated in decades of study, but if you're like me, most of it is useless shit carried around for the satisfaction of knowledge itself and not any day-to-day present value. no one thing i know, no one email i've ever written would be worth as much as $20 to a stranger to intercept. unless you're 007, nobody cares about your bizarre sexual practices or satanic rituals. the refrain from the tom lehrer song comes to mind:
and it certainly wouldn't interest
anybooo-ooody
outside of a small circle of friends...
posted by bruce at 8:30 AM on December 28, 2007
my other suggestion would be to take a deep breath and gain perspective. you probably possess vast erudition which couldn't be duplicated in decades of study, but if you're like me, most of it is useless shit carried around for the satisfaction of knowledge itself and not any day-to-day present value. no one thing i know, no one email i've ever written would be worth as much as $20 to a stranger to intercept. unless you're 007, nobody cares about your bizarre sexual practices or satanic rituals. the refrain from the tom lehrer song comes to mind:
and it certainly wouldn't interest
anybooo-ooody
outside of a small circle of friends...
posted by bruce at 8:30 AM on December 28, 2007
KeePass Password Safe for generating and storing secure passwords.
TrueCrypt for hard disk, and portable storage encryption.
TOR for anonymous browsing.
CopSSH for secure, tunneled remote desktop connections.
PortableApps.com for programs you can run off a USB key to reduce your footprint.
LiveCDs to make sure you're browsing in a safe environment.
Off The Record Messaging for encrypted instant messaging.
Voice Scramblers for telephone calls.
Do Not Contact lists to keep your name out of the hands of marketers.
WPA Encryption for your WiFi signals.
Email encryption.
posted by blue_beetle at 8:39 AM on December 28, 2007 [13 favorites]
TrueCrypt for hard disk, and portable storage encryption.
TOR for anonymous browsing.
CopSSH for secure, tunneled remote desktop connections.
PortableApps.com for programs you can run off a USB key to reduce your footprint.
LiveCDs to make sure you're browsing in a safe environment.
Off The Record Messaging for encrypted instant messaging.
Voice Scramblers for telephone calls.
Do Not Contact lists to keep your name out of the hands of marketers.
WPA Encryption for your WiFi signals.
Email encryption.
posted by blue_beetle at 8:39 AM on December 28, 2007 [13 favorites]
whoops, a little birdie just told me the song i excerpted above was written by phil ochs, not tom lehrer.
posted by bruce at 8:50 AM on December 28, 2007
posted by bruce at 8:50 AM on December 28, 2007
how do I do that without driving myself nuts trying to remember my passwords
Yes, Bruce Schneier is the person you want to consult on this stuff. He says, among other things, that you should write your passwords down and keep them in your wallet, use the same password for all low-security applications, and store everything in Password Safe.
posted by chrisamiller at 9:05 AM on December 28, 2007
Yes, Bruce Schneier is the person you want to consult on this stuff. He says, among other things, that you should write your passwords down and keep them in your wallet, use the same password for all low-security applications, and store everything in Password Safe.
posted by chrisamiller at 9:05 AM on December 28, 2007
Response by poster: @fengshui - Good call, just downloaded it.
@smackfu - Blog marketing. One of the things I get paid for is running things through digg, reddit, etc. Personal accounts aren't for shilling. Metafilter is also not for shilling. :)
@bfranklin - What I've heard is real name and email address. But that's a good idea, real name for job stuff and handle for other stuff.
@shothotbotet all - YES! I've read some of those. I'll go read the rest and get some of that perspective I've been needing (y'all's right, I do need some).
@blue_beetle - Nice list. They're bookmarked.
posted by saysthis at 9:10 AM on December 28, 2007
@smackfu - Blog marketing. One of the things I get paid for is running things through digg, reddit, etc. Personal accounts aren't for shilling. Metafilter is also not for shilling. :)
@bfranklin - What I've heard is real name and email address. But that's a good idea, real name for job stuff and handle for other stuff.
@shothotbotet all - YES! I've read some of those. I'll go read the rest and get some of that perspective I've been needing (y'all's right, I do need some).
@blue_beetle - Nice list. They're bookmarked.
posted by saysthis at 9:10 AM on December 28, 2007
Keepass is the best password manager because it's open source and cross-platform-- the same password file can be opened by PC, Linux, or OS X versions of the app.
posted by sharkfu at 10:05 AM on December 28, 2007
Oops, I mean to say "In my opinion Keepass is the best...". I haven't used Password Safe so it might be better.
posted by sharkfu at 10:07 AM on December 28, 2007
posted by sharkfu at 10:07 AM on December 28, 2007
no one thing i know, no one email i've ever written would be worth as much as $20 to a stranger to intercept. unless you're 007, nobody cares about your bizarre sexual practices or satanic rituals.
I suppose, then, that you do no online banking, don't have a PayPal account, don't buy things over the Internet, don't use your computer for taxes, don't do online bill-paying, etc., etc. Because the information you know that allows you to do any one of those is probably sufficient for an identity thief to make off with your money, your credit, and your good name.
posted by Mo Nickels at 10:27 AM on December 28, 2007 [1 favorite]
I suppose, then, that you do no online banking, don't have a PayPal account, don't buy things over the Internet, don't use your computer for taxes, don't do online bill-paying, etc., etc. Because the information you know that allows you to do any one of those is probably sufficient for an identity thief to make off with your money, your credit, and your good name.
posted by Mo Nickels at 10:27 AM on December 28, 2007 [1 favorite]
It sounds simple but I use Firefox for the "social" me and Opera for the "professional" me. I find them sufficiently different that I can switch "hats" depending on which browser I'm in (and you could also use skins to further differentiate them).
posted by ceri richard at 2:36 PM on December 28, 2007
posted by ceri richard at 2:36 PM on December 28, 2007
This thread is closed to new comments.
posted by fengshui at 7:44 AM on December 28, 2007