By now you've probably heard all the controversy around the "Ashley Madison Hack".
In a nutshell: Ashley Madison, a dating website primarily meant to help people have extramarital affairs, was recently threatened by a hacker group called "The Impact Team". The group condemned the company's morals and demanded the site shut down.
When the company didn't comply, the hackers publicly released the private information of over 30 million Ashley Madison users online (names, addresses, credit card information and more). Those users now live in fear of being publicly shamed on the web -- which could have a massive impact on their personal lives.
While on the surface this may seem like a deserved day of reckoning for exposed adulterers, it speaks to a much larger privacy issue that concerns everyone.
We live our entire lives online, and our actions there hinge on the promise of privacy. We believe that what we buy, where we bank, what we research, and even who we date should be private. So regardless of how you feel about adultery, we should all be terrified at the idea that a single group or person can decide to compromise that promise for their own personal agenda.
Let's consider a few specific issues related to the Ashley Madison hack before getting into the broader implications:
- Users who were exposed by the hack are not necessarily adulterers. In fact, some people may have never signed up in the first place. Since free accounts didn't require any verification, it's possible someone used someone else's email to sign up for an account. Others aren't on the site for an extra marital affair. According to interviews with the founder, many people use the site to discreetly find partners who share unique sexual habits. Even further, many people claim they browse the site as a cathartic fantasy exercise with no real intention of ever acting on it -- the equivalent of writing an angry letter with no intention of ever sending it. No matter the case, this will likely cause a lot of embarrassment and even severe personal turmoil for people who never actually did anything wrong.
Let's forget about Ashley Madison and move on to the bigger picture.
While cheating happens to be a generally frowned upon subject, what if the crusaders were against something else? What if they exposed a private online support group to help struggling people come out of the closet? What if they exposed the private records of people who have had abortions? What if they exposed the home addresses of people who support gun rights? The point is this: online privacy is important, and we need to make sure we take measures to protect it.
If you're an Ashley Madison user, here's what you can do to minimize the damage:
Unfortunately your hacked user information is already out in the wild, which means it's only a matter of time before it will start to appear in search results when people Google your name. But by proactively taking measures to strengthen your online reputation now, you can prevent this information from defining who you are online.
The website ashleymadisonhack.net has in-depth information about how to limit the damage of the Ashley Madison hack. It also provides measures you can take to prevent something like this happening to you in the future. Full disclosure: the site was created by my company BrandYourself, whose mission is to help people have a say in what appears about them online.
If you're not an Ashley Madison user, why does this privacy breach matter to you?
How would you feel if someone released the following information about you:
- Everything you Googled in the last year
- Every website you visited in the last year
- Everything you've ever purchased online
- Every YouTube video you've watched
Online privacy matters even if you have nothing to hide. No matter who you are, if that info was published without your consent, it would cause embarrassment and undoubtedly lead to personal and professional issues -- especially if that information was released without any context, like in the Ashley Madison hack.
How can you minimize the chances of your privacy being breached?
Unfortunately there is no guaranteed way to protect yourself from every type of hack. However, there are several best practices that will drastically increase the security of your own information.
1. Basic security tips:
- Use a secure password. Insecure passwords are the easiest way for an attacker to gain access to your information. If you've ever thought twice about whether your current password is secure, then it isn't. Especially if it's a real word like the name of your dog -- that definitely isn't secure. Make sure to mix up letters and numbers and strive for at least eight characters.
- Use a password management tool tool like LastPass or 1Password. They create and store incredibly secure passwords for you, and have phone apps and browser plugins that actually make it even easier to sign into any account, like a very secure master key that unlocks the rest.
- Don't provide your real email address and name if it's not required. Using a disposable email generator like FakeInbox allows you to sign up for websites without giving out your actual email address.
- Use incognito mode or private browsing mode when you browse online.
- Always clear your browser history and cookies.
- Turn on Adblockers (like AdBlock for Google Chrome).
2. Advanced security tips:
- Set up a VPN or proxy like TunnelBear or HideMyAss. These make it much harder to track your IP address when browsing online.
- Use Duck Duck Go for web searches. It's the only search engine that doesn't collect any personal information.
- Use Tor. It allows internet browsers to improve their privacy and security. Be sure to read the documentation when setting it up, because it can be complicated.
- Encrypt your email using Enigmail and PGP. Using PGP ("Pretty Good Privacy") you can drastically reduce the chance that anyone can read your emails without the proper authentication -- even if they fall into the wrong hands. Although setup can be complicated for novices, it is very secure. Here's a guide.
- Use Dmail to send self-destructing emails. Though it's less secure than PGP, it's an option that will reduce the chances that your emails fall into the wrong hands.
- Use Cyber Dust as a replacement for text messages. Cyber Dust allows you to send self-destructing text messages à la snapchat. Your messages disappear after they are read, without a trace.