We have created a set of 5 cards that you can download, print out and distribute to friends and colleagues. These cards are aimed at raising awareness about our 'digital shadows' and providing information about how to protect your privacy.
Their topics are
What are Digital Shadows?
Posting pictures on Facebook or sharing views about movies is part of what makes the internet fun. We can keep track of old friends, find obscure food recipes and share photos. But every service we use keeps information about us and some keep information about our friends and contacts.
Our digital shadow is the collection of information about ourselves that we leave online. This can be useful as it helps us to remember things we might forget, but it can also be difficult to control.
We give some information knowingly. For example:
- giving our location to get information about services around us
- entering our credit card information to buy things
- uploading pictures of conferences for others to enjoy.
What if some of this information gets into the wrong hands and lets others know where we are, who we are with and what we are doing? The good news is that we can choose the kind of information that we leave behind. It’s important to know the difference between the information we leave behind that’s a problem, and the information that isn’t. Find out more at:
Me & My Shadow
ONO – Survival in the Digital Age
The internet collects information that we may not know about, or pay attention to, such as:
- the exact location of where we are when we upload a picture
- the history of the web searches and websites we visited
- a list of everyone we sent messages to on any given day.
When the internet is used for sharing sensitive information, digital shadows can be problematic.
If you are a rights or a transparency advocate, an activist, a journalist, a blogger, or any other kind of active individual trying to increase accountability and address injustice, digital technology has
great potential for mobilising, organising and campaigning.
Often people post videos, pictures and reports which show the same event from different angles. These images and videos can show more information than what is initially apparent:
- information about where and when they were taken
- more detail about the backgrounds or the contexts of situations than was originally intended.
However, it is not just sympathisers and allies who look at this information - and the digital shadows behind it. Adversaries do too. And since the internet ‘never forgets’, trouble can also come at a later time, when the political situation has changed.
Download as pdf in low resolution (282 kb)
Nothing to Hide
“Why shouldn't I be public about what I do – I'm not doing anything wrong!” is a typical reaction by most of us when being asked to protect our privacy. But “nothing to hide” is not the same as “everything for show”.
Have you wondered why anyone would want to log information about your life, distribute parts of it, use it without your permission, or use it in a way that misinforms others about you?
Sometimes you might like to keep some pieces of information private even though there is nothing bad, wrong, shameful or illegal about them. Here are a couple of examples:
- a serious illness, or pregnancy – because you want time to think about it privately first and you might not want people to know.
- details about your children – because they depend on you for their security.
Perhaps without realising it, we share some of our intimate information online. Your status update could include your location and alert people to the fact that you're away from home; did you want to let everyone know?
Just as it's your choice to share, it's your choice to be private. Once you have shared something online it can be difficult to delete it later. Think carefully about the personal information you share and where you share it - some networking sites consider anything you post to be their property. Should it be?
Sometimes it's clear why you need to hide information, even if normally you would prefer not to. For example:
- members of minorities can be discriminated against when it becomes apparent who they are
- the safety of victims of domestic violence depends on being able to stay private.
What passes as 'illegal' activity can change. Sometimes, people who want to bring about change in their society face threats which make sharing their personal information particularly risky. Redefining what is legal and what is not can be a way to persecute people, and previously collected information about them is often used to support this.
It is sometimes said that we need to give up some of our freedom or privacy to be more secure. But reducing our privacy can also make us less secure. The feeling of being watched changes the way we behave, making us want to avoid negative reactions from those who are observing us.
Trading our privacy for the sake of security may end up with us having less of both.
Download as pdf in low resolution (214 kb)
Assessing the Risks
It can be overwhelming to read about the dangers of online activity almost every other week:
- thieves can break into your house by combining your address (Facebook) with the fact that you're not at home (Twitter)
- an email you receive could have a link to a video showing human rights violations and when you click on the link, your computer becomes infected with malicious software
- your online communication can be intercepted by third parties.
It is possible to minimise the risks you face. Sometimes we choose to take a risk because we think the chances of something going wrong are too low for us to change our behaviour. On other occasions we may decide we don't want to take a risk – we may even realise that others could be affected by our actions.
To be able to make a good decision about risk
we need to know what our options are, what the consequences of taking those options are and what we can do to manage the consequences.
Here are some places to find tools that will help you reduce risks:
- the privacy settings of your software and social networking sites
- http://www.passfault.com/ where you can learn about making more secure passwords
- http://www.eff.org/https-everywhere where you can learn about using secure online connections.
Activists are often willing to take risks. However, the problem with using digital tools is that sometimes you don't know the risks you are taking. It can be hard to know
how to manage the risks of using particular digital tools. Will it do more good not to expose anyone or to seek as much public attention as possible? How can we avoid unintentionally doing harm? Looking back, it is easy to decide, but when you encounter a situation for the first time, it rarely is.
There are things you can do to minimise the risks:
- what or who is it that you want to protect? If, for example, it is unlikely that someone will physically enter the place where you are – because you work from another country for example – you may need to think more about how to secure your online communication.
- what kind of threats are you likely to encounter? Could the data you are collecting be compromised, copied, or destroyed? Are you the one in danger, or are the people who share information with you more likely to be at risk? Try to prioritise possible dangers as this will help you find the right solutions.
- what digital security vulnerabilities could be exposed from the threats you face? Identify the methods and tools that can protect you.
- what are your capacities? If encryption is illegal where you are, you may have to consider hiding encrypted data; a better choice might be to not use encryption at all.
- situations are constantly changing, even more so in unstable environments. Take the time to regularly re-evaluate.
Download as pdf in low resolution (154 kb)
Attaching names to pictures you post online is an easy way to share who else attended the same workshop or gathering as you did.
Tagging pictures is a nice way to attribute an inspiring talk at a conference to the person who gave it -or share who else was there.
Social networking sites give us the opportunity to share who we were with, meet new friends and then maybe also their friends. Sometimes we are asked to enter our email address so that we can find out which friends are using the same service. When we share information about others within a social network we may be giving away information that was given to us in confidence. So it is important to make sure that you:
- always ask whether it's ok to share information about others online
- don't accept someone as a friend in a network without actually knowing them
- don't let applications access your email account by giving away your email password.
Reporting about Human Rights advocates or communities at risk is a great and important way to support those in danger. It's important, however, to realise that you are carrying a huge responsibility for those you write about.
So think very carefully whether you are unintentionally giving away information that could help adversaries to identify those you are writing about.
In some situations, high visibility can help to protect individuals who face threats. Public attention can ensure that their rights aren't violated while no-one is watching. However, the identities of fellow activists, friends or family may be exposed this way too. Things you can do to help:
- choose secure ways to communicate even when you are in a hurry
- protect your contacts by encrypting the data you keep about them › make sure that videos or pictures you publish are not indicative of a context that shouldn't be public.
Download as pdf in low resolution (351 kb)
Companies that run websites often keep information about us to deliver what we 'need' more effectively. Advertisements on web pages are often related to our previous searches and other online activities.
But the companies keeping this information know a lot more about us: where we are, what computer or mobile device we use, what we have been looking at online. If we log into an account, they know
our name, mail address and more; even if you use a different name to log in, your computer and browser will probably still identify you.
Sometimes information left behind from your online activities can be used against you:
- searching online for information about cancer or other serious health problems may result in an increase of your health insurance contributions in some countries.
- banks are starting to use information gathered through social networking sites for decisions about whom to give credit.
This may not even be information about you: it could be a friend using your computer which is associated with your identity, and mistakenly attributing the online behaviour on a device to its primary user.
But these are not the only possible negative consequences of your online behaviour being tracked.
If you are doing sensitive or investigative work, the risks are greater. Adversaries can paint a better picture of your activities and who you are, using tools that combine online information available about you from a variety of your activities, including:
- social networking
- online file storage
- online shopping
- photo sharing
- general browsing.
You may think that information about you online is private, uninteresting, or hard to find, but with the help of simple tools, individual pieces of information can be combined to create quite an extensive profile, including:
- details of your whereabouts (current and in the past)
- history of your activities and interests (online and offline)
- proof of your presence at certain events
- list of your friends and allies
- records of your correspondence and other documents.
To mitigate this, consider limiting the information connected to you that appears online. You can also browse anonymously, take steps to minimise online tracking and use different account names and platforms.
Download as pdf in low resolution (562 kb)
Feel free to download, print and distribute them as they are published with a Creative Commons License.
Illustrations by Leo Koppelkamm