The root idea behind data sovereignty is simple, as we move into a more digitally focused age it is becoming imperative that you take more control of your online presence. When you interact with social media, use a free email service, send a file via cloud storage, shop online, or use your GPS to navigate to lunch, you generate data. Data about your health, your spending habits, the places you go, who you hang out with, and your entertainment preferences.
Both corporations and governments find this data to be extremely valuable. Corporations use the data to analyze your habits to try and sell you a better ad or just organize and sell you data to the highest bidder. Governments collect as much data as they are legally allowed to and often bend their own rules to collect massive amounts of information on their citizens. As we move into this new age and as you interact with a multitude of online services, it is important that you understand the current system, its trade-offs and how to reclaim some of your privacy. The trade is, in general, this: You get a cheap or free digital service and in return you get some convenience all while every metric you can think of is collected, stored, and analyzed. The phrase “data is the new gold” really rings true here.
This is the reality we currently live in. Corporations and governments alike have been caught abusing or mishandling data that could be potently hazardous to individuals countless amounts of times. For example, AT&T lost customer information in 2008 and again in 2010, Blizzard in 2012, the Greek government lost financial records in 2012, The US Department of Homeland Security had a breach in 2016, Equifax in 2017, Facebook has had information stolen from it 5 times, 3 of them in 2019.
There were also the Snowden revelations in 2013. People had suspected and joked about government data collection this gave us solid evidence. Some of the highlights being: “Method Interdiction” where packages are intercepted, and devices tampered with. Gag orders were placed on most major US tech companies after they cooperated with the NSA by giving them user data, plus the bulk collection of phone data from large telecom providers. We know this is going on, yet we still want to enjoy the convenience and the entertainment that a lot of these services offer. So, what can you do about it? How can you still enjoy the convenience of technology but reduce invasive tracking and sketchy advertising practices?
One way is to forgo technology, throw all your electronics into the ocean and be done with them (please don’t really do that). But if you want to keep using these online conveniences, and gain back some of your privacy the first step is to stop and think about your unique “stack” of services you use. What can’t you live without? What lengths are you willing to go to for privacy? What data are you willing to give out? Everyone’s situation is different and if you haven’t taken digital privacy seriously before it takes a little while to adjust your habits.
It probably seems like a daunting task when you’re first diving into this but there are some steps even the non-technical can take that vastly improve your overall privacy online. Using a password manager so you can have a unique password for every site you visit is one step. A common technique known as “credential reuse” is where an attacker takes information gathered from a hack and tries the same combo of user name and password on various sites to see if they get a hit. A password manager stops this. If one service you use gets hacked all they have is the info for that one site. A second step that is almost more important than a password manager is using some form of second factor for authentication so even if someone has your username and password they still can’t get in without your second factor of authentication. Using a VPN to hide your IP address is one more easy step. An IP address ties back to your physical location and using a VPN you can obfuscate where you are physically located. If you use a free email service consider swapping to a privacy focused email service like criptext or tutanota.
If you’re technically inclined you can take it as far as you want by hosting your own services. Get off Google drive and host your own Nextcloud instance. Host a mastodon instance for you and your friends. Help your family use a password manager and let them use your instance of Bitwarden(once you know your comfortable self hosting). Teach your family to use signal for more private SMS messaging. Little steps go far in the long run. Take time to consider your needs and how far you are willing to go for privacy.
So in the end what’s the point of all of this? Why should you care? To paraphrase some quotes from Edward Snowden : "Privacy is a human right. You should be able to call your family, buy a book, or buy a plane ticket without having to worry about what those actions might look like to some analyst sitting in a corporate or government desk." It’s been proven that we can’t fully trust 3rd party’s to handle our data responsibly. So maybe it’s time to work towards a new model of trust on the internet.
By taking steps to control what information you share and with whom you can start to minimize the impact that a large corporate or government breach has on you personally. If you’re not super technical look into using a VPN, start using a password manager and 2FA if you’re not already. If this sounds like a fun project to you then play with a VPS or an old laptop to start hosting your own services. Once you get comfortable doing so, reach out to friends and family and educate them on the benefits of not using an untrusted third party. Allow them to use your instances if they want to experiment. Encourage and help people to set up their own home servers. There are some companies out there trying to make home hosting as easy as possible (Umbrel and Start 9 come to mind) and I hope that this site will help somebody along their path to take back control of their online presence and help usher in some standard of how we interact online in the future.
Decentralize all the things!
Keep an eye on this blog as I add tutorials and more resources for people to check out. You can check out my current stack of software here. I will always try and be as accurate as I can be sighting sources to my claims. I’m just a pleb with a passion for self hosting, privacy, music and Bitcoin and this is my attempt to contribute by documenting my own data sovereignty journey.