Jayant's Clipboard → Blog → Post

Data protection measures that you can employ today easily, and for free!

June 05, 2021

Hello, world!

Recently, my residential society ran a COVID vaccination drive and requested the phone numbers from all residents who wanted to get themselves vaccinated. Later, they shared a neat little spreadsheet with everyone in the society so everyone had confirmation about their own statuses regarding confirmation of a vaccination slot.

This spreadsheet had the exact apartment number, phone number, and full name of everyone who registered.

If this doesn’t seem like an issue to you, I have a post to link you to, and please continue reading the article right after the box.

My approach to data privacy

If you already see an issue here, then you’re probably here for the tips. In any case, skip to right after the following lecture.

Why is this a big deal?

Ever wondered how all kinds of new spammers keep getting your phone numbers? How does some random person in some call center manage to call you and ask if you want insurance for the car that you wanted but didn’t buy yet? Or how someone calls you asking if you would like to join a weight loss program, even though you aren’t really interested in even joining a gym?

OR, you’ve probably gotten this call.

“Sir, would you like a pre-approved credit card?”

Turns out, when you use a service, be it a restaurant, a shop, or any online service that requires you to provide your email or phone number, you’re not just paying with money for those services. You’re also paying with your hours of peace of mind, uninterrupted sleep, and just the right to not be disturbed at random hours. Your data either gets sold, or stolen/hacked sooner or later.

Also, once your data is out there, it’s out there forever. Till you choose to change your number, and email, it will always be out there.

The scary thing about this is most people including myself will gradually keep releasing more and more info about ourselves over time, some of it being private and unintentional, and a lot of it completely intentional and often necessary. All this data can be pieced together to build a dataset about you that can probably do a pretty good job at answering questions about you that even you didn’t think of the answers to.

Consider this:

  • You ordered something on Dominoes. You used your email. Let’s say your phone number wasn’t needed.
  • Dominoes got hacked. Your email was leaked. Along with your eating/ordering patterns, and an estimate of your spending power.
  • You got a hotel reservation. You had to provide your email and phone number. Likely even some form of National ID.
  • Of course, the hotel sells the data of you and everyone else who stayed that month. The data sold might also include how many people stayed, whether you were married, and how much you could pay for rooms and services.

Now your email, phone, national ID, eating patterns, spending power, and more are out there, with someone interested enough in gathering all this because there are enough of those willing to pay good money for this.

And, there are so many more ways for you to release so much of your info that you’d prefer keep away from the hands of those who should have nothing to do with it.

So, why is this a big deal?

What if a health insurance provider decides to run a check on you and decides to decline you coverage because you used to eat a lot of pizza a few years ago, even though it doesn’t significantly impact your current health conditions? Or, maybe just offer you increased premiums because of the fact?

What if when you try and buy an apartment, the builder/owner runs a check on you, determine that you’re fairly well off compared to the average prospect, and raise the prices just for you?

An unintended party having access to your real-life identifiable data has strong real-life consequences.

🔗 What can I do?

This will only cover things that you can start doing from today, and that cost you no money to do, and not require being technologically adept.

Keep in mind that there will be times when it’s too difficult or inconvenient to follow these measures, so, take your best judgement in that case. My own data is probably in a million unintended hands already.

  1. 🔗 Refuse to share phone numbers or emails at shops, restaurants, hospitals, etc.
    1. If it’s unavoidable, and if you must share a fake number, try and ensure that it is indeed a defunct number. Accidentally sharing a number that you believe is fake, but does belong to someone else just makes another poor person suffer unwanted spam. Note, that it’s inadvisable to use a fake number anyway because sooner or later it could be in use by another person.
    2. If you must share a working number, consider using a single phone number every time that you don’t use often, ideally one that’s not tied to any other important services (such as insurance or employment).
  2. 🔗 When making a payment, try to operate the POS machine yourself. It's pretty straight-forward, the instructions are right there on the screen. OR, use a contactless card.
  3. 🔗 When sharing your national ID, offer an obfuscated copy of your ID if possible.
    1. In India, the UIDAI website allows you to download a copy of your AADHAR Card with the first 8 digits replaced with an X. This copy is perfectly acceptable for basically any purpose that needs it. Though, there are enough issues on the government side of Aadhar anyway. source 1, source 2 (links from 2018)
    2. If you only have a non-obfuscated copy, you can use either a marker to hide the first 8 digits on a print copy, or a photo editing tool on your device to hide the first 8 digits.
  4. 🔗 When using an app that asks for permissions like contacts, location, or camera, think about why this app might need these permissions.

    1. If you can’t get a good answer by yourself or from someone else, reconsider if you really need this app.

    2. If you do really need this app and you could not use it if you try to deny permissions, try this:

      1. Grant the permission. This should let you past the initial screen that prevents you from accessing the rest of the app.

      2. Open App Info. That should let you review the permissions of the app (along with letting you force stop it, or uninstall).

      3. Disable the allowed permissions.

      4. Go back to the app. In many cases, this works without issues. And the app may not ask for permissions again. But if the app becomes difficult to use now, you really have to consider how important this app is to you.

  5. 🔗 When making an online payment, consider using a credit card.
    1. A credit card has an upper limit on how much money can be used from it every month, unlike a debit card where there might be a daily limit, but if you somehow notice your card after it’s lost for too long, your entire account could be drained.
    2. Plus, credit cards often make it pretty easy to request chargebacks, especially in the case of fraud. Chargebacks are possible on debit cards too, but it’s generally a much better experience with credit cards. source 1, source 2
    3. I personally think that indirect payment services are a pretty great option too. Such as PayPal, or Amazon Pay, if the service accepts it. The benefit being, that if you use these services to make a payment on 10 different sites instead of your CC, then you don’t have to worry about your card getting leaked when one of those 10 sites eventually gets hacked. You only have to worry about PayPal or Amazon screwing something up or being malicious. I’d say being at risk from 2 sources is much better than being at risk from 10 sources.

I’ll keep updating this list with ideas, but you’re welcome to share more with me on Twitter (link below).

Built by , who does stuff on the Web as a hobby.
You should follow him on Twitter or GitHub

© 2021, Built with ❤️ by Me!