Let us first define some basic terms that will be used in this guide. We will explain the difference between privacy and security. They are often used interchangeably, but are quite different from each other and should not be confused with one another. For example, Tails OS is often called the “most secure OS” by the media, but that is not true. It is a privacy-focused operating system and not designed for maximum security in the first place. In this section you will learn what that means.
**Security means protection from dangers and lowering risks. Security is the resilience of a system against attacks or exploits. **
The resilience is realised in physical aspects of the machine, e.g. physically encrypted HDDs) and the software it runs, as well as the way the system is managed by users/admins. An OS for example, is secure if there are few security holes, it runs stable for a long time without having to reboot and malware cannot get admin access to the system. On Linux, no program can get root access by default, since a normal user account does not have root privileges. This is one of the reasons we will recommend it in a later chapter.
A secure system is meant to protect you from damage **that could be caused by a 3rd party trying to manipulate the system. The necessary steps for security are preventing unauthorised/inappropriate access, use, disclosure, disruption, deletion/destruction, corruption, modification, inspection and recording or devaluation of the system. This can for example be achieved by **strong passwords, antivirus software, a firewall, isolation and encryption. Security is related to privacy in that it protects a system from breaches of confidential data.
Having good privacy means that it is hard for adversaries to find out those details about you, because they are blocked by the privacy measures you put up.
Privacy describes, how good your personal information is secured. Examples of confidential data you would like to keep to yourself are bank account information, social security numbers, your name and birth date, your address, or your political beliefs and lifestyle. The last point is especially interesting to companies that collect data for advertising purposes. All the listed examples are things that should be kept away from unauthorised access and this guide can help you with that.
That is obviously important in our digital and interconnected world: Your private information only belongs to you, that is a fundamental right. Disclosing this information is your choice and no government or company has the right to decide this for you, although they think they do. Data has an enormous economic value in the 21st century.
There are 3 types of digital privacy:
• Information privacy, the right of an individual to determine how and when their data is being collected. This type of privacy is often undermined by social networking services, authorities and intelligence agencies. • Communication privacy, the right of an individual to communicate freely and not have their messages intercepted. This type of privacy is often not respected by governments and companies that use the contents of your communication to create personalised ads, adjusted to match your interests. • Individual privacy, the right to use the internet freely. That includes that you can decide what content you are exposed to and are not interrupted by unwanted information. This right is often disregarded by advertisers, search engine providers and malware. More information in the Digital Privacy wiki.
More information in the Digital Privacy wiki.
Anonymity means that what you do on a system is only known by yourself. A third party, like a government or criminal, cannot find out what you are doing on the system or who you are, respectively. You are non-identifiable, unreachable and untraceable. You can be a ghost!
Imagine you are visiting a city you have never been to before and you ask a stranger where the train station is. That person does not know you, you are anonymous and the stranger does not know or care who you are and where you are from. If he/she asks you who you are, you can give them the information, but you can also remain anonymous. It is completely up to you to decide.
While communicating on the internet, you are always identifiable by your IP address. An IP address is a unique number address that is assigned to every device that connects to the internet, you are not anonymous. On the following pages of this guide, you will learn how to prevent that.
You could say that anonymity is the realization of privacy, since staying anonymous ensures that your individual privacy is protected and you directly implement anonymisation methods to achieve information and communication privacy.
There is also pseudonymity. Pseudonymity means that you do not use your real name for something you do on the internet, but the activity can still be linked to you. It is a less complete form of anonymity. An example would be that you write a blog online, using a pseudonym. You real name is not directly obvious, but the server you host the blog on still logs your IP address and you are identifiable by your writing style.
Those were the most important terms you need to know to understand this guide correctly. The definitions will be used later, when we are talking about operating systems, networks, secure communication and more. We hope that we could make the difference between privacy and security clear enough.