Professional Image and Personal Privacy

I’ve been sitting in my hotel room in Dallas at the ICHI 2015 conference burning the evening hours watching documentaries on Netflix – Rise of the Hackers, Hacker Wars, Terms and Conditions May Apply etc. These documentaries focus on cyber-surveillance, privacy and security. They talk about Edward Snowden, Barrett Brown, ┬áHector Xavier Monsegur, lulzsec, sabu, Anonymous, Julian Assange, Mark Zuckerberg, Larry Page, Andrew Auernheimer, Facebook, Twitter, Google, Amazon, the NSA, CSA, FBI.

These films have had me asking how technology professionals should balance the need for professional visibility with a desire for personal privacy. How much time should and can be invested in these kinds of efforts? I can use only Tor clients and abandon FF and Chrome – I can set up my own email server that runs on my own server. I can read every line of the Linux distribution I use and every package I install to understand whether or not it is communicating with the outside world in a way I don’t want it to … but, actually I can’t. I just don’t have that much time.

On the other side of my internal debate is my need for professional visibility. So as you can see, I’m posting here, after having told you where I am, using a Chrome browser and a Mac that is almost certainly phoning home and so all these service providers, and probably my ISP, will own this post and my immortal soul forevermore — well maybe not my soul. The irony demonstrates the point. How are others dealing with this struggle? I’m finding that I am wanting more and more privacy and go to some length to differentiate my personal online presence, and my professional image. Here’s the kicker, I know full well that with not too much effort someone who got a hold of just a little data about my browsing history could reidentify me pretty quickly with some basic pattern recognition. So my traffic can be spotted by anyone who really cares to look.

Going off-grid might work out if I hadn’t invested years in becoming a cyber-security professional, but giving that effort up now seems a little drastic. I think the solution may be to draw stark lines between personal online activity, and professional activity. As an example, only do my personal browsing on my personal machine, and never log into my personal email or social media on my work device. Using a pseudonym for my personal activities might help establish a barrier between my personal presence and my professional one too.

This of course also plays into online branding and acceptable use policies. A company that wants to portray a certain brand image needs to consider the impact of its employees’ personal online behaviour if it can be tied back to their employer — now that sounds a little 1984 doesn’t it? I’m learning as I go what firms out there are doing to protect their online brands and what kinds of controls are effective. If you’re interested in assessing your approach to this problem, drop us a line in the contact form.