Orchid's tips for protecting your privacy while working from homeMar 30, 2020
The spread of COVID-19 has tens of millions of people working remotely for the first time. This has meant adjusting to new daily rhythms with the disappearance of any neat separation between work and personal space -- something many normally take for granted. It is also forcing people everywhere to determine how best to remain productive -- and private -- without the institutional infrastructure of corporate wi-fi and desktops.
We know these are challenging times. And since Orchid both is dedicated to digital privacy and has always been a remote-first organization, we want to share some insights that can help people adjust to working from home -- and protect themselves online.
Preserving privacy for yourself, colleagues, and customers is essential, no matter where you work from. The key is to have the right tools to maintain normal business operations without the luxury of in-person meetings or a central, private office space. Practically speaking, this means shifting to messaging apps for asynchronous collaboration and video conferencing apps when meetings are called for. The most important thing is to understand the risks we take when we go online, and how we can mitigate them.
Practice privacy as a form of hygiene
Most people -- especially in these times -- understand the importance of personal hygiene to staying physically healthy. We should think the same way about practicing good digital privacy -- establishing the right habits in this area will yield real benefits.
Many people think of the internet primarily as a source of information. But when we access the Internet, we leave a trail of data behind us as well -- in the form of browser cookies, Facebook pixels, and other records of our activity. If we do this in an unprotected way, this information -- the websites we visit, the documents we collaborate on, the messages we exchange, and more -- are susceptible to being monitored, tampered with, or manipulated in ways that can have unforeseen consequences. We must take action to protect ourselves and our data privacy during this period of mass remote work. This has become even more important for individuals since net neutrality was repealed in the United States -- there's now precious little to stop our Internet service providers (ISPs) and other companies from monitoring our activities online.
Fortunately, there are some excellent tools that can help us protect our privacy.
Use physical safeguards
Some actions that can improve privacy are reassuringly simple. For starters, put a piece of masking tape over your computer's camera when you aren't using it. This low-tech measure will ensure that no one is watching you through your computer, even if your camera turns on without your realizing it. A quick online search also reveals many purpose-built products designed to block your devices from watching you without your knowledge. Screen filters are also useful, although less so now given the reduction in the amount of work being done in public spaces.
But in a digital world of online commerce and communication, covering your camera isn't enough. Digital privacy tools are essential.
Think about the devices that are in your home already
Many of us have smart devices in our homes -- cameras, speakers, TVs, virtual assistants. Even before the current crisis, there were serious concerns over these devices' ability to monitor our activity as well as their susceptibility to attacks. Now, with much of the world's business being conducted from private homes, it's even more important to make sure we understand the risks presented by smart devices and act to mitigate them.
Depending on your situation, the best course of action may be to turn off certain devices, at least while working from home, as this piece recommends. For those who use devices such as personal virtual assistants to help with tasks on a regular basis, investigate alternatives to the big names. Open-source options like Mycroft.ai align closely with Orchid's values of openness.
Create a guest network
Many people are unaware that a weakness in one device can endanger an entire network. But the risk is real, and serious enough that the FBI recently issued a series of notices warning people not to connect work-related hardware to networks shared with ordinary home devices.
The risk is that everyday appliances open a backdoor for malicious parties. If, for example, a person is working on a home wi-fi network that is also connected to a smart TV, any weakness in the latter device can allow a hacker to attack the entire network and all devices connected to it. To minimize this risk, extra precautions should be taken.
The best way to mitigate the risk is to set up a guest wi-fi network and connect all your nonessential devices to it. The ability to do this depends on the router you use -- some support guest networks while others don't. Our recommendation is to use a router that supports this capability if you can.
For advanced users, we also recommend split tunneling. This involves setting up two different pathways for Internet traffic -- some that is routed through your corporate VPN, for instance, and another for personal traffic to be routed normally. This will prevent personal browsing from travelling over your corporate network, which can be seen by your employer.
Explore messaging apps
The world is awash in messenger apps, from iMessage to Slack. These have proven highly useful for businesses and individuals even before the era of social distancing. Now, though, they are essential for work -- and choosing the right one can be just as essential to maintaining privacy and security online.
WhatsApp offers a messenger product that currently meets a high standard of privacy. Messages are encrypted end-to-end, so no central party is able to read what people write to one another. The app also has a simple and intuitive UI and UX, meaning it should be easy for first-time users to acclimate to. WhatsApp allows for group threads, document sharing, and audio calls using local wi-fi.
Like many such tools, WhatsApp does not work in all geographies. Moreover, many people -- reasonably, in our view -- are wary of the fact that it is owned by Facebook, whose handling of privacy has attracted increasing levels of scrutiny. But the fact is (for now) that WhatsApp uses a level of encryption that makes it impossible for Facebook to spy on you, even if they wanted to. The situation is worth keeping an eye on, though, given reports the tech giant plans to merge WhatsApp with its native messenger platform. If this means a weakening or loss of encryption, our recommendation here is likely to change.
For those worried about WhatsApp, Signal offers encrypted messaging services that have received praise from many in the privacy community.
Learn to love video conferencing
Sometimes meetings are necessary. While in-person meetings have been put on ice for the foreseeable future, there are several ways to interact and collaborate with teammates virtually. Zoom, which offers high-quality streaming video meeting rooms open to unlimited numbers of guests, is one of the strongest options.
However, Zoom on its own is not a complete solution. Its messaging interface lacks important features such as threading, which is why it is best used as part of a suite of options that also includes asynchronous messaging tools. Furthermore, like WhatsApp, Zoom does not work everywhere in the world unless combined with a privacy tool such as a VPN.
Zoom also carries additional risks that users should be aware of. The phenomenon of "Zoom bombing" has garnered some headlines lately. To avoid being the victim of this, it's important to make sure people cannot unmute their microphones or turn on their cameras in public Zoom meetings. These safeguards can be turned on in the app's settings.
Privacy groups have criticised Zoom for some of its admin features. Specifically, version 4 and above allow admins to monitor participants' activity, including attention to screenshares, attendee locations, operating system, IP address, location data, and device information. Notwithstanding the convenience and popularity of Zoom, these abilities should give everyone pause.
For those who are uncomfortable using an app like Zoom that may compromise privacy, there are alternatives. Jitsi offers free, open-source video conferencing and is favored by some in the privacy and open-source communities. Whereby also offers conferencing tools, and its commitment to freedom and openness align with Orchid's.
Use an online privacy solution
Virtual Private Networks (VPNs) are a popular form of privacy solution that mask web traffic from both Internet service providers (ISPs) and websites. They do this by encrypting traffic and directing it through their own private servers. This means parties that normally can see exactly what web users are doing -- Internet service providers on one end, websites on the other -- see only anonymized data moving to or from a VPN server. They cannot tell what a given individual is doing online, which means they cannot block them from specific activities. This is very important for businesses in countries with restrictions on access to specific online content.
VPNs present their own challenges, though. While they are effective at blocking ISPs and websites from recognizing users' web traffic, this information is visible to the VPNs themselves. In effect, users avoid having to trust Internet businesses by trusting these privacy products instead. While many VPNs pledge not to log user activity, there is no way for a user actually to prevent them from doing so.
With Orchid, though, users can "hop" between VPNs to keep any one provider from seeing the whole picture. In this way, Orchid provides an extra layer of anonymity for users. Orchid also brings the services and bandwidth of VPNs together in a single marketplace, which means users will find ample capacity to meet their web needs, whether that entails simple messaging or high-quality video streaming. Orchid is partnered with some of leading VPNs, including:
Using these tools can strengthen the privacy of your online life and improve the performance of the following additional tools that are important for remote work.
The single best thing you can do while working remotely is to use an Internet privacy solution. The Orchid app is available for download now -- and we are providing Orchid for free to journalists, who should email firstname.lastname@example.org to get onboarded by a member of our team.
For the best privacy, combine the best tools
Ultimately the best solution is to use multiple tools together. Various remote working products have their individual strengths and weaknesses. The glue is a strong Internet privacy tool -- which is exactly what Orchid is designed to provide.
Using Orchid in combination with the other tools outlined in this guide will result in a very strong level of both privacy and usability. In combination with Zoom and WhatsApp, privacy tools like Orchid can enable people to communicate and collaborate freely no matter where they are. It can allow us to continue to work on the projects we support and are passionate about without worrying that the shift to remote work will jeopardize privacy or security. It is this combination of solutions that offers the best chance of being able to work remotely, safely, and in privacy.
These are unprecedented times. The structural changes and shifts being forced by the COVID-19 pandemic have the potential to alter forever how, and where, work gets done. At Orchid it's our mission to make this online world as safe and expansive as possible. And since Orchid is a distributed, remote-first team, we can continue working to deliver product updates and improvements for our users.
Additional updates regarding COVID-19 and the actions Orchid is taking will be posted here as the situation evolves. Stay in touch and up to date at orchid.com, or through our social channels:
Thank you for being part of the Orchid community.
If you enjoyed this blog, subscribe here for privacy news, commentary, and product updates from Orchid.