Article link:
By Rebekah Schroeder
June 29, 2022
Daniel Farber Huang and Theresa Menders have written a guide to personal privacy that Huang discusses at Princeton Public Library on Wednesday, June 29.
When Daniel Farber Huang faces a digital danger, he’s well-equipped to mitigate the risks involved. He has the same passion for cybersecurity consulting and advising work he does using a camera to capture global humanitarian crises in other countries. Safety is the bottom line for Huang, who helms a syndicated photography project alongside his wife, Theresa Menders, when he’s not helping clients protect their personal information.
Huang and Menders’ upcoming book, “Get Lost: Personal Privacy Strategies for Extremely Busy People,” is planned for an August 1 release date. Princeton Public Library’s technology presentation, which bears the same title, is expected to show the local community basic steps they can take on Wednesday, June 29, from at 6 to 7:30 p.m. in the Community Room.
Menders is Huang’s equal co-author, but due to scheduling conflicts, she could not be available for the PPL event. The library offers the opportunity to register online for events at their website, princetonlibrary.org, but will upload a livestream of the presentation on its YouTube channel.
Huang is balancing two interests and two worlds, much like the physical and online world of security. Most people tend to know less about their electronic footprint, which is why he and Menders are writing “Get Lost,” which instructs the average user on how to efficiently guard their privacy from potential threat actors.
“We’ve done a lot of independent humanitarian advocacy bringing us to a lot of other countries — sometimes which are intense environments for political or potential unrest,” Huang says, their travels often putting their interviews or data in peril. The couple’s “The Power of Faces” series captures portraits of refugees who have been displaced from their homes and forced to flee, with a copy of the images given to the subjects. “In all these disciplines, I’ve come across situations where our privacy, or our security, was at risk at different levels,” he adds.
The duo behind Princeton-based Huang+Menders Photography has traveled through places like Greece, Mexico, Bangladesh and recently the Ukraine-Poland border, even serving as government liaisons. Huang and Menders have been residents of Princeton for about 20 years, as well as personal and professional partners with wide-ranging experiences.
In his work helping companies of all sizes in the preservation of their data, Huang noticed “that there was a tremendous need for helping people understand the extent to which their personal information, both in the physical as well as the digital world, may be exposed,” he says. While cybersecurity has always been of importance, the lack of awareness about what individuals can do preventatively is a cause for concern.
But Huang noted that it’s not even the sheer availability of the information, whether gathered through paid or open source avenues, that spurred him and Menders to action.
“In today’s world, with the level of sophistication that is being put into data mining and data manipulation, people’s information is being used to manipulate their activity, sometimes to manipulate their opinions, to manipulate their actions,” Huang explains. “We’ve seen that over the years in small, but also in very significant ways,” such as targeted advertising.
Huang holds a variety of positions and titles. His scholarly background consists of a bachelor’s degree in economics from NYU, a master’s degree in journalism from Harvard University with a certificate in international security, and an MBA in finance and entrepreneurial management from the Wharton School of the University of Pennsylvania.
He owns the Princeton consulting firm the EchoStream Group, is on healthcare nonprofit ECRI’s board of trustees, and together with Menders, serve as advisors to Princeton University’s Keller Center for Innovation.
Huang referenced having seen the detrimental effects of company phishing scams, or people accidentally wiring their life savings away, as another influence on the manual and seminar’s content. So, how does someone start, especially if they have a hectic schedule?
While “every person’s situation is different,” Huang says that people should begin with an objective evaluation of their own habits, surmising that if a malicious entity wanted to harass, follow, or cause harm, how would they go about it — and would it be easy for them?
Potential threat actors could include former disgruntled partners, employees, and “even your particularly nosy neighbor that you would like to shield yourself from,” Huang explains, meaning that the journey needs to commence with an honest reflection.
If you are prone to sharing your daily actions, somebody could, if they “wanted to understand your patterns,” Huang warns, monitor social media to track movements. This extends to what other connections and relationships may post, because their actions “can be indicative of habits or other data points related to you.”
“Frankly, there’s actually a tremendous industry around that type of behavioral analysis. A lot of groups will pay a lot of money to parse that information,” Huang says. Yet, depending on a user’s comfort or discomfort, as well as “how exposed” they might feel, proactive steps can be taken to avoid these pitfalls.
Huang explains that anyone can use Google’s Street View feature to look at buildings, homes, and facilities to gather what he calls “a tremendous amount of visual information” that can be taken advantage of by threat actors. To this, he recommends asking Google to remove your residence from Street View, therefore eliminating the chance of strangers — from either across town or the world, Huang says — looking into your bedroom windows.
This puts control back in the user’s hands, which Huang believes is essential in the fight against these practices. “There are data brokers out there whose whole business is selling our personal information, and it’s absolutely legal,” he says. The information in a Google search is available publicly, but could be taken advantage of by these parties with little to no resistance from the companies themselves, as they may be the ones selling it directly to the brokers.
There are numerous ways to remove those online details, but the process can unfortunately be time-consuming if done alone. There are free and paid services for assistance, and even though data is “not necessarily good or bad,” as Huang notes, determining who has access to it is what decides “if it’s going to be used against us, or somehow to our benefit.”
“That line is blurring more and more as the amount of money that corporations can make from our data grows,” he explains. For example, Huang says that if a user searches online for cars to purchase, all of the browser’s advertisements change to reflect that entry.
This might be seen as positive or negative depending on the perspective, he continues, but that seemingly harmless data “can be analyzed and translated repeatedly…to discern your potential behaviors that could be monetized.”
Huang is the entrepreneur-in-residence of Clean Slate Security, an initiative that offers four privacy portfolio options that “enable clients to control their privacy by compartmentalizing and obscuring their personal information,” as their website states. The features vary and can provide someone with a masked cell phone number and credit cards, secure email addresses, anonymous social media accounts, and other necessary tools.
Instead of reinforcing the tropes about those who live off the grid to evade detection, Huang cautions that “somebody who is concerned about their privacy should be anybody and everybody, because the amount of information that is being captured and collected is just stunning.”
To this point, he mentions that on many platforms, such as Google or Twitter, users may request a copy of the data gathered on them to survey and download. Huang explains that in a single Gmail account he once used, there was 1.3 terabytes of information, which equates to “about 84 million Word documents. But no one can realistically view that in terms of storage, nor would they have the time or resources to read everything.
“It’s indicative of how much is gathered, and at the end of the day, that information is not going to be used to my true benefit,” he continues. “Any website that you use will collect some level of information. Even if you restrict everything, they’ll still have the ‘essential information’ that they capture.”
“From a practical standpoint, even if you read the Terms of Service on everything you have, it wouldn’t make any sense. We really don’t know what’s being captured,” Huang says.
In addition to “Personal Privacy Strategies,” Huang released “Practical Cyber Security for Extremely Busy People: Protect yourself, your family, and your career from online exploitation” in November of 2020, and “Nowhere to Hide: Open Source Intelligence Gathering — How the FBI, Media, and Public Used OSINT to Identify the January 6, 2021 Capitol Rioters” in March of 2021.
All of the books, available on Amazon, are about cybersecurity; yet, in the latter book, Huang used case studies to show how open source intelligence gathering, what he describes as “looking for or gathering data and breadcrumbs of information that might be readily available out in the world,” was used successfully by “the government, public, and media” to find the participants in the insurrection.
With their wide net of data, Huang says that he found the tactics “fascinating,” but warned of their power. “It can be used for good, but equally, it can be used for malicious purposes, and we’re seeing that more and more.”
“From the big picture, there certainly are interest groups, organizations, companies, marketing firms, even certain governments that have a great interest in gathering as much information on [an] individual as possible. But then, drilling that down to a more personal level, I’ve also worked with people who have felt personally threatened by specific threat actors, trolls, online abusers, or stalkers, who were trying to harass or make specific individuals’ lives very unpleasant,” he says.
In those situations, Huang advises that “the need for privacy, and improving people’s personal privacy…is extremely critical.” The upcoming book is meant to help individuals protect their information, because as time goes on, that data really is currency, except it’s one that many people currently lack the capacity, patience, or understanding for.
“The chances are, the average person doesn’t give a lot of thought to this, and realistically, it actually can be dangerous. It certainly is a violation of our individual rights in many different ways,” Huang says, acknowledging that while general conscientiousness might be increasing, the right choices are still not being made.
Taking the right measures may not entirely foolproof the plan, as “the biggest weakness in any privacy framework we might create is the human element,” Huang says. Even if these alternate or disposable methods worked, mistakes happen when introducing human error, which is why a comprehensive privacy plan is needed as a solid foundation.
“An important part of it is actually developing a privacy mindset,” he says. “But it is a healthy habit that develops over time, like exercising regularly or eating a balanced diet. Consistency is important for lasting results.”
These measures are additional layers of protection that exist with the hope the average user will not need them, just like having a smoke detector or fire extinguishers in the house. This is why, when people are busy, the accessibility of the technical language can be an obstacle.
Other guides might be “filled with jargon,” Huang says, so “it’s been intimidating to read about, because you’re around all of these words that you’ve never heard about before, whether it’s algorithms, encryption, or cookies, the list goes on and on.”
This is why Huang and Menders wrote a manual that “gets right to the point,” with the style set to continue how “Practical Cyber Security” had a plethora of resources, examples, websites, a term glossary, and more — all to further illustrate the material of the chapters.
“It’s simple, it’s plain English, as digestible and understandable as possible, and really is practical as much as possible. It can be used by anybody,” Huang says, aware that cybersecurity is not a glamorous topic, but it is one that remains universally applicable.
The goal, Huang maintains, is to enforce these personal privacy strategies before threats like data brokers and companies use sensitive information for their monetary benefits.
“Recognize that your personal information is valuable, and it is our right to be able to control what information of ours, what data of ours, we release out into the world, and what we choose to keep to ourselves. That is becoming more and more difficult to do, which means that it is even more and more important to actually do,” he explains.
For more information, visit Huang’s website at danielfarberhuang.com.