Privacy Levels
The amount of privacy that someone needs – as well as the effort required to get and preserve that privacy – can vary dramatically from one person to the next. This is not surprising, as people have very different lifestyles and preferences, and not everyone faces the same kinds of threats nor the same consequences of any given privacy breach.
Some people have relatively low privacy needs, perhaps because their jobs don’t involve desirable enough information, or they don’t hold or practice controversial views, or they just aren’t too worried about what others know about them. Other people have extremely high privacy needs, holding jobs that put them in possession of extremely confidential and inflammatory information, or having access to personal wealth or power that others may covet.Or they just find it highly uncomfortable for their actions or interests to be known by others.
If we were to survey 10,000 people about their privacy needs and goals, we would likely be able to plot a chart showing a distribution from the very low to the very high.
Measuring Progress, Setting Goals
The Priiv app is built to both recognize and manage these differences, helping people who have vastly different needs and desires set and reach their privacy goals. Our PriivScore is designed to both measure and track progress for people as they take actions to protect their privacy, and to help them set goals for their own privacy and security.
To make it easier to both understand progress and to set goals, we have divided the privacy continuum into five zones. Each zone reflects the general level of situational risk, and personal preference of people who fall into that range of privacy scores.
Each of these five zones is defined below:
The Unprotected Zone
The lowest tier is ‘Unprotected’ (although we don’t plot it on our chart). This is the area holding people who are willing to accept all privacy defaults in the devices and services they use, and won’t change any of their product choices or behaviors in order to enhance their privacy.
The Basic Privacy Zone
The ‘Basic’ zone is for people who want to avoid the most common and egregious privacy and security risks, but generally want (or need) to minimize both their effort and the technical complexity in their daily lives.
We believe this zone is appropriate only for people who do not have any specific or enhanced risks related to their life, mobile carrier, or lifestyle (as defined below) and also do not have particularly high concerns or aspirations in terms of privacy. While generalizations can be misleading and by definition do not apply to everyone, some jobs or roles that might find themselves comfortable in the Basic tier include students, entry-level workers, or retirees.
Achieving the very top of our Basic zone is our recommendation for the absolutely minimum level of privacy that anyone living in this digital world should have. Doing so, however, requires effort, some minimal technical competence, and the ability to sacrifice some, albeit small, amount of convenience in order to take back the privacy that is, by default, being stolen.
To move through the Basic zone a person would have established strong passwords on their most important accounts, opt’d out of a lot of data and location sharing, and blocked some of the simpler but more prevalent data gathering methods which now operate by default. There are also, we believe, some privacy tools that one has to adopt in order to fulfill the basics; these include a password manager, tracker blocker, and the adoption and use of a privacy-friendly search engine.
Benefits of moving through the basic zone include:
- Substantially strengthening your most important online accounts, reducing the likelihood that someone will take over these accounts,obtain your data, and cause all kinds of havoc in your life).
- Preventing tens of thousands (or even hundreds of thousands) of data tracking points from being added to the profiles marketers and advertisers regularly build and compile to use for targeted ads and messaging designed to manipulate you in a number of ways.
- A general increase in the amount of effort that would be required to obtain your personal data in order to cause embarrassment, financial loss, or any type of harassment.
The Strong Privacy Zone
The ‘Strong’ zone is for people who want or need to go beyond the basics and minimums to extend and enhance their levels of protection against both common and more advanced threats everyone faces today.
We define this level as appropriate for anyone who has any above-average risks due to their life, job, or lifestyle or for anyone who holds elevated privacy concerns or aspirations. Making inroads into this level requires the ability and willingness to handle moderate increases in technical complexity and occasional minor inconveniences in exchange for improved privacy and security.
We believe that scores within the Strong zone and the goal of attaining the high end of the strong range is a reasonable and appropriate goal for anyone wishing to be truly private given the day-to-day privacy invasions which people active in the digital world now face. While generalizations can be misleading and by definition do not apply to everyone, some jobs or roles that might find themselves comfortable in the Basic tier include manager, director, or VP-level business people, financial, medical, legal professionals, or press and media people who do not deal with particularly sensitive information.
To move through the Strong zone, someone would double-lock all of their accounts with 2FA, disable nearly all optional data sharing and block data leaks across devices, apps and accounts, and modify behaviors that expose data needlessly. The privacy tools associated with Strong tier privacy include all of those mentioned in the Basic tier plus an authenticator app, an encrypted messaging platform, a VPN, a public data removal subscription, and potentially identity theft protection.
Benefits of moving through the basic zone include:
- Substantially strengthening your most important online accounts, reducing the likelihood that someone will take over these accounts,obtain your data, and cause all kinds of havoc in your life).
- Preventing tens of thousands (or even hundreds of thousands) of data tracking points from being added to the profiles marketers and advertisers regularly build and compile to use for targeted ads and messaging designed to manipulate you in a number of ways.
- A general increase in the amount of effort that would be required to obtain your personal data in order to cause embarrassment, financial loss, or any type of harassment.
The Maximum Privacy Zone
The Maximum zone is defined by substantive privacy and appropriate for people that need or desire very high levels of privacy and security protection—enough to reduce risks against all but the most extreme adversaries.
We define this level as being necessary for anyone who is or may be specifically targeted by skilled adversaries, generally has any high levels of risk due to personal or professional factors, aspires to very high privacy standards, or holds high privacy concerns. This level requires the ability and willingness to handle advanced technical complexity and absorb fairly high levels of inconvenience and process changes in order to achieve its goals.
Moving through the Maximum zone involves severely locking down settings and in some cases disconnecting and disabling accounts that cannot be used without exposing unnecessary data. Another key aspect is moving all data and communications to E2E encrypted platforms. Privacy tools that would likely become important for people seeking Maximum privacy include encrypted DNS, encrypted email, FIDO security keys.
The Extreme Privacy Zone
The Extreme zone is for people who face the highest levels of personal targeting or attacks from expert or government sources, and therefore must execute severe processes and restrictions in order to protect themselves and their data.
NOTE: Support for the kinds of actions and changes necessary to achieve and maintain Extreme privacy and security are beyond the scope of Priiv and we recommend leveraging professional advisors who can address specific circumstances and desired outcomes.