I am no expert in data security. It has only been in the last few years that my eyes have been opened to the eye-watering about of data about my personal life that is collected. But the current rhetoric focuses on the large tech giants like Facebook, Google, and Twitter and this is well justified. But where else do people store important information about their personalities, their desires, and their routines? I would argue that productivity tools, in the broadest sense, are an even bigger treasure trove of personal information.
This struck me hard when building up my personal stakeholder database. After I joined the corporate world, I started meeting new people every week. In order to keep it all together, I needed to manage the data about them systematically. First I started simply in Excel. Then I moved to Notion for a year. It was mostly basic information. But I realized to get the most out of a stakeholder database, the information in it had to add value to a conversation. Yes, having one place to store birthdays and emails was good, but what about the information that really helped build a connection between myself and another person?
For example, when I met people and they spoke about how many children they have, I would write it down to make sure that I could ask about them in future conversations. I know myself well enough to know that I cannot remember that level of detail on everyone I meet without a written reminder. However, the more detail I started putting in the database, the more I wondered what other people were putting in their database about me. Then a thought struck me, “I wonder how well that information about me is secured”? If I am writing personal information about others in an unsecured environment, how can I hold others to a higher standard?
That’s when I went through a big process of deleting all the information I had on other people (and myself) that would appear like a juicy steak to a starving hacker. The next question was, “well how do I store all this information in a way that is also easily usable?”.
It was also at this point that I really started growing the number of mentees and Coursecharters (people I coach). This escalated the issue of security because I take the confidentiality of what is told to me extremely seriously and the burden of security on storing that information is equal to that of a medical doctor. While I can afford a massive medical system and my use case is much broader, I started looking at the types of tools that provide a more robust security and privacy framework.
Productivity in Private
As stated above, I might not be a fish out of the water, but I am far from a shark when it comes to the interworkings of proper data management. What I can do though, is share some of the key topics that I learned I need to keep in mind when evaluating tools.
Privacy versus Security
The best way I have heard this difference described is:
Privacy is about people knowing who you are but not knowing what you are doing.
Anonymity is about people knowing what you are doing but not knowing who you are
Security is the ease of unauthorized access to data
For example, if your task manager is completely private, it might use an encryption method where only you have the key to unlock your data. However, they might have weak security, and a hacker walks into their data centre with a USB drive and extracts your data, they still would not be able to read any of the data.
What to watch for
When I look at new tools to use I look at a few elements based on my threat model. Now, everyone has a different threat model. I am not an undercover journalist in a country that censors the internet, but I have my own threats.
Encryption. I first read the privacy and security guide on the site. Most enterprise-level looks like ClickUp, Zoho, and Google are encrypting in transit and rest. This is typical. However, you will find a term used called E2EE or end-to-end encryption. This means that while ClickUp encrypts your data, they have the key to unlock it. EE2E and zero-knowledge encryption mean the company, in most cases, leaves the keys to unlock the encrypted data with you, the user. This might mean a slower service (negligible for 99.9% of users), but it means you are Private.
Security. Where are the data centers located? I often look for servers in the EU or Switzerland over anywhere else as the data laws in Europe, while flawed, are often better than elsewhere. Look for at least a SOC2 certificate or equivalent. Notion, which I still think is a great tool, also talks about its recent SOC2 audit in 2021.
Storage. This is a newer concept to me that has actually sparked me to write this article. While encryption helps move data from you to a tools server. What if the server became decentralized and distributed? This is where I learned about IFPS and made the switch from Notion to Anytype for my Life Operating System backbone.
The simplest way to understand IPFS would be that 10 friends sit around each other in a classroom, and one of them requires a pencil. If this were a traditional web 2.0 implementation, the request would be sent to a friend who has a box of pencils; you might not require the entire box, but the request will still be sent to them; this process is time-consuming and resource-intensive. On the other hand, what an IPFS implementation would do is send the request for a pencil (similar to shouting in the class that could anyone give me a pencil) and the person nearest to you would give you the pencil reducing request time and increasing speed. Author - https://www.div3xi.com/
This means that beyond encryption and zero-knowledge, Anytype also distributes the content across all nodes, increasing security as there are fewer failure points. While nothing is 100% secure and private, the basic fundamentals of how data is handled gave me much more confidence to put my more sensitive information in it.
New Private Tools for 2022
I have decided to move to a much more private tool landscape this year to evaluate what life will look like with my threat model taken into better consideration than before. I do know that this will put me in a position where I cannot fully test out new tools if they contradict my threat model. However, if you have read this far, I think you might also be considering using tools that better secure your digital footprint. Note that you should always make sure tools have a purpose and a job to do in your life.
Mind Palace & Journaling
Anytype allowed me to join the Alpha in mid-2021 and I was hooked. I have been using it almost every day since I was granted access and really enjoy the team behind it. This is where I started storing more personal information, like my contacts. I will be making more content around it soon.
Protonmail has recently made headlines again after winning a court case protecting their right to keep data encrypted and unretrievable to authorities. I have switched over all my private and personal emails and calendar there.
This is one that I have been struggling with. I know that not being constantly on Twitter, Facebook, and Instagram will slow my growth. I have taken myself off them almost completely but alternatives are few and far between. However, last week I came to the mindset that instead of complaining about low users, I should contribute to the solution. So I will make a concerted effort to fully test out using platforms that use a better business model than purely attention-driven advertising. Join the journey with me!
Fediverse is where I am starting. Pixelfed replaces Instagram, Mastadon replaces Twitter, Peertube replaces YouTube.
Think about your own threat model. What kind of data are you storing where? What level of access do you think certain actors should have? Sometimes an extra millisecond of convenience is not worth trading the blueprint of your soul to a billion-dollar empire.
What steps have you taken to protect your data? I would be interested to learn from you!