This pandemic catapulted the use of online services, and the Filipinos, like everybody else, adapted to the situation (the so-called ‘new normal’). What is often neglected is the fact that Filipinos are not aware that their personal data is being collected for other purposes, in addition to the original. The National Privacy Commission (NPC) needs to educate Filipinos of the risks associated with using various online services. Whilst not an exhaustive list, but here’s a list of tips that every Filipino should know to protect their privacy.
Using Social Media
The Philippines is proud to be one of the largest users of social media, from Facebook, Instagram, WhatsApp, Twitter, Viber, to Tiktok. Philippine telecommunications companies, Smart and Globe (and maybe soon, DITO), even provide free access to these services. Remember that there is no such thing as ‘free lunch’ — for every use of these services, your personal data is collected, aggregated and used to generate revenue for these companies. No, it is not only about ads! It is more than that, much more than that.
How do you ensure that your data is kept private? With these companies, you can’t. The only way is to delete your accounts! You might have “fear of missing out (FOMO)” at first, but that will later change to “joy of missing out (JOMO)”, specially when you won’t get envious or jealous of someone’s photo, or you won’t get triggered by a tweet or a post anymore. Remember that election is fast approaching, so these services will be inundated by trolls, whose main intention is to divide the nation by spreading fake news and hate.
Some would say that without social media, they will lose touch with their friends. Your real friends will contact you via phone or email, so don’t worry.
Using Online Delivery Services
During the pandemic, online delivery services boomed! These services require a lot of personal information — your name, phone number, address, and in some cases, your credit/debit card number to start with. Now add your behavior (where you shop, when, and how often) to the mix, and they have a treasure trove of personal data. In some cases, it is recommended that you avoid using your real name and to use cash instead of credit/debit cards, but that does not always work.
Now, to add to the mix, these delivery services providers often take photos when they deliver. This is to record that they have completed the transaction. If you have allowed your photo to be taken, then your photo is already on their database. STOP allowing them to take your photo. What you can do is to get them to hold the package (if it is not that big and/or heavy) near your gate/house number and take a photo of that. That is enough proof that it was delivered without a photo of your face being collected.
Using Video Conference Services
Face-to-face communications have been migrated to video conferencing, from FaceTime, Zoom, MS Teams, Google Meet, Hangout, and what not. The first thing is to avoid a video call, if you can. In a lot of situations, video is not needed. In cases when video is required, make sure that you use the feature to blur the background or use a virtual background. If you cannot do it in software, make sure that your background is as plain as possible — no unnecessary items that can identify you. You would be surprised what personal information can be retrieved from your background.
Always make sure that you are on mute when you are not talking. Background noise can often reveal your location, who you are living with, if you have pets, what you are listening to (or worse, what you are watching whilst attending the meeting or class!). Whilst you might think these are harmless, they are not.
Using Messaging Services
The Philippines is not the SMS capital of the world for nothing. Yes, Filipinos love sending and receiving messages. This has translated to using messaging applications beyond SMS. To ensure that you keep your data private, avoid services that are not end-to-end encrypted (E2EE), and avoid services that use surveillance, i.e., data collection, as their business model.
Use iMessage, Signal, or Matrix. With the exception of iMessage, Signal and Matrix are cross-platform — meaning it is on different devices, desktop (Windows, Mac or Linux) and mobile phones (iOS and Android). If your circle of friends and family are on the Apple ecosystem, then you are in luck — iMessage all the way!
Some messaging services will claim that they are also E2EE, but either they are not enabled by default, or they collect your metadata for profit — who you were talking to, when, which devices, etc. These metadata are aggregated and sold to other companies.
Attending webinars
When signing up for these webinars, make sure that you use fake data — fake name, fake address, an email alias and a throw-away mobile phone number. Unless you need proof that you have attended the webinar, there is no harm in not providing your real data.
Signing up using Email
Speaking of e-mail, when signing up on these online services, newsletters, and webinars, use an email alias, not your main email. Remember, the purpose of requiring your email address is to be able to validate that you are not a robot AND that your email address is valid for marketing purposes (or SPAM!). It used to be appending “+” and some random characters to your e-mail address works, but then again, your main email address is still part of that. For example, [email protected] may be unique to that webinar, but your main email, [email protected] is still visible. Use services such as simplelogin.io or anonaddy.com to generate your email alias and hide your main email.
In addition, use email services that you know does not use surveillance as their business model. Whilst they may tell you that they don’t scan the contents of your email for advertising purposes, they can still use it to train their machine learning models. Try creating a free protonmail.com or tutanota.com account for your peace of mind.