Applying Risk Management Techniques for Privacy

There is no perfect solution for ensuring privacy and anonymity on the internet. Every time you send bits of data over the wires, there is a chance that someone along the way could link those bits to your real identity. Instead of debating this point, let’s focus on practical ways to work safely online using risk management techniques.

Why Risk Management Is Necessary

Even when people are aware of the risks to their privacy, they often use every available privacy tool online without considering specific threats. This can lead to missing important protections—like making sure your email connection uses SSL/TLS, but forgetting that your emails may be sent unencrypted to the recipient’s mail server. More often, we use every possible tool for every problem, which can unnecessarily reduce our online experience quality.

Imagine someone with a trusted laptop accessing their email server through an untrusted local network. Knowing the network can’t be trusted and suspecting the network owner might want to read their emails, they use email encryption (like GPG) and connect via a secure SSL/TLS connection. While this reduces the risk of eavesdropping, it comes at a cost: the recipient must also use GPG, which is often inconvenient. In short, every privacy and security guarantee comes at the price of convenience.

Given this, it makes sense to analyze the specific privacy risks you want to reduce and apply only the necessary solutions. In other words, use risk management methods to address privacy issues online, so you don’t create overly burdensome systems that are unlikely to be maintained long-term due to inconvenience.

Risk Management Steps

This article uses the risk management framework from the U.S. National Institute of Standards and Technology (NIST), which serves as a model for many other risk management systems and is well-known among information security professionals. The framework includes the following steps:

1. Classify information by its importance or impact;
2. Select a baseline set of controls to protect this information from known relevant threats;
3. Implement these controls;
4. Authorize the system based on evidence that the remaining (residual) risk is acceptable;
5. Continuously monitor the implemented controls to ensure they are effectively reducing the targeted risks.

Classification

Consider a person living in a country with a strict regime. They have a regular job and social life, but in the evenings, they blog anonymously about the “real” situation in their country. Since this is their only dissident activity, the only factor requiring privacy is their blog identity—regulators are presumably not interested in their regular email or other online activities. They also know that local internet providers cooperate with regulators, which means blog post sources can be tracked.

Selection

Given these facts, the blogger decides the best way to protect their identity is to ensure all blogging activity goes through an encrypted connection that exits outside their country. For simplicity, this article uses a basic threat model, but real risk management would consider more complex risks, such as man-in-the-middle attacks or local computer compromise.

To achieve this, they choose an international VPN service that allows them to select an exit point in another country. Now, even if regulators force the provider to cooperate, they can only see encrypted traffic from the user’s computer to the VPN server; the data and final destinations remain hidden.

Implementation

This is where technical knowledge is tested. Every risk management method has key elements that must be implemented correctly, or the effort will fail. For our example, a crucial point is ensuring all internet traffic, including DNS requests, goes through the VPN tunnel. If DNS requests go to the home router, the provider can still see which sites are being visited. This is especially dangerous when you believe the risk is mitigated, but it’s only an illusion. The takeaway: make sure you have the technical skills and experience to implement your chosen risk reduction technologies.

Assessment

At this stage, the user should test to ensure the VPN service truly encrypts and forwards all traffic that could leak information. They can use tools like tcpdump or Wireshark to verify that all internet traffic goes through the encrypted VPN connection. They should also check the VPN handshake to ensure a strong cipher is used. In general, this means verifying that your protection scheme works as intended.

Authorization

In organizations, this step involves a responsible person or group evaluating the system to ensure the risk/benefit ratio is minimized enough for the organization’s goals. For individuals, there is no supervisor. Instead, our user should step back and reconsider what they are risking and whether their risk reduction technologies actually lower the risk to an acceptable level. It’s easy to skip this step and just use the system as set up, but it’s wise to pause and ask: have I identified all the risks, and do my strategies address them?

Monitoring

This is the final and ongoing step in risk management. For our user, it means not only occasionally checking the VPN connection but also staying informed about new risks. For example, VPN encryption certificates could be compromised, or a flaw could be found in the cryptographic cipher used. The risk landscape is always changing, so it’s important to stay updated to maintain your desired level of privacy.

Conclusion

This is a very simplified example of the risk management process. Most people will identify many risks with varying probabilities, each requiring different mitigation strategies. Even if you don’t formally follow this process, it’s useful to practice thinking about privacy threats in these general terms—it will help you find solutions that are both effective and practical for everyday life.

Authors: Pavluu & Vergil

Onion Market – a free P2P exchange on Telegram.