Interview with Cybelle Oliveira, Privacy & Security Trainer

A powerful approach to how individuals can refute companies' data policy is simply avoiding using their products and making it clear publicly...

Cybelle Oliveira

For our latest interview, we virtually travel to Brazil to speak with Cybelle Oliveira, a privacy advocate and facilitator of learning processes in privacy and digital security. She’s been in this space for quite some time and we were delighted to hear her thoughts on privacy issues and what we, as regular citizens, could do to keep our data away from major corporations. Here’s what Cybelle had to say…

Can you shortly introduce yourself?

I am a Brazilian privacy advocate and facilitator of learning processes in privacy and digital security, promoting digital citizenship inclusion. My work addresses the intersection of privacy, human rights, and the power disparities between the Global South and North.

I’ve been collaborating on projects that have their mission centered on digital rights, diversity and inclusion in tech, mostly with the feminist approach.

Currently, I am a member of the Executive Board of Casa Hacker, a Brazilian nonprofit hackerspace dedicated to placing local communities in control of their digital experiences, shaping the future of information and communication technology for the public good. I am also a Mozilla Community member, working towards a healthier Internet.

What do you see as the main challenges for our privacy today?

As a result of Snowden’s disclosures in 2013, digital privacy has been resignified. People are becoming much more aware of the need to protect their privacy and related issues. Nevertheless, it seems to be a long process of incorporating this awakening.

An example of the magnitude of digital privacy rights is that the United Nations affirms that the same rights that people have offline must also be protected online, including the right to privacy.

This is noteworthy because we are living in a data-driven and high surveillance capitalism society model. This is expressed in the ability of companies to transform our data into commodities: our data have been monitored, analyzed, profiled, and sold for countless purposes and shadowy interests.

There is a systematic deployment of emerging technologies such as advanced biometrics, artificial intelligence, and facial recognition used as a weapon for surveillance, censorship, privacy restrictions, and so many other issues that deeply hurt human rights and undermine democracies.

Unfortunately, as an (almost) non-regulated field, most of those actions come without accountability and transparency.

What can we as individuals do about it?

Individual efforts can lead to great changes. Awareness on privacy issues is the first step. It is fundamental to be informed about legislative proposals that try to jeopardize our privacy. Outrageous bills that say we must relinquish our personal privacy in the name of “security” is not good at all. This is not a zero-sum game in which we are forced to choose between privacy or security. We need better regulations, and again, better accountability and transparency from governments.

A powerful approach to how individuals can refute companies’ data policy is simply avoiding using their products and making it clear publicly and directly through their communication channels and social media.

I consider it crucial to learn about the trade-off of personal data for the usage of a product. Read the terms and conditions and ask yourself if it’s worth giving so much information and consent to use it. If it doesn’t, we always can choose some other alternatives available in the market, so why not try it out?

For instance browsers like Firefox, Tor, or Brave don’t handle our data as a product and they can be used in preference to Chrome. Search engines such as DuckDuckGo and StartPage are great replacements for Google. Messaging apps like Signal can easily replace WhatsApp. ProtonMail is much safer and has easy-to-use encryption — it can be used as a substitute for Gmail.

Additionally, individuals regardless of their citizenship must demand liability and transparency from governments and big tech companies in an endeavor to contain the advances of a dystopian Orwellian society that we are living in.

But… where to start? To begin to learn more about privacy, security, and digital rights, there are numerous organizations, activists, technologists, and public policymakers who have been working relentlessly to safeguard our digital rights. There are reliable great references at Electronic Frontier Foundation (EFF), Access Now, Tactical Tech, amid many other organizations around the world.

Can VPNs help? Do you use one?

In a nutshell, VPN service is used for censorship circumvention and location anonymization. As a part of a bigger security strategy, I recommend the use of a VPN service. It’s particularly helpful when we are communicating over public Wi-Fi, avoiding eavesdroppers spying our online activities.

Choosing a VPN is all about trust. It means that you should trust in the VPN provider: it can hold your logs, your IP address, your data — including your identity, payment information, location, and browsing activities. Therefore, it’s indispensable to check the VPN’s data policy. Also, it is important to emphasize that if a VPN company is subpoenaed by the authorities, they will be forced to monitor and deliver your information to them.

Although I’d rather use Tor than a single VPN, I trust Riseup VPN, Ipredator and ProtonVPN.

What do you do to protect your personal information?

To protect my personal information, I understand privacy and security from different perspectives.

Somehow, we fit what we want to protect in a threat model analysis through a very particular structure. I believe it is extremely important to understand the intricate causes, consequences, and risks of the lack of digital privacy and security and how it can also affect me in the offline world. Therefore, I heavily rely on behaviors, encryption, and a set of tools to mitigate risks.

As much as possible, I choose to use tools that have privacy by design and by default. I tend to count on the ones that are backed up by an entire community and not on companies which only aim to profit and not respect users. Some examples that are trustworthy are Tor, Tails, Signal, Thunderbird, Mozilla products such as Firefox and Firefox Focus.

Do you have some other advice for our readers so they could, at least partially, regain their privacy?

All advice and tips listed here are not one-size-fits-all. It can change according to the situation, location, and other factors.

Surveillance and ubiquitous data collection is a form of violence. As said above, inform and educate yourself about privacy and security issues, legislative discussions of bills and new laws. Do not believe in the nothing to hide argument, it’s a fallacy. You don’t need to be a bad woman or guy, do illegal activities to keep your online activities anonymous and information private. You just don’t need to share with the world what you’re doing. It’s that simple!

Snowden at 2014 SXSW said that encryption is “the defense against the dark arts in the digital realm”. Encryption is the strongest security protection. It allows us to use Internet banking safely, protects our communication in apps such as WhatApp, assures that no one can monitor what we are browsing online, amidst many other benefits. So encrypt everything!

Regain your data control! Mozilla and Tactical Tech developed the Data Detox guide. It helps you to remove toxic data build-up and minimize the collection of digital traces. Another very comprehensive guide is the Surveillance Self-Defense by EFF.

And finally, it is absolutely recommended to read terms and conditions and privacy policy, not just click to accept. Know and understand the benefits and consequences of the exchange you are about to say yes to.