Embrace Ephemerality to Increase Privacy & Security
If someone stole your phone, would you wish you had more or less personal data stored on it? If a company you use suffered a data breach, would you wish they stored more or less of your personal data?
As the amount of data about us has increased, so have the privacy and security risks. The more data, the more opportunities for data to fall into the wrong hands and be misused. One way to increase privacy and security is to embrace ephemerality; to decrease the lifespan of data through self-destruction or manual deletion.
Dangers of Permanent Data
There are several dangers facing your data. A threat actor could breach an organization storing your data, gaining access to it. A threat actor could compromise one of your accounts or devices, gaining access to your data. A threat actor could compromise an account or device of someone with whom you’ve shared data, gaining access to your data.
No matter how much you guard your accounts and devices, you could still fall victim if someone else is compromised.
To reduce the amount of your data that’s available in these inevitable situations, decrease the lifespan of your data. Not all data needs to live for decades; some has served its purpose after a few months, weeks, days, or even hours. Some systems allow you to configure self-destruction of data. For systems that don’t, you can often manually delete data.
Automatic Ephemerality
Many of the messages we send are only useful for a limited time; they don’t need to exist for years. Some software and systems support auto-deletion, which is like the self-destructing messages in Mission: Impossible.
Signal has a Disappearing messages setting which you can set for each conversation. Messages sent or received in those conversations will self-destruct at the set time, from your device and the devices of any recipients.
Apple Messages has a Keep messages setting which will auto-delete messages stored on your device after a set period of time. It doesn’t affect messages stored on other people’s devices, which you sent to them.
You might think, “Some of my messages are valuable, and I need to keep them forever.” Email and messaging platforms aren’t intended for file storage, so get in the habit of downloading needed files out of email and messengers and putting them in file storage instead. If you need the text of emails and messages, you can export them or copy and paste the text to put it in file storage. Ensure that the file storage (local or cloud-based) you use is encrypted, and that only you have the key.
PrivateBin has Expires and Burn after reading settings to control the self-destruction of data you share through it.
macOS can automatically delete files from your Trash after 30 days. Windows can automatically delete files from your Recycle Bin and Downloads folder after a set amount of time.
Google allows auto-deletion of activity data in your Google account.
Look for similar settings in other software and systems.
Manual Ephemerality
Unfortunately, not all software and systems have auto-deletion functionality. In those cases, you’ll need to manually delete your data. You can choose how often to do this, and what age data you want to delete.
Many systems have a way to search for files of a certain age (e.g., older than 1 year, or older than May 1 of a particular year). This can make cleanup easier.
Many of the emails we send and receive are only useful for a limited time; they don’t need to exist for years. As you receive emails, if you don’t need to keep them, delete them. If you can’t delete them immediately, archive them for later deletion. Once or twice a year, you can search for emails older than 1 year (or 2, or whatever you’re comfortable with) and delete them. For example, in Gmail, you can use the older: or before: search operators.
People come and go from our lives, so not all contacts need to be permanently stored. Once or twice a year, you can review your contacts and delete those that are no longer needed.
You can take the same approach to documents and other files that are only useful for a limited time.
Some accounts will let you delete your data, or the entire account. Once or twice a year, you can go through your password manager to identify accounts you no longer need, log into them, and look for the data deletion or account deletion options.
Embrace Ephemerality
The less data about you exists in the world, the lower the risk of it falling into the wrong hands. Increase the ephemerality of your data to increase your privacy and security.
