One thing that I’ve been told about my previous post is that I sounded paranoid. I may be, I”m not as paranoid as the kind of people who fear the NSA in my book.
We have plenty of content out there (I would venture a guess that most of it is on reddit, but don’t take my word for it) where paranoids describe all the kind of shenanigans they go through to avoid “The Man”. I thought I may as well put out there what I do in my “paranoia”, and I’ll start with my first tenet: Email is safer than snail mail.
We all know the Snowden revelation made people fret to find new email protocols and all that kind of stuff. But my point of view is that if someone wants to steal my mail (for whatever reason), they only have to force the very simple lock of my mailbox, or use some tool to take the envelopes out from the same opening that is used to put content in.
This might be not so obvious for my American readers, as I found recently that the way USPS’s monopoly on mail delivery is enforced is by not letting anybody put stuff in your mailbox but the postman. Although I’m pretty sure that you can find black market keys for it. In Europe at least, mailboxes are not accessible by the postmen, and anybody can put envelopes in. In Italy in particular, TNT (the Dutch company) for a while ran a delivery service for mail, rather than packages. Both my bank, my mobile phone provider and me (to send mail to customers) used it because of the higher reliability.
So in this vein, I favour any kind of electronic communication over paper trail. This is not difficult in most countries right now; in particular in Italy it started more than five years ago with my landline and ADSL provider: not only they allowed me to receive their bills by email rather than snail mail, but they waived a €1.5/bill fee for delivery. Incidentally, this only worked if you had direct debit enabled, which I did because the bills kept arriving late, after expiration date passed, and we kept paying fines for that. As of today, the only bill that still arrives in the snail mail to my mother in Italy is the gas bill, and that’s only because we don’t use a city gas feed. This is especially handy as I’m the one paying said bills, and I’m no longer in Italy.
In Ireland, things are mostly okay, but not perfect: both my previous and current electricity and gas providers allow electronic bills, but the new one only allowed me to opt-in after I received the first two bills. Banks are strange — my first bank in Ireland was fully electronic, with the exception of inbound wires (which were pretty common for me due to Autotools Mythbuster and expense reimbursement for work travel); my current bank sends me the quarterly statements by mail, even though I have access to them on their website, but they do seem to have some problem with consistency and reliability. My Tesco VISA unfortunately does mail me the monthly statement by post, as they don’t have an online banking site for Irish customers (they do for British ones, but let’s not go there.) My American bank is totally paperless (which is very good for me, as I need to have my US mail forwarded), to the point that receiving rebate checks, I only needed my mobile phone to deposit them.
But there is a much more important piece of paper, that I kept receiving after I moved to Dublin: my payslip. It’s probably not obvious to everybody but this is my first “proper” employment. Before I had contracts, and freelanced, and had my own “company”, so I would send and receive invoices, but never received a payslip before joining the company I work for now. And for a few long months I would receive the paper copy of it in my mailbox at the end of the month. I don’t think there is much more private than your salary, so this was bothering me for a while — luckily we now moved to an external online provider, so no more paper trail for this.
The question becomes how to handle the paper that you do receive. I already wrote a long time ago about my dream of a paperless office, and I have bought a professional EPSON scanner, as having your own company generates a huge amount of paper. While I don’t use it with the same workflow as I had before, I still scan all the paper I receive in the mail, and then destroy it fully.
In Italy I had a shredder: I would shred any paper at all, whether it contained personal information or not; my point is that even if someone was dumpster diving into my personal shredded paper, they would end up finding the most recent promotional spam from TeamViewer or MediaMarkt. There are nasty problems with having a shredder: it’s extremely noisy, it creates tons of dust, and you have to clean it manually which takes a lot of time. You have no idea how bad my home office was after I finished running the whole set of historical documents of the family!
Here things got lucky, instead of dealing with a home shredder, my office uses a shredding company services, so I just need to bring the papers with me and throw them in the dedicated bins. This makes it much simpler to deal with the trickling paper trail of mail (and boarding passes, and so on…).
I have multiple copies of all the PDFs scanned documents: Google Drive, Dropbox and an encrypted USB flash stick, to make it safe. So unless the interested attacker gets access to my personal accounts, there is no way to access that information.