TL;DR. Delete the accounts you don’t use. Maybe even some that you do. For your own safety, start paying for accounts that bring you value to the best of your ability.
Now that you have a list of all of your accounts in the password manager, time to think about which accounts should even stay open. Every account gives someone the opportunity to collect information about you. Information that can be used directly or in a social engineering attack. So go all Marie Kondo on your internet accounts.
- If the content doesn’t make your life better, delete the account.
- If you don’t check it more than once a year, delete the account..
- If the website doesn’t use https, delete the account.
- If they collect your location or health data, delete the account.
- If it isn’t required for work, delete the account.
- If you aren’t paying for it, delete the account…..
So accounts that cost money likely stayed relatively culled. They cost money after all. The “free” accounts that cruft up everyone’s life these days present a bigger attack surface. The thing is, if we aren’t paying, we aren’t the customer, we are the product. We – our attention, our data, our content – are the product. Facebook, Twitter, Google, Yahoo, Medium, Pinterest, Yelp – we are the product, we are the product, we are the product. If we aren’t the customer then maintaining our data safety isn’t likely to be a shareholder priority. If the service provided brings joy to your daily life I won’t judge, just don’t put the weight of full trust on them. Don’t use them from any device or on any network that will also be used for accounts that need to stay private. Start looking for alternatives. These companies leave us exposed and don’t tell us. They can disappear.
Let’s say for the sake of argument, that there is an account or piece of software you’re using without paying the company directly, but you know in your heart that they’re “the good guys.” Well, then they have no money to spend on the security measures to protect the data, do they? Making them spend time and money on security measures without giving back? That’s kinda a jerk move. Find a way to pay them for safety’s sake. Encourage open source projects to start foundations, for developers to open Patreon accounts. What would a YouTube Red for GitHub look like?
Isn’t ignoring the privacy nightmare of online ads a type of paying? Well, again, that makes advertisers their customer, not us. Additionally, sites for whom online ad revenue actually does cover all expenses tend to be the ones pushing user created content with no revenue sharing model. Or using stolen content. Or they don’t offer health care to their workers or pay enough. Maybe it’s meme sweatshop. Are you sure they’re the “good guys”?
Are any free accounts safe to keep? Having free accounts for casual users and paid accounts for power users feels less suspect as a model than ad-revenue only services. The power users will hopefully hold the company accountable in ways that trickle down.
The financial dynamic of paid accounts and marketplaces certainly don’t guarantee safety. In fact they most of them are pretty awful, too. Additionally, the company will have your financial information so that makes them a higher threat level. However, at least user data breaches represent a real threat to the business. That threat will hopefully make them act. Don’t ever count on it, but perhaps if you call to complain as a paying customer that will have more juice. To get even more sway, push your state lawmakers to pass privacy laws require information about breaches to be shared. If you run into a problem, look into if it is something covered by the FTC.