Privacy & Security 101: Compartmentalization
When I shared my previous post around, one comment pointed out that compartmentalization is another basic topic worth discussing, but they did note that such a topic is far too big to have been put into the previous post. Well thank you, random Redditor, because you’re right. I do hint at the topic somewhat on my website, but on the whole this is a topic I’ve never really gone into detail on before. So this week, let’s talk compartmentalization.
What is Compartmentalization?
As a true crime fan, I’d be remiss if I didn’t share the story of Dennis Rader (though some of you may already know it). Rader was elected president of his church council. He was a Cub Scout leader. He worked as a dogcatcher for the city, with a bachelor’s degree in administration of justice, and had a wife and two children. Which is why it was pretty horrifying when everyone found out he was also responsible for ten horrific murders. Some of my readers may better know him by his moniker “BTK,” which stood for “Bind, Torture, Kill.” It’s downright chilling to imagine him torturing and murdering a couple in cold blood after breaking into their home, then going home to read his daughter a bedtime story, but it did indeed happen. And this is an extreme version of compartmentalization.
While most of us aren’t killers (I hope), we all compartmentalize. We dress or talk a certain way while at work, but do so differently on days off. We talk to our kids differently than our partners, and them differently than our friends. We may tell our coworkers about the trip to the park this weekend, but not about the fight we had over finances.
How Does One Compartmentalize?
Before I get into how compartmentalization helps you stay private and secure, I want to explain how it works. I think doing so will answer the next question by itself, but I’ll wrap it up in the next section as well.
The best and easiest way to compartmentalize is to think of every area of your life as a completely different individual. The personal you – the one that has a beer on weekends with your friends, or plays video games, or takes the kids to the park, whatever – is Person A. The work you – the one that goes to work on Monday and turns in reports or repairs engines or flips burgers, whatever it may be – is Person B. Now in most cases, there’s no need to get too extreme with segmenting these people. There’s no need to go by Bob at work and Jim at home (unless your first and middle names are Robert Jim, in which case that’s probably not a bad idea). But there is a need to use one email for all work-related matters and one for personal stuff. And by work email, I don’t mean your actual email issued to you by the company. I mean “BobLastname@Encrypted.Email.” That way if/when you need to job hunt or do anything else work-related that doesn’t explicitly involve your employer (maybe some freelancing on the weekends?) you now have a way to do that without it getting wrapped up in your personal life. Likewise, have you ever sent a text to the wrong person? Maybe you texted your partner to ask if the meeting was still at 8.
The question now becomes how much compartmentalization do you need? As usual, it depends on you and your threat model. There is no clear answer here. Let’s start trying to answer that by talking about levels of compartmentalization. A full compartmentalization might involve a fake name, a separate device, a separate email inbox, and the whole nine yards. This might be appropriate for a spy, but probably isn’t necessary for most people. Most people might prefer a more partial compartmentalization: a VoIP number from work that’s different from their personal number, a separate email for their banking institutions, utilities, rent portal, and other important matters, a different name and number for online dating, etc.
Do you need full-on separate personas for different areas of your personal life? Maybe. As I mentioned above, you may choose to use a fake name (or a nickname) when online dating in case you run into a stalker or a bad date. In such a case, I recommend going all out with a separate VoIP number and email for the online account. Do you need to make a separate phone number to give to your neighbors than you give to your wife and kids? Probably not, but that really depends on how closely you trust them. For most people, having just two main personas – work and personal – will be plenty. Separating them with a VoIP number and an email is fine. There will be other areas where you’re still you but want to compartmentalize information, like giving your doctor a unique email address that you don’t use anywhere else. You’ll have to examine each situation on a case-by-case basis and decide what the risks are, how you can mitigate them, and what steps are appropriate to managing those risks.
How Does Compartmentalizing Help Privacy/Security?
So now, let’s talk about how this all actually helps you. The biggest advantage to compartmentalization is protection against data breaches. Consider a few of the following examples:
- Your X-Box email has a data breach. Some bored teenager finds your email, correlates it to your place of work, and files fake complaints about you.
- Using a VoIP phone for work allows you to disable it after hours, creating healthy work/life balances and boundaries.
- Using a separate browser (or VM) to check your bank means less risk of malicious plugins and trackers getting your financial information.
- Using a separate email for your doctor means that if your personal email address leaks, it can’t be easily and directly tied to your doctor, reducing risks of malicious and dangerous social engineering.
- You use online dating. You go on a date and decide the person isn’t right for you, but they take it personally and start stalking you. You used a VoIP number, meaning you can delete the number and move on and it has no information tied to you in real life. You’ve effectively ended the situation before it began.
As with my last post, it’s important to note that compartmentalization is yet another layer. It’s not foolproof protection on it’s own. And I’m not suggesting you make life harder on yourself for no reason. Examine the risks and benefits of compartmentalizing in each case, decide what amount is right for you, and how to best group things. There’s often a lot of messy overlap. If your HVAC breaks, do you send an email from your personal account or your home account, which is also the account tied to your bank? Or, if you buy a home, do you use your bank email account since the mortgage is with them, or do you make a new one? It’s very gray, fuzzy stuff but it’s important that you sit down and start working on it. And honestly, you’ll probably mess it up a little at first, but experience comes with time and soon enough you’ll have a solid, effective system in place for helping to keep your life organized and safe.