The Ashley Madison Hack: A Privacy Issue, Not an Adultery Issue

By now you’ve probably heard all the controversy around the “Ashley Madison Hack”. If not, here’s a quick recap: Ashley Madison, a dating website primarily meant to help people have extramarital affairs, was recently threatened by a hacker group called “The Impact Team”. The team condemned the morals of Ashley Madison and its members, threatening to release users’ private information (names, addresses, credit card information, etc.) if the site was not taken down.

The group recently followed through on their threat, and the aftermath is worse than anyone expected: the private information of over 30 million Ashley Madison users was posted publicly online. Those users now live in fear of being publicly shamed on the web – which could have a massive impact on their personal lives.

While on the surface this may seem like a deserved day of reckoning for exposed adulterers, it speaks to a much larger privacy issue that concerns everyone. We live our entire lives online, and our actions there hinge on the promise of privacy. We believe that what we buy, where we bank, what we research, and even who we date should be private. So regardless of how you feel about adultery, we should all be terrified at the idea that a single group or person can decide to compromise that promise for their own personal agenda.

Let’s consider a few specific issues related to the Ashley Madison hack before getting into the broader implications:

  • Users who were exposed by the hack are not necessarily adulterers. In fact, some people may have never signed up in the first place. Since free accounts didn’t require any verification, it’s possible someone used someone else’s email to sign up for an account. Others aren’t on the site for an extra-marital affair. According to interviews with the founder, many people use the site to discreetly find partners who share unique sexual habits. Even further, many people claim they browse the site as a cathartic fantasy exercise with no real intention of ever acting on it –  the equivalent of writing an angry letter with no intention of ever sending it.  No matter the case, this will likely cause a lot of embarrassment and even severe personal turmoil for people who never actually did anything wrong.

  • Not all users are having extramarital affairs behind their partners’ back. According to past interviews with the founder, a growing number of people are in consensual open relationships and use the site as a way to discreetly find new partners. By exposing their information, you’re breaching their promise of privacy and causing severe embarrassment for them.

  • Even for those having non-consensual extramarital affairs, this is a cruel way to expose them. You won’t find many people who outwardly approve of infidelity. That said, most people would also agree that a relationship – and all its ups, downs, betrayals and triumphs – are not the business of the general internet. When you publicly shame someone, you’re not just hurting the perpetrator, you’re hurting their spouse and family too.

Let’s forget about Ashley Madison and move on to the bigger picture.

While cheating happens to be a generally frowned upon subject, what if the crusaders were against something else? What if they exposed a private online support group to help struggling people come out of the closet? What if they exposed the private records of people who have had abortions? What if they exposed the home addresses of people who support gun rights? The point is this: online privacy is important, and we need to make sure we take measures to protect it.

If you’re an Ashley Madison user, here’s what you can do to minimize the damage:

Unfortunately your hacked user information is already out in the wild, which means it’s only a matter of time before it will start to appear in search results when people Google your name. But by proactively taking measures to strengthen your reputation online now, you can prevent this information from defining who you are online.

The website ashleymadisonhack.org has in-depth information about how to limit the damage of the Ashley Madison hack. It also provides measures you can take to prevent something like this happening to you in the future. Full disclosure: the site was created by my company BrandYourself, whose mission is to help people have a say in what appears about them online.

If you’re not an Ashley Madison user, why does this privacy breach matter to you?

How would you feel if someone released the following information about you:

  • Everything you Googled in the last year

  • Every website you visited in the last year

  • Everything you’ve ever purchased online

  • Every YouTube video you’ve watched

Online privacy matters even if you have nothing to hide. No matter who you are, if that info was published without your consent, it would cause embarrassment and undoubtedly lead to personal and professional issues – especially if that information was released without any context, like in the Ashley Madison hack.

How can you minimize the chances of your privacy being breached?

Unfortunately there is no guaranteed way to protect yourself from every type of hack. However, there are several best practices that will drastically increase the security of your own information.

Basic security tips:

  • Use a secure password. Insecure passwords are the easiest way for an attacker to gain access to your information. If you’ve ever thought twice about whether your current password is secure, then it isn’t. Especially if it’s a real word like the name of your dog – that definitely isn’t secure. Make sure to mix up letters and numbers and strive for at least 8 characters.

  • Use a password management tool tool like LastPass or 1Password. They create and store incredibly secure passwords for you, and have phone apps and browser plugins that actually make it even easier to sign into any account, like a very secure master key that unlocks the rest.

  • Don’t provide your real email address and name if it’s not required. Using a disposable email generator like FakeInbox allows you to sign up for websites without giving out your actual email address.

  • Use incognito mode or private browsing mode when you browse online.

  • Always clear your browser history and cookies.

  • Turn on Adblockers (like AdBlock for Google Chrome).

Advanced security tips:

  • Set up a VPN or proxy like TunnelBear or HideMyAss. These make it much harder to track your IP address when browsing online.

  • Use Duck Duck Go for web searches. It’s the only search engine that doesn’t collect any personal information.

  • Use Tor as your browser. Tor allows internet browsers to improve their privacy and security on the Internet. Be sure to read the documentation when setting it up, because it can be complicated.

  • Encrypt your email using something like Enigmail and PGP). Using PGP (“Pretty Good Privacy”) you can drastically reduce the chance that anyone can read your emails without the proper authentication – even if they fall into the wrong hands. Although setup can be complicated for novices, it is very secure. Here’s a guide to getting started.

  • Use Dmail to send self-destructing emails. Though it’s less secure than PGP, it’s an option that will reduce the chances that your emails fall into the wrong hands.

  • Use Cyber Dust as a replacement for text messages. Cyber Dust allows you to send self-destructing text messages à la snapchat. Your messages disappear after they are read, without a trace.