Compartmentalization for privacy and security

November 10, 2020. By Dr. David Wild. MyDigitalResilience Blog

In the privacy and security forums that I follow, there has been discussion recently about compartmentalization. Compartmentalization is separating different parts of your digital life, for example using different computers for work and personal use. This enables you to prevent an issue in one part of your digital life such as a ransomware attack bleeding into another area, in the same way that compartmentalization of a ship's hull prevents the ship sinking if one part is breached and flooded. It also reduces the risk of data in one part of your life being visible in another part, such as your personal photos being accessible by your employer. Thus compartmentalization is good for both security and privacy.

In The Personal Digital Resilience Handbook, I describe various strategies for compartmentalization, such as having separate computers or at least separate user accounts, and using email forwarding as a way to have separate details for different online accounts. Here I'd like to take the idea of compartmentalization a step further, and propose a four level framework. This is based on the observation that compartmentalization is often a spectrum, not a binary. The four levels are:

No compartmentalization. This is the normal state for many people - the same hardware, software, email addresses, phone numbers, etc. are used for everything.

Light compartmentatlization. At this level, basic, easy to implement measures are put in place that can vastly improve privacy and security by removing direct association between compartments. Examples include using email fowarding to provide different email addresses for different online accounts, using different VoIP phone numbers with a service such as MySudo or using Firefox Multi-Account Containers for Internet browsing.

Strong compartmentalization. In strong compartmentalization, measures are put in place to make it very unlikely for compartments to be connected in a way that harm to one could cause harm to another, or for the compartments to be associated by the data they produce. These measures can include using different hardware devices for different compartments, or having dedicated email accounts and phone numbers.

Extreme compartmentalization. At the extreme level, extraordinary measures are put in place to almost eradicate any association between compartments. These measures could for instance include using entirely separate hardware on separate networks. Extreme compartmentalization is probably only needed for those who face a life threat if compartmentalization fails.

As an example, here are some strategies for compartmentalizing email accounts according to the different levels.

Non compartmentalized email. The same email address is used across all accounts and services, and this address is easily associated with you.

Lightly compartmentalized email. An email forwarding service such as Anonaddy, or a custom domain with forwarding, is used to create different email addresses for different services. Since these all have the same domain name, they could be relatively easily connected with each other, but they do provide a layer of privacy and compartmentalization.

Strongly compartmentalized email. Unique email accounts are set up for different compartments, with a privacy-protecting email provider such as ProtonMail. ProtonMail or a state actor could probably link the accounts if they are accessed from the same IP address, but the accounts would not be easily linkable otherwise.

Extremely compartmentalized email. Unique email accounts are set up for different compartments, only accessed on different hardware and computer networks (e.g. using a VPN), making it extremely difficult for them to be linked in any way. This would provide maximal security - e.g. preventing a ransomware attack from clicking an email in one compartment - from affecting another, as well as maximizing privacy.

I hope this was helpful for some of you. If you enjoyed this blog post, please check out The MyDigitalResilience website. All material is (C) Copyright 2020 by David Wild. This website is designed to be simple and accessible, and does not contain any trackers of any kind. Suggestions and corrections should be emailed to Photo by Brett Jordan on Unsplash.