As many do, I sort of fell into Identity. I worked as a Product Manager in cloud platform API services. When I got a new job, it included identity as one of the services in the platform. It wasn’t long before I was fully immersed in the seemingly monumental task of understanding digital identity, how it fits into a larger product, and the many security implications of such a foundational element. After all, identity is the entry point into any software product.
Three identity-related jobs later, I now consider myself quite nicely “niched” in identity. I (finally) understand most of what I’m talking about (it only took a couple of years!) and I’m excited about where identity is headed. One unexpected side effect of my equally unexpected foray into identity: the emergence of privacy as a concern…a concern enough that I felt compelled to put myself out there on social media and share.
I’ve always been a bit hesitant to share too much of myself online. I’ve been known to put on the detective outfit, get my magnifying glass, and go down the rabbit hole of high school classmates on a Friday night, and I didn’t want anyone returning the favor. I also had a strong sense of wanting to protect my child from a life documented online at a time when a child’s first presence online is a line on a pregnancy test or an ultrasound. Of course, I knew that my identity was not as simple as a username and password. My digital identity was the entire footprint I was leaving behind online. With every photo uploaded, every search query executed, every app downloaded on my phone, I was leaving a lot of information behind, and I had no control over what that information was or how it was used.
Completely opting out of online life wasn’t an option for me, but I also felt that there was a great imbalance between the personal data we constantly give away in exchange for using a service and the reward it has for large tech companies. The fact that this tradeoff wasn’t transparent to me–and I worked in digital identity, for goodness’ sake–bothered me. How can I expect my friends who know nothing about tech to understand what is really happening with their data when I don’t know what is really happening with our data?
The Privacy Learning Curve
One of my most engaged-with posts. I guess we’ve all had this experience!
It was time for me to take a deep dive into the world of data protection and transparency in technology.
- Why should I care if someone hacks into my account, as long as they didn’t buy anything?
- Does Alexa really listen to us?
- When you download an app, what is all of that data being transferred in the background without your knowledge? Is there any way of knowing for sure?
- Why should the average person care? After all, we’re not that interesting and we have nothing to hide, right? Alexa can have my grocery list. She can listen to the dinner table conversations about daycare and taxes.
These are some of the questions and concerns (or lack thereof) that I’ve heard over the past year or so when I’ve talked about my privacy and data protection work. It’s been really interesting, and honestly, somewhat frustrating, to try to confront these huge questions about technology and how it is so tightly integrated into our lives. I’ve covered everything from dark patterns with cookie consent to using password managers to covering your laptop camera with a camera cover. In fact, one of my most viewed reels is identity related – I did a reel of myself authenticating with a YubiKey.
Practical Privacy Education for All
A sample of Hannah’s Instagram content
I aim to bring practical privacy education to the masses. Most people are not going to buy a Raspberry Pi and set up a DNS block. Heck, most people are not even going to bother switching off precise location tracking to apps on their iPhones. I try to give people tangible things that they can do to protect their data while still acknowledging the very real fact that most of us live at least a portion of our lives online in the media we consume and in the ways we stay connected with people. My audience is not us ID Pros, although I hope you find it interesting. My audience is our friends and families who have no idea what we do for a living and just know it’s “computer stuff”.
I’ve found my privacy and digital footprint education attempts to be rewarding. I’ve had people tell me that they had no clue what was going on with their personal data. But now that they’ve learned, they’ve been more careful about what they share online. It’s been uncomfortable for me on some level. I have never enjoyed sharing myself online, and now I am sharing videos of myself. I hate hearing my voice on the podcasts I’ve been on. It’s a human thing, I think that none of us like our own voices. I’ve pushed through the discomfort because I believe that sharing this information and advocating for more transparency in technology is not something that everyone is equipped to do. Thanks to my background in digital identity, I believe I have the experience and knowledge to know just how important our identity is, including all of the breadcrumbs we leave behind as we traverse this crazy thing called the internet. And the least I can do is leave behind something useful.
About the Author
Hannah Sutor is passionate about all things digital identity and privacy. She currently works as a Senior Product Manager at GitLab, focusing on authentication and authorization in a DevSecOps context.
Hannah has spoken at various conferences on digital identity, privacy, cybersecurity, and devops workflows. She is also a content creator; writing articles and creating engaging, easy-to-digest content on these topics for those without a technical background.
She lives outside of Denver, Colorado, USA, and enjoys bad reality TV just as much as she enjoys a walk in the woods.
You can find her educational posts on Instagram.