ILLUMINATION
Published in

ILLUMINATION

Applying the Principle of Least Privilege to Your Daily Life

Privacy protection for your life: online and offline.

Photo by Jon Tyson on Unsplash

We’ve probably all heard it before: our brains are like supercomputers. Just like computers, our brains are constantly transmitting and processing data. That’s why I thought information security practices may be able to help me protect my mental and emotional security.

Information security experts build safeguards into digital infrastructure to ensure the security of the data and assets they protect. I build safeguards into my daily interactions to ensure the security of my inner peace.

Somewhere along the line, I learned to feel guilty when telling someone “no” or asserting any boundaries. This led to life-long people pleasing tendencies, feeling guilty for doing what’s best for me instead of what’s best for someone else. This frequently disturbed my inner peace.

I knew my people pleasing habits were bad when I helped a complete stranger with her economics homework instead of the research paper I’d already been procrastinating. She asked since a mutual friend said I could help her. I thought if I said no, I’d have to justify my decision. As if it wasn’t enough that I had my own work to do. Did I owe her anything? Absolutely not. All I knew was that the thought of saying no to this girl felt like I’d be telling my best friend that her “special banana bread recipe” actually tasted awful. I just couldn’t do it.

So, what helped me break free from this? Instead of approaching decision making and asserting boundaries from an emotive approach, I started looking at these from a more objective approach. That’s where the principle of least privilege comes in.

What is the Principle of Least Privilege?

The principle of least privilege is the concept in information security that you only give someone the privileges to perform a task or function. No more, no less. It’s considered a security best practice for access control management.

For an online example, let’s say you wrote an essay and wanted to share it with your friend on Google Docs so they could read it over. You would share it with them, only giving them permission to read the document. That way they could read it and make comments for editing suggestions. You wouldn’t want to give them read and write permissions, since they may do something like add an inappropriate sentence to your essay for your professor to read when you submit your assignment.

The principle of least privilege can apply to your offline life too. Here’s an example from CISA’s webpage on the principle of least privilege in your everyday life:

For example, let’s say you were to go on vacation, and give a friend the key to your home, just to feed pets, collect mail, etc. While you may trust a friend, there is always the possibility that there will be a party in your house without your consent, or that something else will happen that you don’t like. Whether or not you trust your friend, there’s really no need to put yourself at risk by giving more access than necessary. For example, if you don’t have pets, but only needed a friend to occasionally pick up our mail, you should relinquish only the mailbox key. While your friend might find a good way to abuse that privilege, at least you don’t have to worry about the possibility of additional abuse. If you give out the house key unnecessarily, all that changes.

For your online and offline world, the idea is the same. You want to minimize the risk of sensitive information or possessions being stolen or abused by others. For information security experts, the principle of least privilege is a way to minimize the risk of a data breach. For your personal life, you may apply the principle of least privilege to minimize the risk of a bad friend spilling your secrets.

Taking from the previous example, your house is like your inner life. It’s the house of our minds, our inner thoughts, the secrets we hide in our closets. Not everyone needs access to your inner life. Even though others may want that access, they don’t have the right if you deem that access as unnecessary.

How Do I Apply This to My Life?

I can’t tell you that there’s a scientific method for conducting the principle of least privilege to your life experiment. What I can tell you is how I approached applying this principle to my life and in my daily interactions.

Going back to the idea of our brains as supercomputers, I thought of it like this: When people make an account on a website, they are registering as a user. Their user information is then stored by the server. If my brain is like a supercomputer, then I’m a server and the people in my life are like registered users on the server.

To start this process, I (metaphorically) revoked the user privileges of everyone in my life. There is a post by UpGuard on Medium about about the principle of least privilege that includes common ways this principle can be implemented. One of them is group-based access management. This was how I chose to “implement” the privileges others have to my personal information, the details of my life.

I understand if you’re probably thinking it’s strange to make an analogy between my life and a server on the internet. It felt strange to dehumanize myself and the people in my life.

But that was the point. I needed to take myself out of the emotive framework that influenced my past decisions so strongly. I needed to get myself into some sort of objective framework. This is what clicked so I was able to do that.

In general, I internally decided to give most friends and family members extra privileges to know and access to the information of my life. Then there were the select few from that group I made a mental note of their privileges beyond the initial group. After that, I was done. This process only took a few minutes. Surprisingly simple, right?

When you’re used to feeling guilty for asserting boundaries, or feel the need to explain your decisions to others — the simplicity of this can be perplexing. One of the first things I did after this was take a trip down memory lane to look back at all the times I now realized I’d given way more information to people than I needed.

The most perplexing thing of all? Not having people question my decisions or try to change them either. Applying this principle to my every day interactions made me realize I didn’t need to give people as much information as I had been about my life and my decisions. Saying no to going out with friends? My “no” was accepted at face value. No explanation needed.

Using this principle in my daily life has eased my anxiety with interacting with people. It kept the feelings of guilt at bay knowing that I don’t need to give everyone and anyone the privileges to know or understand every step of my decision making process.

The Main Takeaway

The principle of least privilege in the information security field is tied to the need for a lack of trust. While a lack of trust may be the reason you choose to adopt this principle as central to your personal access system, it doesn’t have to be.

You may not trust someone with the details of why you had to cancel your plans with them. And you have every right to limit their access to that information. On the other hand, you may decide they just don’t need to know the ins-and-outs of how and why you made your decision. And you have every right to decide that too.

At the end of the day, the most important thing to remember from all of this: consider any access to you and your life for what it is:

A privilege, not a right.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store