data-privacy
Understanding and managing what digital services collect, store, share, and infer about you. Covers password security and entropy, multi-factor authentication, privacy settings, data minimization, the difference between first-party and third-party tracking, cookies and fingerprinting, privacy laws (GDPR, CCPA), and how to respond to data breaches. Use when helping a learner make informed decisions about what to share, with whom, and under what terms.
git clone --depth 1 https://github.com/Tibsfox/gsd-skill-creator /tmp/data-privacy && cp -r /tmp/data-privacy/examples/skills/digital-literacy/data-privacy ~/.claude/skills/data-privacySKILL.md
# Data Privacy Data privacy is the practical discipline of deciding what personal information to share with which services, under what conditions, and for what purpose. It is not about being paranoid and it is not about opting out of modern life. It is about developing the habits and mental models that let you participate in digital systems without letting those systems accumulate more leverage over you than you intended. This skill covers authentication (keeping accounts your own), collection (what services take), aggregation (what they infer), and remediation (what to do when things go wrong). **Agent affinity:** palfrey (institutional privacy), boyd (contextual integrity), noble (platform power asymmetry) **Concept IDs:** diglit-password-security, diglit-privacy-management, diglit-data-collection, diglit-digital-footprint ## Password Security Passwords are still the front door for most accounts. Two-thirds of real-world breaches trace back to weak or reused passwords. The principles: ### Entropy, not cleverness A password's strength is its entropy -- the number of possible values an attacker must try. A 12-character random string has more entropy than "Tr0ub4dor&3" (the old XKCD joke). A four-word passphrase like "correct horse battery staple" has similar entropy to a 10-12 character random string, and is easier to remember. **Minimum in 2026:** 12 characters random or 4+ word passphrase. 16+ characters for high-stakes accounts. ### No reuse The single most important password rule: never reuse passwords across accounts that matter. When one site leaks, attackers try the same credentials everywhere else (credential stuffing). One breach becomes many. ### Password managers You cannot remember hundreds of unique strong passwords. A password manager stores them encrypted behind a single master password. Good options in 2026: 1Password, Bitwarden (open source), KeePassXC (local, open source). Most operating systems also include one. **Counterintuitively:** Using a password manager is safer than not using one, even though "all your passwords in one place" sounds risky. The alternative is reuse, and reuse is worse. ### Multi-factor authentication (MFA) Multi-factor authentication requires a second proof beyond the password: something you have (phone, hardware key) or something you are (fingerprint, face). Even a perfect credential stuffing attack fails without the second factor. **Hierarchy of MFA strength (weakest to strongest):** 1. SMS codes -- vulnerable to SIM swap attacks but still better than no MFA 2. Authenticator apps (Authy, Google Authenticator) -- not SIM-swappable 3. Push notifications to a trusted device -- convenient, phishing-resistant when implemented well 4. Hardware security keys (YubiKey, Titan) -- gold standard, phishing-resistant by design Turn on MFA for anything that matters. Email is the highest priority -- it is the reset address for everything else. ### Phishing resistance The weakest link in authentication is the user. Phishing sites trick you into typing credentials into attacker-controlled forms. Defenses: - **Check the URL before typing.** Real domains have no typos. "amaz0n.com" is not Amazon. - **Use a password manager to autofill.** Managers do not autofill on wrong domains. If it does not autofill, you are probably on a fake site. - **Do not click links in emails for account issues.** Type the URL or use your bookmark. - **Use hardware keys.** They are cryptographically bound to the real domain. ## What Services Collect Digital services collect three kinds of data about you: ### First-party data What you tell the service directly: name, email, address, preferences, the content of your messages, your purchases. This data is usually necessary for the service to work, and the service's privacy policy describes what they do with it. ### Observed behavior How you use the service: which pages you visit, how long you stay, what you click, when you log in. This is logged automatically. It does not require you to share anything explicitly. ### Third-party tracking What happens on other sites. This is the most contentious category. It works via cookies, pixels, and fingerprinting: - **Third-party cookies** -- A tracker (like a Facebook Like button) is embedded in thousands of sites. Your browser sends that tracker a cookie on every visit, building a profile across sites. Third-party cookies are being phased out in most browsers but replacements (Privacy Sandbox, server-side tracking) are emerging. - **Pixels and beacons** -- Invisible image tags that report your visit back to a tracker. - **Device fingerprinting** -- Unique combinations of screen size, installed fonts, browser version, and hardware create a "fingerprint" that identifies your device even without cookies. ## What Services Infer Collection is the visible part. Inference is the dangerous part. From raw behavior, services infer: - Demographics (age, gender, ethnicity, income bracket) - Interests (health conditions, political views, religion) - Relationships (who you know, who you live with) - Intentions (shopping for X, planning a trip, job searching) The inferred profile is often more sensitive than anything you explicitly shared. This is why a pregnancy can be inferred from shopping patterns before any announcement. The combination of innocuous signals is more revealing than any one signal alone. ## Privacy Settings: Practical Discipline Every major service has privacy settings, and most users never change the defaults. The defaults favor the service. A practical routine: 1. **Audit at setup.** When you create an account, go through the privacy settings before using the service. 2. **Review quarterly.** Settings change; new options appear; old ones get renamed. 3. **Minimize by default.** Turn off what you do not need. You can turn things back on later. 4. **Separate audiences.** Use lists, close friends, or separate accounts to control who sees what. 5. **Revoke ol
Major art movements and their historical context for art education. Covers 12 movements from the Renaissance to contemporary art, their defining characteristics, key artists, signature works, and the intellectual/social forces that produced them. Use when analyzing artworks in historical context, understanding stylistic lineages, identifying influences across periods, or connecting studio practice to art-historical precedent.
Color theory principles for art education. Covers the three color properties (hue, saturation, value), color mixing systems (subtractive and additive), color relationships (complementary, analogous, triadic, split-complementary), color temperature, simultaneous contrast and the relativity of color perception, and practical palette construction. Use when analyzing color in artworks, planning color schemes, understanding optical phenomena in painting, or investigating Albers's Interaction of Color experiments.
The creative process in art from idea to exhibition. Covers five phases of creative work (inspiration, incubation, exploration, execution, reflection), sketchbook practice, artist statements, critique methodology (formal and conceptual), portfolio development, and the studio as a working environment. Use when guiding students through project development, facilitating critique sessions, developing artist statements, curating portfolios, or understanding how professional artists structure their creative practice.
Digital art tools, techniques, and workflows for art education. Covers raster and vector workflows, digital painting, photo manipulation, generative and procedural art, 3D modeling and rendering, pixel art, the relationship between traditional skills and digital execution, and ethical considerations of AI-generated imagery. Use when working with digital tools, evaluating digital art, or bridging traditional art concepts into digital practice.
Observational drawing and visual perception techniques for art education. Covers contour drawing, gesture drawing, negative space, proportion and measurement, value mapping, spatial depth cues, and the cognitive shift from symbolic to perceptual seeing. Use when teaching drawing fundamentals, analyzing observational accuracy, or developing visual literacy in any medium.
Three-dimensional art and sculptural thinking for art education. Covers additive and subtractive sculptural processes, armature construction, modeling in clay, carving principles, casting and moldmaking, assemblage and found-object sculpture, installation art as expanded sculpture, and the conceptual transition from pictorial to spatial thinking. Use when working with three-dimensional media, analyzing sculptural form, understanding spatial composition, or investigating the relationship between sculpture and site.
Celestial coordinate systems and sky positioning. Covers horizon (altitude-azimuth), equatorial (right ascension-declination), ecliptic, and galactic systems; epoch and precession; coordinate transformations; planisphere use; and practical sky-locating from any latitude and date. Use when locating objects, planning observations, converting catalog coordinates, or teaching the geometry of the sky.
Observational cosmology from Hubble's law to the CMB. Covers redshift, Hubble expansion, the cosmological parameters, the cosmic microwave background, large-scale structure, galaxy rotation curves and dark matter, Type Ia SNe and dark energy, and the current state of Lambda-CDM. Use when reasoning about the large-scale universe, interpreting cosmological surveys, or teaching the Big Bang evidence chain.