Welcome, Internet folks! If you’ve been following along, this is the final post in my three part series on basic Internet security and privacy. In this article, we’re going to get into improving and—just as importantly—understanding Internet privacy.
If you’re unsure about what privacy on the Internet is, please read my first article in this series, Security vs Privacy on the Internet.
A word of warning: as the third and final chapter of this series, it is also the longest and least focused. This “cram-it-all-in-part-three” approach will be familiar to anyone who watched The Lord of the Rings: The Return Of the King. While this article is similar to that movie in almost every respect, I will try to keep false-endings and ghost armies to a minimum.
Don’t have time to read a long-ass article? Skip straight to the collected resources.
Why privacy matters
Why should you care about Internet privacy? Unless you’ve been burned by your loose digital info, it’s hard to feel like it’s important. Especially when ignoring it is so easy and rewarding: you get real benefits from the services you surrender your data to.
However, there is also real harm that comes from lack of privacy. Even if you think you have nothing to hide, you probably don’t mean that.
If nothing else, much of the personally identifying information collected about you is done invisibly. That disenfranchises you, the user, by removing your control over your data.
Improving your privacy
After that Orwellian last paragraph, what can we actually do to take back our online privacy? Below is an explanation of some methods to do just that, as well as the types of invasions they protect against.
1. The Golden Rule
The first step to better privacy is understanding the lay of the land. It’s nothing fancy, just common-sense economics.
If you’re not paying for the product, you are the product.
That is to say, no for-profit company is giving away their service. If you aren’t paying them directly, they still need to make their money. Given how valuable your data is, it’s very likely that any service you get for free is reselling your personal data.
Keep that in mind as we delve into the specifics.
2. Behavior tracking
Almost every website contains hidden code that tracks your interactions, collecting an incredible amount of personal data. For example, the most popular web analytics tool by far, Google Analytics, collects all your usage habits from across every site it is installed to create a centralized profile of who you are and what you like.
The only way to prevent this type of data collection is a good blocker. A blocker can also give you insight into what types of scripts are trying to track you, shining a light on the previously hidden.
There are a lot of blockers on the market, some of the most popular being AdBlock Plus and Ghostery. Do not use these blockers. While reasonably well functioning tools, they are also businesses that offer free services. What are you giving up to use these tools?
AdBlock Plus let’s advertisers pay to unblock their ads, bringing with them whatever tracking they include, a common business model among ad blockers. Ghostery actually resells the data it collects about you to pay it’s bills, pretty much defeating it’s whole purpose.
This section is called “Recommended blockers”, not “Watch out for shitty blockers”, so which ones should you actually use?
- Privacy Badger
Privacy Badger is a browser plugin with a large community run database of trackers to block. Free to use, with a simple interface, it is run by the non-profit Electronic Frontier Foundation, a reputable Internet advocacy group.
However, it is only available for Chrome and Firefox, on desktop and Android. If you use a different browser, see the below options.
Note that when using Privacy Badger you should enable enable "Do Not Track" to make sure everything is blocked.
- uBlock Origin
uBlock Origin is another browser plugin that blocks many different types of trackers, including ads. It is open source and run by a group of volunteers, and has the advantage of running on all major desktop and Android browsers.
The downside to this plugin is that it's interface isn't as simple as Privacy Badger's.
Note that there is another plugin confusingly named uBlock, which has nothing to do with uBlock Origin. Use uBlock Origin.
- Firefox Focus
For iOS, Firefox Focus is hands down my recommended blocker.
Run by the non-profit Mozilla Foundation, Firefox Focus is both a private browser by default (but see above), and ad/tracking blocker.
While the private browsing is nice, the blocker is the real reason to download. Even if you don't use the Firefox Focus browser itself, the blocker can be integrated into Safari, so you won't have to change your browsing habits.
Won’t blocking hurt businesses?
Yes and no.
Yes, in the short term, blocking ads will hurt a business’s bottom line. However, the tech industry is a place where failing to innovate is a death sentence. If a company cannot adapt to shifting user demands (in this case, not being tracked), they weren’t going to make it much longer, anyway.
3. Private browsing is not really private
That’s right, the private browsing, or incognito mode, in your browser isn’t really private. What is this foul deception, you cry? Have you been lied to? Not really, but the name only tells part of the story.
Private browsing does not record history, and has a separate database for cookies and other web storage. This does not prevent your data from being collected by outside parties. It just means other people who use that same browser on that same computer won’t be able to see what sites you’ve visited.
4. Secure website connections
A quickly growing number of websites use an encrypted connection, what’s called HTTPS. This makes it very difficult for someone to snoop on the data you send back and forth from your browser to a website while it’s in transit.
Many browsers (but not IE/Edge and Safari) display a lock icon when the connection uses HTTPS.
While not all websites support HTTPS on every page, you can force HTTPS by using a browser plugin called HTTPS Everywhere.
HTTPS deals only with connections, so while it protects your data while it’s being sent, it’s encryption ends once your data reaches it’s destination (either your computer or the server). While you at least have control over your own device, you need to trust the site your sending your data to that they are protecting your data properly.
Have something sensitive you want to send, like a credit card number, or your old live journals? Don’t use email; it’s the Internet equivalent of sky-writing. Not to mention, popular email solutions like Gmail read all your email to build a consumer profile on you to deliver to buyers and governments.
Instead, use a encrypted messaging platform. The most secure at the time of this writing is an application called Signal, which comes highly recommended. Signal is run by a non-profit, and uses open source, regularly audited security practices.
WhatsApp is also a fairly good alternative, and it actually uses some of Signal’s technology under the hood. However, it’s not a private as Signal, as WhatsApp shares some data with it’s parent Facebook.
5. Be careful on public wifi
Free public Wifi usually is free because they track everything you do on them and then sell that information. Library networks are also monitored by the FBI. Unless you subscribe to a VPN or use the Tor browser, don’t do anything on a public Wifi network you don’t want every corporation to know. Yeah, even that one you hate. You know the one.
- Note to Self
- Online Safety
- Terms of Service; Don’t Read
- You Think You Have Nothing to Hide? Think Again
- The Electronic Frontier Foundation
- Do Not Track
If you have any questions on any of this, please don’t hesitate to reach out to me on any of the social networks I use.
I’d like to take a moment to thank Ania Stypulkowski, who has provided all the lovely artwork you’ve seen throughout these posts. Please visit her interwebs places.
👻 👻 👻 👻 👻 👻 👻 👻 👻 👻