Close the curtains: A practical guide to privacy

The need for privacy

Why should I care about privacy, I have nothing to hide

Until a few years back, this question was very difficult to answer. People always perceived privacy in the physical sense. No one grasped the concept of digital privacy, let alone care about it.

You wouldn’t want a stranger to enter your home uninvited, right? So why treat your digital world any different. Your digital world contains private information like conversations, interactions, interests, and transactions that are worth protecting.

Snowden Quote

With invasive ads and all websites you visit keeping a track of you, I would say a breaking point will be reached soon. In action, it would be defined as when someone would go the inconvenient way of achieving a task to preserve their privacy.

The harsh truth is, surveillance capitalism is real, and it is rising. With FAAG (Facebook, Apple, Amazon & Google) either buying every company or eliminating them by copying their feature’s which remotely threaten them, they are centralizing all your data. Google recently acquired FitBit (a fitness tracker manufacturing company) only to have an anti-trust investigation launched against them with fears over Google misusing health data.

Fortunately, as times changed, people’s mindsets changed as well. They started realizing that the lives they live digitally have significance too. And those who still weren’t quite convinced, Facebook and Google ironically played a major role in persuading them their privacy is actually at stake by crossing the line far too many times.They just don’t care

The question which arises is what can we do? Are we becoming too set in our ways or can we take back what should have always belonged to us, our privacy.

Why an eventual compromise is the answer

Going off the grid is impractical. Migrating away from an entire ecosystem is strenuous. The FAAG are here to stay.

An eventual compromise here means restricting yourself to use only a few services provided by those companies but only limited to that. A trade-off essentially and making your peace with it.

The bitter reality is that distancing yourself from these services comes at a greater cost of convenience. While there are some extremists who have taken those difficult steps, they also have to convince their friends and family as well to make the switch.

As much as you may disgust Facebook, you might still have to use WhatsApp because everyone else already does, it is more of a necessity now. Albeit, Signal is gaining some much deserved popularity recently, it is still miles away from WhatsApp’s market cap.

Ever thought of removing Google entirely from your life? It is nerve-racking.

This is where trade-offs and calculated risks come into place. Rather than going cold turkey on the services deeply rooted in our lives, we choose to be aware of what information do they have about us and the risks that they pose. We take a conscious call knowing how much and what kind of data are we sharing and what we are getting in exchange.

Evaluation criteria

Everyone has a different framework when it comes to choosing the tool to use.

Some people value ease of use whilst others may value integrations with different software.

Some would value privacy over functionality, others may not.

Some prefer to go for self-hosted tools whereas a huge part of the population don’t even know what that means.

This depends on person to person and use case to use case, think one of your own.

While deciding, also keep in mind the privacy laws of your country (esp. Key disclosure law) and whether the service you are using is part of 5-9-14 eyes. If you think this is too extreme, you can just skim through the Privacy Policy and see whether you are comfortable with the data they are capturing and sharing with their third-party services.

The privacytools.io website could be your guide for this process.

Tools to use

Browser: Firefox

I use Firefox because of its simplicity, care for user’s privacy, and Mozilla’s commitment to keeping the web an open platform. Feature-wise, Firefox is at par with other browsers and I have found it to be less RAM hungry than Chrome.

Extensions:

  • Multi-account containers: It lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. For eg. I have containers for Personal, Work, Google, Banking, Shopping, etc. This ensures that cookies aren’t shared between those containers and is essentially equivalent to using a different browser. My goal for this year is to not see a single relevant advertisement.
  • uBlock Origin: Block all the unwanted trackers (You can also install this on your mobile phone).
  • You can also go through this list of privacy enhancing extensions curated by Mozilla.

Storage

Since the dawn of the digital age, we have accumulated massive amount of data over the years. After all, we use multiple devices each of which have their own storage. But keep in mind that these are our private files and should be kept with a company that respects our privacy.

  • I personally use pCloud. It is the least of all the evils (although they charge extra for zero knowledge encrypted storage).
  • ProtonDrive is also releasing soon which seems promising.
  • If you want to self-host, Nextcloud and Syncthing are good.
  • Just do not go for Google Drive, iCloud or OneDrive.
  • Follow the 3-2-1 backup rule: At least 3 copies of your data in 2 different locations, 1 of which needs to be off-site.

Email

  • Slowly moving to ProtonMail for primary mail. Privacy is their unique selling point.
  • Gmail due to legacy reasons. A lot of critical accounts and contacts still have that email.

Communication

  • Use Signal
  • Avoid WhatsApp, Facebook will eventually get rid of the end-to-end encryption.
  • Story Time: After selling Whatsapp to Facebook, the founder Brian Acton was assured that end-to-end encryption won’t be removed and they’ll figure other ways to monetize it. Though Facebook failed to keep their end of the deal, which ended up with Brian Acton donating $50 million USD to Open Whisper Foundation (Signal’s Parent organization).

Password management

  • Use a password manager. Period.
  • Use different passwords for different websites so that in case one company’s database gets breached, you wouldn’t have to worry about other websites (All the password managers have password generation functionality).
  • I personally advocate for Bitwarden, but Lastpass and 1password are good too.
  • Keep in mind that your password manager will be your single point of failure so you need to make sure that the masters password is extremely strong.

VPN

  • Not easy to choose, they all have pro’s and con’s. Use privacytools’s VPN page to choose and also take a look at country of origin and their logging policy.
  • Tor Browser is the best for anonymous browsing but some of the websites you use may break over there.

Search Engine

  • I know, I know, the others are not as good as Google. But they are not all that bad. I’ve been using DuckDuckGo for quite sometime and it works 95% of the time, and is improving constantly.
  • The problem with Google is not only does it scan and analyze all your searches, it has its own biases and is known for skewing the results as they see fit.

Behavioral changes you can make

When it comes to a certain behavior, our brains are hard-wired to do things subconsciously that we ourselves may not be aware of. Companies research and study this behavior, and do their best to exploit this.

Here are a few common things that you can start with:

  • No need to tell EVERYONE your email

    • Use a temporary email if you just want to check out a site that requires account creation. Services like TempMail can be used to get temporary emails.
    • It will help you reduce the unwanted amount of spam.
  • Don’t share unnecessary details

  • Use incognito mode if you are just browsing and don’t want a persistent session

    • This applies to all searches and website visits. The rule of thumb I follow is: If you have to login, use a normal window, else go incognito.
    • Incognito mode does not hide your browsing from service providers, but it makes it harder for ad networks to track you across different websites.
  • The whole world is watching philosophy

    • For social media sites like Instagram/Twitter/Facebook: Assume everything you post is public. It would not just be viewed by your friends or followers, everyone can see what you post.
    • This comes under the “Eventual compromise” we discussed earlier, we are aware of the negative consequences but we take a call because we want to be up to date with the memes these websites can have a positive effect if we use them the right way.
  • Avoid “smart” devices

  • Review your phone’s app permissions

    • Mobile apps would try their hardest to get as many data points as they can which often includes sending & connecting to trackers automatically in the background.
    • Be aware of which apps have critical permissions like location, microphone & camera.
    • Android and iOS did introduce the “Allow permission just for now” functionality to curb this.

If you are not paying for the product, then the gradual changes in your behavior & perception is the product

– Jaron Lanier (The Social Dilemma)

Thoughts on social media

  • It may be hard to, but get off Facebook. It went from being a good social media platform to catch-up with your peers but now it has turned into a tool used to “program people’s thoughts”. Here is a former Facebook exec talking about how it is tearing apart the fabric of society.
  • Luckily for me, most of my close circle slowly stopped using it after college and its charm died pretty fast. I went to Facebook after a long time to research for this article and all I saw was shared posts of other pages by friends with every 4th or 5th post being an ad, a site that was once addictive to me repulses me now.
  • To be honest, I like Twitter in the sense that they are not very privacy-invading and the philosophy I go by is everything you post is public, so it is a straightforward agreement.
  • Twitter also helps me keep in touch with my fanbase (a.k.a my 5 friends who are active on Twitter and 150 Russian bots), and its the best way for people to reach out to me who do not know me personally, like how you may want to send some compliments or a shout-out to me @yashm95 after reading this or you can abandon this post and do it now, I only do these things for fame.

The forthcoming dystopia

Our governments being slow at adopting technology could be a good thing. Thanks to Edward Snowden, we got a glimpse of what the US government was up to with the PRISM project. Sadly, the governments of the world doubled down.

Solove Quote

Unfortunately, the future could be much darker. You might want to turn an eye towards China.

China’s state surveillance has an eye on literally each and every move of its inhabitants, whether physical or digital. The state uses extensive data to allocate social scores, which can have a drastic impact on Chinese people’s life, including banning them from purchasing train or plane tickets, providing them with lower Internet speed, and denying them visas and loans.

This technology was also used to identify Hong Kong protesters in their fight for democracy and punish them.

Hong Kong NYT

New York Times published an article on how Law enforcement & Google worked together and used location data that Google collects to catch a killer, but ended up arresting an innocent person. Would you be willing to share your location with Google now, knowing that it can be used against you in the court of law even irrespective of the fact whether you’re guilty or not.

Should we prepare for a future where every action taken will be eternally watched and scrutinized? There must be a better way!

Follow the discussion at Hacker News