Chapter 41½ - Your Guide to Privacy #

Privacy online is a joke. No matter what you do, you’re still going to be tracked so much that advertisers and the big tech companies (Facebook, Google, Microsoft, etc.) all know way more about you than you’d like. Data brokers will find out more about you than you can imagine. Technically, most of these companies will provide various opt-outs. Realistically, you shouldn’t expect these to stop anyone. You can be 110% your data is being sold. So, what can you do?

0. Acknowledge you can not win, but you can still fight back.

1. Don’t buy smart-XYZ devices. No smart bulbs, toasters, fridges, ovens, thermostats, TVs, or doorbells. And, look, I get it. Each offers a pretty legitimate convenience. But between the ability for companies to change a one time payment into a subscription after purchase, devices phoning home even if you don’t connect them to your Wi-Fi, and IOT cameras letting police in without a warrant I think it’s pretty clear they don’t respect you as a user. Where you draw the line is a personal choice. Obviously, it’s hard to function without having a Internet connected camera, microphone, and GPS smartphone in your pocket. But what about a smartwatch? Do advertisers need to know your heart rate, how hard you’ve been trying to work out, or how many steps you got in each day? What can be derived from all this data combined? Can they see if you’re on your period or currently sick to advertise pads or drugs directly at you?

   For the love of fuck, don’t buy a smart speaker or anything Alexa enabled. I honestly can not believe I have to say this.

2. Block as much shit as you can. Ads and trackers and cookies may not all be malicious, but enough are that the ad industry dug its own grave: block their dumb asses. You won’t ever get full coverage, some things will slip though, BUT setting up a Pi-hole, using uBlock Origin (or adnauseam), and DuckDuckGo (until you need Google, but defaulting to DDG helps) makes for a good start. You can also prevent your ISP from collecting your traffic by using a VPN or TOR, though that may result in some sites not working and you’re really only adding yet another middle man. Do make sure everything uses HTTPS though, and, if you’re feeling extra nerdy, consider setting up DNSCrypt too.

3. Delete, Opt-Out, or Lie - Much like reduce, reuse, recycle, this order matters. Delete anything you don’t need, don’t use, or don’t trust. If you don’t use Facebook for anything other than talking to people you don’t like and seeing when someone you haven’t talked to in a decade has a kid, delete it. If you trust a service’s Opt-out functionality, do so! Yeah, it’s bullshit that you have to opt-out instead of opt-in in the first place, but for now that is what it is. Dig through settings on everything you can and turn off all that tracking, spying, bullshit. Go into your browser settings and turn on ‘Do Not Track’ for the approximately 0% of site’s that respect it. Go into your Google settings and turn off and clear location history. Do all of this about once a year, as this shit will re-enable itself. It’s really only about an hour of diving into settings to stop like 75% of the bullshit.

   From here, the “This is a pain in the ass” levels starts to surpass what most people will deal with. This is by design. But, if you really care about your privacy, this will make a significant improvement and might result in you getting less spam calls and physical junk mail as a side effect.

   Unfortunately, Opting out requires both that you know who your data is being collected in the first place and that the offending asshats even offer an opt-out in the first place.

   A great example of the latter being Clearview.ai, which from Wikipedia is “an American facial recognition company, providing software to companies, law enforcement, universities, and individuals. The company’s algorithm matches faces to a database of more than three billion images indexed from the Internet, including social media applications”- Basically, they stole your face from Facebook, Twitter, and everywhere else, and sell the ability to have a computer recognize you to law enforcement. They’re assholes, selling to a huge list of other assholes. Want to opt out? Hah, no. Not unless you live in Illinois or California, the only states to pass legislation telling them to fuck off.

   So… What can you do? Well, if you’re serious about it, you can plow though this “Big Ass Data Broker Opt-Out List”, and This list, and this opt-out tool, try to Opt-Out of as much as you can. Or you could pay out the ass for a service like DeleteMe or PrivacyDuck to do this shit for you, not that I really trust them to be all that through, and there’s some they can’t really remove you from in the first place. But ultimately, you really can’t stop it and you’ll just be opt’d back in when these companies change hands or restructure or just feel like it. If you want to use the internet as normal- using YouTube and Twitter and Reddit - you’ll just have to acknowledge to some extent you’re stuck with it.

   Some of the optouts are also a massive pain in the ass, for example, to opt out of letting Google use your Wi-Fi name for determining location, you have to change your Wi-Fi’s name to end in _nomap, and to make matters worse, you need to put _optout in the name to get out of Microsoft’s Wi-Fi tracking garbage, but, _nomap needs to be at the end, so that means your SSID has to be something like MyCoolWiFiName_optout_nomap which means that making the choice to opt-out means you don’t get to choose your Wi-Fi name.🤦‍♂️

   That brings us to Lie. If you can’t Delete and you can’t opt-out then you can still lie. To lie, you must first try to delete the truth. Search how to reset your advertising ID on as much as you can(1), log out of everything, delete all your cookies, then use tools like ‘Track This.’ to ‘seed’ your new identity, and add something like Noiszy (or this python based web crawler) on top to keep the history polluted. Unfortunately, this still isn’t enough because as soon as you log back into Facebook, Twitter, Google, YouTube, etc. your identity will be re-associated. The best way around this is to use a separate browser strictly for social media. Firefox works particularly well, as you can throw Facebook into its own little jail.

   Keep in mind, you’re probably used to a pretty tailored experience from The Almighty Algorithm such that most YouTube, Google News, etc. recommendations are probably things you’ll be interested in and agree with (or strongly disagree with, as hate still gets you to read things). If you pollute this ID, you’ll likely get complete shit, as it’s kinda creepy how much the algorithm can figure out the things you like and who you are. If not complete random shit, The Algorithm might just see you as something else entirely, and this can seriously impact what you get exposed to- check out TheirTube for an idea of how bad it gets.

   One of my favorite lies you can do is change your browser’s user agent string to hide a little bit. This doesn’t really stop tracking, as identifiers like your screen resolution, JavaScript interpreter, active graphics card, etc. (see Visual Browser Fingerprinting) can all be used in conjunction to pretty accurately identify you. Still, changing the user agent string can help you hide, and making it the same as Googlebot’s will often let you bypass paywalls. You can use browser extensions to do this too, just be careful to make sure you trust the extension.

There are a lot of things I didn’t mention here, such as globally disabling JavaScript(2), because they’re really the nuclear option and end up being significantly inconvenient to even technical users. Being online is a trade of convenience versus privacy by nature, the problem is that many users are either unaware of the trade at all, ignorant of the depth to which they’re being mined and exposed, or apathetic. At the same time, advertisers and conglomerates have sought to wring from us every drop of data that can be found and paid off governments to prevent the passage of any consumer protecting legislation. This has resulted in the situation we have now where the only ones that fight back are those with enough of a technical background to do so, and so the tools assume a certain level of technical prowess and ability to make your own replacement. Don’t want a ring doorbell? “Just use a Raspberry Pi and a camera module and host your own server for it!” my fellow hackers will say, as if the average user is capable of setting up a pi, let alone the server, forwarded network connection, firewall, and security shit that is necessary for it.

There’s also an ironic point where going to overkill with privacy makes you stand out more. If you don’t get 100% anonymization, you’re going to stand out as one hell of a weird data point. If you don’t get banned from the service for looking weird, you’ll sure as hell be flagged and watched. If you go from Russia to Canada to Mexico in the three page visits, your reported OS and screen resolution change on each, and you block all trackers and ads you can be sure as shit you show up as a red flag. See “The Fantasy of Opting Out” from The MIT Press Reader.

1. Or just make a new account dedicated to this false identity. Just make sure to log out of everything first (or use a different browser) otherwise the old account and new account will still be linked, defeating the purpose.
2. Or using TOR, a DIY VPN, DNSCrypt, E2E chats, etc. I deemed these a bit to technical for this page for now. I might make a 'for the nerds' section latter, feel free to submit a PR if you think otherwise.

There’s also the point of not being spied on by the government, but at least for now there’s really jack shit you can do about that outside of what’s listed above if you still want to even exist on the internet and not join the Amish in how you use technology.

The Awesome Privacy list on GitHub may prove useful to find alternative tools that aren’t creepy, unlike M$ Office which is starting to detect “employees colluding” even.