We all want to regain (and maintain) our privacy online. There are many features and industries built around the fight for privacy, from private browsing modes and tracker blockers to private VPNs. But online privacy is a myth, and offline privacy might be, too.
yes, a myth
Myths are stories (or narratives) that are often central to a society’s beliefs. The myth of online privacy goes like this: Privacy feels fundamental in our society. To the extent that we accept that we don’t have privacy online, it feels like something we’ve lost, something we can perhaps get back with the right software tweaks, behaviors, or perhaps regulations.
When you think about it, the online privacy myth is even beneficial to those industries that profit from its lack. We can all agree there is no privacy online, but leave us a search engine and we’ll search an endless list of anything we can think of, including potentially sensitive topics like medical questions. Police even review those search histories to look for criminals.
Break the illusion of privacy
We can all agree that online privacy is not something we have. But do you realize how little privacy you actually have?
First of all, when you connect to the Internet, your Internet Service Provider, whether it’s a home Internet connection or a mobile data connection, can see all the websites you access. In the US, they can even sell your browsing data. Your mobile carrier may even be tracking and selling your app usage activity.
When you visit a website, it can see your IP address and use it to track you across visits. But it will probably also load a lot of tracking scripts. Those networks of trackers can track your activity across multiple websites. That’s one of the reasons why you see shopping ads chasing you around the web after searching for a particular product. Even if you’re deleting cookies, there are plenty of ways to take your web browser’s fingerprints.
“The cloud” is simply someone else’s computer. If you upload your files to the cloud without using end-to-end encryption, which most services don’t offer, the company that owns the cloud service can see and access your files. The same goes for messages and emails, which are also usually not encrypted.
Okay, you may know all of that, but did you know that advertisers can link your purchases and store visits to the ads you see? For example, Google has a product that does this, and one of the data sources it uses is nebulous “advertiser-uploaded transaction data or third-party aggregated and anonymous data.” Your credit card usage is also being used to track you.
Did you know that Facebook’s advertising tools are so granular that you can target ads so narrowly that you can show them to just one person?
Government Surveillance Is a Fact: Edward Snowden called attention to massive warrantless government surveillance of Internet and phone data. The NSA’s XKeyScore software reportedly enables real-time search and access to the vast amount of data that is recorded about online activity.
Of course, the online world is not something completely separate from the real physical world. The United States is full of automatic license plate readers, and many of them are now connected in a huge network. Even if you log off the computer and go for a walk, your movements are being tracked and recorded. Amazon may be turning over video from your Ring Doorbell camera to authorities without your explicit consent. Your cell phone location data is also used to track you.
What can you do?
An article like this could go on and on with examples. Do some research and you can find many more examples. The amount of data that is collected, processed and analyzed about us at any given time is hard to conceptualize.
There are no perfect arrangements. Private browsing will prevent your browser from remembering your history and give you a new set of temporary cookies, but your IP address is still available. You can avoid using Facebook, but Facebook has a hidden profile on you anyway. You can use a VPN, but eventually you’ll be logged into something, linking your identity to your VPN browsing, and you’re putting your trust in a VPN that hopefully keeps no logs.
So what can you do? Well, you can still make a dent in it. If you’re currently broadcasting his life as a 24/7 live stream, turning off the camera means less data is available.
You can use a VPN in conjunction with private browsing mode to disguise your browsing, but don’t rely on a VPN alone and understand that you are relying on the VPN. You could use Tor, although there have been vulnerabilities in Tor as well. You can use more private and encrypted services, for example, chat on Signal instead of traditional SMS messages. You can keep your sensitive files more private by storing them locally or securely encrypting them before uploading to online storage.
And yes, you can go further: use cash, for example, and arm facial accessories that stop facial recognition cameras.
What is the point? Threat Modeling 101
But while you’re sitting there using Tor on a computer running Tails trying to figure out how to get off the network without actually leaving the network, you might want to ask yourself: What’s the point?
No, we don’t mean give up, we mean consider what you’re actually defending yourself against.
- You may not care if Facebook notices that you are interested in watching the latest movie. But you may want to turn on that VPN and private browsing mode when looking for information about a medical issue.
- You may be fine with storing unencrypted vacation photos in the cloud, but you may want to keep sensitive financial documents more secure.
- You might be fine chatting with your plumber over SMS, but you might want to have a private conversation with your spouse on Signal.
It’s about your threat model: what are you really trying to defend against? Once you know what you care about keeping private, you can take steps to keep that individual sensitive item private instead of being overwhelmed with all the data collection all the time.
Unfortunately, that’s not a recipe for “online privacy.” There is no easy way to flip a privacy switch and return to a mythical state of privacy. But there are things you can do to better protect specific things and keep them more private.