The issue of online privacy is increasingly in the public eye of our nation - reaching the highest levels of government. However the problems of tracking, invasive marketing, and personal privacy has yet to be properly addressed. We've compiled an educationational resource below with some action items to shore up your online threat vectors immediately.
We will cover consumer technologies, human behavior, targeted advertising and other topics to help you develop a security based mindset. So let's jump right in with everyone's favorite, VPNs.
VPNs:
VPNs or virtual private networks are only useful when on a public or untrusted network. They disallow bad actors on said network from sniffing your traffic, intercepting unencrypted traffic/passwords etc, protects against some attacks like DNS poisoning. Otherwise, VPNs are completely useless in terms of anonymity. If anything, you’ve just let marketers know that you’re using a VPN network and you’ll see ads for competition.
VPNs only hide your traffic from other devices on the network you’re on. They are handy when traveling when you’re on an untrusted hotel network, when you want to stream a BBC show and you’re in the States. However VPNs ultimately do nothing to protect your online habits from big data/big government. If you truly are a target for G men - nothing under heaven and earth will protect you.
Commercial VPNs Do:
- Hide browsing traffic from your ISP.
- Hide and protect your online traffic from possible bad actors when on untrusted networks.
Commercial VPNs Do Not:
- Disrupt online tracking technologies such as cookies or tracking pixels
- Hide online purchase behavior
VPNs can play a role in your privacy and protection arsenal but are not a 'set it and forget it' solution. Personal VPNs are only good for three things:
- Letting you watch your nerd shows on the BBC
- Protecting your traffic from dickhead hackers in a hotel in Shanghai
- Wasting money
Be careful about using a commercial VPN. Many providers claim they do not log user activity. Bullshit.
Who cares about a VPN when you and your household members have tablets, phones, smart toasters and all sorts of happy bullshit reporting on their usage. How do you think Google maps is able to report the busiest times for any particular retailer? Persons and devices are assigned an advertising ID that associates where you go and what you buy (Apple Pay, Google Pay, Amazon Pay ring a bell? NFC phone taps in general at pay terminals), COVID19 contact tracing programs are ready to roll on iOS devices, what websites you visit (cookie data), even purchases from any number of online retailers will report back via tracking pixels to Google/Facebook etc what you have purchased and when.
It doesn’t matter to marketers and data miners if you’re logging into your Facebook account from an IP address that’s different from your home IP address. You aren’t protected from geolocation as the photos you share on Instafuckbook have embedded metadata giving coordinates, dates and times the photos were taken.
Advertisers/Google/Amazon/Facebook using clever algorithms, ingest your browsing history and have learned that when its a certain time of year in college towns and you are in a particular age group and you’ve visited apartment finding sites to offer you mattress ads and other associated items with young people moving at the end of a semester. Whatever your age or demographic - marketers already know your most common habits. Have your mobile phone with you and you don’t visit your usual grocery store that week? Be prepared for YouTube ads targeting you for said store (lookin’ at your Kroger and Meijer).
VPNs do not protect anonymity from government actors as well. Encryption is typically laughable for alphabet agencies. FBI hired hackers to find a backdoor into iOS devices and won’t share the tech with fellow agencies. The NSA actively stores all data transmitted and can be retroactively researched with appropriate FISA warrants🖕.
But don't look now but Google is offering a VPN. Yep, safe from hackers on the network you're using but not safe from Google. Tech savvy? Run your own VPN.
Social Networks:
Everything about invasive advertising and lack of real privacy regarding VPNs applies here as well. Social media is fun right? Talk to your college buddies, see the grandkid pictures, play shitty time wasting games, get angry at people, click like and share because you support WHATEVER. And it's free for the most part! Wrong. If it’s free, YOU are the product.
By simply signing up to social networks, their algorithms go to work on you. Encouraging you to willingly give Fuckbook and Instaturd 💩 excruciating details about your likes, dislikes, habits, location, relatives, friends, relationships, facial recognition data. The more data points collected on you the more valuable an advertiser has in you. The better they market to you - even politically. Your social media accounts become echo chambers for your own beliefs, drawing you deeper into inescapable patterns of thought, breaking friendships and relationships, making divisions and ultimately dividing the country.
It's best not to use them. If you MUST use social media/networking, keep your footprint small. Don’t allow the sites or apps to have access to location data, wifi network scanning or bluetooth (all which assist in pinpointing your location). Try not to install their apps to begin with.
Run through their maze of privacy settings to make sure most aspects of your profile are not publicly visible - failure to do so will expose your profile to search engines. Making you an easier target for ‘doxing’ by potential enemies. Social network privacy settings are designed to be archaic and a general pain in the ass. Do not be intimidated.
Limit what you allow yourself to share - all social media activity (even those like buttons) help create a targeted dossier.
Again - keep your friends circle small and keep in touch using a damn phone call like a normal person. Or, text. Another great messaging app on most smartphone platforms is Signal. They’re a non-profit in the states with publicly available source code of their application. That means the code is vetted and contributed by peers.
If you only care about seeing someone's photos and their social media updates but don't care enough to call or visit them - chances are you aren't their friend. Do a tally of REAL friends on social media - you'll find yourself wondering why you use it.
Never under any circumstance reveal information that can directly or indirectly expose the location and name of your employer, family, children's schools, teacher names. Often times it's not the revelation of your precise location and contact information that can land you in trouble - it's the passive information you reveal: comments about local sports teams, photos of a particular area appearing often, happy birthday posts from friends, your spouse tagging you in a photo. Those items tell me roughly where you’re at, how old you are, next of kin, and first and last name. With that - anyone can find you.
Everyone remember Cambridge Analytica? They build and analyze dossiers on millions of people from social media and cell phone data and offer a service to sway public opinion on elections by way of social media and advertising using psychological tactics. Social media and the data we willing give up about ourselves are used to FUCK WITH ELECTIONS 🗳️. Count me the fuck out. Why are you giving up insane details of your life and personal habits that will ALWAYS be used against you? Connecting with friends and fun games and other lame shit isn't worth the cost.
Be the gray man.
Lastly, plenty of research has indicated social media use/overuse is linked with depression, other mood disorders, and addiction. It's designed to be addictive.
Image Metadata:
Modern imaging devices have the ability to embed time, date, location by coordinates, device identification etc in photos. A quick internet search can show you how to disable this feature in your phones, scanners, and cameras. It's dangerous to reveal metadata to the internet. How easy for Facebook to triangulate your location with cell towers, wifi association and photo metadata. Walk past a GameStop today and take a picture? Maybe you’ll get an add on YouTube tonight for a hot new deal at GameStop - or be inundated with ads related to gaming.
Disable metadata tagging:
Phone Apps:
Don’t use them… Just don’t. I don't give a shit if it's a fun game, a new tool to do some stupid shit. Ever read what you agree to when you install those apps? Again, if it's free you’re the product and even if you paid for an app, you’re still an oil field of data waiting to be fracked.
Before you even consider installing a new app, look at the App Privacy declarations. Apple has done us a solid with this easily digestible information in the App Store. The screenshot below shows what data is collected about you (that they're willing to admit) from a VERY popular video sharing platform.
Contact info, random Identifiers, purchases, location, contacts (OTHER PEOPLE IN YOUR LIST YOU PUT AT RISK), search history, financial info... What the hell does 'financial info' even mean? But you want to watch stupid ass videos at the cost of your soul.
Even better - don’t use smartphones.
Google:
It's an advertising company - treat it as such. They build browsers like Chrome and give it away for free - because you are the product being bought and sold.
Be careful about what you share with Google and their ‘partners’. Check out myaccount.google.com if you have a Google/YouTube account and dig deep. Find advertising information about yourself that you’re uncomfortable sharing? You can clear it out here by turning off ad personalization.
Use an alternative search engine like DuckDuckGo. Search for something on Google and on DuckDuckGo - compare the results. You’ll see how in some cases Google will censor or tailor results based on your interests and location - or hide information all together. Use your commercial VPN to connect to a server in China and search google for Tiananmen Square and take note of the results. Then do the same search without using your VPN. Notice something missing there? Google will censor the Tiananmen Square massacre from Chinese citizens. So much for a company whose corporate motto was 'Don't be evil.' What is being censored from YOU?
Try a different browser than Google Chrome. It's fast and works well but is terrible in regards to privacy. Try an alternative browser that takes privacy seriously like Firefox Edit: Mozilla and Firefox can go to hell or Brave.
Google is the big tech elephant in the room, along with Amazon. They host and run massive swaths of the Internet. A simple programming error can take down most sites and services we use on a daily basis. So why don't we give em' the business and take back control of our lives?
Here's a good start:
Tell Google they aren’t allowed to keep track of your online activity by logging in here: https://myactivity.google.com/myactivity
Opt Out of Google Analytics: https://tools.google.com/dlpage/gaoptout *note: this is a Chome browser add-on. If you aren't using Chrome (but you probably are), this will not help you. Google Analytics is THE premier e-commerce marketing data tool for tracking statistics on a sites visitors and their behavior on site. Google uses these metrics to track users from multiple angles - or attack vectors when your privacy is concerned.
You can opt out of further targeted advertising by using the links below:
Personal Technology
Do not use hardware or software (if you can help it) from the following organizations:
- Google (Home wifi access points, Google Fiber, Google Fi Cell service, Android, Fitbit)
- Amazon (Alexa enabled devices and cars, Wifi access points, cloud cams, any e-book reader that has a color screen)
- Apple: Primarily a hardware company and sometimes fights for user privacy including encryption turned on by default on iPhones. But has still developed their app store ecosystem which thrives on exchanging customer data for ‘free’ apps. Same applies for their wearable tech.
Rule of thumb - if something is free, YOU are the product being bought and sold.
SSL:
Most modern browsers will alert you if the site you’re visiting is not secure. Having a secure connection to a website is important because the connection between you and the site is encrypted - meaning anyone trying to listen in on your traffic to and from the website can tell that you're connected to the website but cannot easily know what information is being transmitted by either party.
Proceed with extreme caution. ☣️
Data Leak Monitoring:
There are data leak and identity theft monitoring services available ad nauseum - use one. Ask your bank and credit card companies if they offer identity theft protection and data leak monitoring. Some do at cheaper rates than LifeLock. If you can't find a cheap one, invest with LifeLock. They'll let you know when and if they find personal information available on the dark web. This service is NOT exhaustive and just an alert system. See, what they don't tell you is that you can put in the effort to monitor your credit report and check for yourself if your data has been found in leaked files. The problem is - who wants to spend so much time doing that when you can pay a service to do it for you?
Free: Sign up at haveibeenpwnd.com to see if your email address has been involved in any leaked databases from hacked sites. Chances are, you probably have.
A tip:
- Don’t use the same password for everything - use a password manager to generate passwords for you: 1password & LastPass. That way if one account is compromised you only have one password to change instead of having everything hacked because you used the same password everywhere.
- Did ya know you can freeze your credit reports? That means if someone steals your identity they cannot open lines of credit or take out loans in your name.
Using these monitoring services can buy you valuable time to secure your details - it can save your ass.
Online Storage:
Using the cloud to store photos and documents - while cheap, easy, and ideal for businesses can let big tech get a little too personal - Google Photo algorithms will train up facial recognition on your images (just like Facebook), read photo metadata etc all under the guise of helping you organize your photos better.
Alternative: setup home network attached storage (NAS) to create your own private cloud (QNAP & Synology). Also look into pCloud - its encrypted and isn’t under big techs eye - that we can tell.
Big Tech and their dossiers on everyone is in a prime position to be abused - as we have seen with cancel culture - however its also a tool law enforcement and those with political agendas are itching to use against you. Why make that job easier for them?
Action Items:
- Action items are scattered throughout this article - there is no TL;DR. If you didn't read you're missing out.
- Don't use social media if you can help it. If you do, nuke your history and the account. Uninstall the apps. Clear all your browsing history. Those tracking cookies like to hang around. Keep your CIRCLE OF FRIENDS SMALL.
- Try setting up cloud storage for yourself using NAS hardware. Checkout QNAP or Synology. The less data you send out the better.
- Don’t trust software made by a marketing company…. GOOGLE/CHROME. The performance of the browser is beyond question - but it's the worst offender in terms of privacy. Just say no to Amazon Alexa, and Apple's Siri.
- Do your research before using a new site or service. Great example: This year massive numbers signed up to encrypted messaging apps for good reason. Many ended up on Telegram. Unfortunately, it's developed by Russian nationals living in Dubai. They have already been the target of massive data leaks - good and bad. I don’t trust that shit AT ALL.
- Don't be pulled in by commercial VPN offerings unless you're a traveler using sketchy hotel networks or use public wifi. This episode brought to you by some assholes VPN.
- Strip photos of their metadata.
- Do the work to opt out of targeted marketing.
- Freeze them credit reports.
- If you must use a smartphone don't install a load of apps who are all begging for every juicy detail about every minute detail of your life.
- Be the gray man - don't be a target.
