The Case for Everyday Privacy
— 8 min read
What does everyday privacy mean? It means thwarting a large portion of trackers used by advertisers, and advertising companies (like Google, Apple, Facebook, etc.), on sites and tools you frequent.
A lot of tools, and websites we use daily contain a number of trackers that report all our activity to their masters: things like what sections of a particular site did we spend most of our time on, how we moved our mice (!!) when navigating a page, which links were most likely to be clicked, etc. Fortunately, there's some relatively easy ways that we can cut down on the amount we are surveilled, and here are some of them I use on a daily basis.
Use an Ad-blocker
Using an ad-blocker is the simplest way to get started, as it gets rid of the majority of trackers a site uses -- which is to figure out what best to sell to you.
An ad-blocker like uBlock Origin is easy to install and use, and comes with a pretty good set of advertising lists, that block most, if not all, advertising traffic on most of the popular websites I visit, like YouTube, Reddit, ArsTechnica, etc.
Blocking advertisements on websites you visit isn't enough for you to shake advertisers off your trail, as there's a still a ton of other ways advertisers and site owners can track you (link click throughs, etc.), but it goes a long way to preventing them from collecting the most relevant data on you, like what ads are most likely to get your attention -- if there are no ads on a page, there's approximately zero (0) chance you'll click an ad!
There's also a case to be made that ads help smaller websites and institutions stay afloat, and so in those cases you can disable your ad-blocker for only those websites.
Use a VPN
Using a VPN is another effective way to defeat tracking technology that depends on IP addresses to show you location-specific advertisements, and recommendations.
This is something that Facebook does quite well, as it tweaks the set of "People you might know" depending on where you're logging in from. An anecdote: when I moved cities for a new job, my friend recommendations slowly changed too, showing me friends-of-my-friends who lived in my new city. When I moved again, the recommendations changed again, this time adjusting to the fact that I had no Facebook friends in the place I had just moved to, now showing me people I had encountered at college, at previous workplaces, etc.
While it's impossible to avoid giving Facebook information, even when you're not logged in , you can thwart some of its tracking techniques, by simply masking your location. Using a VPN is one of the easiest ways to do so, as using a VPN, especially a commercially available one, means you shift the perceived origin of all your activities from your own network, to the VPN provider's network.
Contrary to popular belief, a VPN does not grant you anonymity, as your personal information is still (presumably) being collected by the services you're using; rather it removes an important feature from that information which is your current location. Ultimately, if the service you're using is invasive enough, they'll glean your true location by simply taking a look at your GPS (or Wi-Fi) location, but in most cases, this does not happen.
A recommendation for a good VPN is Mullvad as it has a strict no-logs policy, meaning they don't log any of your activity, or retain your personal information. The way Mullvad does this is by asking you for no personal information as part of the sign-up process -- you simply generate an account number, and pay using any means necessary, and use the account number to login!
Switch to a privacy-conscious email provider
I don't need to spend time talking about the ubiquity and pervasiveness of email in our daily lives -- for better or for worse, we use an email address (and by extension, an email provider) for almost everything in our digital lives.
Chances are, you're using an email address provided by Google through Gmail, or Microsoft through Outlook (formerly Hotmail), or some other provider, and that this email address is free-to-use.
At this point, when you stop to think about it, you must wonder: how do these email providers provide so many email addresses, and consequently deliver so much of the internet's daily email traffic, for free? The answer is quite simple, and is explained succinctly by the adage: "When the product is free, you are the product!"
The way that Google (for example) is able to provide Gmail for free, for so many users worldwide, is by using your data to build a stronger advertising network. Put simply, if the most widely used email service in the world is Gmail, and if most Gmail users are not GSuite users (i.e., are not paying for the product), then the only way to make that work for you, if you're Google, is to put all that free customer data to good use! Which happens by reading your email (at the very least), and using that build a stronger advertising profile on you.
Sure, you can get around it by disabling features like "Smart Compose", and resetting your advertising ID every once in a while, and I'm certain Google ensures that email addresses and PII like names, addresses, etc. are anonymised before being used to train their advertising profiles and models, but at the end of the day, all of those are stopgaps that prevent Google from reading all of your data -- they can still read most of it, and there's nothing you can do about it.
What you can do to break away from this vicious network, is to use a privacy conscious email provider like Protonmail , or Tutanota , both of which encrypt your emails when at rest (i.e., when stored in your mailbox), and therefore cannot read your emails. Both of these email providers do a lot more in terms of ensuring your privacy, either by not being in a Five Eyes country , cutting down on the chances of government subpoena ever being used to gain access your email, or by encrypting all incoming messages preventing them from being read, among other things.
The catch is these kinds of providers are paid-only, unless you're willing to accept a lower outgoing message limit which applies to the free plans, and their UI/UX is not as polished as something like Gmail, both of which I believe to be a small price to pay for true privacy, in a feature I use daily.
Change your mindset
There's a lot more things I do as part of my daily life to try and thwart advertisers, and other data-hawks, for example, using disposable email addresses when using a new service, that I don't really care about, or by using Tor browser to access webpages that I don't want tracking my computer (not shady sites, I promise), and while all of these are well and good when it comes to thwarting some trackers, it requires a discipline, and more importantly, a dedication to continue using these "tricks".
Most people I know, unfortunately, won't be spending as much time setting up their ideal privacy-maintaining setup like I have, because quite frankly, most people simply don't care enough, or don't have the time to spend tinkering their workflows to accommodate these new tools into their digital lives. And the reality is that while this remains the status quo, we will not see any advances in privacy technology, driven by customer demand, to make it more accessible to others, which is why I think this is more of a mindset problem.
People often remark: "I have nothing to hide, so why do I care if all of this information is collected on me?", and I think until we instill the idea of digital-data ownership, and give people the legal rights to exercise control over their own data, we will not see a culture shift into caring more about your digital privacy, and break away from this mindset.
The status quo contributes to never-before-seen information asymmetry, crucial to the functioning and continued growth of massive advertising-led corporations like Google, Apple, Facebook, Amazon, Microsoft, and other aspirants to that crown.
To avoid ending this article on a glum note, the advent of data-rights and privacy laws like GDPR , and CCPA , has led to companies starting to treat digital data rights as a real, tangible, and legal right, and has forced companies to allow their customers to exercise more control over their own data. These laws have also inspired a slow-but-sure global trend of similar laws around the world, like India's Personal Data Protection bill , and Brazil's LGPD , hopefully turning digital data rights into something that companies now think about from the start, rather than after the fact.