In my last two blogs I’ve looked at what privacy is all about in a digital sense, and how creeping surveillance affects us all. In 2022, we’re all just a product to the ad industry.
In this blog, I’m going to provide some tips on how you can protect your privacy by doing some basic stuff – and I’ll also keep the tech jargon to a minimum (that can’t be simply explained, anyway).
Check your phone and tablet’s privacy controls
It might be a surprise to many that in your device’s setting there are several ways to limit what’s collected by your handset or tablet manufacturer1. Despite their reputation, Google does provide a lot of controls to limit tracking, though older Android handsets that can’t run newer versions of Android will miss out on recent changes. Don’t get smug Apple users, I’m talking to you too; the default iPhone settings send plenty of ad related info to Apple.
One thing a little less obvious are your device’s network options. Turning off WIFI and Bluetooth when you go out shopping will stop you connecting to shop beacons, which track you to target you with ads.
Snooping on you 24/7? There’s an app for that
More apps than not, in fact. I’m not kidding. Even if you flick every privacy switch you can on your devices, the second you install an app you might be turning your device back into a digital spy. And again, Apple users, this applies to you too, even if you choose ‘ask apps not to track’ in iOS.
Apps might ask for access to your location, contacts, your photos, microphone, camera… do you really know what they are doing with it all? Could your apps access these things without asking? Once you’ve given them permission, they can (largely) access them whenever they like. So, you should only install apps from companies that you trust, have good privacy controls or you’re happy for them collect data about you. In most cases, apps like Facebook, Twitter or LinkedIn can be managed in a browser much more privately than the app. Sure, they’ll bug you to install their apps, but that’s only because they want more data to monetize you!
Even apps that don’t come from the big tech giants like Facebook and Google might still use their services, especially where ‘app measurement’ is concerned. Technically, this should be data sent back to developers to tell them about the use of the app – performance, crashes etc. but a lot of metadata about you can also be sent, and aggregated with other data on you to build a more granular picture. It’s possible to limit this too – see the section below on Firewalls.
Many other types of apps, especially games, productivity, photo and messaging apps won’t have the browser option – so you either don’t install it or let them suck your data. Don’t like WhatsApp because it’s owned by Facebook? Try Signal instead, you might be surprised how many of your friends use it. By the way, there are genuine apps for lots of stuff that don’t play the surveillance game, so watch out for those.
Browsers and the web
There is good news about browsers – there are a good number of privacy friendly alternatives that can do a lot to shield you from data harvesting. Personally, I use DuckDuckGo, Firefox and Brave (a privacy focused version of Chrome). Each is different, but all do a good job of blocking attempts to track you. Just using multiple browsers is a good thing too, and don’t be afraid to clean out the cache regularly – it helps with privacy a lot (normally in settings>privacy or settings>data management).
One word of caution on ‘private browsing’ or ‘incognito mode’ – these offer little privacy beyond your device. Someone with your device can’t look at your history once the tabs are closed, and because cookies get wiped, computers at the other end can’t access 3rd party tracking cookies. That aside, your network provider will know what you’re doing and computers at the other end can still do much of their stuff. For example, they’ll still know broadly where you are (your IP address gives this away) and they may recognise your device’s fingerprint2 – so they’ll still know it’s you.
This is more of a desktop issue, but a word of caution on browser plugins. Brave is a version of Google Chrome (which is in fact Open Source) made to be more private, so you can install Chrome plugins. If you start with privacy focused browser and then add data vampire plugins, you’re no better off. Choose your plugins carefully. You should also weigh-up the privacy implications of ‘Sign in with’ tools from the big tech companies – each is different, and certainly don’t use any of them without two-factor authentication.
Next steps: VPNs and Firewalls
A VPN (Virtual Private Network) uses a technology that hides your IP address – the ID assigned to your device for network access. It does it by sending all your network traffic through an encrypted tunnel to a datacenter somewhere. This has several advantages. It means your telco can’t monetise your browsing or network habits, and it also means you can connect to services back home while you’re your travelling3. Someone can travel from Europe to the US for example, and still get the local to home experience because all of the network traffic will come from your home country. The ones to look for commit to no activity logging, but again, you need to choose carefully and look at reviews from independent experts in this area. Also remember you have to pay for VPNs – if they’re free, they are invariably just data vampires.
Firewalls are another useful tool in your armoury3. I use a firewall that blocks tracking using app measurement tools and lots of known malware, and while it’s free, they really want you to use their paid VPN service. Mine does break a couple of apps, but it’s something I can manage. If you do run one of these and app stops working, switch off the firewall and try again.
When I first installed my firewall and saw just how much traffic was blocked (much of at night) I was amazed. I’ve set my phone up to be ‘private’ and it’s still blocked 89K attempts.
Search engines
Just as with browsers, the search engine news is also good. While Google is by far the runaway leader in search, there are other options that will deliver great results. Startpage and DuckDuckGo both offer comparable search tools, though I would recommend letting DuckDuckGo manually know you location – before I did this, I was unhappy with the results. Now I use them all the time. Other privacy focused search engines are available.
Smart stuff
Cars. TVs. Speakers. TV dongles and streaming boxes. Smoke detectors and heating thermostats. Water and energy meters, plugs and lights – the list goes on. All now smarter than they were, all now capable of surveillance, so don’t ignore them. My own bugbear are smart TVs. One of mine has no privacy controls at all, the other won’t let me upgrade to the new OS without turning off the privacy controls. Neither are legal under GDPR or the UK’s Data Protection act, but they get away with it. Whatever you have, check what privacy controls you have, and use them. Popular devices like Amazon Alexa and Ring, Google Nest and other smart devices may have more controls than they used to, but you should still read their privacy policies – you might be surprised what you find.
The privacy arms race
Why bother with all this? I point you back to the first blog in this series. Surveillance is rife, and it’s hidden from you. The free stuff you get is hailed from the rooftops, but the sleezy snooping is quietly swept under the carpet… but it’s very well used, to productize you and your life. And not in a good way. I’ll warn Apple users again too. While many Android users are aware of what they’re dealing with, many iOS users are falling for the privacy ads from Apple, who have been ramping up their advertising revenue very nicely, thank you. Don’t be complacent with either platform.
Where will tracking go next – time-based pricing for energy or water use? Car and health insurance, perhaps? It’s already happening. Right now, it’s early adopters are taking these things up because it suits them or there’s a financial advantage. What about when it’s the norm and you’re on the wrong side of the system or in a marginalized group?
Also consider this. Should sensitive data about you be hacked, things could escalate quickly and you could end up feeling like you’re in an episode of Black Mirror. Remember, if you don’t look after your privacy no one will do it for you. It’s time to tool-up4.
1: Wired has tips for Android here and iOS here. For iOS, ignore the advice about Protect Mail Activity – it’s actually bad advice. Instead, turn Protect Email Activity OFF and new switches appear, turn both switches ON for the best protection
2: Browser Fingerprinting: What Is It And What Should You Do About It?, PixelPrivacy, July 2021
https://pixelprivacy.com/resources/browser-fingerprinting/
3: A good firewall for iOS and Mac is https://lockdownprivacy.com/ and for Android (and iOS) I try https://blokada.org/
4: Privacy myths busted: Protecting your mobile privacy is even harder than you think, CNET, Jan 2022, https://www.cnet.com/tech/services-and-software/privacy-myths-busted-protecting-your-mobile-privacy-is-harder-than-you-think/