The only real way to ensure your data isn't being collected and sold in the course of every single transaction you engage in (cash transactions being somewhat less trackable, however), is to get data privacy laws passed that forbid this activity by retailers, data brokers, and related entities. The EU has the right idea on this.
Ordinary individuals who attempt to use technology to 'go dark' will likely, if they're careful, be able to conceal their online identity from your average stalker type, malicious ex, or seedy credit card fraudster, but certainly not from the likes of Google, Apple, Verizon, or any number of government agencies with access to those outfit's data centers. This is called mass domestic warrantless surveillance and it is illegal under any reasonable interpretation of the US constitution, and certainly shouldn't be allowed by private parties either.
As far as spies, every history of spies I've ever read has one thing in common: they all hide in plain sight, using cover identities of some sort, acting as much like a normal member of society or their organization as possible, and then running off to do their data transfer/nefarious activity in secret only rarely. Notably, mass domestic surveillance isn't a very useful tool for catching such people - it's more about authoritarian snooping on the population, engendering fear of the state as with STASI, as a means of control. That nonsense shouldn't be allowed, and those who promote it are nothing but authoritarian enemies of democratic rule and free expression.
> "cash transactions being somewhat less trackable, however"
"Then he said he was going to buy the book with cash, so nobody could trace the purchase to him and exploit his interests for commercial purposes" - Calvin, talking about his Dad, in Calvin and Hobbes by Bill Watterson, December 1993.
". This is called mass domestic warrantless surveillance and it is illegal under any reasonable interpretation of the US constitution, and certainly shouldn't be allowed by private parties either."
I don't think this is correct. Google etc are private actors so no state action, no constitutional violation plus they get your legal consent whether you like the way they do it or not. Government agencies if they get the info must get a warrant or have exception or info's use is barred from court and can't be used against you. So why the claim it is illegal mass domestic surveillance? Hyperbole. Mass surveillance that IS used against citizens all the time is China in WeChat, mass camera use, etc. where there are no constitutional or other protections.
The US gov purchases the data that comes from the mass surveillance and they don't need a warrant to do so, essentially bypassing the constitution
By your interpretation this is okay because its done by a private industry. That makes no sense to me, can the cops now go pay some random thugs to break into my place and search it without a warrant too? Sorry, that's fucking insane just like being able yo purchase the surveiled data
Mass surveillance has been used against citizens in the US too; it's too tempting a tool not to abuse. The legal system loses its credibility when warrants, proceedings, evidence, etc are all secret in the name of national security. And further there are cases where the government circumvents the law's intent by asking companies to do things the government itself must not do.
Whether a thing is "legal" when it comes to government (ab)use of power is the thinnest of defenses. As the senator from Naboo said: "I will make it legal."
Legislation, regulation, and litigation are the ultimate answer, yes.
Technological resistance is, however, a useful form both of social resistance and a means of determining the pervasiveness, nature, and scope of the problem.
That said, individual action alone is profoundly insufficient.
Certainly you can ban the sale, but it’s hard to imagine a law that outright bans the collection—there will be exceptions for law enforcement, and it’s not inconceivable those exceptions will be abused. I think technological and social solutions may be a better bet than laws on the books in this case.
If you ban non-consensual data collection & processing then there wouldn’t be a business case for building infrastructure for it.
Law enforcement would have to build it from scratch (and trick users to fall for it or pass laws to force people/companies to use it) where as right now they can just dip into the data companies already collect.
The "attention economy" is the best thing that happened to intelligence agencies worldwide. Where as before they had to build surveillance infrastructure themselves (which requires budget, skills and secrecy, all of which is costly and politically risky), nowadays they get all of that not just for free but much better than anything they could build themselves.
Author does not mention the major reason I care which is that allowing others to know what we are doing, thinking, saying, where we are going.. either individually or collectively anonymously or not, gives them power over us in many ways to predict, manipulate, dispossess.. which leads to the imbalances we have today of the haves and have nots of data.
The people who say big tech already has so much data on them so why care are missing the valence of time. What you did, thought, said.. last year is much less valuable and useful than what you are doing today.
It also leads to manipulation. People don't want to hear that - they think, as imagine many people reading this are thinking, that they aren't manipulated.
People are manipulated on a large scale. States, advertisers, political movements, and others are investing a lot of money in it. They are getting something for their money.
That is the most important issue; that is the power in our society. Propaganda was effective before the Internet. Now, with incredible amounts of information about your behavior, interests, needs, situation, etc., and with expertise and A/B testing, it's certainly possible to move the needle. Yes, for you and me too.
In the old country, there was a story ( which since I heard variants of ) my parents told me trying to explain
why it is not a good idea to share details of your life with strangers, which goes something like this.
Secret police was trying to recruit a dissident to be their informer, but he was resisting. They tried to bribe him. They tried to cajole him. They tried to threaten him. He did not break.
One day a senior agent went by to introduce himself. When the dissident started to protest, the senior agent waved him away. 'We already know everything there is to know about you. We even know you drink tea and not coffee.' The treats, speeches and monetary gain had no hold on the dissident, but when he learned someone close to him betrayed him, he internally gave up.
The moral of the story is and always has been the same. Information is valuable. You may not think it is, but someone does. Do you think that someone has your best interest at heart?
I don't disagree with your anecdote in general. But it is somewhat interesting that, in the modern world, the implicit threat of an authority figure knowing this bit of trivia about you wouldn't be all that threatening. To the person in the story, it implies someone fairly close to him is giving information. To us it would be like "did get that bit of information from my Google searches, Facebook likes, or did you go through the effort of asking my bank where I shop?"
This is the part that interests me the most. In a way, its a thousand times worse now. In a practical sense, if the story was told today the story would suggest that any agent would get this information just by asking ISP, banks and maybe Amazon for your history with them. We don't just know that you drink tea. We can predict your daughter is pregnant and know wife is cheating on you. Full blown surveillance requires little to no effort. The amount of mind games you can play with that treasure trove is why you hear concerns IC about people 'going dark'.
I suppose to me how the information is obtained is secondary. The fact that it is obtained at all is an issue. We are only recently becoming better at analytics and seeing patterns that would be considered a little creepy only few decades ago. It is normalized now.
To your point that in the story, the trivia is truly irrelevant. By itself it means nothing. State knows I drink tea. Big whoop. Tons of people these days voluntarily show off eating pastas of all kinds. It is just serves as a way overwhelm the target with a feeling of helplessness ("They know everything"), abandonment("Someone close gave them information"),hopelessness("What is the point?").
So the trivia is not threatening by itself. It is the implication that the agent knows you very well indeed and that knowledge includes trivia.
Now imagine a person visiting you with a short listing of your detailed interests, search history, suspected health issues and inferred psychological profile.
It is a lot less subtle, but it conveys same message ( I know you better than your family, doctor, bookie.. ).
Sorry for the long response, but I just wanted to make sure it is clear that trivia is just a small part of it. As Dennis Reynolds would have said: It is the implication.
This is a fantastic comment. And it perfectly answers why the idea of "having nothing to hide" is so dangerous. Everyone will one day have something worth hiding, and probably not something illegal at all.
This really can't be overstated. Propaganda was highly effective even as words on pieces of paper distributed once a week or infrequent AM radio broadcasts.
I believe the old idea that would hold even more so now is that the only defense against propaganda is essentially to be illiterate. It is really hard to propagandize a person who can't read. The more informed a person believes themselves to be about the world from text, the more propagandized they are. I believe that is from Edward Bernays.
There are some who have argued that crytopcurrency is an effort to make everyone's spending habits public. Imagine virtually anyone having access to global purchase history. No need to approach VISA, etc. to purchase the data. This seems like Nirvana for "tech" intermediaries sitting on the internet.
A crypto proponent might argue that transactions are anonymous. However it is impossible to remove entries from the ledger, which is of course public. Hence even if this anonymity was true today it would also have to withstand ever-increasing capabilities of "chain analysis" for an infinite amount of time.
The existence and use of "crypto mixers", e.g., by criminals, suggests identities are indeed traceable.
"When I search for ways to improve my online privacy, I find two extremes: people who think it's not worth it because Big Tech already have all our data, or complicated suggestions to flash my phone with a modded version of Android."
To be clear, like the OP, I am not referring to privacy from the government, i.e., so-called "state actors". I am referring to privacy from "tech" companies. Regardless of who develops the methods to trace crypto, or why they do so, history has shown it is "tech" companies, collectively, that have the greatest desire for internet surveillance data and pose the greatest risk to online privacy.
Lets assume Monero is untraceable. Did MasterCard buy a company that cannot deliver on its promise of Monero tracing. In 2020, it was announced that American tax dollars were paid by DHS to CipherTrace for "tools" to trace Monero transactions.
Thought experiment: What is the financial incentive to keep transactions "untraceable". Is it greater than the financial incentive to make transactions traceable.
>either individually or collectively anonymously or not, gives them power over us in many ways to predict, manipulate, dispossess
The thing is, is that actually true? What always comes to mind for me is the Cambridge Analytica scandal, which involved their self-declared 'psychometric targeting', which it turned out, after scientists did some studies had a measurable effect of zero on people's behaviour[1].
People love this idea of 'big data' as some powerful ominous tool, even big companies themselves seem to push it explicitly to seem more towering than they are. It's much more boring and unfashionable to think that people are a little more complex and have more agency and that companies push it because it makes them sound more sophisticated than they are.
If you think you're not being manipulated, you're deluded. Advertising works. It worked before the Internet and there's even more of it now. We do still have individual agency but don't you want a cool refreshing Coca-Cola right about now?
IIRC a liter of Coca-Cola contains ~120g of sugar, and they need to add phosphoric acid to make it all go into solution. In fact, so much phosphoric acid that it makes a good de-rusting agent, i.e. any iron oxide (rust) will, after being soaked in Coca-Cola overnight, be converted to iron phosphate, which is easily removed with a light scrub. In addition, regularly consuming that much sugar puts you at high risk for type II diabetes, heart disease due to obesity, liver malfunction, and probably other things.
So no, absolutely do not want to drink what amounts to a toxic industrial solvent... though I did drink the stuff as a teenager before I learned all that, I must admit.
Point being, such advertising only works that effectively if you have a dumbed-down population ignorant of science, math, history and similar matters.
Here's a viable conspiracy theory, on that could very well be true: the attacks on American public education over the past 40 years are part of a deliberate effort to create a dumbed down population more susceptible to manipulation by corporate advertisers and state propagandists.
You don't need any additives to dissolve 120g/l of sugar into water. Wikipedia lists sucrose solubility as approximately 2000g/l at 25C, and HFCS has even higher solubility. The phosphoric acid is to make it taste better. 120g/l would taste unpleasantly sweet without the acidity.
It’s an interesting comment, and a nice line about Coca Cola that I’ll definitely steal!
But the conspiracy theory part is obviously untrue. A less educated population is a less productive population, and a less productive population is a poorer population. Less income means less spending on products and less tax revenue. A group with sufficient skill to implement this conspiracy would know this, so wouldn’t do it.
(A counter is that the group could be made up of advertisers pushing inferior goods (income elasticity of demand is negative) and government authoritarians - but why would they be so much more competent than the luxury goods pushers and libertarians?)
Nobody is denying advertising works. But most of the time ads are trying to win you over vs competitors in the market. Most of it is predicated on the fact that you are in the market for something, and they want you to choose them over someone else. I doubt coca-cola is targeting non-soda drinkers in their advertisements. But they want you to pick coke over Pepsi.
Even if you create an open source drug that cures cancer and give it away for free, you’re gonna need a marketing campaign so that doctors know about it, or that patients know to ask their doctor about it. Not because you’re malicious and trying to manipulate people but because otherwise people who would benefit from your product won’t know it exists.
I think the mechanism of advertising is more fundamental than that, I think it's intimately hooked into the same path as spaced repetition.
I feel Marketing isn't so much crafted to compete with other signals on any merits but rather crafted to compete with recall.
Once a message hooks into an effective spaced repetition pattern it doesn't matter which is the 'better' product; because you'll search first for the one you recall the easiest. At which point it's an entirely different marketing team who tries to make the sale.
My opinion is that some companies craft messages to carry additional product metadata not because it's a necessary component of advertising but because they think it makes it simpler to recall.
I think this is evidenced by more than a handful of marketing campaigns that don't explain their product at all in any meaningful way and yet still enjoy immense popularity.
All that to say I think the worries alluded to by fragmede are justifiable, since the mechanism of impact could involve so little personal agency.
Coca-Cola competes not with Pepsi. If you chose Pepsi, you will not suddenly choose Coca-Cola if if shows a flashier ad.
Coca-Cola competes with: a glass of water, a cup of tea or coffee, an actual meal, a walk outside, a meditation, a nothing (just you chilling and keeping watching YT), your vision of yourself as someone who is not a Coke drinker (so e.g. Coke drinkers in adverts tend to be active, adventure-seeking, well-socialized and loved).
It advertises most certainly not to make the product known, that's done by putting it on shelves in stores. Invading your attention at home or while doing anything other than shopping is strictly banking on triggering an impulse and/or trying to adjust your self-image to allow the possibility of you seeing yourself as the type of a person who uses the product.
Similarly McD and SBX compete with local parks and benches, Netflix competes with woodwork (and indeed sex), YouTube competes with going out (and thus Uber, in locations with poor public transport), Uber competes with not going out (and thus YouTube), etc. to various degrees.
(Things are different with advertisements especially for lesser known products without IRL presence. An advert != an advert.)
I'm slightly surprised that no company like CocaCola has made cost-free subsidised eye glasses with their logo watermarked in the lens so you see it everywhere you look. They can't all be waiting for AR/VR to take off before racing each other for that, surely?
Actually the research is fairly mixed as we’re dealing with N-variable systems of technology, communication, economics, and a non trivial amount of fraud.
"High fidelity targeting" working and "having a lot of data about people's choices and habits allows you to better manipulate them" are related but not identical things. It seems at least plausible to me that pre-internet advertising wasn't really much worse than what we have now, there's just more ways to attach cost to outcome.
But the amount of data companies have on their markets now is astounding, and can be used in more ways than just directly targeted ad serving.
> It's much more boring and unfashionable to think that people are a little more complex and have more agency and that companies push it because it makes them sound more sophisticated than they are.
I wonder if, when it comes to marketing at least, the opposite is true.
Facebook have x million data points on each person, but at the end of the day everyone fits into a very finite number marketing buckets based on gender, age and location. In terms of selling you a netflix series, razor, theragun or some other gadget people are predictable with just regular data, it just sounds fancier if you call it big data with a twist of AI and a quantum neural network chaser.
Social media isn’t a boogeyman responsible for everything but it is a critical channel to influence. My mom gets bombarded with crazy tales of Joe Biden taking gasoline away, etc. I get lots of crazy dramatic fundraising requests from EFF, broadband advocates, etc.
I don't doubt that what you're describing is real, I'm just skeptical that this is unique or has much to do with Facebook, advertisement or "the algorithm tm" in particular.
Thirty years ago your mom would likely be listening to talk radio, if that's the kind of media diet she's looking for. There's lots of deep reasons why people consume what they consume, I just think it's wrong to attribute a lot of agency to these platforms.
It's actually comforting to think that twitter, FB etc are destroying discourse when in reality it's people on the sites, out of their own volition, or through (lack of) education, socialization, etc.
My mom is in her 70s. She was a peace corps volunteer, a health care provider and an advocate for regulation of certain medical providers. She carried petitions for Al Gore. Not somebody that republicans would knowingly talk to.
But places like Facebook push content that your friends like. Sometimes that’s so and so’s new baby. Other times it’s Uncle Bob’s manifesto on why critical race theory is doing whatever.
Yes and no, cross source info allows people to know bulneravility that help change behaviors,much time big data means better
and cheaper data tools, like easy accea to optimize internal proces or better ui
These articles frequently err on the side of assuming that online security is entirely about worrying about random internet strangers taking advantage of you. For many people, the primary concern is an abusive SO, ex or relative, getting fired from their current job et al.
Some articles do address such things but they have something of a tendency to be addressed as a separate issue from "online privacy" rather than one element of the issue and a bigger issue for some individuals than others.
If you are interested in this subject you may like to check out EFF's "Surveillance Self-Defense" site, which has tons of guides and useful info: https://ssd.eff.org
Another big downside of surveillance that the article doesn't mention is the "social cooling" effect [1]. People are less likely to be honest if anything they say can impact their entire life
I think it's mostly pointless to put more than a basic minimum amount of effort into protecting your own privacy (e.g. sensible social media settings). There are too many surreptitious means of getting your info.
Instead we need to focus our efforts on political action. Privacy is not something that can be controlled at the individual level when you're up against billion dollar budgets.
> Privacy is not something that can be controlled at the individual level when you're up against billion dollar budgets.
But the billion dollar budgets are spread across an incredibly broad scale and have to handle a ridiculous amount of data. Certain patterns scale very well for the companies, e.g. using google chrome while logged into the google account
If we just avoid the big players and use a bunch of different, unaffiliated services, it makes mass surveillance more expensive and less likely to yield a strong ROI
Defeatism just gives these companies a better ROI with respect to surveillance, and it also makes us more susceptible to pushes to erode privacy, like the current one to replace passwords with biometric data
I agree that political action is needed, but I have almost no hope that any substantive legal changes will pass in near future. Big money and power prevent proposals from getting anywhere. It is up to us to protect ourselves and loved ones. It is a fun sport to evade the surveillance state.
> I have almost no hope that any substantive legal changes will pass in near future
This is the most popular move against action, to convince people it is hopeless. In fact, when the people want something strongly enough, it certainly happens. There is a long, well-established history of it.
I encourage everybody to continue trying, but I am also realistic. I often write my senators and congress people here in California about these issues and proposed bills. They send me back canned letters telling me to pound sand, save the children, blah blah. They are heavily funded by the surveillance capitalists, and the intelligence agencies rely on that data.
Certainly regulations are essential, but individual actions to protect privacy, when taken en masse, can reduce the profitability of data harvesting. Moreover, by influencing social mores, it can build solidarity and inertia against potential future mass-surveillance laws.
I wouldn't call it pointless. You can use Signal and essentially have your communications disappear. Technological tools being available make the legal solutions practical.
But I agree that the legal solution is certainly necessary and most essential.
>Privacy is not something that can be controlled at the individual level when you're up against billion dollar budgets.
Use FOSS, now the price of direct compromise rises above $0. Turn on NoScript? Whoops, there goes like 90% of web tracking, goodbye surveillance capitalists. Use Tor or other multihop for casual browsing? Most adversaries will now be incapable of tracing an arbitrary circuit of an arbitrary user. Cost of tracking activity is now way up there.
It's true that against an adversary with enough money to surveil massive swathes of ISPs worldwide, strong anonymity is not viable for casual use- that kind of thing requires networks of fixed-rate dummy traffic tunnels, public/open LAN networks, proper operational security with devices, avoiding as much social interaction as possible, the whole shebang.
Political action is needed, but I fail to see how we can actually get past dark money like super PACs and such.
Failing that, if enough people use their general purpose machines in a subversive manner, they themselves will become more difficult to suppress.
OP Here. The legal part is important, but you don't have to make it easy. GDPR was a good step forward if not in the way people think about the subject. It would be great to see other countries follow this.
Usually when a question is asked in a headline one would expect the article to at least attempt to answer it. This piece doesn't guide you on how to make trade-off decisions between privacy and usability, it doesn't even give concrete tips on how to improve privacy (apart from a single mention of password managers, where it doesn't even say whether they should be used or avoided). This is as useless for beginners as it is for experts, how did this make it to the front page of HN?
OP Here. Thanks for the feedback.
When I started to write the article, I was set to give a list of things we can follow to improve privacy. In the middle, I noticed the arguments why you should do it were not clear. As I said in another comment, it's not clear for my mother the consequences of oversharing, so it's not easy for me to tell her not do do so.
The reality is that it really depends. Maybe you do need to flash your phone and use a VPN or maybe not. It's complex. I work in Cybersecurity and I often get into projects where PMs want magic bullets but there isn't one. Are you processing personal data? Are you going to have legal, financial or reputation implications if you have your data stolen? It's not binary.
The idea is to get the basics right so I can defend to my significant other why she doesn't see ads on Google: it's because pi-hole, honey.
I will come up with the list of things you can do and share it here soon, sorry if you think it's clickbait.
Positively surprised that you are reacting, so I want to offer some constructive feedback: one thing you could do would be to describe various points on a 'Pareto curve' of privacy vs useability. Starting with a low-effort setup that explains eg password managers, cookie settings and other privacy-enhancing browser extensions, intermediate solutions with well-separated online identities, VPN, protonmail, local file encryption,... and a more extreme solution with self-hosting, custom OS...
I find sites like this very hard to accept at face value. For example, on iOS, they say to avoid Authy for MFA but recommend a project called Tofu. This may be a sensible recommendation but they give zero supporting information as to why.
I have nothing against Tofu (maybe the texture) but if you are going to convince someone that an opensource project made by mostly one person with very little financial backing, over a corporate MFA provider, data or rationale is required!
There's another option, which few are able to implement. Sign off entirely. Stop using the digital Machine. Humans lived this way for all but the most recent wink of an eye. Many humans still do. Think of the monastics on Mt Athos.
When I first saw the title, I thought the author was going to discuss truly taking the red pill. I was disappointed to read just another '10 things you can do to increase your privacy' piece.
OP here. Fair criticism thanks.
As I stated in another comment, I was going to make this a list of things you could do, but the argument to why you should do it was not clear, at least for me. This is the purpose of the article: explain my mother why. The how will come later.
I always assumed it was his real name, but I suppose that was just an unexamined assumption.
Gwern Branwen is a prolific [1] netizen who is also completely anonymous. I don't know how people like him [2] do it. Surely the people who know him IRL are aware of what he's working on day-to-day and someone would be able to connect the dots. Unless he lives alone or his housemates are completely offline - and he doesn't talk to anyone IRL about what he does at home.
[1] Sometimes on Twitter or Hacker News I legitimately just scan my eyes around the screen expecting a comment from or link to Gwern to be already in my field of vision.
[2] I have seen since-scrubbed evidence Gwern is a "him" though he now seems to hide that too
iirc lots of Japanese manga artists are also anonymous. Like the author of the recently popular Jujutsu Kaisen series [1], who appeared on TV wearing a mask of one of his characters [2]
Apparently getting into manga is really difficult in Japan. Most start out doing hentai. To make money until they get a break and their manga becomes popular.
(I don’t know how true this is, something I read many years ago cos I’ve been watching anime for 25 years)
>I always assumed it was his real name, but I suppose that was just an unexamined assumption.
Occam's Razor suggests it probably is his real name. There are a few other biographic details online which I suppose someone could verify if they cared enough, especially if they were local and he actually lives in Perth. He's certainly been using that name since the early 80s.
It's mostly that he just completely avoids fandom and publishing circles and he's of an age where photos of you mostly didn't randomly show up on the Internet unless you deliberately put them there. And he is apparently determined to keep it that way.
This is actually a pretty good example of a person who could probably be found pretty easily if someone, and certainly the government, really wanted to but they keep out of the public eye except for their books and the occasional interview.
Like Greg I'm also a circa 60 year old W.Australian STEM arena coder/weddings/parties/anything person.
It's a bit of a state wide trait to be general while leaving a semi challenging last mile problem.
Having a capital city described by early US personnal in orbit as "the most remote city in the world" leads to a mild village syndrome when outsiders come asking for <insert specific name> .. who wants to know & how come you don't know already?
As for gender, roughly a third of the math | physics | comp sci staff were female in the early 1980s (Cheryl E Praeger and others) and a number spent the early Usenet days with nome de guerra to sidestep the complications.
Writer is probably one of the easier ways to be largely pseudonymous. No need for anyone other than some people at your publisher and some friends/family to know the connection. Reclusive writers is even something of a trope. Of course, no images also presumably means no book signings, cons, basically any public appearances--especially these days when everyone has a camera in their pocket.
The most valuable course I took at university taught you how to request and analyze public records. This was at least 4-5 years before the government had records available online. So it required you to physically examine this information.
While taking the class, I came to realize the paper trail you leave the moment you become an adult is immense and almost impossible — from a government perspective — to eliminate entirely. If you require a license or own property, you have no choice but to be in the system. You literally have to disconnect from society and live as a hermit in the woods (and even then I wouldn’t doubt the ability to be tracked.)
The digital realm has only made this paper trail exponentially impossible to control, even if you’re consciously trying. I’ve adopted the practice of limiting my digital footprint as much as possible (within reason). I don’t have accounts or engage with the social media walled gardens. I am very conscious of the media I consume. For instance, I don’t follow my curiosity about topics an on platforms where an algorithm might force feed me — if I wanted to know about a conspiracy theory for giggles, I’d read on Wikipedia, not watch a video on YouTube.
And, finally, ad and tracker blockers at every possible level. I figure if someone has me profiled, I can at least block the tailored message they’re sending.
It's a bit hard for me to understand what's being argued for here. For many people in publicly visible positions, it's not practical to avoid having an online identity under your real name. This is not even exclusively a white collar issue for someone who speaks at conferences etc., how about a contractor who needs an online presence to find clients?
Certainly there are steps someone can take to be make themselves invisible online but it severely limits career and other options.
OP Here. I'm arguing the *why* you should care and *what* can happen. The article is a reflection on how I can explain my mother that she should care.
Going invisible online doesn't mean you have to limit your presence - it really depends. That's why I think there are some fair criticism about the last paragraph of the article, that really doesn't tell you what to do.
> The article is a reflection on how I can explain my mother that she should care.
I think you forgot one important point. Lack of privacy harms journalism and activism, making the government too powerful and not accountable. If only activists and journalists will try to have the privacy, it will be much easier to target them. Everyone should have privacy to protect them. It’s sort of like freedom of speech is necessary not just for journalists, but for everyone, even if you have nothing to say.
I find your argument to be true, but the idea is to discuss what we can do versus the standards which I find them to be GDPR and Apple. The first because it came out with a set of rules that didn't exist anywhere else in the world and the second because it prevented millions of people to be tracked when they navigate (obviously a commercial stunt, but still). I would question if anyone else made more for privacy in the last few years than these two (Maybe Firefox?)
Maybe the whole world must push for GDPR-like regulation or for Android to block third-party cookies. Until then, the responsibility is on each individual.
> Maybe the whole world must push for GDPR-like regulation
Indeed, I agree.
> I would question if anyone else made more for privacy in the last few years than these two (Maybe Firefox?)
Apart from Firefox, consider GNU/Linux phones (Librem 5 and Pinephone), Mastodon (and other things based on ActivityPub), Qubes OS with Whonix and many other amazing projects.
Unfortunately the average person tends to be less concerned about invasions of privacy they cannot see. Like when you go through a scanner at the airport which let's someone in another room basically see through your clothes, vs. the way you feel if someone standing in front of you says to strip naked.
The extent can mean doing basic things like installing and AD blocker, using a password manager, surfing in isolated sessions (incognito mode) to stop cookie tracking and to leave no forensic artefact on your device, always posting with pseudonyms, using privacy-aware operating systems like Linux, etc
Then you have the extreme options available like Tor, using Qubes, GrapheneOS on your phone, changing your legal name, using burner phones, Faraday sleeves, VPNs for public Wi-Fi, network segmentation for IOT devices, disabling Intel Management Engine. Having multiple operating systems for compartmentation purposes, etc
There is a privacy rabbit-hole to get lost in. Luckily I’ve found a reasonable middle ground and am not one of those LARPer types who take it all too seriously.
By balance I mean I don’t go full LARPer when doing basic stuff like online banking and buying stuff from Amazon. LARPer means Live Action Role Play and refers to someone overly paranoid about every little thing. In other words, their threat model is wrongly applied to basic things. If you’re a journalist you may want to use Qubes and use disposable VMs to open PDF documents, for example. Most people would be fine just opening the PDF in Google Docs. The extreme options I mentioned can be used if you’re a target of harassment, like changing your legal name, or if you’re a prominent activist you may need a burner phone to attend a protest. It’s all about your threat model. Also: disabling Intel Management Engine could be useful for protecting your business secrets and intellectual property, but for most people doing mundane things it’s an extreme step to take.
I use incognito mode sometimes for NSFW stuff and when I don’t want to be tracked with cookies. I have a browser profile for when I need to be logged into something, like Amazon for example.
Also want to add that in the coming years they will start pushing biometric logins (https://www.theguardian.com/technology/2022/may/11/techscape...) in the coming years. This will tie all accounts to the same biometric data and identity, which will make blanket data harvesting and profiling much easier and more economically feasible.
> As early as 2010, Facebook’s marketing director argued that “online anonymity has to go away.”
These companies have a financial incentive to destroy online anonymity to the detriment of the rest of society, and biometrics are the latest attack
Not worth the effort. I assume everything I do is (potentially) seen by someone, and the typical approaches are only going to make me look more suspicious.
OP Here. Don't forget the great majority of data breaches are due to very basic issues i.e. unsecure passwords, shared credentials, unsecure API endpoints, etc. When hackers try to find their target, unless very specific cases, they start with the easiest path. This is where you have a word to say.
They may come for you, but with the right settings, it might not be worth the hassle.
You're going to have to put in the effort. No one said OP has to make it easy and cross-index everything for you. That's why we have computers to do the work.
I have a different perspective and a question for HN. We always ask how to prevent corporations from surveilling us. How about letting them surveil BUT giving incorrect information? Intentionally do things (manually or automated) that gives them completely incorrect information about you.
Avoiding surveillance is becoming very hard. But giving incorrect information is very easy.
A gotcha that I think's lurking here is that there's no opportunity to appeal the classifications you're bucketed into. Meaning that even if you give 'it' incorrect data, the way you get bucketed could still have a negative impact on your life.
Hypothetical, imagine your fake profile indicates you are a minority in some demographic dimension that is now out of favor politically. The dragnet would not really care if it happens to be true for you or not.
I'm recalling the Turkish cleansing of a local religious sect from all government jobs when its two leaders had a falling-out. This could happen in any country, imo.
Interesting point. I guess one way to avoid that could be making them believe that you are on their (govts) side? Intentionally click on pro-govt websites, etc.
If there is a conflict and you don't know who will come out on top, either support both of them (one actual support and one fake) or don't support either of them.
Either way, I believe that this topic of giving incorrect information is worth looking more into.
Very interesting. Thanks for sharing. There was another tool called something like "noisify". It intentionally visited random websites or clicked on random links to trip up any algorithm tracking you. That idea was fascinating.
I would say that it is becoming much harder. You need a real address to ship your items to that they will later correlate all of your activity to for example. In addition, many social media sights are requiring verification with government IDs. Try creating a Facebook account with fake details. They are able to filter these out pretty easily.
I believe there's some misunderstanding. I meant letting them know who you are, but giving incorrect information about your beliefs and thoughts. I still believe that giving incorrect information can be very effective.
Even if Google/NSA knows your name, they can only see the online activity that you choose to do. You can intentionally choose to give them very incorrect online activity.
For example, intentionally visit websites (manually or automated) that you don't believe it. This will trip up their algorithm. How are they supposed to know what you actually think or believe in?
> For example, intentionally visit websites (manually or automated) that you don't believe it. This will trip up their algorithm. How are they supposed to know what you actually think or believe in?
Imo the claim "We can suggest what you should do next, what you care about. Imagine: We know where you are, we know what you like." is just a sales pitch to the data industry in disguise.
They know what we do, but it isn't possible to know what we think without making a bunch of assumptions
IIRC the Brave browser is fuzzing "unique id" browser properties (screen resolution, CPU, language, time zone) to spread the users browsing fingerprints wider.
Even just basic malware blocking disables a lot of websites. I can't use some air and hotel sites (aa.com, ihg.com for example) anymore, plus unsubscribing from somewhat normal spam is almost impossible because the unsub links have trackers or something.
Right, for pure spam, yes. I want to know about my hotel or air reservation but not get their junk email. So I can't go scorched earth on them, but I can't unsub from the junk either due to my tracker dns blackhole.
IMVHO people should be more warred by their control on their data, in the sense of the ability to access and process them without depending on third parties services, than the already-lost privacy war...
I guess it really depends on what country you live in. In America, history has taught me people with enough money and power can destroy your life with immunity and that you could be one election away from 1984 or Hunger Games.
OP here. It's a fair criticism, thanks.
I have a limit of around 800 words per article. This is a newsletter, otherwise would be too long. It's the format I believe works best.
The idea is also to discuss the what and the how of online privacy. The list of actions can get pretty long, so I decided to divide the article while I was writing it.
I hate that we have brought back the serial novel in 38 parts for the sake of "engagement". Write the article or don't but I've seen too many of these things get abandoned before enough useful info gets published.
Believe it or not, it's not for the sake of engagement. I also use the internet and find articles with 2 parts to be disappointing but I felt like there was enough value in part 1 alone.
800+ words on an email client on a phone is just too much and there are better options to read long-form. I could make it smaller, but I would risk leaving out an important part I wanted to debate.
> "Profiling - Your online behavior can be used to serve you specific content or ads. This was particularly important in the 2016 Donald Trump campaign"
No references, I'm afraid I stopped reading there. Sorry.
Ordinary individuals who attempt to use technology to 'go dark' will likely, if they're careful, be able to conceal their online identity from your average stalker type, malicious ex, or seedy credit card fraudster, but certainly not from the likes of Google, Apple, Verizon, or any number of government agencies with access to those outfit's data centers. This is called mass domestic warrantless surveillance and it is illegal under any reasonable interpretation of the US constitution, and certainly shouldn't be allowed by private parties either.
As far as spies, every history of spies I've ever read has one thing in common: they all hide in plain sight, using cover identities of some sort, acting as much like a normal member of society or their organization as possible, and then running off to do their data transfer/nefarious activity in secret only rarely. Notably, mass domestic surveillance isn't a very useful tool for catching such people - it's more about authoritarian snooping on the population, engendering fear of the state as with STASI, as a means of control. That nonsense shouldn't be allowed, and those who promote it are nothing but authoritarian enemies of democratic rule and free expression.