- Start with basic computer security
- Is macOS spyware?
- Which apps should I allow to use my voice?
- Which apps should I allow to track my location?
- Social networks
- VPNs and encrypted networks
- Search engines
- Minimising tracking of my online purchases
- Synchronising files
- Internet of things
- Going deeper
- Getting old school
Threat model: I think that perhaps massive corporate data collection is an empire of oily rags which threatens governance, or perhaps just leads to strangers knowing too much about my doctor appointments, my mental health, and where my kids are, or indeed lets anyone find me who knows my number. I regard social media as a new pollution the we have not yet regulated. I want to risk the amount of this ambient data pollution I emit so that businesses who feed upon it cannot be so prey upon me so.
I don’t feel like doing gratis market research for large multinationals, spilling my friends’ secrets, or facilitating media weaponization.
Good. We can mitigate that kind data leakage, and many steps are incredibly easy, so it would be embarrassing not to, really.
Start with basic computer security
Is macOS spyware?
On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.
It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. … This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. …
”Who cares?” I hear you asking.
Well, it’s not just Apple. This information doesn’t stay with them:
- These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
- These requests go to a third-party CDN run by another company, Akamai.
- Since October of 2012, Apple is a partner in the US military intelligence community’s PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.
This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns.
They do not learn everything about your computer by doing this, but also they probably learn more than they should about your computer this way. If you want an app which verifies executables by checking them against a list, which is what many antivirus programs effectively do, then is this better or worse than the existing approaches? I do not really know. Is your identity tied to this data? etc.
Which apps should I allow to use my voice?
The voice assistants have given us no reason to trust them. Be wary.
Which apps should I allow to track my location?
VPNs and encrypted networks
See VPNs etc.
See internet search.
Minimising tracking of my online purchases
Whole other complicated story, 🏗 I think worth doing. Consider what Amazon knows about you.
In addition to knowing what people buy, Amazon also knows where people live, because they provide delivery addresses, and which credit cards they use. It knows how old their children are from their baby registries, and who has a cold, right now, from cough syrup ordered for two-hour delivery. And the company has been expanding a self-service option for ad agencies and brands to take advantage of its data on shoppers.
If I would like to avoid Amazon tracking me, I should not use Amazon. Here is a list of non-Amazon online shopping. Some of these shops probably track us also, but the fact that there are many services means that none of them tracks every single purchase like Amazon does means that there is less information about to for any one entity to monetise. The calculus of privacy is up to you of course; Is it worse if many organisations know more about you in separate domains or if one knows everything about you? I tend to the latter, plus also I am concerned that Amazon is a badly-behaved monopoly, but YMMV. FWIW I shop using a mix of retailers, with lean towards Ebay as my fallback option, but direct-from-supplier where possible. I uses depop to find recycled fashion and abebooks to find second hand books.
See transferring money.
See Synchronising files.
- mobile devices
- Running your own server? See secure web servers.
- How to delete yourself from the internet
- The Inevitable Weaponization of App Data Is Here
You should be approximately aware of the nasty things that people can and will do to your computer. Don’t do them yourself.