How to reduce corporate spying

on me, hopefully

December 12, 2018 — July 12, 2021

computers are awful
computers are awful together
confidentiality
wonk
Figure 1

Threat model: I think that perhaps massive corporate data collection is an empire of oily rags which threatens governance, or perhaps just leads to strangers knowing too much about my doctor appointments, my mental health, and where my kids are, or indeed lets anyone find me who knows my number. I regard social media as a new pollution the we have not yet regulated. I want to risk the amount of this ambient data pollution I emit so that businesses who feed upon it cannot be so prey upon me so.

I don’t feel like doing gratis market research for large multinationals, spilling my friends’ secrets, or facilitating media weaponization.

Good. We can mitigate that kind data leakage, and many steps are incredibly easy, so it would be embarrassing not to, really.

1 Start with basic computer security

See how to reduce cyber crime.

2 Is macOS spyware?

Jeffrey Paul: Your Computer Isn’t Yours:

On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. … This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. …

”Who cares?” I hear you asking.

Well, it’s not just Apple. This information doesn’t stay with them:

  1. These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
  2. These requests go to a third-party CDN run by another company, Akamai.
  3. Since October of 2012, Apple is a partner in the US military intelligence community’s PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.

This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns.

They do not learn everything about your computer by doing this, but also they probably learn more than they should about your computer this way. If you want an app which verifies executables by checking them against a list, which is what many antivirus programs effectively do, then is this better or worse than the existing approaches? I do not really know. Is your identity tied to this data? etc.

3 Which apps should I allow to use my voice?

The voice assistants have given us no reason to trust them. Be wary.

4 Which apps should I allow to track my location?

As few as possible. The New Your times interactive on the 2019 state of the art is grim indeed and has all kinds of implications for how people’s lives might be controlled. Relevant: contact tracing

5 Social networks

Do not trust anything Facebook does or says. They are a Spyware vendor. The same goes for Instagram, Google, TikTok etc.

But you need to watch your mum’s bread baking on Facebook. I get it.

See social media if you must.

6 VPNs and encrypted networks

See VPNs etc.

7 Browsers

See browser confidentiality.

8 Search engines

See internet search.

9 Minimising tracking of my online purchases

Whole other complicated story, 🏗 I think worth doing. Consider what Amazon knows about you.

In addition to knowing what people buy, Amazon also knows where people live, because they provide delivery addresses, and which credit cards they use. It knows how old their children are from their baby registries, and who has a cold, right now, from cough syrup ordered for two-hour delivery. And the company has been expanding a self-service option for ad agencies and brands to take advantage of its data on shoppers.

If I would like to avoid Amazon tracking me, I should not use Amazon. Here is a list of non-Amazon online shopping. Some of these shops probably track us also, but the fact that there are many services means that none of them tracks every single purchase like Amazon does means that there is less information about to for any one entity to monetise. The calculus of privacy is up to you of course; Is it worse if many organisations know more about you in separate domains or if one knows everything about you? I tend to the latter, plus also I am concerned that Amazon is a badly-behaved monopoly, but YMMV. FWIW I shop using a mix of retailers, with lean towards Ebay as my fallback option, but direct-from-supplier where possible. I uses depop to find recycled fashion and abebooks to find second hand books.

10 Chat

See chat.

11 Email

See email.

12 Money

See transferring money.

13 Synchronising files

See Synchronising files.

14 Internet of things

There is no reason you should trust internet of things devices not to be spyware.

15 Going deeper

You should be approximately aware of the nasty things that people can and will do to your computer. Don’t do them yourself.

16 Getting old school