How to reduce corporate spying on you


Threat model: I think that perhaps massive corporate data collection is an empire of oily rags which threatens democracy, or perhaps just leads to strangers knowing too much about my doctor appointments and where my kids are, or indeed lets anyone find me who knows my number. I regard social media as a new pollution the we have not yet regulated. I want to risk the amount of this ambient data pollution I emit so that businesses who feed upon it cannot be so prey upon me so.

I don’t feel like doing gratis market research for large multinationals, spilling my friends’ secrets, or facilitating Cambridge Analytica voter manipulation.

Good. We can mitigate that kind data leakage damage, and many steps are so easy that we may as well.

Start with basic computer security

See how to reduce cyber crime.

Which apps should I allow to use my voice?

The voice assistants have given us no reason to trust them. Be wary.

Which apps should I allow to track my location?

As few as possible. The New Your times interactive on the 2019 state of the art is grim indeed and has all kinds of implications for how people’s lives might be controlled. Relevant: contact tracing

Social networks

Do not trust anything Facebook does or says. They are a Spyware vendor. The same goes for Instagram, Google, TikTok etc.

But you need to watch your mum’s bread baking on Facebook. I get it.

See social media if you must.

VPNs and encrypted networks

See VPNs etc.

Browsers

The browser mediates a large portion of my interaction with the internet, so I should make sure it is ship shape.

Blacklight realtime privacy inspector. I Scanned the Websites I Visit with Blacklight, and It’s Horrifying. Now What?

  • Brave is a browser which claims to eliminate most tracking except for consensual-opt-in privacy-compatible tracking. I have many questions about that, but it is worth a try.
  • Privacy possum aims to be a successor to Privacy Badger which is more aggressive and (the creator argues) remedies certain shortcoming in Privacy Badger. The argument is something like “let us raise the cost of tracking people” and consider ourselves successful if it is probably too expensive to bother.
  • Privacy badger is an open source non-profit low-configuration blocker of tracking advertisers
  • ublock origin offers fancy script blocking for the obsessive compulsive.
  • scriptsafe offers aggressive no frills script blocking.
  • The browser plugs suite comoprises various browser plugs that hinder fingerprinting of the unique features of your browser.
  • Fuzzify automates and monitors clicking on the "delete my ad data" button in facebook.
  • HTTPS everywhere is vexing. It is a large plugin that plugs certain security holes arount HTTP-versus-Secure-HTTP. Every browser should implement this functionality, of being secure by default instead of writing your passwords on the lawn in big letters any time someone asks. That’s why it’s annoying that you have to install a plugin to make it work. And, worse, a horribly memory-hungry plugin. This is being gradually rendered irrelevant by some network technology called HSTS; hopefully we can forget it soon.
  • adblock plus and ublock origin reduce the number of tracking services which can view us online. I really need to tidy the info about these up a bit and explain, because they are so simple and so useful. However, they may be an endangered species.
  • torbrowser bundles all the ad-blocking conceivable, although it also makes browsing unpleasant and slow. There is some kind of lesson there.
  • Left-field solution idea automate the browser do stuff randomly in order to hide what you do deliberately. Random noise extensions attempt to make your browsing data useless to trackers by making your browser mindlessly visit lots of nonsense sites, thus confusing the paper trail. noiszy does this for browsing. trackmenot does this for search queries.
  • Ghostery disables most of the social media spyware, although its a little opaque.

Browser containers

Firefox multi-user-containers are one low friction option; they compartmentalise our different online activities from each other so that each website lives in its own solipsist universe.

One could probably cobble together something similar for Chrome using multiple users, but that sounds boring. The Firefox solution is simpler. If you cannot use Firefox Containers, the below solutions might help.

Single Site Browser

I could use a Single-site browser to access Facebook because

  • Otherwise Facebook would know even more about me than they do
  • Facebook is a blackhole of timewaste that I don’t want to browse to by accident, so I should make it slightly more difficult for myself.

You can do this too, for social media, or for whatever other website you wish to.

Search engines

You don’t want large search businesses to know what you are searching for?

  • Startpage repackages Google search results AFAIK anonymously.
  • duckduckgo is a search engine that repackages… Yahoo searches (?). They are strident privacy advocates which is laudable I s’pose.
  • Qwant promises to forget user data rapidly. There is not a lot of organisational transparency on their privacy guarantees AFAICS.
  • search encrypt also claims to great privacy via encryption in the Perfect Forward Secrecy mode. Presumably this is supposed to prevent them from assembling a history of my searches? They do not explain exactly whom they wish to protect my search queries from, nor tell me how I would verify their claims.
  • The searx family is a network of metasearch engine portals with the aim of protecting the privacy of users. Searx does not share users IP addresses or search history with the search engines from which it gathers results. Tracking cookies served by the search engines are blocked etc. The flagship instance is searx.me but there are many user-operated ones, since it is open source. Advanced: run your own DIY search anonymiser on your own server.
  • Disconnect anonymises other search engines from their servers. Seems to have become unreliable for me?

trackmenot is an interesting alternate solution — it generates random nonsense search queries on search engines to muddy user profiling, much like noiszy, mentioned below, does for news consumption. I would be curious to know how effective that is, or even how one would discover how effective that is.

Minimising tracking of your online purchases

Whole other complicated story, 🏗 I think worth doing. Consider what Amazon knows about you.

In addition to knowing what people buy, Amazon also knows where people live, because they provide delivery addresses, and which credit cards they use. It knows how old their children are from their baby registries, and who has a cold, right now, from cough syrup ordered for two-hour delivery. And the company has been expanding a self-service option for ad agencies and brands to take advantage of its data on shoppers.

If you would like to avoid amazon tracking you, the way you do that is you do not use Amazon. Here is a list of non-Amazon online shopping. Some of these shops probably track you also, but the fact that there are many services means that none of them tracks every single purchase like Amazon does means that there is less information about to for any one entity to monetise. The calculus of privacy here is up to you of course; Is it worse if many organisations know more about you in separate domains or if one knows everything about you? I tend to the latter, plus also I am concerned that Amazon is a badly-behaved monopoly, but YMMV. FWIW I shop using a mix of retailers, with lean towards Ebay as my fallback option, but direct-from-supplier where possible. I uses depop to find recycled fashion and abebooks to find

Chat

See chat.

Email

See email.

Money

See transferring money.

Synchronising files

See Synchronising files.

Going deeper

You should be approximately aware of the nasty things that people can and will do to your computer. Don’t do them yourself.

Getting old school