It's not about what you have to hide, it's about closing the door when you go to bathroom.

Thoughts on Privacy in 2021

It's not about what you have to hide, it's about closing the door when you go to bathroom.

A summary of my thoughts on privacy, misinformation, conspiracy theories and the role Google and Facebook play.

Last week I came across a Tweet from Jesse Puji about how Facebook and Google are not listening in on your conversations, but use other methods of figuring out what you've just talked about with your friend over coffee and showing you related ads just after the conversation. I've been aware of these methods for a while, and whenever I talk with people about privacy, I hear the same line that Jesse uses as well: "I have nothing to hide" - which is a fundamental error as it mixes up "privacy" with "secrecy". Privacy isn't about hiding anything, it's about closing the door when you go to the bathroom.

Arguing that you don't care about privacy because you have nothing to hide is no different from saying you don't care about free speech because you have nothing to say.

— Edward Snowden

Continuing the thread, I read another line that I hear regularly in conversations with friends/family/acquaintances:

"This is a good thing." would be valid in a perfect world where everyone is nice to each other and only has the best intentions, to find the best product "for you and for your needs". But, we live in capitalism. Companies don't care if the product is the best fit "for you and your needs". They want to sell their stuff. The "comparison sites" don't care about you, they compare and promote the brand who spends the most on ads and commission. But hey, that's still OK, you can still decide and are in power of your choices, right?

Let's go one step further. You meet with someone who's into antivax, antimask, government surveillance (the microchip implant) theories, Querdenker, MAGA or QAnon. Facebook and Google spin up their algorithms and over time you'll slowly but surely get targeted misinformation in your feed that lets you first doubt your believes and then undermines your confidence. Of course, using these algorithms with personal information in targeted advertising costs a lot of money. During 2021 I kept wondering "who profits from antivax misinformation" and of course fell into the conspiracy trap and thought of big political power games etc., but in reality it's a lot simpler: It's just good business.

Oh the conspiracy theory, this could never be true!

To me, this means Ads and my personal information isn't just about buying a mattress or a refreshment, it's about how people can influence my decisions based on my personal habits, behavior and beliefs by continuously showing suggestions and targeted content on social media and websites I visit. Given there's adspace for sale everywhere, even my most trusted/visited websites may contain misinformation sponsored by the highest bidder, making the suggestion much stronger than a simple message on a social news feed.

What can I do?

The bad news: it's not easy and requires a sacrifice. The big ad companies have made life incredibly comfortable with Maps, Email, Messenger, Groups, etc. so you happily use their products for free and don't even think about them tracking your every move.

If you know any other/better/easier options, please let me know on Twitter or send me an email!

So far, the most effective anti tracking measures are found are "DNS Blocking", so every time a website tries to load anything (ie "Like" button with tracking pixel) from Facebook, the request is re-routed and blocked.

On a Mac/PC

I've been using "Steven Black's hostlist" for a very long time. Steven compiles and updates a list of 100,000+ (yeah right, one hundred thousand) unique domains which are known for personal tracking, adware and malware. You can pick another list which also includes fakenews, gambling etc. for a total of ~150,000 unique domains. This method requires a little knowledge about the operating system and you can easily lock yourself out of websites, so I would only do that if you know what you're doing. There are scripts and other ways, but I usually just picked the raw host list and copied/pasted it into /etc/hosts on a regular basis.

As I've been using this for years, I've also been wondering for years how I can protect myself on my phone, tablet etc., where one usually doesn't have access to internal /etc/hosts files.

On Mobile/Tablet

There are a bunch of apps available. I use AdGuard and Hush Nag Blocker as content blockers in Safari or the Brave Browser. If you're using Apple Mail, go to Settings -> Mail -> Privacy Protection and enable "Block All Remote Content". This blocks tracking pixels in emails (every newsletter uses those to check if, when and how often you open the email and which links to click).

This is OK, but it doesn't block adware/malware "in apps", since it's now popular to load a browser directly in the app, all the content blockers are circumvented.

Network-wide DNS Blocking

It's hard to admit that in my 20+ years in the Information Technology world, I didn't think of this before and only been using a network dns blocker since late 2020. There are consumer-friendly products like Firewalla, but you can also just get a cheap Raspberry 4 and install Pi-Hole, AdGuard Home or Cloudflare Gateway.

Every network request from every app from every device in your network will go through this little box (I got a Raspberry with a black housing, so it's indeed a "black box"). The request is encrypted (so your Internet provider doesn't know where you surf and can sell this information to Goog... the highest bidder), and several different "name servers" are used to make spread the traffic. There's plenty information about "dns blocking" and "dns filters", and simple guides on how to set up Pi-hole and a Raspberry Pi available, just DuckDuckGo for it. Which brings me to the last point:

Change your default search engine (and default browser)

If you still use Chrome, none of the above methods work, because tracking is built in to Chrome itself.

Google is trying to hide its true intentions behind a pretext of privacy,” the suit continues. With Privacy Sandbox, “Google does not actually put a stop to user profiling or targeted advertising — it puts Google’s Chrome browser at the center of tracking and targeting.

— https://www.theverge.com/2021/3/16/22333848/google-antitrust-lawsuit-texas-complaint-chrome-privacy

There are some good browsers out there. My main browser is actually Safari (#teamsafari) and Safari Technology Preview. I use Brave for work and to open social networking sites like Twitter and LinkedIn. And guess what, I don't use Facebook, Instagram or WhatsApp.

In your browser, go to Settings and find the "Default Search Engine". I've been using DuckDuckGo for years and are quite happy with the results, I'm reviewing Ecosia on a regular basis to compare.

Thanks for reading. If you have comments or feedback, feel free to send me an email or find me on Twitter.

Final Thoughts

I have no sympathy for online advertising. What started with silly annoying popup windows has become an empire where personal information is traded like commodities and targeting goes beyond age and gender demographics, religious beliefs and income down to daily habits, spending, location tracking and inter-personal interests based on your friends, family, social contacts (the above mentioned "conversation tracking"). The 1984 Resurrections?

PS: I know Twitter is pretty bad too, it's my "guilty pleasure".