Privacy(draft)

Last Updated:

This is an attempt to share knowledge and tips on how to keep your personal data private. After reading this, you will know:

Even if you aren’t worried about your privacy now, it’s still worthwhile to make choices now that protect your privacy and exercise your privacy rights, for the same reason the US Navy conducts freedom of navigation exercises and UK citizens exercise their right to roam: regularly exercising these freedoms ensures they are still there and also protects the privacy rights of others who do need them now.

At the moment, there are also good reasons to worry about abuse of power and limits on speech. Keeping your personal data private will help hinder these abuses, especially those involving dragnet operations.

First, I’m going to discuss some of the technical details required to better understand the mechanisms corporations and and governments use to collection information about you.

Second, I’m going to discuss

Outline

  1. Motivation
  2. Background
    1. Technologies
      1. IP
      2. DNS
      3. Web Browsers, Web Servers, and Encryption (Transport and Disk)
      4. Cookies
      5. Trackers
      6. Search Engines
      7. Social Networks
  3. Infrastructure: ISPs, Financial Transaction Processors (Credit Cards, PayPal), Cloud Providers, Governments
  4. Personal Information Users
    1. Corporations
    2. Governments
    3. Criminals
      1. Organized Crime - extortion, blackmail, ransomware, botnets, identity theft
    4. Hacktivists
  5. Ancestry and DNS Testing Companies
  6. Information Seen
    1. IP messages (sender, receiver, payload). Seen by anyone between sender and receiver.
    2. DNS messages (name to IP). Seen by DNS resolver, which is typically your ISP.
    3. HTTP. All data between sender and receiver is visible to anyone in between.
    4. HTTPS. Data between sender and receiver is encrypted.
    5. End to End encryption. Any encryption scheme where only the sender and receiver can see the content of a message. HTTPS is an example of end to end encryption between the web server
    6. Search.
      1. Whenever you go to a website and enter search terms, that search engine can record what you are doing and other information about you it has (such as IP address).
      2. If you use the search bar built into your browser, the search engine also has access to these data.
  7. Private Communications
    1. Email: Use a paid mail service you trust. Don’t use an advertising supported service. I use ProtonMail. Ideally the service also supports end to end encryption, does not keep logs, and eliminates or reduces the window of time they have access to your content as small as possible.
    2. Messaging: Use a service that uses end to end encryption by default. Signal. Telegram.
  8. Web Browsing
    1. Firefox, Safari

Privacy Invasive Business Models

When you use a free site like Google or Facebook or watch television, you are the product, not the consumer. Advertisers are the consumers (the ones who pay money for) of these services who they pay to access you. It is in the financial interest of advertising companies to know as much about their audience as possible in order to sell more effective (and therefore more valuable) advertisements.

If you want a tool where you are the customer, you’re going to have to pay for it. There is just no way around it. The businesses need to make money and it’s either going to be from you or from someone else,a nd if it’s from someone else it’s going to be advertising based.

Google

If you have a Google account, you can use their Privacy Checkup feature to see some of the data they have on you. You can also choose to delete data and limit what they collect.

Google Chrome Privacy Notice Google Privacy Policy

Google Products

Let’s assume you:

Now consider all the information available in the data involved in those services. Google has the potential to know or infer:

Facebook Properties

Facebook Privacy Policy

Apple

Apple Privacy Policy

Apple Properties

Amazon

Amazon Properties

Jeff Bezos (Founder, Chairman, and CEO of Amazon) also owns The Washington Post.

Microsoft

Government Actors

Tools I’m Using

Reference

Privacy Advocates

Privacy Laws

Europe

United States

Canada