If it's free. You're the product.

How I Protect My Privacy

If it's free. You're the product.

Privacy is about going to the restroom and closing the door behind you. It’s not other peoples business.

When I talk with family and friends about privacy, the first response is usually “I have nothing to hide” or variations of the same sentence. The best response to that so far I heard from Aral Balkan many years ago: “Privacy is about going to the restroom and closing the door behind you. It’s not other peoples business”. It’s also why people have a fence around their garden or turn computer screens away from doors and windows. I remember talking with people about privacy and that privacy is becoming a privilege; society especially in America is so conditioned to giving up all their private and personal data, they don’t care anymore. Look at the millions of teens sharing their life on Instagram (Facebook Inc.), WhatsApp (Facebook Inc.), Facebook (Facebook Inc.), SnapChat (Snap Inc.) or other platforms from American corporations. It’s not about having things to hide; it is about the fundamental right of owning private and personal data and deciding for yourself with whom you want to share this data. I’m sure you didn’t intent your last 500 Google searches to be sold together with your name, social security number, credit status, address and phone number to the highest bidder because that is what Google is all about. I am personally very happy Facebook and Google screwed up so bad recently. Because people are becoming aware of the amount of data those companies harvest on everyone and the power the information holds (i.e., manipulating votes). If you need a reminder, here’s a list of the most recent fuck-ups with your data:

Measures I Take

Neither Google, Facebook nor any of the Advertisers respect the “Do Not Track” setting we have in our browsers, so here are the measures I take to prevent Big American companies spying on me and my life. Not that I have anything to hide, but what I do is none of their business. And, if you run a startup or business, you might want to turn off your Google Suite/Google Apps account, as Google (and therefore the NSA) is leaking patents and economic information to American companies for competitive advantage (PRISM):

Alternative Online Services

I live a life without Google, here’s how:

  • E-Mail, Calendar: Fastmail by FastMail. What I pay for: images are not loaded by default (think of all those tracking pixels), IMAP/SMTP and everything else for my email needs.
  • Search: DuckDuckGo by DuckDuckGo. Took a while, but they’re great now. Excellent results, no tracking, privacy first. Ads are marked “Ad.”
  • Documents: Apple Pages & Numbers
  • File Sharing: Resilio Sync, peer-to-peer sharing, no central servers. Documents belong only to you and the people you share them with.
  • 2FA/MFA (multi-factor-authentication): Authy by Authy
  • Browser: Safari or FireFox. Pro-tip: Get Better Blocker
  • Chat / IM: Wire.com messenger by Wire
  • Registration/Login: Always email and password. Never the same password. NEVER EVER Google or Facebook login. And of course 1Password

Hostfile

{{< figure src="images/1*YJPQl40xo_koTwnFj5y2wQ.jpeg" >}}

This one is a bit technical, but it offers the most significant impact on your online privacy. Unfortunately, it only works on Computers or rooted Android phones; one can not modify the host file on iOS or Android. The situation: Every time you visit a website with a Facebook “Like” button, a request is sent to ads.facebook.com (or similar) that you are visiting this website. It would be great if this request never reaches Facebook, because it's none of their business, right? That is where the host file comes in. An entry like

`ads.facebook.com    0.0.0.0`

Will prevent the request of ever going out into the internet, as 0.0.0.0 is the address of your computer. It’s a simplified explanation, if you want to know more about this, NordVPN wrote a proper article about How To Block Ads and Malware with Your Host File.

ads.facebook.com is just one example. There are over 55.000 domains for tracking and malware! You can head over to Steven Black's GitHub and download a host file of your choosing. See the NordVPN article above on how to install these files and never be bothered by Ads or Malware again.

Blocking everything else: LittleSnitch

For the fine tuning on blocking requests, I use Little Snitch. For example, in all installed applications and my daily browser Safari, I block all requests to Google domains, to prevent them spying on me. But some times I need to look something up on Google or use a website which loads JavaScript assets from Google services (looking at you, StackOverflow). For these, I use Firefox, which is the only App allowed to connect to Google. The whole setup takes 1–2 minutes in Little Snitch.

Mobile

Using alternative online services helps a bit to keep trackers in check, but on Mobile, there are still a lot of issues to address. Most Apps use behaviour tracking, usage tracking and of course social tracking for their “market research.” If you know a way how to prevent this, please let me know!