I’ve been thinking a lot about online privacy for the last few months and have invested some time in what you might call a privacy tune-up. The gap between what I now practice myself and what my “normal non-nerdy” friends and colleagues do is now big enough that I’m starting to feel a bit dishonest by not discussing it openly.
So while it might feel initially like a bit of a vibe-killer to be talking privacy and security on a Saturday morning, I’m going to have a go.
Google, Facebook and gang – they’ve gone too far. I want my personal data back.
Google tracks pretty much everything you do and uses that information to sell advertising to businesses. The supposed benefit is that you get “more relevant” advertising, but I’m just not seeing it. I don’t think the advertising I see is particularly relevant or useful and I’d rather make my own decisions on what is relevant to me.
Since 2004, Google’s search results have been personalised to each user using over 50 factors to determine which results each user sees. They are individual to you based on everything Google knows about you including your location, past search history, web history and social network use. Google does this whether you are logged in or not.
This is supposed to be useful to us, but I think it’s actually to our detriment – we see less that is new and more that is familiar.
It’s nice to see things that are familiar but like peeing your pants the nice warm feeling quickly goes cold when you realise you’re living in a bubble, an echo chamber where the only voice you hear is your own.
So while personalised search increases the likelihood we will click on something and that increases Google’s profits, it does not widen my world or make my life more varied and interesting.
I’ve become increasingly conscious lately of the bubbles we all live in. The world is a big and fascinating place full of disparate views, opinions, schools of thought and discussion. But increasingly modern technology shields us from that.
Your Facebook feed prioritises things that your friends already like and agree with, and your Google results prioritise things they think you already know. Your Instagram feed isn’t the full list of pictures posted by people you follow – there are too many now. Instead, it is just the pictures from people you follow that you’ve interacted with the most. So you end up seeing more and more of the same- they’re all at it. More echo chamber, more bubble.
Facebook is the same – your feed is tuned completely to you based on everything they know about you – and they know so much more than you realise.
A Facebook insider told me they know who you’re sleeping with even if you haven’t set your relationship status – the Facebook app sends your location to Facebook servers. So Facebook knows which phones are on the same bedside table at night. Facebook knows if you’re having an affair long before your wife or husband does.
And remember, Facebook owns Instagram and Whatsapp too and the tracking data is shared and pooled between them. So if you want out, you need to delete all three apps, just deleting Facebook won’t do it.
We’re living in an era of huge “confirmation bias” where we see a distorted view of the world that makes us think everyone thinks like us and alternative ways of looking at things are hidden. I want less of that.
Incognito mode and Private Browsing Mode are nothing like you think.
Several years ago Google’s Chrome browser got “Incognito mode” and shortly after Safari got “Private Browing”.
Most users incorrectly think that when you’re using these modes you are not being tracked, and your searches are not being recorded. This is incorrect.
Incognito mode simply stops you leaving a trail of history on your local machine. But your internet provider still gets to see, track and log every single website that you visit. And if you’re at work or in a school, they get to see and log everything too.
There is something that you can do about this – see point 4 below.
So here are four things I’ve done to shift the balance back.
1. I’ve stopped using Google for search
I know that Google “won” search and made us think there is no alternative, but it turns out that there is. I’ve started using DuckDuckGo.com as my default search engine on my Mac, iPhone and iPad.
This is easy and far less traumatic than you think. Visit their website and type the search term – just like Google. You’ll be surprised at how good it is. If you follow their quick guide, in a couple of clicks, it will be your default search engine handling all your requests. You can easily force a search to go through Google later by just adding “!g” before the search term and DuckDuckGo will go and use Google for that particular search.
Using DuckDuckGo give me three key benefits :
- They don’t track me.
Everything I search on there is private and they keep no records that tie any of my searches together to me and identify me to advertisers. None of my search interests are packaged and sold off. I like that.
- They block Google trackers.
Google trackers are in YouTube, Gmail, Chrome, Android, Gmaps, and all the other services they run. DuckDuckGo has a free browser extension and mobile app that blocks these Google trackers, along with the ones from Facebook and other data brokers
- They give me unbiased search results outside of a “filter bubble”.
When I search, I want to see what other people see, not just things that I’ve seen before or are likely to already agree with.
2. I’ve switched off all of my Google tracking preferences
I can’t avoid Google completely – I need to use YouTube and my employer, Reward Gateway uses Google Cloud for everything. I still use Chrome as my browser for things to do with work, although I’ve installed the EFF’s free HTTPS Everywhere and Privacy Badger plug in’s to make Chrome more private. (If you’re a Safari user you’re using a much more private browser by default without doing anything).
To be fair to Google, they make this easy – far easier than Facebook.
In the Google Privacy Centre, you can switch off or pause in Google’s language – they hope you will change your mind – “activity” which is Google’s word for tracking. You do this on a product by product basis so search, YouTube, Google Maps etc. So it takes a few minutes and you need to read the screen carefully and pay attention. Pour yourself a coffee and it’ll be done in 5 minutes. I promise it’s not painful.
You can also look at MyActivity on the same page and see everything that Google has tracked about you in the past. Google then lets you delete your whole history if you want to.
3. I use Apple products and services wherever available.
At the risk of antagonising all of the Android and PC users reading, I do want to make this point because I think it is really important. It’s not about being an Apple fanboy or saying that one product is better than another from an aesthetic or functionality perspective. It’s simply that Apple has a different business model to the other tech companies and that fact is there in plain sight, with all of the financial data available to prove it.
If you’re not paying for the product, you are the product.
This has been said before but it’s really important so let’s make it really clear.
You are not Google’s customer, and you are not Facebook’s customer either. Advertisers are their customers – they are the ones that pay billions of dollars a year for access to you and your personal information.
You are the product, not the customer, it is you that is being sold to the advertiser.
Apple is not a benevolent charity, it’s the most profitable company in the world. But it had a radically different business model to Google and Facebook. Google’s products are free (search, cloud etc.) or cheap (Android phones) because they are subsidised or paid for by advertisement income. Apple’s products are, by comparison, expensive because you are the customer and you are paying for the product, there is no or minimal advertising income.
Just to give you the data behind that – in 2017, Google’s advertising revenue was USD$ 95 billion out of total revenue of USD$110 billion. So advertising revenue was 86% of Google’s income. Apple products, by comparison, carry so few adverts the company does not break out advertising at all in its public accounts.
Using the latest figures from Q3 2018, their “Other products” category which includes, headphones, Apple TV, AirPods and advertising is altogether only worth 7% of Apple income. Advertising is estimated at less than 2% – primarily through Apple News.
Because we pay for Apple’s products they do not carry advertising, our data is not sold to advertisers, and our private data is therefore private. Tim Cook makes this point repeatedly in public.
Three changes I’ve made recently :
- I moved most of my email from Gmail to iCloud mail
If you use Gmail then Google will read your email and use the keywords they find in there to personalise products and create “useful” links between Google products (they used to read your email to serve up related advertising but they stopped that a couple of years ago).
- I pay using Apple Pay online and in-store wherever it is accepted (most places now)
When you pay using a credit card, the retailer or their handler gets your credit card number and details. They often lose this information, and it ends up on the dark web causing you a nuisance when fraudsters buy and use it.When you use Apple Pay they do not get your credit card details – they get a scrambled one-time token which changes every time you use the service, so they never get to track you or know who you are. There is no way they can lose or leak your credit card or Apple Pay ID.
Interestingly, Apple never gets to see or hold your credit card details either nor do they retain any transaction information that can be tied back to you – the service is private by design. (Explained here)
- I use Safari for all browsing except where I have to use Chrome for work applications
Safari version 11, released in September 2017, caused a storm with internet advertisers, some of whom got together to claim that Apple was out to “sabotage the economic model of the internet”. The cause was Apple’s new “Intelligent Tracking Protection” feature. I won’t go into all the detail here, but basically, it severely restricts the ability of internet advertisers to track your usage across websites that you haven’t directly visited – something done with “third party cookies”.In addition, I can keep all of my website passwords stored in Safari, and they also work on my phone and, importantly, inside iOS Apps. I won’t go into detail here as this is a feature about privacy, not security, but trust me it’s a game changer.
I’m not saying Google is evil, I think they’ve done a good job with their privacy settings and transparency around privacy and security recently. I’m just saying that their business model is very different and I’m making a personal choice that I’d rather pay for a service than be the service.
4. I’ve started using a VPN all the time.
OK, this is the most techy and I might lose 90% of what few readers I had at this point. Try and stay with me, it’s really much simpler than the jargon makes it look.
Why you need a VPN
When you access the internet, your internet service provider – that’s the company who provides you with your broadband or mobile connection, gets to see every website that you visit. They can see that and whether they choose to log and save that data depends on their individual commercial interests and the local laws in place depending on where you are in the world.
In the European Union, the law says that ISP’s must keep records for 12 months that include your IP address log-in and log-off times; the sender, recipient, date and time of emails; and the caller and recipient of internet telephone calls. How long they keep records of the websites you visited is left for them to decide.
In the USA things changed this year when the Trump administration voted to ditch a whole load of privacy protections that had just been voted in last year. The restrictions sought to limit what companies could do with information such as customer browsing habits, app usage history, location data and Social Security numbers.
Those limits are now gone so American ISP’s can now track and trade those data and more – even without your consent. The industry thinks you shouldn’t worry though as they’re going to come up with a voluntary code of conduct around it. Sure!
How a VPN helps
A VPN is a piece of software (occasionally a piece of hardware) that runs on your computer and it “tunnels” all of your internet traffic to a specific server somewhere in the world before releasing it onto the internet. VPN providers will have hundreds of these servers all over the world, and you can pick one near you (for speed) or even not near you (if you want to pretend you are in a different country).
The benefit of this is that your internet provider, school or place of work only sees you connect to the VPN’s server – they can’t see anything inside your tunnel. So as long as you choose a VPN provider who doesn’t keep logs themselves – which means they are located in a country which doesn’t force them too, then all of your browsing and searching is totally private.
Important : You MUST pay for a VPN
You must pay for a VPN – never be tempted by a “free VPN service”. remember – if you aren’t the customer, you are the product. You’re sending this company all of your internet browsing and searching – all of your data. So for heaven’s sake don’t be cheap and send everything to a company that has no income without monetising it somehow! They are inexpensive and a crucial part of your internet privacy setup.
I use ExpressVPN which is based in the British Virgin Islands and keeps no logs. I like as it has a nice Mac interface, also works on my iPhone and is fast and reliable. But there are many others that keep no logs including NordVPN based in Panama and Anonine based in Sweden. Lots of websites offer comparisons including this one.
And the easiest way to protect your whole household is to choose a VPN provider that can actually be installed on a wifi router rather than your computer. That means every single device connecting to your wifi is protected by your VPN and you can literally install and forget it. So I bought an Express VPN account and then this wifi router and it’s worked perfectly for months. You can do the same with an account from NordVPN and others.
You might think I’m paranoid or have something to hide. But I think we all need this.
There are lots of reasons why people ignore online privacy and security. Some people think it’s too hard, too technical, some people think nothing will happen to them. Some people have an inherent trust in authority and establishments – the “if you’ve nothing to hide you’ve nothing to fear” argument.
But what I know is that information in electronic data form is easier to move around, copy and replicate than information was 30 years ago. If information about you exists, there is a very good chance that at some point it will be bought, sold, traded, stolen or lost and could be used against your interests.
No-one should care about your privacy and security more than you do because no-one else is more affected by it than you. I think we all owe it ourselves to learn more and do more, and that’s what I’ve been doing these last few months. Hope you do too.
This is all nice but want to know what the real experts do?
When it comes to privacy and security, I’m reasonably well-informed and interested, but still an amateur. So I wanted to know what the real experts do.
This week, I’ve been asking Reward Gateway’s most senior technology and information security staff to share with me how they protect themselves at home. The answers are enlightening.
They’re not talking IT policy or sharing a best-practice note, they’re telling me what they actually do at home personally when no-one is watching to keep themselves and their families safe. It’s a unique look behind the curtain at what the real experts do.
I’ll be publishing this behind the scenes look in a couple of weeks. To get an email when I do, subscribe to my VIP list.
- “The Four : The Hidden DNA of Amazon, Apple, Facebook and Google” by Scott Galloway. (also available on iBooks)
- It’s time to limit online tracking by DuckDuckGo Founder & CEO Gabriel Weinberg
- Why should I use DuckDuckGo instead of Google on Quora
- A new study suggests that Google collects more consumer data than users think (way more)
- What to expect now that Internet providers can collect and sell your Web browser history (USA)
- Your “Anonymous” Browsing Data Is Not Very Anonymous
- Amazon fires employee for sharing customers’ email addresses
Alternative and opposing viewpoints
As I’m researching an article, I often find opposing viewpoints. It seems wrong to hide them so here they are and you can make your own mind up.
- In defense of the Echo Chamber – John Pavlovitz
(John makes some excellent points – do read it)
- Apple Pay’s Low-tech Security Problem – Pymnts.com
- Major Ad Trade Groups Release Joint Letter Outlining Deep Concerns Over Cookie-Handling Functionality of Apple’s Safari 11 Browser
I own shares in Apple, Facebook and Google which are all mentioned in this article. They’re good, profitable growth businesses and I understand how they make money – that’s why I invest in them. But I also want to be honest about what I think of the products and whether I am personally a user of them. Then you can make your own mind up. Clearly, if everyone followed my example, my Facebook and Google shares would be worth a lot less.
I don’t monetise this blog in any way through affiliate links or advertising, and I don’t have any connections with any of the companies listed unless I’ve disclosed them clearly here.
I also realise this post may look like a DuckDuckGo advert so it’s being very explicit that I have no commercial relationship with them at all, earn nothing from this and I’ve never even spoken or messaged anyone from DuckDuckGo. If you’re curious as to how they make money it is explained transparently here.