If You Care About Privacy

It’s hard to maintain privacy these days, ever since we started carrying around the ultimate Internet connected surveillance device in our pockets. So what can you do about it? Here’s a brief guide.

Vote with Your Wallet #

Thanks to capitalism, the best thing you can do in most cases is express your frustration about loss of privacy by boycotting companies that don’t respect your right to privacy.

Additionally, reward companies that do care about your privacy by buying their products.

The market has responded somewhat since this article was first written. Privacy-focused alternatives have gained ground in multiple categories: DuckDuckGo for search, Brave for browsing, ProtonMail for email, and Bitwarden for password management. Supporting these alternatives helps build a more privacy-respecting tech ecosystem.

If You Aren’t Paying for a Product, You Are the Product #

I’m very suspicious of the term “free” these days. It’s often misused, and it tends to be used in cases where there’s a cost but that cost is hidden. A good example of these are “free” social networks like Facebook, Instagram, Twitter, etc. None of these services are free, it’s just that you (as a user) are not the customer. You are the product.

The customers for these products, in most cases, are advertisers or anyone interested in collecting vast amounts of data. For example, Foursquare, Yelp, and credit card companies all sell your daily activity data in bulk to financial firms (such as hedge funds) who use your data to estimate revenues. If you have everyone’s purchase history, it’s pretty easy to guess how much Apple’s revenue will change over time.

The extent of this surveillance capitalism has only grown since 2019. A 2022 study found that the average mobile app shares data with six third parties, and some popular apps share with more than 50 different entities¹. Your fitness tracking app might be sharing your location with data brokers, while your weather app sells your movement patterns.

In some cases your data is anonymized, but unfortunately anonymized data can always be de-anonymized once you have enough of it, or have a way to correlate anonymized data with personally identifiable information. For example, if you know someone’s home address and you notice some purchase patterns (from, say, credit card data) where all items are shipped to that address, it’s relatively easy to guess out who the credit card data belongs to.

This isn’t theoretical—researchers have repeatedly demonstrated that supposedly “anonymized” datasets can be de-anonymized with shocking accuracy. A landmark 2019 study showed that 99.98% of Americans could be correctly identified in any dataset using just 15 demographic attributes².

A simple suggestion: prefer products you pay for. Companies you’re paying are less likely to be violating your privacy in obscure ways (although sometimes they do it anyway, for example ISPs who like to sell your browsing behavior).

Use Privacy-Focused Products #

• Apple has a relatively good record for privacy, so prefer Apple products over Google, Facebook, or Microsoft products
• Use private messaging apps: Signal (now the gold standard for secure messaging), iMessage, Session, Element (formerly Riot.im), or Threema
• Store your data on your computer, instead of using tools like Dropbox, Google Drive, iCloud, etc. If you need cloud storage, consider Tresorit, Sync.com or Cryptomator (which lets you encrypt files before uploading to any cloud service)
• Use a browser like Firefox which has built-in tracking protection, or Brave which blocks trackers and ads by default
• Use an ad blocker like uBlock Origin to protect yourself from ads, tracking, and other privacy violations
• Try Firefox’s Multi-Account Containers or temporary containers extension to prevent websites from tracking you around the web
• Use Pi-hole with a DNS provider like Cloudflare or NextDNS with a good privacy record, this will make it more difficult for your ISP to spy on you
• Consider a privacy-focused email provider like ProtonMail or Tutanota instead of Gmail or Outlook
• Use a password manager like Bitwarden or KeePassXC rather than reusing passwords or storing them in your browser
• Use a VPN service with a strong no-logs policy if you frequently use public Wi-Fi (though be aware most VPNs don’t deliver the privacy they promise, research carefully)
• For mobile devices, explore privacy-enhancing tools like Lockdown (iOS) or TrackerControl (Android)

Avoid #

• Avoid “cloud” products: prefer storing data on your own devices, disable backup and syncing to cloud services—“cloud” is a euphemism for storing your data on someone else’s computer where you don’t hold the keys
• Avoid ad-based products, such as free games (of which there is a myriad); they are almost always selling your data out the back door
• Avoid companies that have a long history of privacy violations like Facebook/Meta and Google
• Be wary of smart home devices with microphones or cameras—they’re essentially surveillance devices you’re paying to install in your own home
• Avoid mass media
• Be skeptical of any app requesting excessive permissions—does your flashlight app really need access to your contacts, location, and microphone?
• Think twice before using facial recognition features, especially on services that store your biometric data remotely

Regulatory Progress #

Privacy regulations have evolved significantly in recent years. The EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA) give consumers more rights over their data. While enforcement remains imperfect, these regulations have forced companies to be more transparent about data collection and provide mechanisms for users to request data deletion.

You can exercise these rights by periodically requesting your data from major services and asking them to delete information they don’t need to provide their service.

Privacy Matters #

There’s a growing trend toward slowly eroding individual privacy. Creeping normalities like the eradication of privacy hurt everyone, except for those in positions of power (who, amusingly, demand strong privacy for themselves).

The stakes have only gotten higher with advances in artificial intelligence and facial recognition. Today’s data collection goes beyond targeted ads—it enables predictive models of behavior, influence operations, and even systems of social control. As Edward Snowden put it: “Arguing that you don’t care about privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.”

Stay strong, and don’t let FOMO get the best of you.