We all want to regain (and keep) our privacy online. There are many features and industries built around the fight for privacy, from private browsing modes and tracker blockers to private VPNs. But online privacy is a myth, and offline privacy can be, too.
Yes, a myth
Myths are stories (or narratives) that often form the basis of societal beliefs. A myth about online privacy is this: Privacy is considered the bedrock of our society. To the extent that we recognize that we don’t have privacy online, it feels like we’ve lost something—something that we can restore with the right software settings, behavior, or perhaps rules.
If you think about it, the myth of privacy on the Internet even benefits the industries that benefit from its lack. We can all agree that there is no privacy on the internet, but leave us to a search engine and we’ll search an endless list of anything we can think of, including potentially sensitive topics like medical issues. The police even dig into the history of these searches to find the criminals.
Violation of the illusion of privacy
We can all agree that online privacy is not something we have. But do you realize how little privacy you really have?
First of all, when you go online, your internet service provider (whether it’s your home internet connection or your cellular connection) can see all the websites you visit. In the US, they may even sell your browsing data. Your mobile carrier may even track and market your app activity.
When you visit a website, it can see your IP address and use it to track your visits. But it probably also loads a lot of tracking scripts. These tracker networks may track your activity across multiple websites. This is one of the reasons why you see sales ads that follow you around the web after you search for a particular product. Even if you clear your cookies, there are many ways to remove your browser fingerprint.
“Cloud” is just someone else’s computer. If you upload your files to the cloud without using end-to-end encryption—something most services don’t offer—your files can be viewed and accessed by the company that owns the cloud service. The same goes for messages and emails, which are usually not encrypted either.
Okay, maybe you know all this, but did you know that advertisers can link your in-store purchases and visits to the ads you see? For example, Google has a product that does this, and one of the data sources it uses is vague “transactional data uploaded by an advertiser or aggregated and anonymized data from third parties.” Your credit card usage is also used to track you.
Did you know that Facebook’s advertising tools are so detailed that you can target your ad so narrowly that you can only show it to one person?
Government surveillance is self-evident: Edward Snowden drew attention to the massive unauthorized government surveillance of internet and phone data. The NSA’s XKeyScore software reportedly enables real-time searches and access to vast amounts of data logged about online activity.
The online world, of course, is not something completely separate from the real, physical world. The US is full of automatic license plate readers, and many of them are now integrated into a large network. Even if you leave the computer and go for a ride, your movements are tracked and recorded. Amazon may share Ring doorbell camera video with authorities without your express consent. Your mobile phone location data is also used to track you.
What can you even do?
Such an article can be continued endlessly with examples. Do a little digging and you’ll find many more examples. The amount of data that is constantly collected, processed and analyzed about us is hard to imagine.
There are no perfect fixes. Private browsing will prevent the browser from remembering your history and will provide a new set of temporary cookies, but your IP address is still available. You may not use Facebook, but Facebook still has your shadow profile. You can use a VPN, but eventually you’re going to be logging into something that will link your identity to your VPN browsing, and you’re trusting a VPN that hopefully doesn’t keep logs.
So what can you do? Well, you can still make a dent. If you’re currently broadcasting your life as a 24/7 live stream, turning off the camera will result in less data.
You can use a VPN along with Private Browsing to mask your browsing, but don’t rely on a VPN alone, and make sure you trust the VPN. You can use Tor, although Tor also has vulnerabilities. You can use more private, encrypted services, such as chatting on Signal instead of regular SMS messages. You can keep your confidential files private by storing them locally or securely encrypting them before uploading to online storage.
And yes, you can go further: using cash, for example, and collecting facial accessories that will stop facial recognition cameras.
What’s up? Threat modeling 101
But while you’re sitting there using Tor on your computer with Tails, trying to figure out how to log off without going offline, you might be asking yourself, what’s the point?
No, we don’t mean give up—we mean think about what you’re actually defending against.
- You might not care if Facebook knows you’re interested in watching the latest movie. But you might want to run a VPN and private browsing mode when you’re looking for information about a medical problem.
- You can store unencrypted photos of your vacation in the cloud, but you can keep sensitive financial documents more secure.
- You might not mind texting your plumber, but you can talk to your wife privately on Signal.
It’s all about your threat model—what are you really trying to protect against? When you understand that privacy is important to you, you can take steps to keep that individual sensitive information private, rather than being overwhelmed by constant data collection.
Unfortunately, this is not a recipe for “online privacy”. There is no easy way to flip the privacy switch and restore the mythical state of privacy. But there are things you can do to better protect certain things and keep them more private.