Your Privacy At Risk
Your privacy is at risk like it has never been before, yet most folks think they have no need for concern and that only guilty criminals need be concerned.
Why should I care about privacy, when I have nothing to hide?. — Reset the Net
They are wrong!
Your Privacy at Risk documents the unprecedented attacks on personal freedom being perpetrated by corporations and governments worldwide. Profit and political control are the motives but this practice threaten our way of life.
This page contains information that will help you protect and restore your privacy.
Avoid Giving Information Away
You need to take steps to avoid giving away unnecessary information and reduce your exposure to the sources:
- Choose your browser to provide optimum privacy.
- Turn on Do Not Track in your browser.
- Use encrypted (HTTPS) sites where possible.
- Use privacy plugins like Ghostery or Privacy Badger.
- Use a VPN service or TOR to protect your privacy.
Understanding the Issue
Everyone that asks you to fill out a form — whether a paper form or on-line — is collecting personal data.
Once you provide that information, it is no longer in your control. While everyone is diligent in collecting your information, they are less careful in protecting that information — particularly if an opportunity to profit comes along.
OpenMedia works to keep the Internet open, affordable, and surveillance-free. We create community-driven campaigns to engage, educate, and empower people to safeguard the Internet. — OpenMedia
Protect Your Privacy
Be selective in the information you provide.
Avoid giving it away without thinking about the potential consequences first.
- Does this site need the requested information to supply what I need?
- How will they use that information?
- Will they share (sell) that information with others?
- How will they protect my personal information?
- If they fail to protect it, what are the consequences for me? For them?
Providing data that enables a company to better sell you what you don't need in exchange for a newsletter or a free document can be a very poor bargain (at least for you).
Does This Site NEED My Information?
If you are ordering a product, the company will need your shipping address and payment information. However, you have choices in how that is accomplished. For example, by using PayPal the seller won't have your credit card information.
Many sites and online games offer the option to create a unique log-in identity or use your Facebook or Google profile.
- Logging into a third-party site with Facebook ID provides that third-party site to your Facebook profile, including your Facebook friends, likes, dislikes, political views and more.
- Generating a unique account with its own password provides that same company only with your name and email address.
Which do you think protects your privacy more (hint, Facebook doesn't believe in privacy unless you want to know what Mark Zuckerberg is doing).
How Will They Use That Information?
Depending upon the site, you should be very selective in providing information. For example, sites don't need your birth date, only to know if you're old enough to enter into a binding legal agreement. Yet many sites choose the birth date because that provides them with much more precise information about you.
Using your photo for a profile picture or avatar may personalize your experience, but facial recognition software can relate the information to data found on other sites with the same photo — and it can return false results. Combining seemingly innocuous information with trackable information (your IP address, email address, etc.) can create a profile that can be used to direct advertisements or to sell to information brokers.
Will They Share With Others?
Unless specifically stated, you have to assume that they will share your information with others if it is profitable. If the company is sold or if they receive a government warrant, the new company is not bound by any promises made to you.
Big tech has been on a buying spree. While they're acquiring technology, they're also adding to their ability to profile their site visitors.
Monopoly is made by acquisition — Google buying AdMob and DoubleClick, Facebook buying Instagram and WhatsApp, Amazon buying, to name just a few, Audible, Twitch, Zappos and Alexa. — NY Times
How Will They Protect My Information?
Most companies spend much more protecting their own information than protecting yours. Remember, most of the security breaches only affect consumer data, not corporate data. After all, you gave it them for free!
Governments could enforce protection with significant penalties, yet choose not to do so.
You need to check this policy from time-to-time as privacy policies change for a number of reasons including purchase of the company or a new business plan (such as the changes at Microsoft that resulted in Windows 10).
That's the equivalent of between approximately 4.5 and 7.6 work-weeks (about a month or two every year) — just reading privacy statements!
Privacy Policies are Changing
You only need to look at the way Facebook, Hotmail and others so quickly changed their privacy policies to enhance their profitability. You're on your own when it comes to protecting your identity.
If the service is free, then you are the product. — The day we lost everything
Governments legislation is needed to create and enforce a standard by which consumers are protected and given an even chance against corporate giants. A central location for consumers to find out what information companies have collected about them, how it is being used and the ability to restore your privacy.
Who Has Your Back?
In the face of unbounded surveillance, users of technology need to know which companies are willing to take a stand for the privacy of their users. — Electronic Frontier Foundation
We are at a critical moment for free expression online and for the role of Internet intermediaries in the fabric of democratic societies. In particular, governments around the world have been pushing companies to take down more speech than ever before. What responsibilities do the platforms that directly host our speech have to protect—or take down—certain types of expression when the government comes knocking? — Electronic Frontier Foundation
EFF released Who Has Your Back? Censorship Edition 2018, documenting the track record for social media, communications and other companies in releasing private information to the government.
The Apple App Store, Google Play Store, and YouTube scored the highest but Facebook and Instagram both failed to match the records of other social networks and tech companies.
We Need to Do Better
The problem with our private data is that so much of it is irreplaceable and cannot be altered like a password. Once released into the world, there is no calling it back.
Both people and companies need to be more cognizant of that fact and quit ignoring the risks of security breaches and personal posting on social media that compromise ourselves and others.
Tech companies could change these things to make your life easier and protect your digital security and privacy. Why haven't they yet? — Fix It Already
Learn more about Fix It Already in this launch article: Fix it already: Nine steps that companies should take to protect you.
Do You Protect Others' Privacy?
Learn how to avoid giving information away (including protecting other people's email addresses).
Check Your Privacy Settings
Check your progress in improving your privacy awareness and changing habits by taking the Mozilla privacy survey. There is more information about privacy on this page and on related pages on this site.
- Test your computer and devices for malware (software on your computer that reveals information about your surfing habits — including toolbars).
- Check your privacy settings and improve privacy practices.
- Online security 101: Tips for protecting your privacy from hackers and spies (2017).
Social media is a very important aspect of privacy because so much personal information is collected including facial recognition software, comparative and linked data (such as the "Like" button) as well as the content and nature of our everyday posts.
Are you sharing too much?
More About Restoring Privacy
- The ultimate online privacy guide.
- The Register's guide to protecting your data when visiting the US.
You're (mostly) screwed without preparation.
- The Motherboard guide to not getting hacked.
- *Privacy not Included is Mozilla's guide to choosing connected devices like Google Home and Amazon Alexa.
- How to keep your private conversations private for real.
- Edward Snowden: Here's how we take back the Internet (YouTube video from TED).
- 7 Ways to Reclaim Your Digital Privacy.
- Online Privacy: How to Minimize Your Digital Footprint.
- How to ditch Google for more privacy and fewer ads.
- EFF's Surveillance Self-Defense.
- HTTPS Everywhere encrypts your communications with many major websites, making your browsing more secure.
- Gibson Research Corporation projects include Securable, Fingerprints, Perfect Passwords and ShieldsUP! in Steve Gibson's goal to protect privacy.
- More ways to win against mass surveillance.
Do Not Track
Current browsers have the capability of telling a site that you don't want to be tracked. But that assumes that a site will bother to respond. There are few, if any, such mechanisms in place.
Do Not Track is a browser setting where the user can indicate that they don't want to be tracked. However, without a consensus about how to interpret DNT, most sites ignore the setting.
[D]espite the fact that only a small number of companies respect it — a significant number of companies like Twitter, Medium and others do respect it. — Jules Polonetsky
Hopefully, when there is a universally-accepted standard in place, all websites will honour them.
Even when Do Not Track is enabled, some facilities also track store visitors via their cell phone using Mobile Location Analytics.
Panopticlick is an online test that analyzes how well your browser and extensions protect you against online tracking techniques, even if you are using privacy-protective software.
Another option is to use the services of a site such as the Network Advertising Initiative which offers to place an opt-out cookie on your computer for certain ad servers such as DoubleClick.
Cookies Report on Your Web Habits
People have become more aware of the amount of information that is collected about them while they are on the Internet using such devices as cookies. You can deal with cookies using some of the many utilities available on the Net or by using the tools provided by modern browsers (Firefox recommended).
Many sites use flash cookies (Local Shared Objects or LSOs) that are not deleted when you remove traditional cookies. Adobe provides information on how to manage or disable LSOs, but ignorance makes most users vulnerable to exploitation by sites that use them.
Flash is listed as one of three programs that make Windows vulnerable to malware (as well as Linux and Mac if Flash is installed). As technology moves away from Flash, the risk of LSOs should diminish.
Flash is often used to display ads that can be tracked from site-to-site. Using click-to-play you can enable Flash only when it is required (which is how current versions of Firefox handles Flash).
Have a look at my listing of Firefox extensions. Some allow you to manage or remove LSOs but status can change quickly so I won't duplicate the listing here.
Your Choice of Browser Matters
The browser you use to surf the Web will make a different in not only what tools are available to you or how convenient the browser is, but also in terms of how much information you share in the process and what those gathering that information do with it. The settings and what programs that browser defaults to also make a difference.
Check Your Browser's Search Engine Settings
Simply using a search engine can leave behind a history that can last for years. StartPage protects your privacy.
Firefox: A More Secure Browser
Firefox is my recommendation. Not only is it more secure, but it more closely follows web standards, making your experience a better one.
The Internet only stays healthy if we trust it as a safe place — to explore, transact, connect, and create. Our privacy and security online is under constant threat. But there's something you can do about it: get informed, protect yourself, and make your voice heard. A healthy Internet depends on you. — Mozilla
Clear Private Data
You should clear your privacy data (cookies, saved form information, cache and authenticated sessions) before and after on-line banking (or similar sites where there is the risk of revealing personal information of greater value).
These settings are on the Privacy tab in the Firefox Options settings. Firefox Options is located different ways:
- Firefox 29 or newer: the Firefox menu is on the top right (3 horizontal lines).
- Firefox 4–28: the orange Firefox button on the left contains the Options menu..
- The Firefox Menu Bar (turned off by default starting with Firefox 4) has Options in the Tools menu.
Once the Options dialogue box appears, click on the Privacy tab and check Clear history when Firefox closes. You can choose which items get removed by clicking the Settings button on the right (see dialogue box above).
Apple Just Made Safari the Good Privacy Browser
Apple just announced significant changes to fight ad-tracking and digital fingerprinting at WWDC 2018.
The newest version of Apple's Safari browser will push back hard against the ad-tracking methods and device fingerprinting techniques that marketers and data brokers use to monitor web users as they browse. Starting with Facebook.
The next version of Safari will explicitly prompt you when a website tries to access your cookies or other data, and let you decide whether to allow it, a welcome step toward explicit choices about online tracking. — Wired
Internet Explorer: Simply Too Vulnerable
Internet Explorer (IE) is a major security vulnerability within Windows and therefore should not be used as your primary browser when surfing the Internet.
When the CVE-2014-1776 vulnerability affected IE versions 6–11 the US-CERT team (U.S. Homeland Security) recommended moving to an alternate browser. This is good advice even after the vulnerability is patched. See the alternatives.
Microsoft made IE a key component of the Windows installer — a significant security vulnerability when surfing the Web. You can help reduce the risk by enabling the following settings:
- Current versions of IE can check sites for forgeries (sites looking to exploit your trust of the real site) if you authorize it during installation.
- Check "Prevent programs from suggesting changes to my default search provider" in IE's extensions.
Security risks are not unique to Internet Explorer but its reach is deep into the Windows operating system, making it more vulnerable to security issues than any other browser.
Microsoft's Windows Update plug-in for Firefox as an alternative to using Internet Explorer is not recommended because this makes Firefox more vulnerable. It is better to use Internet Explorer only where necessary (and safe).
Move to Firefox and launch Internet Explorer ONLY where it is absolutely necessary. If a normal page won't load properly except in IE, you're probably better off going elsewhere for your information.
Google Chrome: Convenient but Zero Privacy
Google Chrome (initially based upon the open source Mozilla code) has become very popular partly because it is much smaller and potentially faster than other browsers (at least as long as you don't use extensions). This “extra” speed is a rapidly changing dynamic between browsers.
It got that way also by surreptitiously installing itself as the default browser as a paid add-on to other free software such as CCleaner, Java and Adobe Flash. While it was an “optional” addon, it was pre-selected and folks simply clicked through the options without checking for extra software.
Google now controls a significant majority of both Web searches and browser installations — a monopoly on access to content on the Web.
Companies like Google have become more powerful, purchasing existing companies with expertise in areas they traditionally didn't have access, then combined their users' data from all their companies with their powerful search profiles.
Collecting, Collecting, Collecting…
Chrome does this, in part, by keeping the user's data on their servers rather than on the user's computer. People have access to their data from any number of computers, phones and tablets.
This is convenient but eliminates your ability to fully control your own information. Google uses this information to serve more appealing ads based upon what you've viewed with Chrome.
Free Email Costs You Your Privacy
So many people have moved to using “free” cloud-based webmail programs that the market has virtually collapsed for independent stand-alone email programs.
Running Google's free Gmail while surfing the Web (especially while using the Chrome browser) will provide even more information about yourself, helping to create a more accurate profile to serve ads to. Google never forgets!
The biggest issue is privacy.
Services like Gmail, Yahoo! Mail and Outlook.com (formerly Hotmail) can sift through your emails to build a profile on you to sell advertising. Even if they state they don't that policy can change in a heartbeat.
However, the Yahoo! data breach should tell you that your privacy is NOT a priority. Not only did they lose enough information to commit identity theft using the stolen data — “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and even security questions and answers” — but they took several years before telling anyone.
Gmail has made it more difficult to simply download your Gmail to a standalone email client (an email program that stores your messages on your computer rather than on Google's servers).
Google wants you to leave a browser window open with Gmail running. By knowing the sites you're visiting they can present “more relevant” ads (i.e. ads that you're more likely to click on based upon your surfing history). Of course, if you're running Chrome, they already know this.
StartMail ($59.95 per year) provides an alternative