Russ Harvey Consulting - Computer and Internet Services

Restoring Privacy

Take back your personal privacy

Restoring Balance | Privacy Policies | Guides | Tools
Crossing Borders | VPNs | Cloudflare WARP

A woman has her hands on a laptop's keyboard with the screen displaying a “Privacy Settings” splash screen.
We are at a critical moment for free expression online and for the role of Internet intermediaries in the fabric of democratic societies.

 

In particular, governments around the world have been pushing companies to take down more speech than ever before.

 

What responsibilities do the platforms that directly host our speech have to protect — or take down — certain types of expression when the government comes knocking?
EFF, 2018

Take Back Your Privacy

Privacy is not about hiding wrongs. Privacy is power over your own information.

Stop the Harvest

Every day, a shadowy network of companies is taking, buying, and selling the most intimate details of our lives.

They spy on our physical and mental health, our shopping lists, our friend networks, and where we go each hour.

In doing so, they undermine our ability to control our digital lives and restrict our free will online and off.

Privacy? That's just a word to them.

Stop the harvest! Take the first step to controlling your digital life.

 

Tired of being treated like a product, and having your privacy rights ignored by lawmakers? Sign the petition!

Your Privacy At Risk

Your privacy is at risk like it has never been before, yet most folks think that only guilty criminals need be concerned. They are wrong!

Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.
IAPP

Fight For Privacy

You need to take back your privacy.

Much like we lock doors and close curtains to retain our physical privacy, we can learn how to restore our online privacy.

Start by learning how to protect your privacy then demand accountability.

By making a few simple changes to your devices and accounts, you can maintain security against outside parties' unwanted attempts to access your data as well as protect your privacy from those you don't consent to sharing your information with.
The New York Times
Organisations can no longer assume that any personal information given to them can be exploited in any way they see fit.
Elliot Rose

Choose Privacy

How did you choose the apps on your computer and devices? Was it based upon what the vendor or operating system included as the defaults?

Too many of these apps are busy collecting information about you that has nothing to do with the app's function.

Choose apps based upon privacy and the functions that work for you. Just be sure that you're using a current version and modify the settings to protect your privacy.

Bitwarden, my recommended password manager, asked their community for their top picks for Data Privacy Week:

Bitwarden community's favourite data privacy apps.

 

Avoid Giving Information Away

First, you have to actively work to protect your privacy.

Take steps to avoid giving away unnecessary information.

Are You Sharing Too Much?

Are you careful about what you share about yourself and others in public forums?

Social media is a very important aspect of privacy because so much personal information is collected then processed using comparative and linked data (such as the "Like" button) — even facial recognition software.

Though the internet and social media have been used by the public for decades, the concept of privacy still lacks a modern application to the online world. Digital privacy, therefore, is still very much a legal frontier.
University of Dayton's School of Law

Protect Third-party Information

Protect third-party information in your possession.

Don't reveal private information about individuals (email addresses, phone numbers and birthdays) while emailing or posting on social media.

Workplace policies refuse to provide personal contact information about their employees to callers. Respect the people you know with similar policies.

Educate Yourself

Become informed about issues around privacy.

This involves re-examining how you perceive privacy and how it is portrayed by the companies that profit from exploiting it.

Take the Mozilla privacy survey to see how well you are improving your privacy awareness help with changing your habits.

Privacy Laws in Canada

Canada has a patchwork of privacy laws which vary according to where you live.

In the absence of Canada's federal government updating our national privacy laws, provinces and territories have taken it upon themselves to create new privacy protections for their residents.

 

This is leading to privacy have and have nots — depending on where you live in Canada.
OpenMedia

Where does each province stand in this?

Vancouver Protects Privacy Rights

Kudos to the Vancouver City Council for turning down a proposal to install CCTV cameras to “prevent violent crime” in the city.

There is no evidence that CCTV cameras would reduce crime rates yet such installations threaten the privacy of innocent citizens.

Who to Trust?

OpenMedia and the Mozilla Foundation actively promote privacy.

OpenMedia works to keep the Internet open, affordable, and surveillance-free. We create community-driven campaigns to engage, educate, and empower people to safeguard the Internet.
— OpenMedia
Mozilla is a global non-profit dedicated to putting you in control of your online experience and shaping the future of the web for the public good.
— Mozilla Foundation

Recommendations

The University of Dayton School of Law has an excellent overview of online privacy in their article, How much privacy do you have online? Their recommendations:

  1. Know what to look for in the Terms and Conditions.
  2. Clear out cookies and fully close a browser after every session.
  3. Take advantage of customizable settings.
  4. Use digital tools to better understand consumer rights.

Teach Your Children

Children's privacy has been seriously threatened. Besides making changes, we need to talk to our children in terms that they can understand.

Be Discrete in Providing Personal Information

Everyone is collecting personal data when they ask you to fill out a form — whether online or in person.

While everyone is diligent in collecting this information, they are less careful in protecting that information — particularly if an opportunity to profit comes along.

Be wary of terms like “personalization” and “ease of access.” While they imply a benefit, they are an inequal exchange. Learn to use privacy settings to protect yourself.

Be Selective

You should be very selective in providing information. Ask yourself why the site is collecting information and whether it is safe to provide it.

Is It Necessary?

Is the requested information actually necessary for the transaction or if it is being collected with other goals in mind.

Once you provide anyone with information, it is no longer in your control.

Ask yourself:

Will They Share With Others?

While these companies may claim “We do not sell your data”, there are many other ways to obtain your personal data (e.g., from tracking the links from targeted ads).

Too often companies collect unnecessary information “just in case” it becomes useful later.

You have to assume that your information will be shared if it is profitable or if the government demands access. Your only protection is to refuse to provide it in the first place.

Your information will likely be used to create an advertising profile that can be used to market to you (or sold to other companies). There are seldom consequences for the company that failed to protect your privacy.

How Can You Protect Your Information?

Be cautious about your personal information when you purchase a product or service.

When you place an order, the company may need your shipping address if an item is to be shipped to you or if you use a credit card.

Some options are more private than others which should influence your choices.

Payment Options

When you use a credit card, vendors usually require your mailing address to process online payments — even if the product or service isn't being delivered physically. That's valuable personal information you're providing.

Apple Pay and PayPal don't provide your credit information to vendors but may provide information to your financial institution.

Decline Email Receipts

Decline an emailed receipt in physical stores. They use this for marketing purposes.

Home Depot Sold Your Data

Home Depot was caught sharing email addresses and purchase information with Facebook's parent company Meta without consent.

Convenient and environmentally friendly, e-receipts are the way of the future, but they are also raising questions about consumer privacy.

 

Home Depot was found to be sharing details from e-receipts — including encoded email addresses and in-store purchase information — with Meta, which operates the Facebook social media platform, without the knowledge or consent of customers.
Privacy Commissioner of Canada

This speaks to the ineffectiveness of Canadian privacy laws which are mostly written based upon a “wishlist” from industry rather than based upon personal privacy.

Online Transactions

You can print off your own receipt when buying online or subscribing for a service but this may not eliminate the need to provide your email address.

Who Needs Your Birth Date?

Many services now demand your birth date during registration.

Legitimate reasons may be used in determining if you meet the legal age of consent or if you are eligible to obtain certain products or benefits that are age-based such as senior discounts, access to liquor or tobacco or to qualify for government services (e.g., pensions).

Only Your Age Needs to be Verified

While some sites may need to know your age for legal reasons, they don't need to know the exact birth date — only the fact that you're old enough.

In most cases you should be able to certify that you meet the stated minimum age (whether it is 13, 18, 65 or something else).

Your actual birth date is much more valuable to their marketing department. It can be combined with other information to “personalize” their ads. It will also make the resale of your profile more profitable.

Bill C-11 Ammendment Adds Privacy Risks

The controversial Bill C-11 (Online Harms) was amended to require age verification to watch porn.

Sen. Julie Miville-Dechêne proposed the amendment, stating that "online undertakings shall implement methods such as age-verification methods to prevent children from accessing programs on the internet that are devoted to depicting, for a sexual purpose, explicit sexual activity."
National Post

However, not only are there significant privacy risks, but perhaps constitutional concerns.

"The age verification requirements added to Bill C-11 today raise serious constitutional concerns," said University of Ottawa law professor Vivek Krishnamurthy.

 

"Everyone wants to protect children from age-inappropriate content, but requiring Canadians to prove their age before accessing such content poses unacceptable privacy risks."
National Post

Big Tech on a Buying Spree

Big tech has been on a buying spree. This affects your privacy.

While they're acquiring technology, they're also adding to their ability to profile site visitors.

Facebook-owned Instagram, now demands your birth date (and they use their massive Facebook database to confirm it).

Monopoly is made by acquisition — Google buying AdMob and DoubleClick, Facebook buying Instagram and WhatsApp, Amazon buying, to name just a few, Audible, Twitch, Zappos and Alexa.
NY Times

The new company may feel free to disregard privacy promises made by the previous owners or they may simply rewrite the privacy policy to remove such promises. If you continue to use the service, you're then bound by the new policy.

Will They Protect Your Information?

Most companies protect their own information more rigorously than yours.

Have you noticed that most security breaches only affect consumer data, but not corporate data? Your data didn't cost them anything to acquire.

Governments don't enforce privacy or fine companies with significant penalties that could change behaviour.

Single Sign-on Flawed

Single sign-on (SSO) uses your Google, Facebook or Apple ID to log into third-party sites.

Single sign-on uses your Google, Facebook or Apple ID to log into third-party sites.

SSO may be convenient, but creates a single point of failure.

Instead, use a unique password for every site.

The simplest way to avoid the problem would be to avoid using third-party sign-in altogether and instead use a unique password for every site. That's certainly more inconvenient but has the benefit that it makes it harder for tech giants to track online activity.
Infopackets

By generating a unique password for every site using a password manager like Bitwarden, each site obtains only your name, email and whatever other information you provide directly to them.

Check the Privacy Policy

You should always read and understand the privacy policy of any site before you choose to give personal information. See more about privacy policies.

Return to top

Restoring Balance

Tech companies spend millions of dollars to learn how to fully engage their viewers. These include techniques like

A “quick check-in” to see what your friends or family are up to or a “five-minute game break” can turn into a three-hour Facebook binge.

We need to restore balance to our lives. Our exposure to these techniques are making us feel increasingly more isolated.

Recommendations

I urge you to take the initiative to restore your privacy using the following privacy recommendations.

Safer Browsing

Choose a safer browser that provides optimum privacy (Mozilla Firefox is recommended) then change the following setting to protect privacy:

1 Too often sites not honour the Do Not Track using the lame excuse that there are no standards. Google discouraged sites from recognizing DNT.

Safer Practices

Be aware of the privacy costs of your choices:

Password Security

Passwords are the key to your privacy and security of your accounts.

Replace Google

Consider using alternatives to Google to protect your privacy.

Google's settings are designed so users could make changes, but “difficult enough that people won't.” Even Google's own engineers are confused by privacy settings.

Start Using Privacy Tools

Start using effective privacy tools and be sure to use only software that is safe to use. See the Reset the Net Privacy Pack and my recommended software.

Take Back Your Phone

Don't let your apps control your phone use! Try these simple changes to live more intentionally with your devices right now by changing settings to remove distractions.

Quiet Down Windows

You might want to consider how many distractions have been added to Windows 10 and 11. To regain control:

Return to top

Privacy Policies

Privacy policies are statements about how your data will be used by the owner of the site you're visiting.

The privacy policy is a legal document, it spells out how a company collects, stores, uses, and shares your data.
IRL Podcast

Don't provide information to sites lacking a privacy policy.

Privacy Policies Too Complex

While checking the privacy policy for every site you visit is recommended, it has become increasingly impossible because of size and complex language.

A study by researchers at Carnegie Mellon concluded,

…if the average American were to actually read every single privacy policy of every single web service that she used in a year…[t]he average user would have to spend between 181 and 304 hours each year reading privacy policies.

That's approximately 4.5 and 7.6 work-weeks (about a month or two every year) — just reading privacy statements!

Visitor Response: TL;DR

“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.
Terms of Service; Didn't Read

Many respond to long, complicated privacy policies with TL;DR (Too long. Didn't read.)

Privacy Policies are Changing

Privacy policies change for a number of reasons including purchase of the company or a new business plan.

You only need to look at the way Facebook and others so quickly change their privacy policies to enhance their profitability. You're mostly on your own when it comes to protecting your identity.

Consumer Protections Needed

Consumers need a central location to find out what information companies have collected about them, how it is being used and the ability to restore your privacy.

That would be difficult to provide without legislation to create and enforce a standard by which consumers are protected from corporate giants.

Return to top

Privacy Guides

The problem with our private data is that so much of it is irreplaceable and cannot be altered. Unlike a password, once released into the world, there is no calling it back.

We Need to Do Better

Both companies and individuals need to quit ignoring the damage caused by security breaches and careless postings on social media.

Tech companies could change these things to make your life easier and protect your digital security and privacy. Why haven't they yet?
Fix It Already

Who Has Your Back?

In the face of unbounded surveillance, users of technology need to know which companies are willing to take a stand for the privacy of their users.
EFF
EFF 2018 report on the track record of companies in protecting your privacy

Who Has Your Back? Censorship Edition documents the track record for companies in releasing private information to the government.

Your Browser Choice Matters

One of the reasons I recommend using Firefox as your primary browser is Mozilla's stand on privacy.

Chrome is NOT privacy-friendly and Microsoft is again modifying Edge to regain the monopoly they enjoyed with Internet Explorer.

See my recommendations for safer browsing.

Other Resources

Return to top

Privacy Tools

Start using effective privacy tools and be sure that you're not installing software that is unsafe to use.

Make Your Website Safer

Website owners should begin to use technologies that secure their sites and make them safer to use.

Avoid sleazy invasive techniques that threaten your site's security and place site visitors at risk.

Pledge to add SSL, HSTS & PFS protection this year; it matters! Already rocking SSL & HSTS? Consider approaches to end-to-end crypto.

Develop Safe Apps

Technologies like SSL and proper certification pinning should be mandatory. End-to-end encryption makes messaging much safer and your app a worthwhile download.

Neither dangerous apps nor their developers should be in the app stores.

If you serve ads on your app, you need to ensure that ALL third party code, including ads and analytics, are secure and ensure that ads play nicely within your app.

More About Privacy Tools

These privacy tools have been tested by me and found to be useful.

Return to top

Crossing Borders

Like Canada's privacy laws, the rules governing border searches pre-date cellphones and consumer use of the Internet.

Searches at the border are based upon the laws from an age when everything was on paper. When those laws were written, people would seldom carry unnecessary private documents when planning to cross the border.

However, if you did carry such documents, border agents were entitled to search through those documents or copy them. That is how border agents justify copying everything on your phone or computer.

While the letter of the law may allow such searches, the spirit of those laws are being abused.

Leave Your Phone at Home

The recommendation is to leave your devices at home. If you plan to take your digital devices across the border, check out the following advice:

…[B]efore crossing the border, delete private material or transfer it to the cloud; at the border, turn on airplane mode yourself; and, finally, be prepared, unless you have some really compelling privacy reason, to just turn over your phone.
CTV News

Laws Out of Touch with Reality

These laws are seriously out of touch with the reality that we carry our entire lives on our smartphones.

[B]order agents could end up seeing private emails and text messages, photos, web browser histories and sensitive documents, even if you've done nothing wrong.
CTV News
There is an increasing trend around the world to treat borders as law-free zones where authorities have the right to carry out whatever outrageous form of surveillance they want.

 

But they're not: the whole point of basic rights is that you're entitled to them wherever you are.
Edin Omanovic

The “Border” Extends Further than You Thought

Border searches can be conducted not only at the actual border, but within 100 miles (160 km) of the United States-Canada border as well as at airports or even when boarding a cruise ship.

Canada's border agents can search your phone and laptop at borders and airports, including looking through your private photos, personal messages, and call history.
— OpenMedia

Return to top

VPN Services

In everyday use, your ISP will have access to information about where you're surfing but not details about which pages you're viewing.

A Virtual Private Network, or VPN, hides your browsing habits from your ISP as well as your location (your real IP address).

Mozilla VPN Recommended

Mozilla VPN is from folks that place a priority on privacy.

The Mozilla VPN runs on a global network of servers powered by Mullvad using the WireGuard® protocol. Mullvad puts your privacy first and does not keep logs of any kind.

Why Use a VPN?

The need for a VPN depends upon what you use it for. Not everything VPNs advertise are either provided or necessary.

Three legitimate reasons to use a VPN are:

  1. to combat censorship;
  2. location spoofing; or
  3. to encrypt data.

Most browsers now encrypt data securely (if you're using HTTPS), but there can be circumstances where you'd like to increase that security.

In an era of increased surveillance, VPNs have become an essential tool to safeguard our online activity from prying eyes.
— OpenMedia

For most users this will mean securing your access over the Internet using a private VPN service so that your communications are encrypted such as while using public WiFi.

When you're away from your home or office (e.g., in a hotel or at a coffeeshop) you no longer have control over the security of the network connection.

Choosing a VPN Service

Be careful in how you choose a VPN.

While many VPNs claim to offer top security and blazing-fast speeds at a cheap price, the truth is that most brands are neither secure nor fast enough for most internet activities.
Safety Detectives

The trade-off of Internet speed for improved security is an individual choice.

Free VPNs

There's no such thing as a “free” VPN.

Free VPNs have to be obtaining revenue from somewhere. Your online activities are the easiest to market.

Free VPNs are either selling your browsing data in aggregated form to researchers and marketers, or giving you a paltry amount of data transfer every month.
PCWorld
Free VPNs are either selling your browsing data in aggregated form to researchers and marketers, or giving you a paltry amount of data transfer every month.
PCWorld

VPNs Not Truly Private

Even if your VPN doesn't track your activities, they don't prevent the sites you visit from tracking you.

Using a VPN is a safer way to browse on an unsecure network, such as a public Starbucks wi-fi; however, it does not stop trackers from gathering browsing information on you.
— Ghostery

Once collected, records of your online activity can then be sold or subject to a court order.

Are VPNs truly private? Unfortunately, no.

 

The VPN provider can still log your browsing data. You are essentially putting your trust in your VPN provider.

 

Will your provider hand over info when pressed? Will they log your browser data and sell it at a later date?
Mozilla

There is a low threshold for such warrants.

Privacy Extensions Enhance VPNs

You can enhance the privacy provided by your VPN by choosing a browser that protects your privacy then adding privacy extensions.

Ghostery prevents trackers in your browser and non-private search engines from passing personal data to companies profiling you.

 

VPNs hide your IP address, cloak your location, and can bypass geographical restrictions on websites and media platforms.
Ghostery

Ghostery is my personal choice but Privacy Badger provides decent “hands-off” protection.

VPN Reviews

Perhaps these review sites can help but be aware of potential conflicts of interest:

Conflicts of Interest

The trustworthiness of many reviews is skewed by conflicts of interest.

[T]he biggest VPN review sites are owned by a VPN conglomerate. You need to do some very serious investigation and testing on your own, if you want to be truly safe.
ZDNET

A good review doesn't guarantee a great experience for you. It can be hard to detect when your privacy is violated.

Beware: Many highly recommended “best VPNs” don't live up to their privacy claims.
Privacy.net

ExpressVPN Warning

Edward Snowden urged users to drop ExpressVPN (often highly rated).

The company has recently made some unfortunate choices including hiring Daniel Gericke:

Daniel Gericke, assisted the United Arab Emirates pull off a cyberspying campaign that targeted people across the globe.
PCMag

Kape Technologies, a company that produced adware in the past, has announced plans to acquire ExpressVPN. This company already owns Private Internet Access and other VPNs.

ExpressVPN's blog offers a different perspective as does ZDNET:

If you're currently using ExpressVPN for general-purpose safe computing (like checking your mail at the local coffee shop) and you like it, I wouldn't say you should give it up.

 

If you're relying on any of the Kape brands for a life and death situation, I'd say it's probably not worth the risk.
ZDNET

Mozilla VPN would make a much better choice given their historical stand on privacy protection.

Return to top

Cloudflare WARP

The Cloudflare WARP client allows individuals and organizations to have a faster, more secure, and more private experience online.

The service has several modes, to better suit different connection needs.

To learn more about WARP and the several modes, refer to WARP modes.

Fastest DNS Resolver

Cloudflare WARP replaces the connection between your device and the Internet with a modern, optimized, protocol.

WARP is built on the same network that has made 1.1.1.1 the fastest DNS resolver on Earth.

Encrypting Traffic

The WARP application uses BoringTun to encrypt all the traffic from your device and send it directly to Cloudflare's edge, ensuring that no one in between is snooping on what you're doing.

 

If the site you are visiting is already a Cloudflare customer, the content is immediately sent down to your device.
Cloudflare Blog

Not a VPN

WARP has been described as freemium VPN service but there are some important differences from a VPN service:

WARP does not provide anonymity and is not designed to prevent servers you communicate with from identifying you.

 

WARP also does not allow you to pretend to be accessing the Internet from a different country than the one you are currently in.
Cloudflare

Known Issues

A service that relies on your location for security or other purposes may require you to disable WARP.

Applications or sites that rely on location information to enforce content licensing agreements (for example, certain games, video streaming, music streaming, or radio streaming) may not function properly.
Cloudflare FAQ

There can be problems with seeing recently refreshed website content, likely due to caching.

Obtaining Warp Client

WARP client is available for Android, iOS, Linux, macOS and Windows.

Return to top

Related Resources

On this site:

Found this resource useful?
Buy Me A Coffee

 

Return to top
RussHarvey.bc.ca/resources/restoreprivacy.html
Updated: February 15, 2024