Online privacy is a complicated topic. Even as an experienced programmer and self-proclaimed privacy nerd, protecting your online data is a brutal war to fight.
While I believe that unless you go live in the woods without Internet connectivity, it is impossible to protect 100% of your digital life, we can take some steps to limit what personal information companies can collect and track.
What follows is a short starter guide I compiled drawing from years of learning about privacy and tinkering with different apps and services. While I can't guarantee that you'll be 100% protected, the steps I detail here will set you on the right path to reclaiming ownership of your personal data.
Protecting our privacy requires work and that we change our habits.
This is not easy but we can draw from the vast literature on the psychology of habits to help us.
So, as James Clear says in his book Atomic Habits, we should make them as easy as possible for new habits to stick. And one of the best ways to do this is by changing your defaults.
Chances are that you browse the web using Google's browser, Chrome.
Why? Because Google spent years creating and marketing a great piece of software that makes for a smooth online experience. But in doing so, they also locked you in and hooked you up to their other services (email, calendar). The result? Most of what you do in Chrome ends up logged in to a Google datacenter.
So if you want to be in a position of winning the privacy war, the first thing you ought to do is change browsers. Any of the alternatives is better from a personal data standpoint:
How to Choose?
To spare you some decision paralysis here's a table to guide your choice:
Great! We've made a big first step. Now let's plug another big leak: your search engine, Google.
This is going to be a tough one. Google has built a multi-billion enterprise around search and ads. The whole purpose of providing an excellent and tailored search experience is to serve you targeted ads that you'll be enticed to click. And they do this by collecting, analyzing and learning from all your searches.
To be clear, this is not just a Google problem. Every time you search for a product on Amazon, Target, Walmart, etc. you're being tracked. You're giving these companies ammunition to bombard you with ads and promotions that increase your chances of spending money.
And the more time you spend online using these platforms, the more data they can hoard to the point that they can learn and deduct things about your personal life even before you're aware of them.
Luckily, there are alternatives. My favorite one is DuckDuckGo. Launched in 2008 with the vision of protecting your privacy and avoiding the "filter bubble of personalized search results" it provides a great and seamless experience. For 99% of your searches you won't miss Google, and for the remaining 1% you can search Google (and pretty much any other website) directly through DuckDuckGo.
Again, I'll use Google's Gmail as an example because it's the most popular free email provider. But the following likely applies to other free providers like Yahoo, Microsoft, etc.
In 2015, Google made some changes to its Ads toolbox letting marketers use its "smart targeting options to reach 1.2+ billion monthly active Gmail users".
This is annoying and scary (your emails need to be analyzed to serve you the most relevant ads). But not surprising. Google's business model (and most other free tools out there) is to collect data and serve ads.
So, again, we're faced with a dichotomy: let them collect and weaponize our data against us or look for alternatives that offer similar functionality without all the data hoarding.
Such tools exist but are not very popular. I've considered two alternatives: ProtonMail, a paid email provider that promises a secure, anonymous, and private email experience. And Hey! a new take on how email should be that attempts to filter and block all attempts to track your activity within emails (oh yes, email tracking is real, perhaps the topic of a future post!) amongst other privacy-oriented features.
I must confess that I've tried a few times to get rid of Gmail but failed miserably because I'd like to carry over with me all the years of email I've accumulated, but Hey! doesn't allow you to import anything and ProtonMail user experience is not great.
If you don't mind leaving your current email behind, then you should try Hey!.
This one is easy.
No matter the browser you end up using, you should install some extensions that further increase your protection against tracking and data leakage.
If you've switched to Brave, you don't need to do anything else as it ships with an ad blocker turned on by default.
But if you're on Safari or Firefox, then click here and install Adblock Plus to get rid of all ads forever.
Other than ads you'll want to make sure that you're not getting tracked by the websites you visit.
Brave already comes with useful anti-tracker features, but in my experience, they're not enough. So, regardless of the browser you use, consider installing Privacy Badger, an extension sponsored by the Electronic Frontier Foundation that learns to detect and block any spy trackers that might be installed in the websites you visit.
I get it. Most services out there have very long and tedious policies written in hard to understand legalese. And we just want to start using the damned service, so we click some buttons and get on with it.
This is how a lot of companies get away with collecting—and selling—your data. You agreed to it.
If you still find things confusing and hard to read you can use projects like "Terms Of Service; Didn't Read" that provide a crowdsourced summary and grade for most popular services. It's not surprising that DuckDuckGo gets an A while Facebook, Amazon, et al. barely score an E.
Another thing you can do while reading these documents is to look for any mention of GDPR. The "General Data Protection Regulation" is the EU's latest privacy law. This law is not a silver bullet and has many complexities and problems. Still, it forces companies to be more transparent about how they handle and store your data and force them to provide a mechanism for users to access and delete all their logged data.
To conclude, I want to reiterate what I said in the introduction: it is impossible to protect 100% of your digital life. Everything you do online is getting logged somewhere by some company. Chances are that even your Internet Provider is tracking all your online behavior.
But rather than despair and be at the mercy of data-hungry companies, we just saw that there are ways to minimize our exposure and protect the data that we share online.
I'm hopeful that as we all become more privacy-conscious, we'll have better tools and services at our disposal. But until then, assume you're being tracked everywhere and read your privacy policies!