Russ Harvey Consulting - Computer and Internet Services

Restoring Privacy

Take Back Your Privacy | Safer Browsing | VPNs | Take Back Control

Check the privacy settings for your devices and software/apps

Your Privacy At Risk

Your privacy is at risk like it has never been before, yet most folks think they have no need for concern and that only guilty criminals need be concerned.

Why should I care about privacy, when I have nothing to hide? — Reset the Net

They are wrong!

Your Privacy at Risk documents the unprecedented attacks on personal freedom being perpetrated by corporations and governments worldwide. Profit and political control are the motives but this practice threatens our freedom.

Take Back Your Privacy

When you realize how much your privacy is threatened, you can either feel defeated or you can learn how to take back your privacy. I recommend becoming an advocate for privacy.

Much like we lock our doors to retain our physical privacy, we can learn to do the things we need to do to restore our privacy on the Internet.

This page contains information that will help you protect and restore your privacy.

Avoid Giving Information Away

Take these steps to avoid giving away unnecessary information:

Understanding the Issue

Everyone that asks you to fill out a form — whether a paper form or on-line — is collecting personal data.

Once you provide that information, it is no longer in your control. While everyone is diligent in collecting your information, they are less careful in protecting that information — particularly if an opportunity to profit comes along.

OpenMedia works to keep the Internet open, affordable, and surveillance-free. We create community-driven campaigns to engage, educate, and empower people to safeguard the Internet. — OpenMedia
Though the internet and social media have been used by the public for decades, the concept of privacy still lacks a modern application to the online world. Digital privacy, therefore, is still very much a legal frontier. — University of Dayton's School of Law

Protect Your Privacy

Be selective in the information you provide.

Avoid giving it away without thinking about the potential consequences first.

  • Does this site need the requested information to supply what I need?
  • How will they use that information?
  • Will they share (sell) that information with others?
  • How will they protect my personal information?
  • If they fail to protect it, what are the consequences for me? For them?

Providing data that enables a company to better sell you what you don't need in exchange for a newsletter or a free document can be a very poor bargain (at least for you).

The University of Dayton School of Law has an excellent overview of online privacy in their article, How much privacy do you have online? Their recommendations include:

  1. Know what to look for in the Terms and Conditions.
  2. Clear out cookies and fully close a browser after every session.
  3. Take advantage of customizable settings.
  4. Use digital tools to better understand consumer rights.

I recommend reading the details they provide to fully understand these options and the issue of online privacy from a legal point of view. The legal information pertains to the United States, but the general information and recommendations can apply anywhere.

Does This Site NEED My Information?

If you are ordering a product, the company will need your shipping address and payment information. However, you have choices in how that is accomplished. For example, by using PayPal the seller won't have your credit card information.

Many sites and online games offer the option to create a unique log-in identity or use your Facebook or Google profile.

  • Logging into a third-party site with your Facebook ID provides that third-party site to your Facebook profile, including your Facebook friends, likes, dislikes, political views and more. Your Google profile provides similar information.
  • Generating a unique account with its own password provides that same company only with your name and email address.

Which do you think protects your privacy more (hint, Facebook doesn't believe in privacy unless you want to know what Mark Zuckerberg is doing).

How Will They Use That Information?

Depending upon the site, you should be very selective in providing information. For example, sites don't need your birth date, only to know if you're old enough to enter into a binding legal agreement. Yet many sites choose the birth date because that provides them with much more precise information about you.

Facial Recognition

Using your photo for a profile picture or avatar may personalize your experience, but facial recognition software can relate the information to data found on other sites with the same photo — and it can return false results. Combining seemingly innocuous information with trackable information (your IP address, email address, etc.) can create a profile that can be used to direct advertisements or to sell to information brokers.

Will They Share With Others?

Unless specifically stated, you have to assume that they will share your information with others if it is profitable. If the company is sold or if they receive a government warrant, the new company is not bound by any promises made to you.

Big tech has been on a buying spree. While they're acquiring technology, they're also adding to their ability to profile their site visitors.

Monopoly is made by acquisition — Google buying AdMob and DoubleClick, Facebook buying Instagram and WhatsApp, Amazon buying, to name just a few, Audible, Twitch, Zappos and Alexa. — NY Times

How Will They Protect My Information?

Most companies spend much more protecting their own information than protecting yours. Remember, most of the security breaches only affect consumer data, not corporate data. After all, it didn't cost them anything to acquire!

Governments could enforce protection with significant penalties, yet choose not to do so.

What is their Privacy Policy?

You should always read and understand the privacy policy of any site before you choose to give personal information.

The privacy policy is a legal document, it spells out how a company collects, stores, uses, and shares your data. — IRL Podcast

You need to check this policy from time-to-time as privacy policies change for a number of reasons including purchase of the company or a new business plan (such as the changes at Microsoft that resulted in Windows 10).

Any site without a privacy policy probably does NOT have your best interests at heart.

That said, it becomes increasingly impossible to read the privacy policy of every website (or to understand the complex language used) A study by researchers at Carnegie Mellon concluded:

…if the average American were to actually read every single privacy policy of every single web service that she used in a year…[t]he average user would have to spend between 181 and 304 hours each year reading privacy policies. — “Disappearing phone booths: Privacy in the digital age”

That's the equivalent of between approximately 4.5 and 7.6 work-weeks (about a month or two every year) — just reading privacy statements!

Privacy Policies are Changing

You only need to look at the way Facebook, Hotmail and others so quickly changed their privacy policies to enhance their profitability. You're mostly on your own when it comes to protecting your identity.

If the service is free, then you are the product. — The day we lost everything

Government legislation is needed to create and enforce a standard by which consumers are protected and given an even chance against corporate giants. A central location for consumers to find out what information companies have collected about them, how it is being used and the ability to restore your privacy.

This is what the changes in the European Union were about that resulted in all the new notices about cookies when you load a website.

Who Has Your Back?

In the face of unbounded surveillance, users of technology need to know which companies are willing to take a stand for the privacy of their users. — Electronic Frontier Foundation
We are at a critical moment for free expression online and for the role of Internet intermediaries in the fabric of democratic societies. In particular, governments around the world have been pushing companies to take down more speech than ever before. What responsibilities do the platforms that directly host our speech have to protect—or take down—certain types of expression when the government comes knocking? — Electronic Frontier Foundation, 2018
EFF 2018 report on the track record of companies in protecting your privacy

EFF released Who Has Your Back? Censorship Edition 2018, documenting the track record for social media, communications and other companies in releasing private information to the government.

The Apple App Store, Google Play Store, and YouTube scored the highest but Facebook and Instagram both failed to match the records of other social networks and tech companies.

One of the reasons I recommend using Firefox as your primary browser is Mozilla's stand on privacy.

We Need to Do Better

The problem with our private data is that so much of it is irreplaceable and cannot be altered like a password. Once released into the world, there is no calling it back.

Both people and companies need to be more cognizant of that fact and quit ignoring the risks of security breaches and personal posting on social media that compromise ourselves and others.

Fix It Already

Tech companies could change these things to make your life easier and protect your digital security and privacy. Why haven't they yet? — Fix It Already

Learn more about Fix It Already in this launch article: Fix it already: Nine steps that companies should take to protect you.

Do You Protect Others' Privacy?

While we're discussing privacy, do you protect other people's privacy when sending out emails or posting on social media?

Learn how to avoid giving information away (including protecting other people's email addresses).

Check Your Privacy Settings

Check your progress in improving your privacy awareness and changing habits by taking the Mozilla privacy survey. There is more information about privacy on this page and on related pages on this site.

Social Media

Social media is a very important aspect of privacy because so much personal information is collected including facial recognition software, comparative and linked data (such as the "Like" button) as well as the content and nature of our everyday posts.

Are you sharing too much?

Return to top

More About Restoring Privacy

Return to top

Safer Browsing

Do Not Track

Current browsers have the capability of telling a site that you don't want to be tracked. But that assumes that a site will bother to respond. There are few, if any, such mechanisms in place.

Do Not Track is a browser setting where the user can indicate that they don't want to be tracked. However, without a consensus about how to interpret DNT, most sites ignore the setting.

[D]espite the fact that only a small number of companies respect it — a significant number of companies like Twitter, Medium and others do respect it. — Jules Polonetsky

Hopefully, when there is a universally-accepted standard in place, all websites will honour them.

I wonder if the desire to ignore such requests is behind the failure to cooperate in a respected standard.

Early anti-spam technical fixes failed because no one wanted to accept anyone else's solution. The result? The huge amount of spam we have to deal with today.

Even when Do Not Track is enabled, some facilities also track store visitors via their cell phone using Mobile Location Analytics.

Panopticlick is an online test that analyzes how well your browser and extensions protect you against online tracking techniques, even if you are using privacy-protective software.

Opt-Out Cookies

The Network Advertising Initiative offers to place an opt-out cookie on your computer for certain ad servers such as DoubleClick.

However, any opt-out solution is a unethical. The honourable thing would be to honour the Do Not Track setting in the browser.

Cookies Report on Your Web Habits

People have become more aware of the amount of information that is collected about them while they are on the Internet using such devices as cookies.

You can deal with cookies using some of the many utilities available on the Net or by using the tools provided by modern browsers (Firefox recommended).

Flash Cookies

Many sites use flash cookies (Local Shared Objects or LSOs) that are not deleted when you remove traditional cookies. Adobe provides information on how to manage or disable LSOs, but ignorance makes most users vulnerable to exploitation by sites that use them.

CCleaner is capable of cleaning LSOs, but this is not enabled by default.

Flash is listed as one of three programs that make Windows vulnerable to malware (as well as Linux and Mac if Flash is installed). As technology moves away from Flash, the risk of LSOs should diminish.

Flash is often used to display ads that can be tracked from site-to-site. Using click-to-play you can enable Flash only when it is required (which is how current versions of Firefox handles Flash).

Have a look at my listing of Firefox extensions. Some allow you to manage or remove LSOs but status can change quickly so I won't duplicate the listing here.

Your Choice of Browser Matters

Firefox Recommended | Safari | Internet Explorer | Google Chrome

Your choice of browser affects not only what tools are available to you or how convenient the browser is, but also how much information you share in the process.

The Internet only stays healthy if we trust it as a safe place — to explore, transact, connect, and create. Our privacy and security online is under constant threat. But there's something you can do about it: get informed, protect yourself, and make your voice heard. A healthy Internet depends on you. — Mozilla

Check your browser's privacy settings. Choose your addons carefully as well as any other third-party aspects your browser uses.

Check Your Browser's Search Engine Settings

Choose your search engine carefully rather than accepting the default setting.

Simply using a search engine can leave behind a history that can last for years. My recommendation is StartPage (see how StartPage protects your privacy) or DuckDuckGo.

Firefox: A More Secure Browser

Firefox is my recommendation. Not only is it more secure, but Mozilla is a non-profit organization dedicated to protecting privacy.

Firefox products have never — and never will never — buy or sell user data. — IRL Podcast

Clear Private Data

You should clear your privacy data (cookies, saved form information, cache and authenticated sessions) before and after on-line banking (or similar sites where there is the risk of revealing personal information of greater value).

These settings are on the Privacy tab in the Firefox Options settings. Firefox Options is located on the top right (3 horizontal lines, sometimes called the “hamburger” menu).

Once the Options dialogue box appears, click on the Privacy tab and check Clear history when Firefox closes. You can choose which items get removed by clicking the Settings button on the right:

Clear Private Date dialogue box

Apple Made Safari the “Good Privacy” Browser

Apple announced significant changes to fight ad-tracking and digital fingerprinting at WWDC 2018.

The newest version of Apple's Safari browser will push back hard against the ad-tracking methods and device fingerprinting techniques that marketers and data brokers use to monitor web users as they browse. Starting with Facebook.

The next version of Safari will explicitly prompt you when a website tries to access your cookies or other data, and let you decide whether to allow it, a welcome step toward explicit choices about online tracking. — Wired

Internet Explorer: Simply Too Vulnerable

Internet Explorer (IE) is a major security vulnerability within Windows and therefore should not be used as your primary browser when surfing the Internet.

When the CVE-2014-1776 vulnerability affected IE versions 6–11 the US-CERT team (U.S. Homeland Security) recommended moving to an alternate browser. This is good advice even after the vulnerability is patched. See the alternatives.

Microsoft made IE a key component of the Windows installer — a significant security vulnerability when surfing the Web. You can help reduce the risk by enabling the following settings:

  • Current versions of IE can check sites for forgeries (sites looking to exploit your trust of the real site) if you authorize it during installation.
  • Check "Prevent programs from suggesting changes to my default search provider" in IE's extensions.

Windows 10 includes IE along with Microsoft Edge, however it was not intended to be used as your primary browser:

"You see, Internet Explorer is a compatibility solution," wrote [Microsoft security chief] Jackson in the blog. "We're not supporting new web standards for it and, while many sites work fine, developers by and large just aren't testing for Internet Explorer these days. They're testing on modern browsers. — ZDNet

Security risks are not unique to Internet Explorer but its reach is deep into the Windows operating system, making it more vulnerable to security issues than any other browser.

Microsoft's Windows Update plug-in for Firefox as an alternative to using Internet Explorer is not recommended because this makes Firefox more vulnerable. It is better to use Internet Explorer only where necessary (and safe).

Move to Firefox. If a normal page won't load properly except in IE, you're probably better off going elsewhere for your information.

Google Chrome: Convenient but Lacks Privacy

Google Chrome (initially based upon the open source Mozilla code) has become very popular partly because it is much smaller and potentially faster than other browsers (at least as long as you don't use extensions). This “extra” speed is a rapidly changing dynamic between browsers.

Pre-checked Installations

It got that way also by surreptitiously installing itself as the default browser as a paid add-on to other free software such as AVG, Defraggler and Adobe Flash:

Google is pre-checked in Piriform's Defraggler installer

Although it was an “optional” addon, it was pre-selected and folks simply clicked through the options without checking for extra software.

Now Controlling Global Searches

Google now controls a significant majority of both Web searches and browser installations — giving Google a monopoly on access to content on the Web.

Combined User Data

Google has become more powerful, purchasing existing companies with expertise in areas they traditionally didn't have access, then combining it with the users' data from all their companies to create powerful search and advertising profiles.

Chrome does this, in part, by keeping the user's data on their servers rather than on the user's computer. People have access to their data from any number of computers, phones and tablets.

More Effective Targeted Ads

This is convenient but eliminates your ability to fully control your own information. Google uses this information to serve more appealing ads based upon what you've viewed with Chrome.

Free Email Costs You Your Privacy

So many people have moved to using “free” cloud-based webmail programs that the market has virtually collapsed for independent stand-alone email programs.

Running Google's free Gmail while surfing the Web (especially while using the Chrome browser) will provide even more information about yourself, helping to create a more accurate profile to serve ads to. Google never forgets!

No Privacy

The biggest issue is privacy.

Services like Gmail, Yahoo! Mail and Outlook.com (formerly Hotmail) can sift through your emails to build a profile on you to sell advertising.

Even if companies claim not to use your emails for profiling, privacy policies can change in a heartbeat.

No Security

The Yahoo! data breach should tell you that your privacy is NOT a priority.

Not only did Yahoo! lose enough information to commit identity theft using the stolen data — “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and even security questions and answers” — but they took several years before telling anyone.

Gmail Difficulties

Gmail is now more difficult to simply download using a standalone email client, an email program that stores your messages on your computer rather than on Google's servers.

Google wants you to leave a browser window open with Gmail running. By knowing the sites you're visiting they can present “more relevant” ads (i.e. ads that you're more likely to click on based upon your surfing history). Of course, if you're running Chrome, they already know this.

StartMail Recommended

StartMail (US$59.95 per year) provides an alternative to ‘free’ email services that aren't free — you pay for them by sharing the most intimate details of your life with corporations and marketers. StartMail's privacy policy.

Return to top

Virtual Assistants

We're now interacting directly with computers by voice via virtual assistants built into our devices (Siri, Cortana, Google Assistant) now moving to our computers as well as Internet-connected devices like Amazon Alexa and Google Home.

Marketing Potential

While these can be tremendous help, there is much more involved.

There is a war for your loyalty. In the future these virtual assistants are going to have a larger role in what music we listen to, what movies or TV programs we watch and what products we buy.

We are providing more information to these devices every time we use them.

By their very nature, they need to know a lot about us to be effective (one of the reasons that Siri or Cortana want to get to know you when you get started with them).

You can't have Google call Beth if they don't know who that is and how to best contact her. When we refer to Beth as our sister, then the assistant knows her relationship to us.

Danger, Will Robinson

Not all is as rosy as it appears. Using these virtual assistants is providing a lot of personal information to companies with a less-than-perfect track record for privacy.

Human Monitoring

We have less control over what is collected than you might think.

Voice data is being monitored all the time but the assistant is supposed to wait for the “hey Google” prompt. That may not limit what is recorded and can reveal a lot of private information.

Apple contractors regularly hear confidential medical information, drug deals, and recordings of couples having sex, as part of their job providing quality control, or "grading", the company's Siri voice assistant, the Guardian has learned. — The Guardian

Children's Access

Children are quick imitators and young children have been found to be conversing with these virtual assistants like they are a friend.

Your Devices Are Watching You

Samsung and Vizio televisions have recorded conversations and other devices can collect very personal information about us as well.

This issues is only going to get worse as the Internet of Things becomes pervasive and a thousand small devices like baby monitors, smart toys, security devices, etc. begin monitoring our activities

Protecting Your Privacy

You need to do several things to protect yourself. Start by choosing devices based upon their privacy track record. Next, change the default passwords and privacy settings on devices like Alexa and Google Home.

Return to top

VPN Services

A Virtual Private Network, or VPN, is often used by businesses to secure their private network over a public network.

A Virtual Private Network (VPN) is just a fancy way of saying that you can use the internet while remaining invisible to your ISP. — Top VPN Canada
  • How a VPN Works is a YouTube video by PCMag that illustrates how a VPN works.
In an era of increased surveillance, VPNs have become an essential tool to safeguard our online activity from prying eyes. — OpenMedia

For most users this will mean securing your access over the Internet using a private VPN service so that your communications are encrypted.

[A VPN] secures your computer's internet connection to guarantee that all of the data you're sending and receiving is encrypted and secured from prying eyes. — LifeHacker

Be careful in how you select your VPN. There are lots of VPN services.

Cheap or free VPNs have to make money somehow and might be doing so by selling your private data or worse.

Paid VPNs are no guarantee of privacy, but their fees provide the means to pay for the service.

Are VPNs truly private? Unfortunately, no. The VPN provider can still log your browsing data. You are essentially putting your trust in your VPN provider. Will your provider hand over info when pressed? Will they log your browser data and sell it at a later date? — Mozilla

If your VPN retains ANY information about you online activity, that data is subject to being sold or released to governments issuing a court order. Given the current low threshold for such warrants, your only protection is a VPN that doesn't retain such information.

Choosing a VPN Service

These resources will help you choose what is right for you.

About VPNs

Learn what to look for in a VPN service:

VPN Reviews

Probably my biggest issue with the VPNs I've tried is that they massively slow down my Internet. Reviewers indicate that you have to look around to find one that works for you. I strongly recommend using one while using public Wi-Fi, but paying for higher speed access then paying more to have that throttled back when at home doesn't make economic sense.

Rather than looking at the wide range of free providers, which often have a lot of limits (and dubious loyalties), we are looking at those vendors who charge a few bucks a month, but put your interests first, rather than those of shadowy advertisers and sponsors. — CNET
Beware: Many highly recommended “best VPNs” don't live up to their privacy claims. — Privacy.net

These reviews should help you to select a suitable provider. Keep in mind Privacy.net's warnings about VPN reviews.

[N]ever using a Canadian VPN. They will not be able to protect your privacy or security since by law the company will be liable for sharing information with the authorities. That, in other words, means your data will be collected and stored just in case it is needed. — Top VPN Canada

Return to top

Take Back Control

Millions of dollars are spent by tech companies to learn how to fully engage their viewers. These include techniques like

  • the suggestions on the side of YouTube and news feeds;
  • the notifications from Facebook and other social media sites; and
  • the use of instant-on videos on websites to add sound and video to draw you in.

We've Lost Control

A simple check on what you're friends or family are doing can turn into a three-hour Facebook bing. Playing a game for a “five-minute break” and suddenly an hour has gone by.

We Need to Restore Balance

We need to restore balance to our lives by reducing our exposure to these techniques. While profitable to the corporate bottom line, they are increasingly making us feel more isolated.

Take Back Your Phone

Take control of your phone. Don't let your apps control your phone use, change settings to remove the distractions.

  • Try these simple changes to live more intentionally with your devices right now.
  • iOS 12 includes a Screen Time tool (swipe right to see it) that allows you to control activity.
  • Edit what appears on your screen. Do you really need real-time weather, news, stocks, etc.? Do you need all those apps?

Crossing Borders?

Like much of Canada's privacy laws, the rules governing border searches pre-date the consumer use of the Internet and cellphones and are seriously out of touch with the reality that we carry our entire lives on our smartphones.

Border searches can be conducted not only at the actual border, but within 100 miles (160 km) of the U.S.-Canada border as well as at airports or even when boarding a cruise ship.

"There is an increasing trend around the world to treat borders as law-free zones where authorities have the right to carry out whatever outrageous form of surveillance they want," Omanovic said. "But they're not: the whole point of basic rights is that you're entitled to them wherever you are. Western liberal democracies intent on implementing increasingly similar surveillance regimes at the border should look to what China is doing here and consider if this is really the model of security they want to be pursuing." — Vice
Canada's border agents can search your phone and laptop at borders and airports, including looking through your private photos, personal messages, and call history. — OpenMedia
[B]order agents could end up seeing private emails and text messages, photos, web browser histories and sensitive documents, even if you've done nothing wrong. — CTV News

The recommendation is to leave your devices at home. If you plan to take your digital devices across the border, check out the following advice:

…[B]efore crossing the border, delete private material or transfer it to the cloud; at the border, turn on airplane mode yourself; and, finally, be prepared, unless you have some really compelling privacy reason, to just turn over your phone. — CTV News

Reset the Net

One year after Snowden revealed just how much governments were collecting, Reset the Net launched splash screens like the one below.

Reset the Net. Take back your privacy and freedom.

This program urged people to take back their privacy in response to government spying by signing the following pledge and taking other action:

Mass surveillance is illegitimate. I'm taking steps to take my freedoms back and I expect governments and corporations to follow in my footsteps and take steps to stop all mass government surveillance.

While the June 5, 2014 date is far in the past, it is even more important that we follow advice to end surveillance and the collection of big data.

The Nature of the Problem

Rather than discovering and repairing weaknesses in Internet security, governments are exploiting them to spy on the entire world, twisting the Internet into something it was never meant to be: a panopticon.

Recommendations

I urge you to take the initiative to follow the recommendations (and those elsewhere on this page) to restore your privacy.

For All of Us

Start using effective privacy tools and be sure that you're not installing software that is unsafe to use.

When websites complain about your use of these technologies, remember that they were the ones to install invasive techniques — a practice that is paying them diminishing returns even if no one uses protective measures against them.

If you're using social media and “free” apps, you need to take a closer look at the real cost of using them and to start cleaning up your activities that are being tracked. See my recommended software choices.

See the recommendations on the Reset the Net Privacy Pack.

For Website Owners

Website owners should begin to use technologies that secure their sites and make them safer to use. Avoid invasive (a.k.a. sleazy) techniques. These not only place your site visitors at risk, but your site's security.

Pledge to add SSL, HSTS & PFS protection this year; it matters! Already rocking SSL & HSTS? Consider approaches to end-to-end crypto.

For Mobile App Developers

There have been too many cases of apps collecting information they didn't need (often surreptitiously) and selling it. Not only should these apps be banned, but so should the developers that released them.

Some developers released their app without securing it properly Whether it was intentionally or out of ignorance those developers' products should not be in the app store.

Technologies like SSL and proper certification pinning should be mandatory. End-to-end encryption makes messaging much safer and your app a worthwhile download.

If you serve ads on your free apps, you need to ensure that ALL third party code, including ads and analytics, are secure

Ensure this content acts nicely within your app. Too often the ads do more than briefly interrupt the app content by crashing the app or locking it up for extended periods of time. If you offer a paid version lacking ads, people will judge your app based upon its performance as a free app.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top


If these pages helped you,
buy me a coffee!


RussHarvey.bc.ca/resources/restoreprivacy.html
Updated: November 3, 2019