Restoring Balance | Privacy Policies | Privacy Guides
Privacy Tools | Crossing Borders
All trademarks, company names or logos are the property of their respective owners.
We are at a critical moment for free expression online and for the role of Internet intermediaries in the fabric of democratic societies.In particular, governments around the world have been pushing companies to take down more speech than ever before.
What responsibilities do the platforms that directly host our speech have to protect — or take down — certain types of expression when the government comes knocking?
— EFF, 2018
Privacy is not about hiding wrongs — it is power over your own information.
Your privacy is at risk like it has never been before, yet most folks think that only guilty criminals need be concerned. They are wrong!
Broadly speaking, privacy is the right to be let alone, or freedom from interference or intrusion. Information privacy is the right to have some control over how your personal information is collected and used.
— IAPP
You need to take back your privacy.
Much like we lock doors and close curtains to retain our physical privacy, we can learn how to restore our online privacy.
Start by learning how to protect your privacy then demand accountability.
By making a few simple changes to your devices and accounts, you can maintain security against outside parties' unwanted attempts to access your data as well as protect your privacy from those you don't consent to sharing your information with.
— The New York Times
Organisations can no longer assume that any personal information given to them can be exploited in any way they see fit.
— Elliot Rose
Stop the Data Harvest!
Sign the Petition!
Every day, a shadowy network of companies is taking, buying, and selling the most intimate details of our lives. They spy on our physical and mental health, our shopping lists, our friend networks, and where we go each hour. In doing so, they undermine our ability to control our digital lives and restrict our free will online and off. Privacy? That's just a word to them.Our governments are failing to stand up to them, convinced that their unlimited right to take, use, and sell our sensitive personal information is just too profitable to restrict.
We're saying enough is enough. If you're tired of being treated like a product, and having your privacy rights ignored by lawmakers, take the first step towards controlling your online identity by signing the petition to stop the harvest of our data!
So if you're tired of being tracked, counted, categorized, bought, used, and sold, sign the petition and together let's take the first step to stop the harvest of our personal data!
How did you choose the apps on your computer and devices? Was it based upon what the vendor or operating system included as the defaults or did you choose what worked best for you?
Too many of these apps are busy collecting information about you, information that has nothing to do with the app's function.
Choose apps based upon privacy and the functions that work for you. Just be sure that you're using a current version and modify the settings to protect your privacy.
Bitwarden, my recommended password manager, asked their community for their top picks for Data Privacy Week:
First, you have to actively work to protect your privacy. Take steps to avoid giving away unnecessary information.
Are you careful about what you share about yourself and others in public forums?
Social media is a very important aspect of privacy because so much personal information is collected then processed using comparative and linked data (such as the "Like" button) — even facial recognition software.
Though the internet and social media have been used by the public for decades, the concept of privacy still lacks a modern application to the online world. Digital privacy, therefore, is still very much a legal frontier.
— University of Dayton's School of Law
Protect third-party information in your possession. Don't reveal private information about individuals (email addresses, phone numbers and birthdays) while emailing or posting on social media without permission.
Most workplaces refuse to provide personal contact information about their employees to callers. Act similarly.
When someone asks for the email address, phone number or similar information, tell them you'll let the person they want to connect with know by providing the requester's contact information. That way it is up to that person to reveal their own information if they are interested.
Become informed about issues around privacy.
This involves re-examining how you perceive privacy and how it is portrayed by the companies that profit from exploiting it.
Take the Mozilla privacy survey to see how well you are improving your privacy awareness help with changing your habits.
Canada has a patchwork of privacy laws which vary according to where you live.
In the absence of Canada's federal government updating our national privacy laws, provinces and territories have taken it upon themselves to create new privacy protections for their residents.This is leading to privacy have and have nots — depending on where you live in Canada.
— OpenMedia
Vancouver City Council turned down a proposal to install CCTV cameras to “prevent violent crime” in the city. There is no evidence that CCTV cameras would reduce crime rates yet such installations threaten the privacy of innocent citizens.
Where does each province stand in this? Take the privacy quiz to find out.
OpenMedia and the Mozilla Foundation actively promote privacy. Mozilla's stand is one of the reason I recommend the Firefox browser.
OpenMedia works to keep the Internet open, affordable, and surveillance-free. We create community-driven campaigns to engage, educate, and empower people to safeguard the Internet.
—OpenMedia
Mozilla is a global non-profit dedicated to putting you in control of your online experience and shaping the future of the web for the public good.
— Mozilla Foundation
The University of Dayton School of Law has an excellent overview of online privacy in their article, How much privacy do you have online? Their recommendations:
- Know what to look for in the Terms and Conditions.
- Clear out cookies and fully close a browser after every session.
- Take advantage of customizable settings.
- Use digital tools to better understand consumer rights.
Children's privacy has been seriously threatened. Besides making changes, we need to talk to our children in terms that they can understand.
Everyone is collecting personal data when they ask you to fill out a form — whether online or in person.
While everyone is diligent in collecting this information, they are less careful in protecting that information — particularly if an opportunity to profit comes along.
Be wary of terms like “personalization” and “ease of access” when used in device and software settings.
These terms imply a personal benefit, but encourage you to provide information that will be used to better sell to you. This is a very inequal exchange. Instead, use privacy settings to protect yourself.
You should be very selective in providing information. Once you provide anyone with information, it is no longer in your control.
Ask yourself why the site is collecting information and whether it is safe to provide it. Is the requested information actually necessary for the transaction or if it is being collected with other goals in mind.
Ask yourself:
Too often companies collect unnecessary information “just in case” it becomes useful later. There are many other ways to obtain your personal data (e.g., from tracking the links from targeted ads).
Your information will likely be used to create an advertising profile that can be used to market to you (or sold to other companies). There are seldom consequences for the company that failed to protect your privacy.
While companies may claim “we do not sell your data”, that policy may change in the future if the company is sold or is served with a warrant.
You have to assume that your information will be shared if it is profitable or if the government demands access. Your only protection is to refuse to provide it in the first place.
There is lots of evidence that the government has pressured companies into sharing data, under the assumption that providing it to the company removes the need for a warrant.
Be cautious about your personal information when you purchase a product or service. When you place an order, the company may need your shipping address if an item is to be shipped to you or if you use a credit card.
Some options are more private than others which should influence your choices.
When you use a credit card, vendors usually require your mailing address to process online payments — even if the product or service isn't being delivered physically. That's valuable personal information you're providing.
Apple Pay and PayPal don't provide your credit information to vendors but may provide information to your financial institution.
Decline an emailed receipt in physical stores. They use this for marketing purposes.
Home Depot was caught sharing email addresses and purchase information with Facebook's parent company Meta without consent. Next time Home Depot asks if you'd like an email receipt, you know why they're asking. They're facing a class-action lawsuit for that privacy breach.
Convenient and environmentally friendly, e-receipts are the way of the future, but they are also raising questions about consumer privacy.Home Depot was found to be sharing details from e-receipts — including encoded email addresses and in-store purchase information — with Meta, which operates the Facebook social media platform, without the knowledge or consent of customers.
— Privacy Commissioner of Canada
This speaks to the ineffectiveness of Canadian privacy laws which are mostly written based upon a “wish list” from industry rather than based upon personal privacy.
You can print off your own receipt when buying online or subscribing for a service but this may not eliminate the need to provide your email address.
Facebook-owned Instagram, now demands your birth date (and they use their massive Facebook database to verify it). I discovered this when I tried to create an Instagram account using a false birth date to protect my privacy.
Many other services now demand your birth date during registration. Legitimate reasons may include determining eligibility for
They don't need to know the exact birth date — only the fact that you're old enough with rare exceptions, notably, age-based government services and government regulated sales (e.g., alcohol and tobacco).
In most cases you should be able to certify that you meet the stated minimum age (whether it is 13, 18, 65 or something else). However, knowing your birth date allows them to track your transition through these milestones.
Companies demand it to improve your advertising profile and to make the resale of your profile data more valuable. It can be combined with other information to “personalize” their ads. It will also make the resale of your profile more profitable.
Big tech has been on a buying spree.
Monopoly is made by acquisition — Google buying AdMob and DoubleClick, Facebook buying Instagram and WhatsApp, Amazon buying, to name just a few, Audible, Twitch, Zappos and Alexa.
— NY Times
These mergers and acquisitions threaten your privacy. As well as acquiring technology, they're also adding to their ability to profile site visitors.
The new company may feel free to disregard privacy promises made by the previous owners or they may simply rewrite the privacy policy to remove such promises. If you continue to use the service, you're then bound by the new policy.
Have you noticed that most security breaches only affect consumer data, but not corporate data? Your data didn't cost them anything to acquire. Most companies protect their own information more rigorously than yours.
Governments don't enforce privacy or enforce penalties significant enough to change this behaviour. If the C-suite faced jail for data breaches under their watch they'd increase spending on security accordingly.
Single sign-on (SSO) uses your Google, Facebook or Apple ID to log into third-party sites.
SSO may be convenient, but creates a single point of failure.
Instead, use a unique password for every site.
The simplest way to avoid the problem would be to avoid using third-party sign-in altogether and instead use a unique password for every site. That's certainly more inconvenient but has the benefit that it makes it harder for tech giants to track online activity.
— Infopackets
By generating a unique password for every site using a password manager like Bitwarden, each site obtains only your name, email and whatever other information you provide directly to them.
You should always read and understand the privacy policy of any site before you choose to give personal information. See more about privacy policies.
Tech companies spend millions of dollars to learn how to fully engage their viewers. These include techniques like
A “quick check-in” to see what your friends or family are up to or a “five-minute game break” can turn into a three-hour Facebook binge.
We need to restore balance to our lives. Our exposure to these techniques are making us feel increasingly more isolated.
Adblockers like Ghostery and Privacy Badger have several benefits besides blocking ads. Most importantly, they protect your online privacy.
Today's ads are not fixed on a site. Instead, whatever can be gleaned about your browser and the user are uploaded to dozens of potential advertisers (and many that simply are collecting personal information).
It's very telling that individuals who are not only more knowledgeable about the inner workings of the internet, but actually behind the mechanisms for targeted advertising and tracking, are protecting themselves far more than the average American.As these experts shore up their privacy and data protection against their own products, everyday consumers must take action to avoid remaining susceptible to the ever-expanding, invisible world behind their browser.
— Jean-Paul Schmetz, CEO of Ghostery
Begin by educating yourself on privacy issues and solutions. I recommend you check out these privacy champions.
I urge you to take the initiative to restore your privacy using the following privacy recommendations.
Choose a safer browser that provides optimum privacy (Mozilla Firefox is recommended) then change the following setting to protect privacy:
1 Too often sites not honour the Do Not Track using the lame excuse that there are no standards. Google discouraged sites from recognizing DNT.
Be aware of the privacy costs of your choices:
Passwords are the key to your privacy and security of your accounts.
Consider using alternatives to Google to protect your privacy.
Google's settings are designed so users could make changes, but “difficult enough that people won't.” Even Google's own engineers are confused by privacy settings.
Start using effective privacy tools and be sure to use only software that is safe to use. See the Reset the Net Privacy Pack and my recommended software.
Don't let your apps control your phone use! Try these simple changes to live more intentionally with your devices right now by changing settings to remove distractions.
You might want to consider how many distractions have been added to Windows 10 and 11. To regain control:
Privacy policies are statements about how your data will be used by the owner of the site you're visiting.
The privacy policy is a legal document, it spells out how a company collects, stores, uses, and shares your data.
— IRL Podcast
Don't provide information to sites lacking a privacy policy.
While checking the privacy policy for every site you visit is recommended, it has become increasingly impossible because of size and complex language.
A study by researchers at Carnegie Mellon concluded,
…if the average American were to actually read every single privacy policy of every single web service that she used in a year…[t]he average user would have to spend between 181 and 304 hours each year reading privacy policies.
That's approximately 4.5 and 7.6 work-weeks (about a month or two every year) — just reading privacy statements!
“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.
— Terms of Service; Didn't Read
Many respond to long, complicated privacy policies with TL;DR (Too long. Didn't read.)
Privacy policies change for a number of reasons including purchase of the company or a new business plan such as the desire to use your data to train AI.
You only need to look at the way Facebook and others so quickly change their privacy policies to enhance their profitability. You're mostly on your own when it comes to protecting your identity.
Consumers need a central location to find out what information companies have collected about them, how it is being used and the ability to restore your privacy.
That would be difficult to provide without legislation to create and enforce a standard by which consumers are protected from corporate giants.
The problem with our private data is that so much of it is irreplaceable and cannot be altered. Unlike a password, once released into the world, there is no calling it back.
In the face of unbounded surveillance, users of technology need to know which companies are willing to take a stand for the privacy of their users.
— EFF
Who Has Your Back? Censorship Edition 2019 documents the track record for companies in releasing private information to the government.
Both companies and individuals need to quit ignoring the damage caused by security breaches and careless postings on social media.
Tech companies could change these things to make your life easier and protect your digital security and privacy. Why haven't they yet?
— Fix It Already
One of the reasons I recommend using Firefox as your primary browser is Mozilla's stand on privacy.
Chrome is NOT privacy-friendly and Microsoft is again modifying Edge to regain the monopoly they enjoyed with Internet Explorer.
See my recommendations for safer browsing.
Start using effective privacy tools and be sure that you're not installing software that is unsafe to use.
Website owners should begin to use technologies that secure their sites and make them safer to use.
Avoid sleazy invasive techniques that threaten your site's security and place site visitors at risk.
Pledge to add SSL, HSTS & PFS protection this year; it matters! Already rocking SSL & HSTS? Consider approaches to end-to-end crypto.
Technologies like SSL and proper certification pinning should be mandatory. End-to-end encryption makes messaging much safer and your app a worthwhile download.
Neither dangerous apps nor their developers should be in the app stores.
If you serve ads on your app, you need to ensure that ALL third party code, including ads and analytics, are secure and ensure that ads play nicely within your app.
These privacy tools have been tested by me and found to be useful.
Like Canada's privacy laws, the rules governing border searches pre-date cellphones and consumer use of the Internet.
Searches at the border are based upon the laws from an age when everything was on paper. When those laws were written, people would seldom carry unnecessary private documents when planning to cross the border.
However, if you did carry such documents, border agents were entitled to search through those documents or copy them. That is how border agents justify copying everything on your phone or computer.
While the letter of the law may allow such searches, the spirit of those laws are being abused.
The recommendation is to leave your devices at home. If you plan to take your digital devices across the border, check out the following advice:
…[B]efore crossing the border, delete private material or transfer it to the cloud; at the border, turn on airplane mode yourself; and, finally, be prepared, unless you have some really compelling privacy reason, to just turn over your phone.
— CTV News
These laws are seriously out of touch with the reality that we carry our entire lives on our smartphones.
[B]order agents could end up seeing private emails and text messages, photos, web browser histories and sensitive documents, even if you've done nothing wrong.
— CTV News
There is an increasing trend around the world to treat borders as law-free zones where authorities have the right to carry out whatever outrageous form of surveillance they want.But they're not: the whole point of basic rights is that you're entitled to them wherever you are.
— Edin Omanovic
Border searches can be conducted not only at the actual border, but within 100 miles (160 km) of the United States-Canada border as well as at airports or even when boarding a cruise ship.
Canada's border agents can search your phone and laptop at borders and airports, including looking through your private photos, personal messages, and call history.
— OpenMedia
On this site:
Return to top
RussHarvey.bc.ca/resources/restoreprivacy.html
Updated: February 28, 2025