You Are Being Used For Your Data2018-02-27
A few months ago, a data breach at Equifax exposed millions of Americans' financial information. The breach is haunting, as anyone who has ever come into contact with Equifax (most Americans) is at risk. However, what if I were to tell you that there was a threat that puts the information of every internet user at risk, for much the same reason?
Hackers are not the biggest risk to your privacy, like they are on TV. It is highly unlikely that someone will go through the effort required to hack your computer and actually search for important data - they'd much rather lock it up and get paid in cryptocurrencies. No, the biggest risk comes in the form of the data you give away.
What Do You Mean Give Away?
The most dangerous data to you is the data you provide when using services like Google or Facebook. Google makes money by selling you. Their prime business is advertisements. All the cool algorithms they use to tailor their search results? They are also used to tailor advertisements specifically toward you, which is highly valuable in an economy about how many shiny things you can buy.
Google also previously scanned your emails in order to "better" advertise for you, claiming they refrained from doing so for sensitive emails. Google is not a private entity, nor are they infallible. Google has been affected by data breaches before. All it takes is one person being irresonsible with the right peices of data for this to be exposed, and humans are often the weakest part of any secure system.
If such a breach were to happen, a lot more than your emails could be at stake. This official Google site will tell you everything that's at risk. On top of that, take a look at your location history.
It's Not Just Their Websites
You might think, "okay, well I only use Facebook every once and only use Google search. That's not dangerous, right?" Unfortunately, that is not the case. Many websites use things called cookies to track your activity, following you across the sites you've visited. They allow website developers to know when, where, and for how long you visited a website - something they have no business knowing for any site but their own.
In addition, Google and Facebook have ways of tracking people that aren't on their services. Google uses Google Analytics, a platform used to gather data about traffic on a website. According to Wikipedia, as of 2010, 49.95% of the top 1,000,000 websites used Google Analytics. A chilling statistic to say the least.
Facebook's golden goose is their like button plugin. An expert from the Wikipedia article:
The like button is implemented similarly to an advertising network, in that as more sites participate, Facebook is given a vast amount of information about who visits which websites and when. When loading a website that has the like button enabled, the user's web browser connects to Facebook's servers, which record which website was visited, and by what user.
A week after the release of the social plugins, Facebook announced that 50,000 websites had installed the features, including the like button. Five months later, the number had increased to 2 million websites.
Another controversial bit is the Onava "VPN" application that Facebook used to trick users into feeding them all of the traffic from their mobile devices with the false pretense of protecting their privacy.
It's Closer Than You Think
The violations of your privacy go deeper than the web, and deeper than Facebook and Google. Apple and Microsoft have both seen involvement with the PRISM program alongside Facebook, Google, and Yahoo. Dropbox as well.
Microsoft holds the largest market share when it comes to desktop operating systems. They are also the authors of the msot used office suites and one of the largest email providers. According to the article on PRISM, the NSA can request access to just about everything on their servers, including things like OneDrive, emails, or Word documents, or the data from everything you type.
If you turn on Speech, inking, & typing, we collect samples of your typing and handwriting info to improve our dictionaries and handwriting recognition for everybody who uses Windows.
Yeah...I wouldn't trust that they are only using how they say. Microsoft could also be using your data in a number of ways they do not talk about, and most would be none the wiser because you cannot view the code.
Apple's cloud services and their involvement with PRISM means macOS and iOS users are just as exposed.
How Do I Protect Myself?
You might be feeling a little dejected at this point. What can one do to stop being spied on if their privacy is being violated by everything? Good news is, not everything spies on you. Below is a list of things to help you start protecting yourself or your data:
Do not use any services or software from the following companies:
Do not trust any services within the U.S.A. or U.K. with sensitive data (privacytools.io)
GNU/Linux instead of Windows or macOS (bold are recommended)
- Debian: For the perfect balance of free and easy
- Fedora: Another well supported distro. Seperate package handling from Debian-based distributions
- Arch Linux: A flexible, extensible distribution good for learning about the innards of Linux. The community repository, the AUR, has most software that is not in the regular repositories. Quick software releases
Firefox or GNU Icecat instead of Chromium based browsers
LibreOffice instead of MS Office
Find a Nextcloud instance instead of Dropbox, OneDrive, or iCloud
More at the FSF directory
Stop searching from Google
- SearX: an open-source, self-hostable metasearch engine
- DuckDuckGo: A private, non-tracking search engine
- Qwant: A France-based privacy-oriented search engine
Install the following (free software) extensions on Firefox:
- Privacy Badger: Blocks trackers on websites you visit (e.g. Facebook like buttons, Google Analytics)
- Decentraleyes: Blocks request to CDNs (a possible tracking method) and provides locally stored versions of popular web frameworks and libraries
- uBlock Origin: A trustworthy, open adblocker
- There is no official site outside of GitHub. Only the Firefox marketplace and the Chrome Store are trustworthy distributors. DO NOT USE ublock.org
- uMatrix (For the vigilant. Highly Recommended): In-depth configuration for content and script blocking. Helps stop tracking and cross-site attacks. Avoid sites that are completely non-functional without tweaks
- TOS;DR: A plugin providing short, informative summaries on the TOS of websites you visit
- Cookie Autodelete: Automatically deletes cookies of visited sites either when you close the tab (recommended) or close the browser. Turn on auto-clean and whitelist as few sites as possible.
* The only exception to this is free software with full source code available under a free license. This allows for the AOSP and open source ROMS based on it to be used, but not Chrome or Chromium.
You may use this content under the terms of the CC-BY-SA 4.0 International license.