You Are Being Used For Your Data

A few months ago, a data breach at Equifax exposed millions of Americans' financial information. The breach is haunting, as anyone who has ever come into contact with Equifax (most Americans) is at risk. However, what if I were to tell you that there was a threat that puts the information of every internet user at risk, for much the same reason?

Hackers are not the biggest risk to your privacy, like they are on TV. It is highly unlikely that someone will go through the effort required to hack your computer and actually search for important data - they'd much rather lock it up and get paid in cryptocurrencies. No, the biggest risk comes in the form of the data you give away.

What Do You Mean Give Away?

The most dangerous data to you is the data you provide when using services like Google or Facebook. Google makes money by selling you. Their prime business is advertisements. All the cool algorithms they use to tailor their search results? They are also used to tailor advertisements specifically toward you, which is highly valuable in an economy about how many shiny things you can buy.

Google also previously scanned your emails in order to "better" advertise for you, claiming they refrained from doing so for sensitive emails. Google is not a private entity, nor are they infallible. Google has been affected by data breaches before. All it takes is one person being irresonsible with the right peices of data for this to be exposed, and humans are often the weakest part of any secure system.

If such a breach were to happen, a lot more than your emails could be at stake. This official Google site will tell you everything that's at risk. On top of that, take a look at your location history.

Facebook is a major liability as well. They know your face, where you live, where you have lived, where your phone is, who your friends are - often without you having to tell them. Their alogorithms are built to stalk you on and off site. By reading their privacy policy, one can find that Facebook collects data about you without you interacting with them. They also demand that you not be anonymous, so pseudonyms and alternative handles are not allowed. In some cases it will ask you to provide legal identification for verification.

It's Not Just Their Websites

You might think, "okay, well I only use Facebook every once and only use Google search. That's not dangerous, right?" Unfortunately, that is not the case. Many websites use things called cookies to track your activity, following you across the sites you've visited. They allow website developers to know when, where, and for how long you visited a website - something they have no business knowing for any site but their own.

In addition, Google and Facebook have ways of tracking people that aren't on their services. Google uses Google Analytics, a platform used to gather data about traffic on a website. According to Wikipedia, as of 2010, 49.95% of the top 1,000,000 websites used Google Analytics. A chilling statistic to say the least.

Facebook's golden goose is their like button plugin. An expert from the Wikipedia article:

The like button is implemented similarly to an advertising network, in that as more sites participate, Facebook is given a vast amount of information about who visits which websites and when. When loading a website that has the like button enabled, the user's web browser connects to Facebook's servers, which record which website was visited, and by what user.

A week after the release of the social plugins, Facebook announced that 50,000 websites had installed the features, including the like button. Five months later, the number had increased to 2 million websites.

Another controversial bit is the Onava "VPN" application that Facebook used to trick users into feeding them all of the traffic from their mobile devices with the false pretense of protecting their privacy.

It's Closer Than You Think

The violations of your privacy go deeper than the web, and deeper than Facebook and Google. Apple and Microsoft have both seen involvement with the PRISM program alongside Facebook, Google, and Yahoo. Dropbox as well.

Microsoft holds the largest market share when it comes to desktop operating systems. They are also the authors of the msot used office suites and one of the largest email providers. According to the article on PRISM, the NSA can request access to just about everything on their servers, including things like OneDrive, emails, or Word documents, or the data from everything you type.

If you turn on Speech, inking, & typing, we collect samples of your typing and handwriting info to improve our dictionaries and handwriting recognition for everybody who uses Windows.

Yeah...I wouldn't trust that they are only using how they say. Microsoft could also be using your data in a number of ways they do not talk about, and most would be none the wiser because you cannot view the code.

Microsoft is so determined to spy on you, their even their open developer tools use telemetry by default, with the only step towards properly respecting users occuring in PowerShell.

Apple's cloud services and their involvement with PRISM means macOS and iOS users are just as exposed.

How Do I Protect Myself?

You might be feeling a little dejected at this point. What can one do to stop being spied on if their privacy is being violated by everything? Good news is, not everything spies on you. Below is a list of things to help you start protecting yourself or your data:

• Do not use any services or software from the following companies:

  • Facebook
  • Google^*
  • Yahoo
  • Microsoft
  • Apple

• Do not trust any services within the U.S.A. or U.K. with sensitive data (privacytools.io)

• Use only free, libre, and open-source software

  • GNU/Linux instead of Windows or macOS (bold are recommended)

    • Debian: For the perfect balance of free and easy
      • PureOS: A fully free distribution based on Debian, with security and privacy in mind
      • Trisquel: A derivative of Debian with only free software. Slow updates.
      • Ubuntu: Easy setup, easy living. Most supported distribution by software vendors, includes proprietary software
    • Fedora: Another well supported distro. Seperate package handling from Debian-based distributions
    • Arch Linux: A flexible, extensible distribution good for learning about the innards of Linux. The community repository, the AUR, has most software that is not in the regular repositories. Quick software releases
      • Parabola GNU/Linux-libre: A derivative of Arch that takes freedom very seriously.
      • Hyperbola GNU/Linux-libre: The flexiblity of Arch with the stability of Debian, with only free software included.
      • Manjaro or Antergos: Arch without the involved setup

  • Firefox or GNU Icecat instead of Chromium based browsers

  • LineageOS (without Google Apps) or Replicant instead of Android or iOS

  • Matrix via Riot.im for chat instead of Skype/WhatsApp/Messenger/Telegram/etc.

  • LibreOffice instead of MS Office

  • Krita or MyPaint instead of SAI or other drawing software

  • Find a Nextcloud instance instead of Dropbox, OneDrive, or iCloud

  • More at the FSF directory

• Encrypt everything.

  • Start with the Free Software Foundation's email self defense guide
  • Matrix has E2E encrypted chat, voice, and video calling supported through Riot
  • Learn about Disk Encryption

• Stop searching from Google

  • SearX: an open-source, self-hostable metasearch engine
  • DuckDuckGo: A private, non-tracking search engine
    • Privacy policy
    • Why you can use them safely
    • Can be used with no JavaScript via https://duckduckgo.com/html/ or https://duckduckgo.com/lite/
    • Note: They are U.S. based, so the government can manipulate them into making changes without disclosure
  • Qwant: A France-based privacy-oriented search engine
    • Privacy policy

• Install the following (free software) extensions on Firefox:

  • Privacy Badger: Blocks trackers on websites you visit (e.g. Facebook like buttons, Google Analytics)
  • Decentraleyes: Blocks request to CDNs (a possible tracking method) and provides locally stored versions of popular web frameworks and libraries
  • uBlock Origin: A trustworthy, open adblocker
    • There is no official site outside of GitHub. Only the Firefox marketplace and the Chrome Store are trustworthy distributors. DO NOT USE ublock.org
  • uMatrix (For the vigilant. Highly Recommended): In-depth configuration for content and script blocking. Helps stop tracking and cross-site attacks. Avoid sites that are completely non-functional without tweaks
  • TOS;DR: A plugin providing short, informative summaries on the TOS of websites you visit
  • Cookie Autodelete: Automatically deletes cookies of visited sites either when you close the tab (recommended) or close the browser. Turn on auto-clean and whitelist as few sites as possible.

^{* The only exception to this is free software with full source code available under a free license. This allows for the AOSP and open source ROMS based on it to be used, but not Chrome or Chromium.}

You may use this content under the terms of the CC-BY-SA 4.0 International license.