Kartones Blog

Be the change you wanna see in this world

Protecting your online privacy

I came across on this post from William Durand about how to maintain your privacy and I said "uhm, is kind like me but I can provide an additional level or two of paranoia", so here goes my point of view.

Just a few notes to not repeat later:

  • I don't plan to fully remove Google from the stack. I try to give it too much info but I've come to terms with myself about leaking some data as I really like some of their services. It's an evil I can live with for the time being.
  • I have a history of not liking IM/chat applications nor social networks. I installed MSN Messenger at university because I had no alternative and left it years before its shutdown, never used GTalk much, was reluctant to create a Facebook account and never used it very actively.
  • I prefer to talk with people in person. With a beer, a refreshment, whatever, but I get quickly tired of talking by the phone, chats stress me, and I usually have all whatsapp groups muted to read them when I have time.
  • I don't have push notifications, except for auto-updated apps (I want to know if something breaks for a reason). It's a powerful tool but I don't want my phone to control my life and/or time.
  • A few of the tools and extensions are thanks to my friend Lobo666, as he has a quite different view to how internet should work and he's always searching for ways to "adapt it" to his liking.

 

Basic privacy control

  • 127.0.0.1 some hostnames: "nulling" domains from the hosts file is nice for blocking Facebook Connect, Disqus, AdWords, Google Analytics and other "sevices".
  • µBlock & µMatrix: Once you install µMatrix you really see the (frightening) reality of how many cookies, scripts and 3rd party services most websites have (and you can now block). µBlock is quite good also for privacy control filters, not only advertisement. Ghostery is not bad and an easier alternative, but not as powerful for advanced users.
  • Disabling AdvertisementId on mobile phones: Both iPhone (Protect My Privacy is a must for iOS if you jailbreak it) and Android (at Google Settings app, Ads section you in theory can disable sending the id). I also have an ever-growing "mobile hosts file" with hundreds of urls of common advertisement domains and platforms.
  • Firewall all the things: Both in computers and mobile phones. On iOS again via jailbreak only but at least it's possible. The amount of tracking services available is staggering (especially on games, but present everywhere), a firewall allows to disable all those flurry analytics, apparent crash report entrypoints and the like. It's a bit tiring at first (while you "educate" the firewall with which hostnames to block or let pass) but pays off.
  • Disable Google history whenever possible: Search, Gtalk, Maps, Youtube, Chrome autofill and DNS prefetching...
  • Use DuckDuckGo: I switched to it around a year ago and I'm pretty happy. I keep a Google shorcut also for some searches, as for example at image search Google performs better regarding accuracy.
  • Fake email addresses for not important services: www.guerrillamail.com and the like are perfect for this job.
  • Clear your IM: I only use Whatsapp for personal messaging, and I don't do backups nor send the "read state". I also clear conversations on the phone from time to time.
  • Use Box instead of Dropbox: Because I'd rather lose "cool features" (not many really, they're pretty similar) and not support such disgusting people related to Dropbox. Also Dropbox has a history of security issues.
  • Try to avoid iTunes and iCloud: iCloud's security issues apart, I don't trust Apple a bit so I directly don't use iCloud for anything. I still have to rely on iTunes for my iPad, but I have also almost everything disabled on it. It's just a big fat and ugly synchronizer desktop virus application.

 

Paranoid privacy control

Here's when I get crazy according to my friends, so I understand no everybody would do any or all of this actions.

  • Delete 3rd party cookies, LocalStorage and browser Cache frequently: µBlock allows to delete them after X minutes. This is quite good for some dirty tracking cookies and techniques that might have slipt the filters.
  • Fully disable Flash: I have it disabled at Chrome, and have Firefox in private mode if I must see something that doesn't provides HTML5 fallback. Flash allows some persistant tracking techniques.
  • Delete all email yearly: Previous local backup if you want. In my case, I backup using Outlook and in .PST files classified by year. Google allows to export emails too from Google Takeout. If I need something old, I turn on the virtual machine where I have Outlook with all my email history and search it (quite unusual scenario, for me at least).
  • Delete past calendar events: I don't like giving that sort of "life history" on my calendar, as I'm a heavy GCal user (due to being terrible remembering more than a few pending tasks).
  • Delete all tweets older than 7 days: Nobody records me when I talk in person, right? So why keeping a long-lasting record of all the stupid things I say over twitter? A nice script deletes all older ones, as I don't need a backup. I assume they get just logically deleted (marked as removed but that's all) but it's better than nothing.
  • Delete all instagram photos older than 90 days: I had Google Picasa and deleted everything, now I like Instagram but not so much how they keep hold on your photos. You can't delete them from the website nor from the API, so I have a dumb script that just opens "old photos" in my browser when run so I know which ones are due removal from the mobile phone app.
  • Use as few social networks as possible: My G+ is empty (required for some Google services), and after a few years using other social networks I ended up deleting their accounts, like Facebook (I also tried to remove old content from them via JS scripts, but got tired after a while). In a social network your data is the product. Data that also at the most gets really deleted after a few years (if even really removed), because due to law requirements has to be kept for a while, so is simply a matter of not writing anything so you don't need to care about removing it.
  • Never use a service that only provides Facebook Connect: If a site or service forces me to use FB Connect it is almost always to steal my contacts so I'm not willing to do that. And now I simply cant as I no longer have an account.
  • Don't use "smart services": I never used Google Now, Inbox or similar services or applications that build an even more advanced profile of my data and life to "bring suggestions and help me". I'm ok helping myself the way I do things, thanks.
  • Fake all registration data for non-essential services: I actually read some Terms of Service, and they are sometimes like horror movies, so as I can only apply a boolean accept/refuse action, combining fake data and disposable emails is my "I only partially accept your ToS".
  • Don't install mobile applications if there's a web alternative: I carefully check which permissions a mobile app asks me to grant it and many times they're excessive. Also it is not always easy to block tracking from apps (I've had app crashes after firewalling some analytics domains), so I prefer to rely on the (most times) fantastic HTML5 alternatives.