Protecting your online privacy

Note: Updated to mid-2017 standards.

I came across on this post from William Durand about how to maintain your privacy and I said "uhm, is kind like me but I can provide an additional level or two of paranoia", so here goes my point of view.

Just a few notes to not repeat later:

  • I don't plan to fully remove Google from the stack. I try not to give it too much info but I've come to terms with myself about leaking some data as I really like some of their services. It's an evil I can live with for the time being.
  • I have a history of not liking IM/chat applications nor social networks.
  • I prefer to talk with people in person. With a beer, a refreshment, whatever, but I get quickly tired of talking by the phone and instant messaging stresses me unless I'm in the mood to chat.
  • I don't have push notifications, except for auto-updated apps (I want to know if something breaks for a reason). It's a powerful tool but I don't want my phone to control my life and/or time.
  • A few of the tools and extensions are thanks to my friend Lobo666, as he has a quite different view to how internet should work and he's always searching for ways to "adapt it" to his liking.

Basic privacy control

  • 0.0.0.0 some hostnames: "nulling" domains from the hosts file is nice for blocking Facebook, Disqus, AdWords, Google Analytics and other "sevices" I definetly not want any tracking.
  • µBlock & µMatrix: Once you install µMatrix you really see the (frightening) reality of how many cookies, scripts and 3rd party services most websites have (and you can now block). µBlock is quite good also for privacy control filters, not only advertisement. Ghostery is not bad and an easier alternative, but not as powerful for advanced users.
  • Use a browser with Ad blocking and Javascript blocking: Alternative or complementary to previous point, but for mobile. Either Firefox Mobile with uBlock or Brave browser (which also has a javascript blocker). You don't imagine how fast internet loads some pages when you disable JS on them, plus you block 99% of the tracking.
  • Disabling AdvertisementId on mobile phones: Both iPhone (Protect My Privacy is a must for iOS if you jailbreak it) and Android (at Google Settings app, Ads section you in theory can disable sending the id). I also have an ever-growing "mobile hosts file" with hundreds of urls of common advertisement domains and platforms.
  • Disable Google history whenever possible: Search, Gtalk, Maps, Youtube, Chrome autofill and DNS prefetching...
  • Use DuckDuckGo: I switched to it around a year ago and I'm pretty happy. I keep a Google shorcut also for some searches, as for example at image search Google performs better regarding accuracy.
  • Fake email addresses for not important services: www.guerrillamail.com and the like are perfect for this job.
  • Clear your Instant Messaging apps: Don't store backups and don't send the "read state". I also clear all conversations from time to time.
  • Careful where you store a cloud backup of your data: Some cloud storage provides have a history of security issues, others have poor or no native sync clients... There are always trade-offs.
  • Paranoid privacy control

    Here's when I get crazy according to my friends, so I understand no everybody would do any or all of this actions.

    • Delete 3rd party cookies, LocalStorage and browser Cache frequently: µBlock allows to delete them after X minutes. This is quite good for some dirty tracking cookies and techniques that might have slipt the filters.
    • Fully disable Flash: I have it disabled at Chrome, and have Firefox in private mode if I must see something that doesn't provides HTML5 fallback. Flash allows some persistant tracking techniques.
    • Delete all old email each 6 months: Previous local backup if you want. Use a desktop client to download a copy (Microsoft Outlook, Mozilla Thunderbird...) and delete all emails older than 6 monthss.
    • Delete past calendar events: I don't like giving that sort of "life history" on my calendar, as I'm a heavy GCal user (due to being terrible remembering more than a few pending tasks).
    • Delete all tweets older than 3 days: Nobody records me when I talk in person, right? So why keeping a long-lasting record of all the stupid things I say over twitter? A nice script deletes all older ones, as I don't need a backup. I assume they get just logically deleted (marked as removed but that's all) but it's better than nothing.
    • Delete all instagram photos older than 90 days: I had Google Picasa and deleted everything, now I like Instagram but not so much how they keep hold on your photos. You can't delete them from the website nor from the API, so I have a dumb script that just opens "old photos" in my browser when run so I know which ones are due removal from the mobile phone app. I no longer use instagram for personal photos so no issues anymore.
    • Use as few social networks as possible: My G+ is empty (required for some Google services), and after a few years using other social networks I ended up deleting their accounts, like Facebook (I also tried to remove old content from them via JS scripts, but got tired after a while). In a social network your data is the product. Data that also at the most gets really deleted after a few years (if even really removed), because due to law requirements has to be kept for a while, so is simply a matter of not writing anything so you don't need to care about removing it.
    • Never use a service that only provides Facebook Connect: If a site or service forces me to use FB Connect it is almost always to steal my contacts so I'm not willing to do that. And now I simply cant as I no longer have an account.
    • Don't use "smart services": I never used Google Now, Inbox or similar services or applications that build an even more advanced profile of my data and life to "bring suggestions and help me". I'm ok helping myself the way I do things, thanks.
    • Fake all registration data for non-essential services: I actually read some Terms of Service, and they are sometimes like horror movies, so as I can only apply a boolean accept/refuse action, combining fake data and disposable emails is my "I only partially accept your ToS".
    • Don't install mobile applications if there's a web alternative: I carefully check which permissions a mobile app asks me to grant it and many times they're excessive. Also it is not always easy to block tracking from apps (I've had app crashes after firewalling some analytics domains), so I prefer to rely on the (most times) faster HTML5 alternatives.
    Posted by Kartones on 2015-01-20

    Comments?

    Share via: Twitter Linkedin Google+ Facebook