Although I am not “certified” security professional, security and privacy concerns are something I am regularly engaged in and have to address with clients regularly. I often hear “I have nothing to hide” or “I’m not very interesting”. Both of those things may feel true to you as you say them, but they’re not actually true. You may have nothing in particular to hide or even not be particularly interesting (I’m sure that’s not true!), but you do very much have things in general that you should hide and you are certainly more interesting than you may think. In addition, as a holder of other’s people’s data you have a responsibility to actively protect it.Just yesterday, after I mentioned that when using Chrome, Google tracks every little thing you do, my client said “at least they’re only trying to sell me things”. On the face of it, it seems true and possibly innocuous (at least if you’re relatively ok with the current expression of capitalism), but as with most things in life, it’s not that simple. If it really was limited to showing you ads for things you might be interested in, it might really be ok. Unfortunately, what it really is, is an ever growing dataset, that not only represents the largest human database the world has ever seen, but is an amazingly accurate representation of who you are online, which is likely pretty close to who you are IRL.
Why is that concerning? Well, Google could tell you a lot (or maybe everything) about your political beliefs, your physical and mental health, your family, your sexual tastes and partners, where you were at 2pm yesterday, where you’re thinking of going on holiday, that you are looking around for a new job, and ad infinitum. You don’t even have to be obvious for the pieces to come together and point in a particular direction. Google probably knows more about you than your mother or your lover. And that goes for many other online companies as well. Frankly, it’s much more pervasive than government surveillance in all but the most oppressive regimes. Facebook too (even if you don’t have an account).
If you don’t care, then I guess that’s that, but if you do care, and are just feeling defeated and overwhelmed trying to figure out how to manage the situation, here are a few suggestions:
- Use Mozilla Firefox as your browser on your computer and your phone. It actively blocks quite a lot of tracking by default. Google is never going to do that with Chrome because their business depends on knowing everything about you. Mozilla doesn’t collect your data (well, your name and email if you make an account to save your bookmarks and logins) because they are a non-profit whose goal is to make the Internet accessible and safe for everyone. Apple Safari and Microsoft Edge are better than Google Chrome, but only because Microsoft and Apple never got to be very good at tracking–they do it, just not so successfully.
- Disable location tracking in your Google Account. You will likely find that unless you turn off all the radios in your phone, you can’t completely stop tracking your location, but you can stop Google from keeping a log of your location in their dataset by disabling Web & App Activity in your Google account settings. If that link didn’t get you where you expected, you’ll finder a longer explanation of how to do it in this Wired article.
- Use Privacy Badger from the Electronic Frontier Foundation to block tracking. EFF has been all about user rights and privacy from their inception. Privacy Badger is a recent foray into tools that try to remain smarter than the trackers, it dynamically determines who the troublemakers are. There is also a version for Chrome if you just can’t bear to stop using it, but it can’t stop Google if you’re using Chrome while logged in to your Google account or Gmail.
- Use Facebook Container. This is an add-on for Firefox that keeps Facebook trapped in its own little box so it can’t watch every damn thing you do.
- Support privacy orgs like OpenMedia.ca and EFF that are pressuring government to strengthen privacy laws to cover our digital lives. You may not be a fan of government, byut it is the most powerful lever we have to control incursions on our privacy by companies and even by government itself.
I hope you will take at least one of these small actions to protect your data. If you’re a client, I’m happy to field your questions.