First Five Steps to Privacy
You may listen to the podcast version of this essay here:
Dear privacy seekers,
We all want simple solutions. When people follow a channel like this they want that one golden nugget of advice—that one program or service or technique—which will take them out of the system. But there is none. One of my favorite quotations is attributed to Thomas Edison: “Opportunity is often missed by most people because it is dressed in overalls and looks like work.” If you want instant magical privacy, you’ll have to find that in science fiction.
1) Stop giving away your information
The first thing to do if you want privacy today is to get to work. Get to work not giving out your data. This is hard. Every day—every hour—some website, app, or person demands your email address, your name, your phone number, or some other piece information about yourself. Don’t give it to them. Remember this: everything you give to someone who stands behind a computer is preserved indefinitely in the digital age. Even if you request a company to delete this information, digital deletion is a myth. Computer data, like energy, cannot just be taken out of existence—it can only be put somewhere else. When you drag something into your “trash” bin that does nothing but make that data more difficult to access.
Here’s what happens when you give information to someone else. They catalog it. They put it in a database. That database is going to get leaked or hacked at some point. Or shared. Or sold. That database might itself be a third party service. The fundamental point is that you had something you alone possessed, and now you have given it away to someone else. Stop lying to yourself and understand the fundamental point: you can’t just give away your data anymore.
Get used to saying “no” to people. It’s within our social conditioning to comply when asked to do something. But requests to see your ID or other information should be met with questions: “Why do you need that?” “Am I required to give that to you?” You can also simply say “I don’t give out that kind of information.” If someone must have this information or ID, make them explain why it is so. Don’t give them a free out by caving in under the social pressure, and do not be afraid to walk away. On a web page always press “next” first to see which options are mandatory and always look for “skip” buttons hidden across the screen.
I once was helping an American client years ago to set up phone service at an AT&T shop. The salesperson asked for a Social Security Number, and I said we wouldn’t be giving one. The worker simply put in all zeros and continued along. You would be surprised how often you can bypass “requirements” simply by putting your foot down. You just need to learn to stand up for your self and your data.
As you develop a firm automatic rejection when asked to give information, you might eventually insert some more casual responses to see if they work.
“I just moved here and don’t recall my address at the moment.”
“I just got a new phone number and can’t remember what it is.”
“I left my ID in the car.”
“Sorry I don’t have that information.”
If you treat the whole ordeal as casual and blow it off, the person behind the desk will sometimes do likewise. You could try to look like you’re in a rush. Remember: they’re just trying to have an easy day and are sometimes happy to skip things if you indicate that you want them to.
Now to the online realm. First, stop with the “free accounts.” You think if an institution gets your email address that that was a “free” transaction? Absolutely not. If a product is free, then you are the product. Never forget that.
If you must create a new account, for goodness’ sake don’t give you name, date of birth, or anything else that they don’t need. Instagram doesn’t need to know the exact day you were born. Nor do they need to know your mother’s real maiden name. In fact, such information can be used to hack your account. Give something fake, note it in your password manager in case you’re asked later on, and move along.
We should note here that you’ll have to develop a sense of when something is required and when it is not. For more serious services, such as buying a website domain, if you put in information that you cannot validate (for example should the international domain mediator ICANN come knocking), then you could be out of a domain. In situations like these I like to give verifiable information. I might use an initial for the name—sometimes first initial or sometimes entirely initials—and to use a phone number that I can actually answer. This is where apps like MySudo, or other burner phone services, work well. It can be difficult to tell if fake information will come back to bite you, but just reason it out and plan in advance. Think, for instance, whether your mechanic needs to know any real information about you, especially if you pay in cash. I can’t think of any reason.
But back to the online realm. You might be asking how you can use the huge array of services today without giving out an email address. Unfortunately you can’t, since you’re right: too many services demand an email. I suggest two things. First, avoid these services. I try to use as much free open-source software (FOSS) as I can. For example, the Adobe Creative Cloud is a nightmarish online-only rented piece of software that demands payment and various other information. And because it requires these verifications and is run by a massive tech conglomerate, it’s not unlikely that you’ll be denied service some day because you use a VPN, or you can’t verify the information you gave, or any number of other reasons that we privacy people have to deal with. But if you learned to use the FOSS alternative GIMP for photo editing, you won’t have to create an account, be online, or worry about being kicked off. And you don’t have to pay. You own that software. Always try to find a FOSS alternative for a product you use. You probably already use a FOSS, such as Audacity or VLC Media Player. FOSSHub.com is a great website to see what’s out there.
Quick note: I have said regularly to avoid free services, but FOSS are different from falsely free software in that they are community-driven, created by volunteers, and have at their core the idea of ownership.
The second way to get around these demanding online services is to make use of alias email services. With a 33mail account or a SimpleLogin account you can generate unlimited alias email addresses that connect to your main email address. So the service you’re giving it to doesn’t know your real email, but you still get their messages. Very convenient. Just realize that these services are more likely to disappear than your main email account, so be careful what you use them for.
Here’s a quick overview of 33mail:
You create an account and choose a username, such as SterlingSlippers. This connects to your primary email account, or whatever account you want.
You go to a website, for example to buy a movie ticket. When it asks for an email you put movieticket@SterlingSlippers.33mail.com.
Then, 33mail automatically creates this email and the transactions goes through
Now you get the receipt from the cinema to your primary email account through the proxy of 33mail. The cinema doesn’t actually know your real email address. You can block this alias at any time.
Alias emails are just one way to stop giving out your information, which you need to start practicing today.
2) Be Self-Sufficient
Most privacy invasions happen because you didn’t do something yourself. If you did your own taxes you wouldn’t have to rely on a shady, or even a reputable, accountant. If you taught yourself a subject or occupation you wouldn’t have to be sucked up by the data vortex called a “university.” The list goes on.
Self-sufficiency is really at the heart of privacy and there’s no way around it. Look around you today and you’ll see endless options for people, services, websites, and apps to do things for you. Don’t let them. You do your things. You might not need an invasive calendar service that connects to your email account and plans your life. You probably don’t need a plumber to come over, collect your address and name (and money) just to do something small you could have learned about on YouTube. You don’t need an app delivery service to bring food to your mouth. You don’t even need an employer to give you a job to make ends meet. You can run your own business and have this employer as a client.
There’s a really good book called Unscripted by MJ Demarco which I often recommend. Buy it and read it. It’s a fabulous primer on self-sufficiency. Another more philosophical book is Antifragile. You can also read texts from across history that will help you understand self-sufficiency. One of my favorite groups of people is the so-called Lost Generation. Writers like Ezra Pound and Ernest Hemingway left sleepy Midwestern American towns to travel across Europe and the rest of the world. Mind you, this was an era when there were no planes, few passports, no global English-speaking, no international regulations, no Google translate, and no guarantees. You would show up in a country and hope you wouldn’t get stabbed in the neck in your first ten minutes and hope you could get along to survive when almost no one spoke your language. But they did survive. And thrive. Because they knew how to speak and learn languages, how to read a map, how to go days without eating, how earn and manage money on the go, and how to deal with people unlike them. They were, in short, self-sufficient. And we’ve lost that. Today we scream like children to our politicians, who pat us on the head like the whipped dogs we are. We complain when the Internet shuts off. Instead, why not start to fashion a life that is not dependent on all these systems. Learn to fix things. Learn to get work done without the Internet. Learn to perform chores without electricity. Learn to mend clothes. Learn to buy locally and barter and find neighbors with things in common. Learn to fix your own car. Learn how to make your own website. Learn to build your furniture. Or your own computer. Learn how to get somewhere without your navigation app.
The privacy consequences of self-sufficiency should be obvious. The more you do for yourself the fewer systems and third-parties you get plugged into. Where should you start? Go back to my first essay for advice on being a minimalist.
3) Don’t rely on a single company or service
To take one example, Google has quite the monopoly over our information. How many Google products do you use? Gmail? Google Docs? YouTube? An android phone? A Chromebook? Google translate? Google search? Google Drive? Google Hotels? Google Flights? Just consider the things Google knows about you. The spiderweb of data they have on you weaves a story about your interests, your hopes and dreams, such personal data that they might know more about you than your significant other does.
There’s a fundamental privacy problem with interconnected things. Things that are interlocked know a lot about each other, as a general rule. Isolation, separation, air gapping: these are at the heart of privacy.
So what can you do? First of all, don’t be foolish. Stop searching on Google when you’re logged in to your Google Gmail account. That’s the fast track to Google knowing everyone about you. YouTube is the same. As a general rule, stop being logged in to everything at once.
You can get a bit of help here by downloading a second browser to separate your logged-in life fprom your searching. You can change your default search engine to DuckDuckGo instead of Google. You can use the Firefox browser add-on “Firefox Containers” to separate all Internet cookies between multiple tabs with the click of a button. Or you can take the more comprehensive route and stop being logged in so often.
Next, avoid convenience. Just because a service says “Log-in with Apple” doesn’t mean it’s a good idea. You should have unique log-ins for every service you use, and you should store them in a password manager. Once you get into a password manager routine you’ll get enough convenience to get things done smoothly. Convenience breeds laziness, and leads to exposure.
Finally, find alternatives to the products you use. Instead of Gmail there’s ProtonMail. Replace Google Chrome with Firefox; Google Drive with ProtonDrive; Google Documents with Standard Notes or LibreOffice. There’s a ton of free open-source software that is really good, which is independent, and which doesn’t suck up your data. Instead of buying on Amazon, promise yourself to buy every other item you need at a different website, or at a brick-and-mortar store. Take a tour of the services you use and ask yourself how dependent you are on a single company. Privacy demands decentralization and diversification.
4) Use Private Messengers
Private messaging gives you some of the best bang-for-your-buck in the privacy realm. If you’re using standard SMS messaging and your mobile phone service for talking, you’re doing it wrong. This is one area where technology has actually helped privacy instead of hindered it. Any time you send a message to someone—including sending an email—you should first ask if it can’t wait until you see them in person. If it can’t wait then you want to use an Internet-based messaging service. Not email, because it is broken, but an Internet-based messaging service. Not just any messaging service, of course, but one that has the following characteristics:
Text and voice service (obviously)
Zero-knowledge end-to-end encryption. Basically your message is only visible by you and the person to whom you have sent it.
Open-source application. That means that the application’s computer code is available for you (or other privacy-concerned experts) to view it and make sure it does what it promises to do.
Those are the basics. There are other “nice things to have” as well. It would be great if your messenger had expiring messages. Think about it: regardless of how private the messenger is, if it remains on your phone and your friend’s phone then it is vulnerable to anyone who looks at that phone later on, from snooping family to thieves to airport border agents. A messenger like Signal allows you to destroy all messages (for you and the person to whom you’re messaging) after an hour, or a day, or a week, etc.
You also want to see a reputable company that cares about privacy. That rules out Facebook and its WhatsApp application, for example.
You might also favor an application that doesn’t demand personal details in order to register, such as an email address or your actual phone number. Unfortunately the very-popular app Signal relies on phone numbers for some bizarre reason.
Private messenger services are cropping up left and right, but some have risen to the top. Try Wire, Signal, or Session. Matrix/Element is also up there. These are some of the more popular ones—obviously there are more obscure ones that you won’t convince many people to use. The important thing is that the people you communicate with use it. Though you might also have to be the trendsetter in your circle.
What do I use? Well, I use a mix of these. I also send nearly all of my messages from my computer, and that’s another great feature of these services. If your contacts are on your Signal account for instance, then you can fire up your laptop from any place on earth and type or talk away. That’s pretty amazing, as far as I’m concerned, and in many cases completely removes the need for a phone in your daily life.
Go get a private messenger and start using it today.
5) Control Social Media
You might not like to hear this, but let’s be honest: you shouldn’t be using social media. And that’s only for privacy reasons. For other reasons—moral, philosophical, social, psychological, epistemological—you should avoid Facebook and TikTok and Instagram and all the rest like the plague.
Let’s get to the heart of the issue. How is it that Facebook and Twitter and all of these firms are some of the richest companies on earth but they don’t charge you a penny to use their service? Where do these endless billions come from? What has Mark Zuckerberg sold to earn his 100 billion dollars?
No, seriously: think about that.
Here’s the answer. Social media companies trade in data—your data—and by using them you have handed over your personal details, your location, your interests and habits, your political views, your images (for facial recognition R&D, among other things). Do you really think that’s a good idea?
I’ll stop moralizing and we’ll cut to the chase. I recommend closing down your accounts. If you’re not willing to do that, at least do the following:
Reserve social media for your computer and not your phone. Your phone has an operating system that likes to share app information with other apps. It is also connected to your location and your camera. Do as much social media on your actual computer as you can.
Visit your privacy settings and take a close look. These probably aren’t going to get you much privacy, but they can help. Look for settings that get you out of search results, that prevents tagging of you, and that avoid as much marketing as possible. Spend a good twenty minutes tonight looking over these settings.
Avoid putting photos on social media, especially photos of yourself.
Don’t ever post about where you are. At the very least do so hours after you have left a place you don’t intend to return to.
Don’t send private messages through social media. Find someone you want to talk to and use a private messenger to talk to them.
With social media like Twitter, consider not setting up an account and simply browsing as a “lurker” or a “ninja”
Summary: In the end privacy is a journey and not a one-time process. It starts not with fancy software but fundamental behaviors. Start keeping your information to yourself. It’s an increasingly dangerous world out there—increasingly so—so plays your cards close to the chest.
Don’t give out your information. Be self-sufficient.
Yours in peace and privacy,
Gabriel Custodiet
https://watchmanprivacy.com/