Online Data Protection 101: Don't Let Big Tech Get Rich Off Your Info

Personal information is the currency on which much of the internet depends. It'south gathered everywhere, often without people's knowledge, and it effectively pays the bills on many free services and apps nosotros accept for granted. Depending on how radical you are, you could see this as a fair trade in exchange for services—or every bit companies extracting costless labor from the net-using populace.

The Scope of the Problem

Understanding this ecosystem is difficult, merely removing yourself from information technology is fifty-fifty harder. For starters, years' worth of your information is already in the possession of numerous legal information-broker sites.

In the form of writing this longer feature about how companies turn your data into money, I looked at and purchased data from several information brokers. I then took stock of the sheer bulk of data I had knowingly and unknowingly provided to social-media services. It's staggering.

That'southward not even because the volume of my personal data that is invisible to the outside world—locked upward inside the databases of publishers, third-party advertising companies, search sites such as Google, and so on. That data is compiled, sliced, diced, perhaps anonymized, and distributed entirely outside my control.

Then there's the data that has been stolen. Some of this I know almost. My Social Security number (amid other things) was stolen during the now-legendary Role of Personnel Management hack, in which data stored past a major government office was exfiltrated. Information technology's a running joke of mine that privacy doesn't really matter much to me, since the Chinese government can probably bank check my credit.

But hopelessness is boring. If technology got me into this mess, I can try to utilize engineering to become me back out.

Cleaning Up the Mess

Abine's DeleteMe service looks inside data broker and public records aggregator websites to find personal information for sale. The service costs $129 per year for 1 person and $229 per twelvemonth for a second person. As with LifeLock and similar services, you take to provide Abine with a skillful amount of personal information in lodge to get information technology removed elsewhere. Because information brokers have differing requirements to have information removed, Abine asks that y'all upload an anonymized image of your state-issued ID.

A scattering of these services respond instantly, but near take between a day and a week to process DeleteMe's requests. Some tin take up to six weeks, which DeleteMe chalks upwards to the requirement of some services that a request for data removal exist snail-mailed. Role of what you're paying for with DeleteMe is to have someone else handle the slow follow-ups and continued tracking of personal information. My personal information could, eventually, discover its manner back on to whatever of these sites.

Security researcher Troy Chase runs the site HaveIBeenPwned.com, which aggregates the information from mass data breaches into a searchable service. This includes data that was disclosed by the companies but too public dumps of the data from the bad guys. Blazon in your electronic mail, and you can come across which of your accounts were exposed.

According to the site, my data was involved in breaches from 17 sites and three public information dumps. So my data is already floating around the Night Spider web, likely beingness sold and repackaged over and over over again.

Hunt doesn't offering a tool to address these breaches. Instead, he gives the same advice I or whatsoever other security professional would: Change your countersign to something complex and truly unique, and turn on two-gene authentication (2FA).

What'south 2FA? There are three mostly recognized factors for authentication: something you know (such as a countersign), something you accept (such as a hardware token or cell phone), and something y'all are (such as your fingerprint). Ii-factor means the system is using two of these options. In practice this means performing another action, similar inbound a six-digit code from an app, after entering a password.

As for the information exposed in the breach, it's equally good as gone. Only knowing which sites are at the highest risk is useful. Information technology's also an opportunity to decide whether these are worthwhile services. While requesting that a site or service delete your account might not ever work (some just archive it in case you come back), it's worth a shot.

Last, nigh countersign manager software includes tools to cheque for breached accounts and warn you lot against recycling passwords. Some programs even highlight sites where you've recycled passwords and automatically change them for you.

Going Forward

While working on my larger story, I tried to leave as small a information footprint on the web as possible. I don't believe information technology'southward possible to avoid all data collection and still be either A) alive or B) a contributing member of modern American society, only it is possible to cut back. And information technology's absolutely possible to go more than enlightened of the information you spread.

Email Addresses

Email has been around so long that it seems mundane and even expendable, simply it'due south withal enormously valuable. Email addresses are useful identifiers and a direct means of access to consumers on the web. While we at PCMag have been telling people for years to finish recycling passwords and to let a password managing director do the heavy lifting, we've been quiet on the subject of electronic mail addresses. A recycled password is bad, but a recycled e-mail address is significant, too. There only hasn't been a good tool for managing a bunch of email addresses.

Abine Blur, yet, is i such tool. From the same company that created DeleteMe, Blur is a suite of privacy tools that includes a countersign manager and masked email addresses. Only enter a real email address on the Blur website, and install its browser extension. Any time you lot're prompted to enter an electronic mail address, Blur pops up and offers a masked alternative. Emails sent to your masked address will exist forwarded past Blur to your real address. All-time of all, you can generate and destroy new masked addresses on the fly. That'due south much better than clicking on unsubscribe and hoping.

I've been using masked emails for a few weeks, and I'g impressed. With two clicks, I've separated a service from my identity, and I permit my password manager (I employ LastPass) generate and remember long, weird passwords. That said, I have bumped into a few sites that wouldn't take the email addresses Blur created. Perhaps the email domain has been blacklisted. This was the exception, though, and I've had piffling issue with the service.

Phone Numbers

Telephone numbers are enormously important identifiers, because a phone number virtually always represents an individual person, thanks to cell phones. And unlike with other identifiers, individuals accept to receive and maintain a telephone number. This means each number is, to a certain extent, verified. So it'southward a expert idea to limit the extent to which your phone number is spread.

If yous can, decline making it available to apps that request it. Don't let apps to scour your contacts list to match you with your friends. Endeavor not to add your telephone number to forms unless admittedly necessary.

Unfortunately, we tin can't keep our phone numbers truly surreptitious. For one matter, you probably want to get calls and texts. For another, you accept to provide a telephone number to some companies in order to receive 2FA codes.

You can limit the spread of your phone number simply past creating another i. Google Phonation, an excellent and largely seamless service, creates a phone number that will forward to as many devices every bit you like. Y'all tin make and receive calls from the Google Vox app and even send and receive texts. For years, I have given out my Google Phonation number instead of my phone number. Just I've plant that some 2FA services won't accept a Google Voice number.

An Abine Blur account can likewise be used to create disposable phone numbers. Making a phone call with your number from Abine costs $0.01 to connect and $0.01 per minute, which is small potatoes compared with the $3.00 of call credits you're given each month.

Both Google Voice and Abine Mistiness limit you to ane dummy telephone number. The Burner app, however, lets you create and destroy numbers at your convenience. I oasis't tested this app and cannot speak to its efficacy or security, but it'due south a really bang-up thought.

Payment Methods

Credit cards are enormously convenient, but different cash, they go out paper trails. The issuing bank or credit menu visitor has a list of everything you've purchased. And like phone numbers, each menu is usually tied to a single individual. They also require some endeavour to go and maintain.

I advise people to avert using debit cards as much equally possible, just because you have more consumer protections with a credit menu. Just for privacy and security, I recommend fugitive using your bodily credit card number whenever possible. This is easy to do if you take a recent Apple or Android smartphone. Mobile payment apps like Apple Pay, Google Pay, and Samsung Pay all tokenize your credit- and debit-card information. That is, they create a artificial number that is connected to your actual card number.

Y'all can extend this same protection to other contexts with Abine Blur's masked credit cards. With Blur, you can chop-chop generate a prepaid credit menu with a bogus name and billing address. The minimum corporeality is $10, but you lot can asking a refund for any coin on your masked cards that you don't use. Yous can also create and destroy masked cards at volition, meaning y'all exit little trace from your purchases on a website or on your credit card statement.

Tracker Blockers

Equally you move beyond the web, sites assign trackers and cookies to you. Some of these permit the site remember who yous are and deliver a custom experience every time you finish by. That's useful if you always adjust the text size on a news site, for example. Only other cookies and trackers are used to trace your movements beyond the spider web to observe your habits or target ads.

Fortunately, you tin block many trackers and cookies using any number of ad and tracker blockers. I adopt Privacy Badger from the Electronic Frontier Foundation (EFF), but in that location are many others. Ghostery, TunnelBear, and Abine Blur are good options, and several ad blockers are available for iOS and Android, too.

Note that using these blockers can sometimes suspension websites. A blocker might, for example, forestall a site from communicating with the service that stores all its images, or it could prevent you from submitting an online course. Privacy Badger and others include toggles for each of the trackers and cookies on a site, letting you whitelist, blacklist, or temporarily permit an private service. You tin can too fix almost blockers to whitelist an entire site.

Email Clients and Services

Google says it no longer searches through your Gmail inboxes to retarget ads, but information technology seems that AOL and Yahoo might still be doing it. Moreover, many emails from companies and services contain trackers and other technologies that monitor whether their letters go through and track y'all when you lot click a link from the email. Some of this is washed with remote content—that is, elements that are stored elsewhere on the web merely called upon past the electronic mail yous receive. When the remote elements load, whoever sent the email knows that it made it through.

ProtonMail (from the creators of ProtonVPN) is an encrypted electronic mail service that doesn't make money off your content. That means no ad retargeting and no bots spidering through your emails. It also blocks remote content in emails by default, letting you choose whether you want those elements to load in your inbox.

The venerable mail customer Thunderbird may not be the slickest fashion to check your email, but information technology tin can cake remote content and embedded trackers. Information technology features fine-grained controls that let you whitelist email addresses for remote content, temporarily allow remote content, and choose which services can load in your messages.

VPNs

Thanks to a conclusion from our clown-shoe Congress, ISPs tin at present sell anonymized versions of your user information. This won't include your name and will be aggregated with the data from many other users, merely still: It'southward converting your online activities into money for ISPs.

When you lot use a virtual private network (VPN), your Isp tin't see what you're upwards to online. A VPN also effectively hides your truthful location and masks your IP address; both of those can exist used to identify you online and target ads in your direction. PCMag recommends NordVPN, Private Internet Admission, or TunnelBear for your VPN needs.

There are a lot of pros and cons to using a VPN, which I have discussed at swell length in my ongoing coverage of the VPN infinite. In full general, the big drawbacks of a VPN are price, impact on performance, and being blocked just for using a VPN.

Firefox Containers

Though it's a boom from the by for some, the newest version of Firefox is extremely good. Heck, it got me back using the vulpine browser for the first time in nearly a decade. Forth with its speed (and overall focus on privacy), Firefox also has a new trick upwards its sleeve: Containers.

Containers let you create separate spaces for different contexts. You can, for example, create Containers for piece of work, shopping, banking, and so on. Any sites y'all visit or log into in each Container (which tin contain multiple tabs) stays in that Container. If you're logged into your function's Google business relationship in the Work Container, y'all won't be when you switch to a different container.

Mozilla, the non-profit company backside Firefox, also offers a specific Facebook Container extension that keeps all your Facebook activities in one place. That makes information technology much harder for the social-networking behemothic to track you beyond the web. You can create your own Containers and assign them to individual sites.

Exploring the Alternatives

Many of the dominant forces on the cyberspace today are built on business organization models that monetize user data. But if you're willing to make a large change, a whole galaxy of services that don't seek to plow you into dollar bills does exist.

Over the last few months, I've made information technology a point to explore some of the open up-source and privacy-focused services on the web. While some are in their infancy, information technology's exciting to see what the web looks like when it's non after my information.

Use Web Apps Instead of Apps

Bill Budington, EFF senior staff technologist, recommends that people endeavor to employ spider web apps instead of downloading apps from app stores. Apps can have lots of complicated tracking technologies inside them, sometimes placed without the express knowledge of the app'southward developers. The problem is that some online services tend to button you toward using an app instead. Tumblr and Pinterest, for instance, are almost unusable on the mobile web.

DuckDuckGo

Google and Facebook boss data gathering and content distribution online. If you want a divorce from Google, try DuckDuckGo. This service doesn't record your search activity and doesn't seek to monetize your activities. It likewise has some dandy features that Google doesn't offer, including a dark mode for its search page and the ability to get straight to an paradigm-search event.

I have found some things that Google is just better at than DuckDuckGo. For example, Google is almost ever able to discover a tweet based on but the content that I tin can remember. DuckDuckGo, not then much. Just by making DuckDuckGo my default search engine in Firefox, Google is at present merely some other tool in my cyberspace toolbox.

OpenStreetMap

Google Maps is, arguably, ane of the greatest creations of the internet age. Being able to find your style from ane place to almost whatever other place on Earth from a search bar is amazing. But Google Maps also trades on your activities. When you use information technology, you're providing Google with your location, also equally of import information well-nigh you lot, such equally your commute, your travel habits, and fifty-fifty where you like to shop and consume.

OpenStreetMap is a crowd-sourced, freely distributed map service. Think Google Maps but open-source. It can become yous from signal A to point B pretty well past human foot, automobile, or bike. Unfortunately, it lacks the transit directions and business concern search that make Google Maps and then magically useful. But again, information technology'due south nice to have an alternative in the toolbox.

Bring together the Federation

While several attempts have been made to create an ethical, advert-complimentary social network, about became punchlines. The unveiling of Mastodon in 2022 was a little different, at least for me, considering the service was so polished at launch. Information technology was also a swell opportunity to learn near federated social networks: networks made upward of different servers that all communicate with ane another.

Retrieve of it this fashion: You can sign up for an email address at any number of websites. Yahoo, Google, Apple tree, ProtonMail—take your selection! But you can ship and receive emails to and from anyone else with an email address, regardless of the service they chose. Information technology's a federated network. That'southward in contrast to the monolithic design of virtually social networks: It would be preposterous to presume that you could use Twitter to communicate back and forth with someone on Facebook. The two services just don't talk to each other.

Each installation of Mastodon (called an "case") can communicate with any other instance. People who have signed up at Mastodon.social tin can transport an @-message to me over at infosec.commutation, for case.

The really heady thing nearly these new federated services is that radically dissimilar social networks can run across and talk with each other, provided they apply the same open-source ActivityPub protocol. For example, a Mastodon user is developing an Instagram clone chosen Pixelfed that volition someday federate with Mastodon accounts. When you log in to your Pixelfed account, it's just similar Instagram with its own internal posts and followers. Simply a Mastodon user could follow my Pixelfed account, and run into my posts in their Mastodon feed. There are ActivityPub-powered replacements for YouTube, Medium, and GrooveShark currently in various stages of development.

In addition to being open source, federated social networks are difficult to monetize. Because they're a network of networks and non just a unmarried service, similar Twitter or Facebook, no one organization can get a view on what happens on the federated network.

Federated social networks are, for the most office, notwithstanding works in progress. Only the concept is heady and pushes back against the thought that people need to surrender their data in club to accept the kind of experiences nosotros've come to expect online.

My Failures in Demonetization

Despite trying to limit my data footprint as much as possible, I establish some challenges I just could not overcome. My aircraft address, for example, is a very obvious piece of personal information that I take to requite out on a fairly regular basis. I could open up a postal service office box—but domicile mail service delivery is something I can't live without.

While I work to use a VPN wherever possible, I have not gone and so far every bit to install one on a router and hibernate all my devices behind it. That means that my scattering of smart devices and video game consoles at home aren't existence encrypted. My Isp has no dubiety noticed how much Netflix streaming I do and how much fourth dimension I've spent generating PlayStation network traffic.

I've endeavored to hide my online payments as much equally I can, only I have not gotten rid of PayPal or Venmo. These services are but too big a office of my life, and ignoring them would mean that I wouldn't get paid back or be able to easily pay back others.

I resisted Spotify for a long time, only I gave in a few years ago. I don't regret it, but I know that this company is extremely aware of what I mind to. Information technology'south just too difficult to say no to the enormous catalog information technology offers, and loath as I am to say information technology, I've actually found Spotify's music recommendations enormously useful.

I also continue to use my Google Home. This is my greatest privacy shame, because I know I don't need information technology. I also know it records any I say to it and sends that back to Google for processing. I've even listened to these recordings in the Google Domicile app. And even so I have three of these devices in my business firm.

And despite my railing against their data-gathering practices, I haven't deleted my Facebook or Twitter accounts. In the example of Twitter, it'southward professional pressure and the unusual sociopolitical moment we Americans notice ourselves in. For Facebook, it'south the implicit peer pressure against suddenly vanishing from the globe. Information technology's almost like if I were to remove myself from Facebook, I would be removing myself from the minds of my friends and family. And while I wish advertisers would forget me, that'southward too loftier a price right now.

This story first appeared in the ad-free, curated PCMag Digital Edition, available on iOS, Android, and other mobile platforms.

Source: https://sea.pcmag.com/paypal-for-iphone/29849/online-data-protection-101-dont-let-big-tech-get-rich-off-your-info

Posted by: rosecoultoy70.blogspot.com

Share this post