💭 Prelude:
This is the third post of an ongoing collaboration series between Tony Ziade, the writer behind ShieldMe and Robert Urbaschek of Critical Consent. Together, we are exploring the intersection of technology and politics, along with other engaging topics that we believe will captivate our shared audience. In this post, we discuss practical steps that you can take to prevent your data from falling into the hands of advertisers, governments, or others who may want to use it to microtarget and influence you. You can find more information on what microtargeting is, how it works, and how it affects our minds and political discourse in the previous two posts, which you can find here and here. Don't forget to like and share these posts and subscribe to both our newsletters to show your support for our shared efforts!
Introduction:
In our last post we discussed how effective microtargeting can be, both in a political and a personal context. Having little to no control over how our personal information is used could lead to situations where our ability to think rationally is affected or free discourse and democratic processes are no longer possible. Not that microtargeting is the only danger in these areas, with our media's purposeful misrepresentation of the facts constantly distorting our understanding of the world, as well as the many ways in which our politicians are constantly testing the limits of already limited accountability for their actions. Nevertheless, fears like being denied credit, the right to travel or losing your job for expressing your opinion through your online behavior seem increasingly well-founded, as tech companies in cooperation with governments create ever more opaque, automated systems that are used for all manner of purposes, to determine what information is allowed (like what happened to
for sharing a post about Western intelligence agencies' role in creating ISIS), determining insurance premiums, policing, and waging wars etc…As the ad transparency study that we talked about in our last post showed, microtargeting techniques that users find unacceptable or unethical become increasingly less effective once said users become aware of them. However, until our data is used more transparently and only in ways that we give our explicit permission for, it is up to us to take active measures to prevent our personal information from being used against us (although there is only so much you can do on your own).
Protecting yourself from microtargeting is not an easy task. You're always being influenced on some level, whether that's from the media you consume or the people you hang out with. For example, fewer than 20% of consumers realize they are sharing their communication history, IP addresses, and web-surfing history when using a standard web browser.
The good news is that as an internet user, there are simple and effective steps you can take to limit or partially counteract the effects of microtargeting! The ways in which you can do this can roughly be categorized into two main areas:
1. Protecting your devices
2. Protecting your mind
When you are using your devices, you are constantly creating streams of data. Data that is often collected, sold, and ultimately used to influence your decision-making, most often through personalized advertising. Limiting or completely stopping this data stream can greatly help with reducing microtargeting and other forms of influence. To achieve that, there are basic privacy and security principles you can follow such as the ones Tony teaches on ShieldMe.
In our three-part guide, Tony and I give you practical and effective steps you can take in order to elevate your online privacy and combat microtargeting. We have decided to split what would have been one complicated and gigantic post into three smaller, more digestible ones. This format aims to give you the necessary time to implement the steps you find work for you, and to not overwhelm you with information that you don’t really need to know. Basically, we have done all of this research so that you don’t have to.
➢ We have also tried to split the harder tips into “intermediate” and “advanced” sections to give you a clearer idea about the effort and time required to implement them. The steps we outlined in these three articles have been tested by us and used by millions of people around the world. Some if not most of these steps have been recommended by privacy experts such as Michael Bazzel, Edward Snowden and many others.
You do not have to do every single thing mentioned here to be fully private. Not that such a thing truly exists, but each of the practices mentioned could increase your online privacy and thereby make microtargeting less effective. Focus on what makes the most sense to you, then make your own decisions about what you think is important and what you think could be of benefit to your online life.
Throughout this post, we mention examples of alternative privacy-oriented services. Be aware that there are many more alternatives to the most well-known privacy-respecting services than are mentioned in this post. Furthermore, the services referenced are not affiliated with us in any way, but are merely given as examples of alternatives that you can check out. The information about these tips and services is accurate at the time of posting, but could always change later, so make sure to look into a service's privacy policies before you start using them, and to double-check the validity of the tips.
The post you’re currently reading marks the beginning of this three-part series about protecting your devices from microtargeting. If you find it informative, make sure to like it and share it with someone you know. You can also support Tony by subscribing to his publication ShieldMe, where he goes into much more detail on these topics.
Protecting your devices - Step 1: Trim the bush
➫ Remove the weeds
Does anybody still use Facebook? If you don't, you should delete your old unused accounts on all websites and services, especially social media, as that greatly reduces your digital footprint and the data publicly available about you. This also helps to prevent future data breaches which might leave your information at risk.
If you've lost track of the accounts you possess, it's a good idea to look through your inbox for old confirmation emails, and to check your password manager if you use one. You might be able to find your old passwords in your browser’s password manager, Google’s password manager or your ICloud keychain. Additionally, you can use a website such as justdeleteme.xyz, which offers a long exhaustive list of accounts, covering the difficulty of account deletion as well as the exact steps to take to remove your data. This website can also prove helpful by reminding you of old accounts you used to own, or services you've used in the past. If you're not sure which email you used or can't access it anymore, try contacting customer support as a last resort. There might be chance they can help you, but there's no guarantee they can get you back into your account. After you log in, It might be wise to replace your account details with fake information before you delete your account. This is because some websites retain your old information even after you delete your account. By updating with new information, there's a chance it will overwrite the old data.
If you live in the EEA, you have special rights to delete your data under GDPR rules (Article 17). Check each service's privacy policy to find out how to do this. Some services might only disable your account instead of fully deleting it, so be careful. Deleting your data might need extra steps like filling out forms or emailing the service's data protection officer. However, it is important to note that in this case you should NOT overwrite your account details, as the company or officers might need proof of where you live.
➫ Don’t let new weeds grow
Believe it or not, you don't need as many accounts as you think you do. There is no need to sign up for an account on a random health website you're only going to visit once. You don't need to sign up to a social media platform if you know you won't be using it. You don't need to sign up to multiple storage providers, or streaming services.
It is good digital practice to sign up to as few accounts as possible, as each account collects and stores data about you. This data can then be sold, passed around, indexed by AI, or even used by the service itself to microtarget you. For you Substack writers out there, there is a setting in your Dashboard that lets you prohibit your posts from being used to train AI (as long as the AI respects that setting).
If you do have to make an account, give it as little data about you as possible. Opt-out of any data sharing. Make sure that the account is set to "private", especially if it's a social media account, and try to alias information whenever real information is not needed. Our next posts will explain what exactly aliasing is.
➫ Spray out parasites and bugs
You don't need seven apps to keep track of football scores. We would argue you don't need most of your apps at all! (hint: use your browser). Deleting unused and unnecessary apps will reduce the amount of trackers available on your device, greatly improve your phone's battery life and performance as well as make your digital brick more secure. Talk about a deal!
➢ Intermediate
Now that you're left with only the apps you really need, you can limit how much they can track you by using Progressive Web Apps, or PWAs. Think of PWAs as websites that are designed to work and feel like mobile apps. They live fully in your browser but offer features and interactions similar to what you'd expect from native mobile apps. Using PWAs helps keep your apps sandboxed in your browser while keeping most if not all of the functionality of the main app with less tracking. These are available for most of the major operating systems and are more commonly available than you would think. Make sure to take advantage of these. Some famous PWAs include Discord, Whatsapp, Duolingo, Tinder and Outlook.
➢ Advanced
You can use a tool like Universal Android De-bloater (UAD) to remove bloatware apps (apps that have been pre-installed by your phone manufacturer). Though be very careful as removing critical processes will brick your device and render it unusable. Always make a full backup before making big vulnerable system changes especially with ADB tools. Make sure to follow an official guide or tutorial and proceed with caution. If you're not an advanced user, consider getting help from an experienced technician or carefully following a credible up-to-date guide.
➫ Trim overly-extended leaves
Browser extensions are known to have full unrestricted access into what you do in your browser, and elevated permissions which allow them to bypass critical browser protections. You should aim to have as little of these as possible. Make sure you only download extensions you trust from a legitimate source. Lesser extensions diminish your attack surface and make your browser less fingerprinteable1.
Websites can access the list of extensions you have installed. That list along with many other parameters can be used to uniquely identify you on the web, making you easier to follow around. This is a very basic but effective technique to employ microtargeting on an individual as fingerprinting can be very accurate at following the user around even when some reasonable privacy protections are in place.
Some browsers like the Mullvad Browser aim to mitigate this type of surveillance by using a Tor-like approach where they pre-configure the browser to look exactly the same for all users, making it way easier to blend in with the crowd..
These posts take a lot of effort and research to put together. You can show your appreciation by buying me a coffee or by getting a paid subscription!
You can also support Tony’s work by subscribing to his publication and pledging a subscription to let him know that you value his content!
Fingerprinting: Fingerprinting is a technique used to collect information about a user's device and browser configuration to create a unique identifier, or "fingerprint." This fingerprint can be used to track users across different websites and sessions without relying on cookies or other traditional tracking methods.