💭 Prelude:
This is the fifth post of an ongoing collaboration series between Tony Ziade, the writer behind ShieldMe and Robert Urbaschek of Critical Consent. Together, we are exploring the intersection of technology and politics, along with other engaging topics that we believe will captivate our shared audience. In the third part of this guide, we discuss practical steps that you can take to prevent your data from falling into the hands of advertisers, governments, or others who may want to use it to microtarget and influence you. You can find more information on what microtargeting is, how it works, and how it affects our minds and political discourse in the previous two posts, which you can find here and here. Don't forget to like and share these posts and subscribe to both our newsletters to show your support for our shared efforts! Note: If this email gets cut off, you can read the full post online.
Introduction:
The world of digital privacy is unfortunately very complicated, especially for non tech-savvy people. Companies have figured out very invasive ways to collect our data without our consent. Trackers have been embedded in all the apps and websites we visit in order to profile us and follow our online activities. Social media platforms harvest our personal information and interactions to build detailed profiles on users and sometimes even on non-users. Bills such as the USA PATRIOT Act (2001) that massively aid with this kind of data collection keep passing due to the high amounts of lobbying power giant tech companies have. In the United States, Internet Service Providers have been known to sell your browsing data to third parties, which helps to further build up your online profile. All of this information and power is then leveraged to microtarget us with relevant ads that seem to “read our thoughts”.
It is easy to look at the prevalence of this data collection and feel that we’re doomed to live under constant surveillance and targeted manipulation by giant companies and governments. You might even feel so overwhelmed by the vast amounts of money, time, and resources they invest in microtargeting you that it feels pointless and unnecessary to fight back.
In our three-part guide, Tony and I give you practical and effective steps you can take in order to elevate your online privacy and combat microtargeting. We have decided to split what would have been one complicated and gigantic post into three smaller, more digestible ones. This format aims to give you the necessary time to implement the steps you find work for you, and to not overwhelm you with information that you don’t really need to know. Basically, we have done all of the research so that you don’t have to. If you have not read the first two parts yet, we highly recommend you do that first here and here.
➢ We have also tried to split the harder tips into “intermediate” and “advanced” sections to give you a clearer idea about the effort and time required to implement them. The steps we outlined in these three articles have been tested by us and used by millions of people around the world. Some if not most of these steps have been recommended by privacy experts such as Michael Bazzel, Edward Snowden and many others.
You do not have to do every single thing mentioned here to be fully private. Not that such a thing truly exists, but each of the practices mentioned could increase your online privacy and thereby make microtargeting less effective. Focus on what makes the most sense to you, then make your own decisions about what you think is important and what you think could be of benefit to your online life.
Throughout this post, we mention examples of alternative privacy-oriented services. Be aware that there are many more alternatives to the most well-known privacy-respecting services than are mentioned in this post. Furthermore, the services referenced are not affiliated with us in any way, but are merely given as examples of alternatives that you can check out. The information about these tips and services is accurate at the time of posting, but could always change later, so make sure to look into a service's privacy policies before you start using them, and to double-check the validity of the tips.
This is the third and last entry in our three-part series about protecting your devices from microtargeting. If you find it informative, make sure to like it and share it with someone you know. You can also support Tony by subscribing to his publication ShieldMe, where he goes into much more detail on these topics.
Protecting your devices - Step 3: Nuke the bush
➫ Take down surveillance cameras
You should switch to privacy-respecting services that put you first. This helps immensely with limiting and safeguarding the data you share. Some examples include switching to Brave Browser, Librewolf or Mullvad Browser instead of Microsoft Edge and Google Chrome; Signal, Briar or Session instead of Whatsapp and Telegram; DuckDuckGo or MetaGer instead of Bing or Google search; as well as NewPipe, Invidious or Odysee instead of YouTube. This removes the need to share data with these companies in the first place. It should be noted that even privacy-oriented companies can be compelled by law enforcement to share the information they have on you, which is why it is always safer if only you can access your data.
➢ Advanced:
If you want to reduce tracking on an operating system level, you can switch to privacy-respecting operating systems that don't gather large amounts of data about you and use it for profit and targeted advertising even after you opt-out.
If it fits your needs and preferences, switching to Linux can achieve just that. Most Linux distributions respect your privacy from the ground up. The distribution you select primarily depends on your preferences and the tasks you use your device for. Some distribution examples are: Fedora Workstation, Ubuntu and for more advanced users: Arch Linux and QubesOS. You should do your own research to determine which distribution is right for you. There are also operating systems that are more flexible in terms of their usage:
➳ Whonix is an operating system that can run like an app inside your existing OS. It comes with pre-configured settings to route all internet traffic through the Tor network, and many other protections in place.
➳ Tails is a "Live OS", which means it can be booted from a USB stick or DVD and doesn't need to be installed on your computer. Tails routes all internet traffic through the privacy-friendly Tor network by default. It comes with pre-installed tools for secure communication, encryption, and anonymity. Tails is a great option for privately accessing the internet on public computers like those in libraries or institutions.
➳ For mobile, you need to have a phone that supports unlocking the bootloader in order to be able to install a custom operating system. You can find out if your phone supports that feature by going to the developer options and checking for a similarly named setting. To access developer options on Android, go to Settings, then About Phone, and tap the Build Number multiple times until you see a message indicating developer options are enabled. If your phone supports unlocking the bootloader, and supports your operating system of choice, you can switch to more privacy-respecting operating systems like GrapheneOS, CalyxOS or LineageOS, depending on whichever one your phone supports and whichever one suits your threat model and workflow the most.
➳ If you're using an Apple device you cannot change your operating system because Apple devices are locked down. Even though it has been possible through dubious and extremely technical workarounds, it doesn't work properly for the time being and is not recommended at all.
Instead, you should look for things that can help harden your OS. Things like disabling Apple's telemetry, and enabling Advanced Data Protection as well as Lockdown mode if possible are a great start. You should also follow the rest of the tips to mitigate tracking.
Note: The services and operating systems you choose should preferably be open-source as open-source code can be reviewed and audited to confirm the legitimacy of the claims each one makes. You can use an open source only app store like F-Droid on Android or visit alternativeto.net and enable the open source filter to find crowd-sourced alternatives for you to switch to.
➫ Use a “DoNotSpy” filter to infiltrate the silo
A DNS filter or Domain Name System filter such as Control D or NextDNS will reduce the amount of tracking that you're under when you surf the web, which in turn mitigates microtargeting, especially from data-hungry websites.
➢ Intermediate:
There is also the option of setting up your HOSTS file, which acts as a local DNS resolver, allowing you to filter and manually block access to known malicious websites or domains. You can find many guides online on how to set up the HOSTS file on your operating systems of choice.
➢ Advanced:
If you don't trust a company to handle or filter your DNS requests, you can do it yourself for a couple bucks by getting something like a Raspberry Pi and using a program like Pi-Hole to filter your DNS requests locally. Some routers also support setting up custom rules which can be used to block access to specific websites or domains. These approaches are a little more technical, so make sure you know what you're doing.
➫ Deploy the Encryption Codes
VPNs have been heavily marketed as ‘the privacy tool’ for a while now. Believe it or not, the hype behind VPNs is really just that, hype. A VPN alone won't make your private or safe online. It might be useful in some cases to hide your IP address so that it can't be followed around for tracking purposes or to spoof your location to stop geo-tracking, which could help in mitigating microtargeting, but it alone can't make you private online. In fact, this post clearly explains what a VPN really does.
There's not much reliable info about VPN services online. It's best to ignore most 'best VPN' or 'VPN review' sites. Many of them have paid reviews, and some are unfair, giving bad reviews to VPNs that don't pay up. If you do need information about VPNs, find sites that don't use affiliate links or remove referrer info.
Not all VPNs are the same. If you choose to use a VPN, you should NOT use free VPNS that don't have a clear way of monetizing their service, as these usually stay afloat by selling user data. Some of the currently privacy-respecting VPN companies on the market are: Mullvad VPN, IVPN, ProtonVPN, Riseup VPN.. Regardless, you should always do your own research and figure out what VPN fits you best. If you're planning to go that route, Tony's post covers his recommended criteria for choosing a good VPN.
➫ Detonate the Advertising Arsenal
Ads are a nightmare for your privacy. They are also one of the most effective tools used for microtargeting. Blocking ads and other trackers by using trusted browser extensions such as uBlockOrigin or Privacy Badger can offer huge benefits to your privacy and enhance your online browsing experience. Some browsers like Brave already have a similar functionality (Brave Shields) built-in, so you theoretically don't even have to install any extra extensions.
➢ Intermediate:
You can also block ads on a DNS level using something like NextDNS, ControlD or AdGuard. This approach is most effective when combined with things that we mentioned before like ad-blocking extensions and a configured HOSTS list to add multiple layers of ad protection to your system.
Lastly, you should search for any "Personalized ads" toggle or setting in any of the apps you use and make sure you turn that off. This also includes deleting and preventing Google from using your advertising ID system-wide.
➫ Escape to the nuclear bunker
Using a password manager, preferably one that does not store your passwords on the cloud, means you no longer have to remember all your passwords and do not have to resort to using password123 for all of your valuable accounts. This helps you keep your accounts secure, which is essential for your protecting your privacy.
If one of your accounts gets hacked or breached, you only have to worry about the repercussions for that particular account, rather than fearing a cascading effect across multiple platforms due to reused passwords. The last thing you want is some hacker getting hold of the money on bank account just because you used the same password for both your Pet Rock app and your PayPal. Some examples of password managers include Bitwarden, KeepassDX, and 1Password.
➫ Alias, that these dark days should be ours
Since it's a good idea to give as little information about you to services as possible, and since you need to give some kind of basic information or authentication to be able to access most services, it's a good idea to give inaccurate information to services that don't need it. This is where aliasing comes into play.
You can use tools like SimpleLogin or addy.io to alias your email, thus not giving out your real email address but another one that would forward all the emails it receives to your main email address. You can use a service like guerillamail or 10minmail to generate a disposable one-time use only email to random websites that ask for it without it being tied back to you or spamming your inbox. Services like privacy.com give out a virtual credit card instead of a real one that doesn't tie your purchases back to you. For your phone number, you can use something like mysudo or a separate dedicated number.
➢ Intermediate:
If you want to take this a step further you can also have multiple aliases dedicated to multiple functions: an aliased email you specifically use for newsletter signups, an aliased phone number only used for reward programs or giveaways, a virtual credit card only for software subscriptions. Whether you want to do this heavily depends on your threat model and the amount of effort you're willing to put in.
These posts take a lot of effort and research to put together. You can show your appreciation by buying me a coffee or by getting a paid subscription!
You can also support Tony’s work by subscribing to his publication and pledging a subscription to let him know that you value his content!