Giving up on privacy
I have been an advocate for privacy for a long time, but recently I don't even know why I am doing this anymore. I do most of my browsing through TOR, and that has made me give up a lot of conveniences. And that's what I miss. I miss not having to think about privacy. I also miss not feeling like I am being spied on. Now I am torn. I don't like companies like Google mining my data, but I also think I am being paranoid (the people in my life have shared this sentiment). I don't want to leave a permanent cache of my mind. But I also feel like doing so won't really affect me. Not to mention that I despise the predatory nature of advertisers, and I hate giving them even more info about me.
What do I do, Tildes? Have any of you felt this way? How do you balance running from Google while still staying sane?
If you just want to opt out of surveillance capitalism, Tor might be overkill. You might want to try Firefox+NoScript or Chromium+uMatrix instead. These will let you selectively block CancerScript so that sites you visit can't run adtech and surveillance, but can still be made to work.
Will sites still be able to fingerprint me? Given that I use a VPN, how much data can I hide from them?
You should be able to hide just about everything if you disable JavaScript using plugins like NoScript or uMatrix.
I'm fairly certain sites can still add cookies to your browser w/o JS, especially when you need to enable it just to operate their basic site. Many essential sites straight-up reject you without JS enabled.
I doubt it, but you're welcome to provide evidence. As far as I know, blocking cookies is easier than blocking JavaScript; you can do it in your browser preferences instead of with a browser extension, and have the option to accept cookies from sites you visit while refusing third-party cookies.
If using NoScript breaks a website, its developers need to be dragged out of their offices, shot, and thrown into a dumpster -- and the dumpster's contents should be doused in gasoline and ignited.
With that said, while refusing JS can break defective websites, all you need to do is enable one script at a time until it works. Yes, I know it's a tedious fucking process.
First, there is no such thing as an essential website. The human race managed reasonably well without the Web until 1989. It will manage reasonably well without the Web when we finally come to our senses and realize that the Internet was a mistake.
Second, if a site refuses to let you do or see anything because you of NoScript, that site is defective. Just enable enough JS to make the site work.
The HTTP cookie (introduced Netscape 0.9 in 1994) predates the release of Javascript (Netscape 2.0 in 1995) by almost a full year. It wasn't even technically possible to access cookies from Javascript at first.
Cookies are set via HTTP headers. They're completely unrelated to Javascript. Not only is it possible to set cookies without Javascript, but it's the normal way of doing things.
Right, and in Firefox you can use browser preferences to control cookies.
While I'm all about progressive enhancement and respecting accessibility standards, I feel like noscript or death is just not a realistic stance to take anymore in all scenarios. Yes, if a web page is only delivering content that can be executed entirely in HTML and CSS, it should not "break" when viewed with noscript (common information architecture patterns--what some might call fluff--like accordions, tabbed boxes, and complex menus notwithstanding so long as all their information/navigation is still visible, if only in long form), but the web's capabilities have evolved so far past that since the 2000s. Think of every site where a user might drag and drop a file, crop an image, use a rich text editor or color picker, or even press "Vote" on a comment without requiring a page reload. Can you imagine Google Drive running without JavaScript?
It's not that sites are defective, it's that AJAX caused a paradigm shift in the range of activities browsers were commonly used for, and while some of the web is still perfectly backwards-compatible (and some of it damn well should be but isn't--burn those developers), a lot of it has just moved on to a different era, and that's neither a good nor bad thing in my opinion.
I look at it a lot like the change from terminals to GUIs. Tons of software requires a GUI when it doesn't really need it. There was nothing wrong with software in the terminal, and it did tons of things great--much of it even better than modern computers and their GUIs--but the paradigm shifted. Our screens now have expanded use cases, and while we can dip back and visit how it was and still find a lot of functionality and charm there, terminal-only just isn't viable for everything we expect our computers to do now.
Noscript has a problem with careless developers, sure, but I think it has a bigger problem with expectations.
Yes, I know. AJAX has split the web into two, a hypertext web and an applications web. I think I've mentioned this before, but I prefer the hypertext web and think it's better off without JavaScript.
As long as you're OK with using native apps to edit files instead of doing it in the browser, you could sync between your local machine and a remote one using rsync.
This is so interesting. Can you give me your specific ideas about why the Internet was a mistake? Was there an alternative route to take? I'm always trying to learn more about things like this.
This is gonna be kinda short, and it deserves a much more detailed treatment.
Back in the 1970s and 1980s, universities and other organizations with Unix installations used two methods to pass data between Unix installations:
I think the station wagon is self-explanatory, so let's talk about UUCP. Back in the day, Unix admins running installations not jacked into ARPANET still needed a way to transfer netnews (aka USENET), email, and other data from one installation to another. UUCP allowed them to fire up a modem, set up a dialup connection to another machine, and transfer data.
Also, you've heard of shell accounts, right? ISPs like PANIX offer them for ten bucks a month. You can get one free on sdf.org. They basically let you connect to a given machine or set of machines via telnet or SSH.
Now, imagine if every town had at least one public access Unix system. Perhaps it was run out of the local high school, also used to teach computer literacy and basic programming classes, and managed by a teacher with help from the high school's Unix club. Imagine if every resident who wanted one could request a shell account, and residents could use it for email, chatting on IRC, etc. Local email would be close to instant, but if you wanted to email somebody in another town in this hypothetical world with no internet it would take longer. You would still be able to do so, but your recipients wouldn't get the message until the next UUCP transfer and you wouldn't get a reply until the next UUCP transfer after they composed it.
Dialup is slow compared to broadband because of FCC regulations limiting line voltages on the POTS network, and dialing directly into a distant machine is a bad idea because of expense, but those were issues that could have been fixed. The always-on broadband network wasn't inevitable or necessary.
You might want to look into BBSes and mesh networks, too.
Something something Richard Hendricks decentralized internet AKA pipernet
You joke but Richard Hendricks represents a lot of real tech people who feel the same way as he does in the show.
I personally am not happy with the way the internet has been going the past ten years and would love a real chance to "start over". I know there are decentralized internet plans that are being worked on but none of them are close to feasible yet.
I agree with his motives for sure. It's just a pipe dream these days (or should I say, piper dream)
This is an interesting perspective that I have to say I’ve never heard before, but I honestly think I might disagree with it more than almost anything I’ve ever read. From my perspective, ignoring technical specifics (I’m nowhere near qualified to talk about transfer protocols or anything like that), the Internet could almost be argued as the ultimate step in the development of human society at least until we’re a spacefaring species. I see the various methods of disseminating and preserving information we’ve developed throughout history as the keys to our evolution as a society, all the way from living in communities so we can learn from our elders to the printing press, and the internet allows for near-instantaneous transfer of information across the entire planet while also allowing for decentralized data preservation. I can’t imagine that there is any possibility humanity will ever willingly go back to relying on slow communications based on geographical distance.
Thanks. I was around for all of that, but it happened peripherally to me while IT folks in my workplace were controlling my access to it. LOL.
Well, sometimes certain websites are mandatory for important things like employment or education. I like living in the information age myself even though it comes with certain problems, but I'm sure you can still find towns or villages to live in where you don't have to worry about needing the internet to get by.
Then use NoScript or uMatrix, or just install uBlock Origin, go into settings, and use all of the filters.
Is there a search engine that doesn't use JS? I'd love to know. Currently using DuckDuckGo.
I use and love NoScript daily, but I often find myself hitting "temporarily trust all" instead of sorting through the 15+ sources for every single site I visit.
DuckDuckGo automatically redirects to a non JS version.
Hmm maybe I'm already using that without realizing
Just a sidenote, you don't need cookies or javascript to track users. You already know what a person is doing by logging their activity in the server logs. This can even be done on other people's servers if you can insert a tracking pixel on the pages you want to track.
I didn't mention HTTP logs because there isn't a hell of a lot you can about that besides using a VPN and getting your browser to spoof its user agent string.
Cookies and CancerScript require client side access, and are easier to block.
That's great! Thanks
I never thought of doing it this way. I just went to TOR because it was the easiest. While you're here, how do you manage watching youtube videos? I used hooktube for a while, but now that it's down, I have been looking an alternative.
www.startpage.com is actually a really good privacy focused search engine, much better than duckduckgo, and it will allow you to open up YouTube videos anonymously as well. I've been slowly migrating over to this for a while now and it works great.
Edit: if you're concerned about your privacy as a consumer, seriously consider switching to a Linux based operating system if all you do is email, office work and YouTube, gaming is a little more complicated, but everything else typically has a viable alternative.
I didn't know startpage had this feature. I will try it out. But do you know of any alternatives that can manage subscriptions?
Unfortunately no, I wish I did though as that would be very helpful and I do enjoy some YouTube channels like ACG and LGR and Cinemassacre.
I have written a script that I use to keep track of subscriptions without a YouTube account that might be helpful: https://github.com/hellux/ytrecent. It's a shell script so you have to run a UNIX system and be comfortable with the command line.
However, with the script, you are still connecting directly to YouTube with your IP unless you are going through a VPN. But it is no longer directly tied to a Google account.
This is actually really useful thank you!
Can Linux run the latest Microsoft Office software? I know there are open office alternatives, but I don't think those have the advanced functionality I use daily.
I'm fairly certain that you can configure LibreOffice to use standard Microsoft office file extensions like docx and xlsx. There is also office online and Google office apps. There are alternatives to msft office, you just have to be willing to make the change and learn a new piece of software.
EDIT: For OneNote there's also Evernote online that works fairly well.
I know it can handle those file types, but I don't think it has a Power Query equivalent, which is a deal breaker.
I only bother with YouTube for two things:
I don't give a shit if Google knows that I'm a metalhead who plays JRPGs, so I just access YouTube in "private browsing" mode.
I use YouTube for a lot of things, so I really need some way to manage subscriptions. But I guess Google already knows my tastes, so I don't know if it's worth hiding anymore.
Can't you just keep channel URLs in your browser's bookmarks or in a text file?
I could do it that way, but again the laziness gets to me. I think I will start doing this once I actually decide what my privacy protocol will be. At this point in time, YouTube already knows about my major habits, so I don't see much point in shifting to text files with URLs. I will just wait until something more convenient and private comes up.
There is minitube, a native YouTube client app, and mps-youtube, a terminal-based YouTube player and downloader.
Disclaimer: I've not used either of these apps; I've just seen them in the Debian package repos.
You'll just be fingerprinted as "that guy from ISP X in region Y who disables scripts and blocks cookies and sends HTTP requests that look like Z." There won't be many people who look like you, probably none. Turn off all your junk, then visit Panopticlick.
I have visited Panopticlick, and I have been messing around with uBlock, uMatrix, NoScript, and Privacy Badger for a couple hours now. It seems no matter what combination I try, I am still mostly unique. What do you recommend?
That's exactly why you're unique. Evading trackers is a trackable data point.
I don't know what the answer is.
relevant to cancescript.
Note that uMatrix is also available for Firefox.
I've got a lot of friends in the infosec community. They range from 'Eh, Google already knows everything, so I might as well enjoy the convenience,' to 'I don't know anything about them other than their handle, and they live-boot into a self-compiled OS image on an open-hardware laptop.' I like to live somewhere in-between. I enjoy the convenience of google, and use a lot of their services. I am aware of TOR and VPNs / Proxies, and can live-boot into read-only OSes. Most of the time, I have no real reason to do so. The thing is, I almost never feel like I need to outside of curiosity.
In my opinion, it's a lot easier to avoid standing out and attracting attention if I use the same services as everyone else. I have a Facebook page, where I log in every few weeks and untag myself in photos, check to see if anyone has sent me a direct message, and otherwise I don't use it. I used to use it more, but I've stopped over time as I learned how they collect and use personal data. I don't want to delete the account completely, because I still have some small control over a public-facing image of myself online. I use an android phone, and I accept that google has access to all my information in exchange for the convenience of google services. I've used gmail since it was invite-only, and it remains my primary email address, so even though I own my own domains and try to use those emails as my primary now, it would still be difficult to switch off gmail without losing contact with all the people who know that address.
I suppose I am aware that my privacy is being invaded, but because I want to avoid inconvenience, I allow it to happen. It's a choice I've made, and even realizing what it costs, I've determined it's worth it to me. I may come to regret it in the future if authoritarian trends continue to take root in the US. I may eventually decide the price is too high and stop using companies that store vast amounts of personal data someday. At the moment though, I get more than I feel like I'm losing in the exchange. Hopefully more places will adopt GDPR-like legislation that makes moves to allow end-user control of the data that is collected.
Maybe I'm just the frog in the slowly boiling pot, and when I try to jump away it'll be too late. I'm not sure I'm making the right decision. I suppose I'll just continue to monitor privacy issues in the news, and adjust my lifestyle as needed.
See I am trying to get to where you are, where I am aware of them but don't let them bother me too much, but I keep swinging from one end to the other. Google already has so much about me, so shouldn't I indulge? But then I think about leaving a permanent record, and is indulging really worth all of that?
How do you deal with the feeling of being spied on? Every time I log on to gmail, I feel like I am taking off my pants for the local perv.
I've learned to cultivate an exhibitionist attitude. If the assholes want to watch me, I'll give 'em a show.
I take precautions because adtech pisses me off, but I've been much more casual about privacy since I got married. Somewhere in one of the US Immigration & Customs Enforcement offices is a box full of printouts of every email my wife and I ever sent each other from the day we met until the day she got her green card.
If I really want to keep a secret, I remain silent.
Right now, somebody at ICE might be masturbating at work while reading an email I sent my wife back in 2001 containing an explicit account of how I wanted to go about taking her virginity.
See I wouldn't be very comfortable with that. Have you thought about moving to ProtonMail or disroot for just you and your wife?
I must have been unclear. I had to print these emails out and give them to ICE as part of the process of getting my wife a green card (permanent residence). ProtonMail wouldn't have helped here.
Woah what? Really? That sucks. How are they allowed to do this?
Can't speak for @demifiend but in the UK at least you have to provide evidence of a real and subsisting relationship and that involves turning over photographs, correspondence, trip itineraries, travel receipts blah blah. Marrying a non-resident can be a real pain in the ass. There is a collection of hundreds of emails between my and my spouse somewhere in the home office.
I understand the security need but it seems very intrusive.
This is how it is in the US, too.
We had to prove we were actually lovers and not just running a scam if we wanted to get her an entry visa and then permanent residence.
Yikes. But I guess that makes sense.
Yeah, it was intrusive and unsettling. But at the same time the people handling our case were just going through the motions. You could have replaced each of them with a shell script.
This is called privacy fatigue.
I made the decision to go for a mid ground. VPN instead of Tor, uBlock Origin with 3rd party stuff blocked instead of disabling .JS, etc.
That seems like the kind of setup I will move to as well. But I still don't know what I want to do long-term. Still tackling the question of whether it is worth it.
If you think that privacy is your right then it is definitely worth it.
My goal is self hosting the "essential" services. Except email. Fuck that for self hosting.
Well, there's a happy medium in most things, right? I've been sort of going through this as well, since I was getting annoyed with having my own server colo'ed and a bunch of associated little bugs that I'm too dumb to fix for good. Driving myself crazy no longer seemed worth it and if you live a "modern" lifestyle there's always gonna be something getting out, however minute it might be, that's of value to advertisers.
My solution was just to look at avenues that maintain a degree of consumer-friendliness, with sensible business models, and support them. I just assume that some machine will be looking at what I've emailed, but the least I can do is find a responsible provider run by neat folks and give them money for services. With something like online shopping, where any major (and most minor) retailer tracks behavior minutely, it's an area where you can get "close to the metal" and buy more directly, or support smaller shops. And on the web, thorough content blockers and VPN don't make you do without conveniences (the VPN even adds convenience). Do Visa/Comcast/AT&T/etc. still learn things about me? Yep, and I spend more money than I otherwise would. Despite that, am I saner than when I was going full-on? For sure.
I have been trying to find a good balance but every time I am faced with the decision to let some service get data about me is when I feel torn. Do I really want this service enough to warrant them having my data forever? What's worse is not knowing how much they are actually getting on you. I feel like if I just knew everything they were getting about me, I would be calmer.
What really made me start this thread is the realization that they already most of my internet activity. I was not privacy conscious for most of my internet life. So I was left to wonder what I was really protecting.
Kinda reminds me of that quote that gets applied to learning instruments or skills, where "the best time to start was ten years ago, and the second-best time to start is today". People change more than we think we do, and if a privacy measure is worth the bother to a hypothetical you that was always privacy-conscious, it seems like it's still worth doing today. Whether each step would be worth it to the average person is the pressing question, though (average meaning, like, not a political journalist, labor leader, or whatever).
It really would be interesting to see what different companies have. I stopped using Facebook in 2006, and have been pretty good about blocking their tracking over the intervening years, so I'd be extremely curious to see what they'd managed to glean on me despite "active non-participation".
I definitely want to know what Facebook and Google have. Google is a company I keep finding myself getting trapped by. Facebook is pretty easy to avoid, except for the Instagram sirens that keep pulling me back.
I like your perspective about change. I just wish I could do more than just hide myself. I have explored threads about data obfuscation. Would you happen to know anything about that?
I don't feel like you have to use TOR for everything to stay reasonably private. But you can use privacy focused software as much as possible, a VPN and som good browser extentions. DuckDuckGo for searches and avoid Google products as much as possible.
It may not be the optimal (in terms of privacy) solution, but you can keep some convenience and keep some privacy while showing that you appreciate privacy and won't gladly share your deepest feelings with some algorithm.
In his book Microtrends Squared authors Mark Penn and Meredith Fineman give an alarming picture of how data gathering and interpretation is happening in real time as you click the screen. The details are unnerving. It's not like 'they' are watching. The algorithms themselves are making all these decisions about not only what ads to show you, but what content to serve up to you. In real time.
Basically, the robot uprising or Singularity, however you slice it, is already halfway done.
Do you see any escape? Or any hope left for privacy advocates other than rage-quitting?
I'm sure that even now certain groups are working "off the grid" (or encrypting whenever possible, especially if their activity is actually illegal.) But the very fact that these systems would necessarily have to be closed or dark in some way probably keep them small. The distributed web or neighborhood web, which I know little about, may be an alternative, but it's like most of us with apple or android or windows versus homegrown Linux systems. We want convenience, we want connectivity, lots of it, and we cede our autonomy to enjoy the advantages of being in the mainstream.
This has essentially what's been troubling me. Now that I am aware of the spying, it's all I can think about. I just want to go back to a time where I didn't know my life was being intruded. But then I feel guilty for desiring ignorance over liberty.
My favorite reference to privacy is in James Clavell's Shogun where the Japanese living in paper houses basically have no privacy. They're forced to create very private spots in their minds, within the 'Eightfold Fence.'
I need to read that book. What is the Eightfold Fence?
I'll give you my take on it which is a little different from what you'd find in Google. The standard term for it relates to a place inside the mind where one can go that is guarded from all outside influence. Think of it as a meditative state. In Shogun it's mentioned as being cultivated by watching rocks grow. But it appears in a context where the protagonist (Blackthorne) is secretly in love with the wife of a Samurai and overhears their violent argument through a paper wall. In this case it relates to hearing and not hearing, because privacy has to be imposed given the nature of feudal Japanese culture.
The whole concept is very poetic and profoundly different from the way Blackthorne was brought up as an Englishman. (Or in our case, as we might call 911 immediately.) Really, him learning a new attitude is what the whole book is about, and as a result the reader learns a lot about this, too.
That sounds like something I could really benefit from. I have tried meditation before but I can't seem to keep the bad thoughts out.
I hear you, man. This past weekend I was having breakfast with my SO and she said people at her school's IT department made fun of her for saying "Instagram and FB hear what you say to show you personalized ads", and asked her "ok, let's say they do: why is that a problem?" - which she directed at me.
Granted, it's not paranoid if they really do spy on you, but regular people don't give two shits, IMO. Heck, Facebook got more users on board right after the CA scandal.
Anyway, yeah, it's disheartening to have people feel like you are the weird one.
I've heard a few anecdotes about that, but they're so rare that I believe them to be coincidences and confirmation bias.
I tried looking for a reliable source on this and you're right, it's mostly a conspiracy theory (at least on the FB part; Google, on the other hand...). Thanks!
Yes! This is exactly it! I hate this feeling. Especially when people ask me:
I mean, it's a problem cause I don't like it, but I completely understand their sentiment. I wish I could go back to not worrying about this, and the feeling of being safe among the masses. But with marketing and analysis technology getting so much better, will there always be a mass to hide behind?
I tend to think so. I mean, there's you and me and guys like Snowden worrying about this kind of stuff. We might be few, but we're definitely in good company.
Anyway, even minorities can make a difference in the long run, whether by deleting our social accounts or coming up with apps to make the tech world a less shitty one.
Who knows, maybe our kids will change everything? Right now I can only think of a Kafka quote: "There is an infinite amount of hope in the universe ... but not for us."
I like that quote. That's a good quote. I hope we change the privacy by offering more alternatives. That would make everything easier.
I tried to avoid all the tech companies mentioned in the Snowden leaks, and mostly succeeded. Here are the alternatives I use:
Computer operating system: Ubuntu
Phone operating system: Sailfish OS
Web browser: Firefox
Search engine: DuckDuckGo
Cloud storage: MEGA
Email: Domeneshop (Bought my own domain and let them store my email.)
I still use YouTube (not signed in) and Facebook (browsing, rarely sharing). Those are the two I found impossible to part with.
For browsing youtube you can use Invidio.us
For Android - NewPipe from F-Droid.org
For Desktop - FreeTube (Search GitHub)
Is mega safe anymore? The creator says,
"The NZ government is in control. In addition Hollywood has seized all the Megashares in the family trust that was setup for my children. As a result of this and a number of other confidential issues I don't trust Mega anymore. I don't think your data is safe on Mega anymore." - Kim Dotcom
Hard to say. I certainly trust New Zealand a lot more than I trust the US. And the files are supposedly encrypted in a way that would make them unreadable to anyone that might have a backdoor into the service.
I found YouTube and Facebook(Instagram) hard to leave as well.
Ya youtube is hard to leave. I never had an Instagram account so it was easy to avoid :p
https://github.com/FreeTubeApp/FreeTube
Thanks!