33 votes

Privacy woes and autonomy, where do I go now?

I'm very sorry, but this is going to be rant. One that may seem to come up almost daily, but I still feel the need to vent.

Every day I feel like I'm jumping through hoops to keep a little bit of privacy and autonomy, without ever winning. DuckDuckGo is my search engine, use a paid mail provider, I try to stay away from anything Google and Meta, use only Signal, ad blocking everywhere, hosting most services locally, etc. It seems, however, to make no difference in the long run. The user-profile-building just seems to enter the home faster than I can mitigate it. Kids install some new app or new hardware ends up listening in, privacy infringement is there.

The reason I'm starting this post now is because I switched ISP and TV provider recently, but it has been on my mind for a long time. Finding one that isn't owned by one of huge 3 parent companies, is almost impossible here. After a year of deciding, I finally figured it was time to throw in the towel and just pick the least bad option. Yesterday was the day of switching and it has been such a frustrating process.

The provided router doesn't allow me to turn off its WLAN. I live in a city, so the airwaves are already crowded enough as it is. No need to keep that antenna on, but screw me, that's not possible. Opened up the device to just remove the card, but everything is soldered on the board and disconnecting the antennas didn't do shit.
It's possible to buy a modem/router myself, but it'll need to follow their requirements and will set me back $200. It would be okay if the rest of the service was great, but here comes the TV part!

The device they use for TV is apparently Android TV. I assumed it would be IPTV with this subscription, but Android TV isn't that. Booting the device makes it immediately clear they are here to harvest data. It makes me so unhappy that a service I'm paying for, is also making money on the side by collecting data. To get a quick idea of what's being done, I routed the box through wireshark to sniff DNS traffic. It's riddled with domains used for data collection and ads. That combined with the features this box wants me to agree to (location, using the mic, access local network, sign into PlayStore, make a profile including real life information) does not make me trust this device. So I've decided to not play and will be sending it back.

People around me are pretty conscious about what they do online, but compared to them I'm highly paranoid. Wherever I look, there are privacy issues. It seems impossible to escape from. How are other people dealing with this?

UPDATE: I don't know if anybody is really interested, but I thought I would update anyway. I decided to listen to my gut and I cancelled the subscription. It feels like the best decision I've made in a long time. It's nice to feel like I'm still a little bit in charge, even though I know that's also just a false sense of autonomy. Suck it, Google! You're not the boss of me :-)

27 comments

  1. [5]
    krellor
    (edited )
    Link
    You can't really have privacy if you don't control your router. It's just too low down in the OSI model. I run my own router and firewalls on protectli hardware, force the use of Ad guard DNS on...

    You can't really have privacy if you don't control your router. It's just too low down in the OSI model. I run my own router and firewalls on protectli hardware, force the use of Ad guard DNS on clients with custom filter lists, segment my networks to keep my stuff separate, etc. I also use browser plugins like ublock origin, umatrix, and privacy badger.

    At a certain point you need to decide what trade offs are worth what level of privacy, and realize that spouse/kids might feel differently.

    I would also counsel that you should balance your concerns with a broader perspective. Take extra steps when privacy is most important, but don't worry yourself sick about it constantly. It's unfortunately something baked into a lot of technology, so focus on what you can control, mitigate, and avoid, and make peace with what risks you do accept, for your own sanity.

    There are also services that do a good job of automating your data removal from brokers. Incogni does a good job cleaning up those behind the scenes brokers, and onerep focuses more on public people search sites. Both will get you added to suppression lists.

    Edit: accidently made this a reply to another comment, moved it to its own top level.

    Also who your ISP is probably doesn't matter as much as you think, especially if you manage your own router, use your own DNS, and use a VPN when warranted.

    37 votes
    1. [2]
      WobblesdasWombat
      Link Parent
      I disagree with the statement, though agree with the principal. I had a setup where my ISP requires using their router to get unlimited data. I treat it like the Internet. I turn of the WiFi nic...

      You can't really have privacy if you don't control your router

      I disagree with the statement, though agree with the principal. I had a setup where my ISP requires using their router to get unlimited data. I treat it like the Internet. I turn of the WiFi nic (I'm pretty sure it's still active) and put a PFSense.box behind it. The PFSense box is essentially my new firewall router.

      To go further I setup local DNS that forwards to a 3P DNS, site to site VPN, Wire guard tunnels to remote in, and other stuf to make sure the traffic that flows through is encrypted. The ISP can see timing and traffic shape, and probably make inferences from the metadata.

      The point is you can create segmentation even with their hardware in your home. (which I think was the point you are making)

      7 votes
      1. krellor
        Link Parent
        So basically, you run your own router inside the ISP router, this controlling your own router. 😋 Doing what you set up with a site to site VPN is of course a good way to go, but still requires...

        So basically, you run your own router inside the ISP router, this controlling your own router. 😋

        Doing what you set up with a site to site VPN is of course a good way to go, but still requires running your own router, just not the service demarcation. However, I didn't think the OP is ready for all that goes into managing their own site to site VPN endpoint on the Internet.

        But good to expound on your experiences for folks who are in a similar boat!

        4 votes
    2. [2]
      ahatlikethat
      Link Parent
      I agree with this. I installed Fresh Tomato using this guide a few years back on my Netgear R7000. I added DNS blocking at the router level, and it prevents all kinds of ads, etc, even on my roku....

      I agree with this. I installed Fresh Tomato using this guide a few years back on my Netgear R7000. I added DNS blocking at the router level, and it prevents all kinds of ads, etc, even on my roku. Previously I was using an older router firmware that became obsolete. Using open source firmware has the benefit of working on older routers, too, so you might be able to find something used if your current router isn't supported (though lots are, you can see the list of supported devices on the Freshtomato site) Another benefit of flashing Fresh Tomato is that you can set up guest/virtual wireless channels, which might help with your kid's stuff not crossing into your own. I

      Flashing your router can be pretty nerve-wracking, especially the first time, especially if you are prone to dwell in worst case scenarios, but I found patient execution of the instructions resulted in success, and when I did run into a problem I could fix it using this forum even though my router isn't linksys.

      4 votes
      1. krellor
        Link Parent
        I would also suggest that if going the route of flashing older model consumer routers, pick up a spare or two when you can, and flash and configure the spare before swapping it into production....

        I would also suggest that if going the route of flashing older model consumer routers, pick up a spare or two when you can, and flash and configure the spare before swapping it into production.

        Really brings down the stress level.

        3 votes
  2. [10]
    mat
    Link
    Have you tried just not caring? I don't really mean that to sound facetious. But it works for me. I don't feel like my privacy is being compromised at all, and I do literally nothing to protect...

    Have you tried just not caring?

    I don't really mean that to sound facetious. But it works for me. I don't feel like my privacy is being compromised at all, and I do literally nothing to protect it. I use all the Meta platforms, I use Google products, etc. I did use Chrome a lot but Firefox has some features I prefer so that's my main browser now, although it's not for privacy reasons. My private life is still, after 25+ years online, entirely private. I look at some adverts occasionally. It doesn't impact my life whatsoever.

    People have been telling me the privacy sky is going to fall since... well, at least since gmail launched and we found it out "read" your email to target ads. There seems to be no evidence to suggest the sky has, or will, collapse upon me. A handful of lines among billions in an few ad tracking databases, that a human will never see, is not a thing I have the time or energy to care about.

    edit: I understand there are parts of the world where certain aspects of one's life it is important to keep very quiet, but I am not one of those people in one of those parts of the world. I do sympathise with those people and I'm glad various tools exist for them to remain out of sight.

    20 votes
    1. [5]
      vord
      (edited )
      Link Parent
      I feel like it's very much one of those things where you don't notice how its impacting your life unless it's really impacting your life. Most people probably don't care about how bad the...

      I don't feel like my privacy is being compromised at all, and I do literally nothing to protect it.

      I feel like it's very much one of those things where you don't notice how its impacting your life unless it's really impacting your life. Most people probably don't care about how bad the interplay of insurance and medicine is until they're in a car accident or are otherwise suffering because they can't afford the medical care. But I won't expound on that further, because ultimately, it's a fruitless discussion.

      It may also be kinda like noticing stuff like systemic sexism.....I didn't get the problem (as a white man) for a long time, until several very-enlightening discussions and IRL manifestations really opened my eyes and now I can't unsee it. It's why "woke" was such a great way of describing noticing systemic racism.

      The worst is really a thing that's mostly lurked under the surface. It's that all this data collection and privacy invasion is a waste. It's that our best and brightest minds and gigantic swaths of labor is all being expended for the sole purpose of getting you to buy stuff that you didn't want or need. Not inventing new things, or making old things better.....just trying to figure out better ways to manipulate people.

      And we wonder why our planet is burning. We never let people be content with what we have, we perpetually try to get them to buy more. So we make more stuff and bombard people with ads to get them to buy the stuff and then throw the old stuff in the trash and pollute the planet.

      We wonder why everyone is so susceptible to disinformation. I'll bet it's in no small part that we're perpetually exposed to advertising which is being honed each day to be more and more effective.

      36 votes
      1. caliper
        Link Parent
        This is EXACTLY how I feel, thank you for putting it into the right words. That's what I'm suffering from. It's everywhere. Not just online. It's also stores tracking customers using Bluetooth. My...

        This is EXACTLY how I feel, thank you for putting it into the right words.

        ... now I can't unsee it.

        That's what I'm suffering from. It's everywhere. Not just online. It's also stores tracking customers using Bluetooth. My car desperately trying to get online to share data. The furnace only wanting to work when it's connected to a remote server, which "conveniently" will inform companies in my area when it's time for a service. It's everywhere.

        It's that all this data collection and privacy invasion is a waste.
        ...
        Not inventing new things, or making old things better.....just trying to figure out better ways to manipulate people.

        This is really it. This is what ultimately bugs me most. I always try to make things better for people, help them out, improve things. But as you describe, the data collection is exactly the opposite of that.

        15 votes
      2. [3]
        mat
        Link Parent
        I agree that advertising is annoying. But the creation of advertising is not the same as the advert targetting business. The people making the ads generally aren't the people 'harvesting' your...

        I agree that advertising is annoying. But the creation of advertising is not the same as the advert targetting business. The people making the ads generally aren't the people 'harvesting' your 'data'. It's a different industry, doing different things in different ways.

        And yes, the world probably would be better if both went away. But that doesn't make the ad targetting databases an invasion of my privacy. The exact same thing is happening every time you go shopping. Huge amounts of data about what sells, and when and to whom, and how that relates to other data points are being created and used all the time. But nobody ever seems to complain about how going to a shop is an invasion of privacy, yet it's basically identical to what happens online.

        Nothing bad has ever, to my knowledge, happened to me as a result of tracking cookies or targetted ads. Do you have any specific examples of how your privacy has actually been compromised? If you'd indulge me by assuming for a moment that a record relating to your browser in an anonymous database somewhere isn't an invasion of your privacy in and of itself. Because I appreciate you feel it is, and I'm not trying to change your mind on that because that's valid thing to feel - but it's also something that doesn't actually impact your life.

        2 votes
        1. [2]
          vord
          (edited )
          Link Parent
          I don't think it is, just a different branch of the same industry...like oil extraction and refinining. Advertisers are the customers for data collectors, and in the case of Google and Facebook,...

          It's a different industry, doing different things in different ways.

          I don't think it is, just a different branch of the same industry...like oil extraction and refinining.

          Advertisers are the customers for data collectors, and in the case of Google and Facebook, they are one in the same. All the other companies collecting data are selling it to advertisers.

          As far as direct harm, I'll drop this video. It sums up many of my feelings pretty well.

          If I have more time, I'll elaborate later. But in short, all this data collection just slowly, piece by piece, eats away at my sanity and free time.

          I've never been a victim of cyberstalking, but hearing stories from others is enough to want to severely curtail access to video footage from Ring/Nest cameras, location data, and yes, tracking cookies.

          10 votes
          1. mat
            Link Parent
            Yeah, so Mx Thorn is generally someone I tend to agree with but I don't think they hit the mark with that video. The conflation of targetted ads with active surveillance doesn't ring true to me....

            Yeah, so Mx Thorn is generally someone I tend to agree with but I don't think they hit the mark with that video. The conflation of targetted ads with active surveillance doesn't ring true to me. Surveillance to me implies a human is actively looking at you and what you do. Which isn't how tracking cookies work. I've designed and implemented user tracking systems, no human is looking at that data. It's processed and understood as an aggregate otherwise it's even more worthless than it already is.

            More importantly, nothing in that video presents any evidence of actual direct harm being caused. Feeling a bit icky about something happening is not harm. Harm is when it happens to you regardless of what you think about it. If I don't give a crap about ad tracking, I don't suffer any 'harm' from it's existence. Therefore it's not harming you either, you just don't like it. Which is fine, I'm not telling you what to like or not.

            In a broader sense, I've never met a slippery slope argument which has convinced me. But thanks for the reply.

            4 votes
    2. krellor
      Link Parent
      I just wanted to add to this that wherever you land on privacy, one you've considered the tradeoffs and do what is worthwhile to do, make peace with the rest. I see a lot of people really go to...

      I just wanted to add to this that wherever you land on privacy, one you've considered the tradeoffs and do what is worthwhile to do, make peace with the rest. I see a lot of people really go to extreme lengths, and then still agonize and spend precious mental energy on what they can't control. I understand lobbying or supporting change, but not tying yourself into knots daily about it.

      13 votes
    3. dolphin
      Link Parent
      Honesty, this strategy has worked for me. If being aware of privacy gets too stressful, maybe it's a good idea to think: am I truly THAT special, to the point that I need to stress out about it?...

      Honesty, this strategy has worked for me. If being aware of privacy gets too stressful, maybe it's a good idea to think: am I truly THAT special, to the point that I need to stress out about it? Odds are, I'M NOT SPECIAL, boo hoo, but bright side: there's no need to go around wearing a tinfoil hat.

      I lived in China for the past 5 years. WeChat is passively surveilled (there's too much data, so they don't care unless you or something you typed pops up on their radar). Also, as a foreigner I knew I was probably on a list somewhere by default. I realized that I was going to be surveilled no matter what, so fuck it. Scan away at my lifestyle and give me those Taobao recommendations (which I occasionally bought because hey, sometimes I really did need the suggested product).

      I now live in the UK and ... shrug. I have split away from Google, somewhat, but I still have some emails going to my gmails that I don't care to switch over. I still use Chrome at times, especially when I want that built-in Google Translate. I still have Amazon Prime and it for sure tracks my purchases. There's CCTV everywhere. Et cetera, et cetera.

      7 votes
    4. [2]
      caliper
      Link Parent
      Thanks, and I think it's a fair recommendation. Not caring or worrying about it is working just fine for most people. I may need to work on that. What I may not have been clear about in my post is...

      Thanks, and I think it's a fair recommendation. Not caring or worrying about it is working just fine for most people. I may need to work on that.

      What I may not have been clear about in my post is what really bothers me most. I'm not too worried about my personal privacy, what bothers me is being milked for data. In my opinion, none of this data harvesting should exist. If there was any good being done with it, it wouldn't bug me this much. But the only thing that seems to matter, is collecting as much data points as possible to then sell that to ad companies. It is ruining software, hardware and the internet as a whole. All the resources spent on this, it's such a huge waste. In my perfect world, companies wouldn't data mine their customers and then sell that data to 3rd parties.

      5 votes
      1. mat
        Link Parent
        I don't disagree. The world would be better if none of those things happened. But I can't make that happen and even if I tried and tried to avoid it all, that wouldn't change anything. So instead...

        I don't disagree. The world would be better if none of those things happened. But I can't make that happen and even if I tried and tried to avoid it all, that wouldn't change anything. So instead I opt to not to worry about it.

        For whatever it's worth, it's a pretty open secret in the industry (or at least it was a decade ago when I still worked around there) that hyper-targetted ads are pretty useless. Most of the data being collected isn't even really worth anything. It's sold to people who don't know any better, which is one reason so many of the ads you see on things like Facebook are such low-grade trash.

        2 votes
  3. karim
    Link
    Return to Monke™ Try to reduce your usage of modern technologies, sacrifice convenience for peace of mind. That's what I try to do these days. When I buy a TV (large monitor for living room) you...

    Return to Monke™

    Try to reduce your usage of modern technologies, sacrifice convenience for peace of mind. That's what I try to do these days.

    When I buy a TV (large monitor for living room) you bet it's gonna be a dumb one, despite being a whole lot more expensive. Of course, that's assuming I can find one. Second best choice will be a smart tv that allows me to stay completely disconnected, i.e. non of that samsung trash.

    8 votes
  4. [2]
    patience_limited
    Link
    At this point, as /u/krellor mentioned, you're probably going to need third-party paid removal of information from data brokers. I've been very careful about my online activity, managing my own...

    At this point, as /u/krellor mentioned, you're probably going to need third-party paid removal of information from data brokers.

    I've been very careful about my online activity, managing my own cable modem/router, running everything through pihole and various blockers to avoid ads. On Android mobile, I'm running Blockada with various blocklists, NordVPN, Cloudflare DNS, Privacy Badger, uBlock, and Proton Mail. The smart TV is on a separate wireless VLAN with its own blocklists and filtering. This all comes at some cost in speed, functionality, money, and management time.

    Nonetheless, I can't prevent data harvesting from my credit card activity, service calls, cellular provider, travel bookings, doctors' office portals, pharmacy benefit providers, grocery stores (I don't participate in store benefit tracking)... Even with regular scrubbing, I still get ads that are disturbingly personalized, including PHI that would get a health system penalized under HIPAA law in the U.S. There are already reports of horrifying abuses in relation to women's health.

    We need to let our legislators know that data privacy matters, and we'll vote/donate based on this issue. I contribute to EFF and write my representatives (as well as FCC commentary) regularly about data privacy.

    8 votes
    1. caliper
      Link Parent
      Awesome, that's really nice to read!

      I contribute to EFF and write my representatives (as well as FCC commentary) regularly about data privacy.

      Awesome, that's really nice to read!

      5 votes
  5. [2]
    Indikon
    Link
    I just started reading (actually listening to the audiobook with Ray Porter) The Art of Invisibility by Kevin Mitnick yesterday. Not that it will make you feel any less paranoid, but I learned...

    I just started reading (actually listening to the audiobook with Ray Porter) The Art of Invisibility by Kevin Mitnick yesterday. Not that it will make you feel any less paranoid, but I learned some finer points to many of the things I already knew.

    4 votes
    1. caliper
      Link Parent
      This is awesome. I know I shouldn't, but I definitely will be reading this. Thanks for the recommendation!

      This is awesome. I know I shouldn't, but I definitely will be reading this. Thanks for the recommendation!

  6. [3]
    WobblesdasWombat
    Link
    So an important question to ask is who/what are you protecting yourself from? You can have privacy on the Internet, it just makes it no fun. I took am concerned with the amount not data collected...

    So an important question to ask is who/what are you protecting yourself from? You can have privacy on the Internet, it just makes it no fun. I took am concerned with the amount not data collected on me. However at the end of the day, the collection supports people selling you stuff. Blocking ads everywhere, paying for services, self hosting, and routinely submitting data deletion requests is probably as good as you're going.to get. I've found turning down the grumpiness and opting out of being consumerism (ads dont work if you don't want to buy stuff) made me a fraction less grumpy about the state of the world.

    3 votes
    1. [2]
      caliper
      Link Parent
      I hate being the product. I really don’t like all the tactics used to get as much data as possible from internet users. I don’t think we should be used this way especially because what we’re...

      I hate being the product. I really don’t like all the tactics used to get as much data as possible from internet users. I don’t think we should be used this way especially because what we’re getting in return is a shittier internet. I think us users end up pulling the short straw; getting cheap thrills, like AI, but being abused in search engines at the same time. Some companies are making a huge profit from this abuse, ruining the internet in the process.

      4 votes
      1. mat
        Link Parent
        You're not "the product". This is a thing people get wrong because it makes a snappy slogan. The process doesn't work like that. "You" are not being sold. You are not your browsing habits, for one...

        You're not "the product". This is a thing people get wrong because it makes a snappy slogan. The process doesn't work like that. "You" are not being sold. You are not your browsing habits, for one thing. You're far more complex and interesting than that (which is also why I don't consider ad tracking an invasion of my privacy but that's a different thing)

        This is from a Googler (I am paraphrasing, the original post was on Plus and now lost to the mists of time):

        "Internally, we talk about having two customers. One customer is the advertiser, they pay with money for access to user's eyeballs (NOT user's data, that is never for sale). The other customer is the user, they pay with their eyeballs (and ideally clicks) on ads for access to services (email, search, etc). Google brokers a deal between their two customers, takes their cut off the top and bosh. Everyone is a winner. Sort of. Obviously nobody actually likes seeing ads most of the time but almost nobody wants to pay for services either so something has to give."

        I've also heard the exact same thing from insiders at Meta. And although Meta used to sell data, a long time ago, even Zuck realised that was a terrible idea so your data they have is also secure. Advertisers don't see user data, advertisers set filters which are applied to user data to determine who gets served their ads. That dataset is the way Faceoogle (and the rest) make money, they'd be insane to let anyone near it!

        What you're getting in return is an internet at all. Hosting costs money. Backbone costs money. Datacentres cost money. Programming costs money. It was fine when the internet was a few million people and you could run a popular website on your desktop machine over a home internet connection, or piggybacked on a university server somewhere. But those days are long gone.

        Would you be happier with a state-funded internet, paid for by taxes? That would probably end up geofenced too. Donation drives on every other website? Or paywalls on everything? I really don't know what would be better, but equally I'm not suggesting that what we have is the best thing and it should be the only thing that exists.

        If everyone ran ad blockers and piholes and so on and so forth, the internet would stop existing as we know it. You might think that's a good thing. You might even be right. But I have no idea what would replace it.

        5 votes
  7. boxer_dogs_dance
    Link
    We run a raspberry pi and a monitor for streaming and don't have cable. I don't know what we do about a router but my husband is privacy minded. Good luck

    We run a raspberry pi and a monitor for streaming and don't have cable. I don't know what we do about a router but my husband is privacy minded.

    Good luck

    2 votes
  8. balooga
    Link
    If you have to use the provided router but can’t disable the WLAN, have you considered putting it into a Faraday cage of some sort? Bit of cost associated with that but it shouldn’t be as steep as...

    If you have to use the provided router but can’t disable the WLAN, have you considered putting it into a Faraday cage of some sort? Bit of cost associated with that but it shouldn’t be as steep as a whole replacement router.

    1 vote
  9. infpossibilityspace
    Link
    The simplest and cheapest solution would be to get a raspberry pi and install pihole. It acts as a DNS sinkhole/blackhole for ad/tracker domains so any request from within your network is filtered...

    The simplest and cheapest solution would be to get a raspberry pi and install pihole. It acts as a DNS sinkhole/blackhole for ad/tracker domains so any request from within your network is filtered first.

    I used one for a while and found it very reliable, doesn't use much power, and very easy to set up. I barely needed the adblocker on my computer (though things like YT/Twitch Still needed it). Pis were quite in demand last I checked, but you could look for a used Pi 2 which was more than enough for me.

    These days I moved away from pihole and converted a mini pc for £110 into an opnsense router/firewall. It's more hardcore and more setup, but you have full control over your network for DNS blocking and IPS with Suricata if you want.

    1 vote
  10. freddy
    Link
    Just read this article and it might speak to your condition: is privacy worth it?

    Just read this article and it might speak to your condition: is privacy worth it?