My Journey to Better Privacy (Part 6: Conclusions)

Introduction

Over the last few months I have been on a journey to better privacy. During that time I’ve gone over search, browsers, social networks/messaging, digital assistants, and email. This is not an exhaustive list of all the areas where online privacy is concerned, but it’s the primary ones that had not yet been addressed in my life. Now that we’ve gone over each of those areas, and I’ve had weeks to months to live with those decisions, I want to wrap things up with the conclusions I’ve come to over the course of this journey.

In my mind you have a range of choices when it comes to privacy. As with all things in life there is a pendulum, and you can choose to live on either side of that or somewhere in between. Let’s go over the basic options at each of those levels.

Complete Privacy

If you want complete privacy online, below are your options.

  • Don’t use the internet.

That’s it… I’m not kidding. If you want to avoid being snooped on then you literally cannot touch the internet in any way. This isn’t limited to computers and tablets. You should avoid using any type of electronic payments, opting for cash only. Any type of phone usage can be tracked as well. Honestly, I’m not sure you can fully avoid being tracked without going completely off grid (and maybe not even then).

Take home point: if you’re going to use the internet then you’re going to forgo privacy on some level.

Extreme Privacy

So you’ve decided that living in the woods and drinking your own urine is too high a price for privacy? Good choice, but that means you’ll be interacting with the internet on some level. Maybe you still want absolutely as much privacy as possible, regardless what that means in the way of inconvenience. Your options will probably look something like this:

  • Use an operating system that doesn’t signal back to its maker. (Probably a flavor of Linux, but not all of them are considered privacy conscious.)
  • Whole-home VPN (I didn’t go over this, but basically you configure your router to funnel all traffic through a tunnel.)
  • TOR (This is a system that somewhat anonymizes your internet traffic.)
  • Alternate DNS settings (avoid using your ISP’s or Google’s)
  • Web browser that uses all the addons I wrote about, plus others like NoScript.
  • Move your email to an encrypted service like ProtonMail.
  • Use a password manager, probably an offline one.
  • If you want to be super safe, do all this from a virtual machine on your computer instead of on the computer itself.

If it hasn’t become clear yet, this is a giant hassle. Aside from the time and frustration that will go into setting it all up, your network speeds will also be slower and you will constantly (CONSTANTLY) run into issues with sites not working correctly. And here is the kicker, you may still be tracked. Technology is always changing and we’re often not even aware of the most advanced methods until years after they’ve been used. You can totally take this approach, and there are people that do, but be prepared to put in the work. It may also make you a gleaming target as someone who is trying to hide something.

Moderate Privacy

If the above approach is more involved than you are ready for, there are ways to increase your privacy while still achieving a reasonable level of usability. This is basically the balance I’ve been trying to strike throughout the series, not being completely locked down but not throwing my data at people either. Here is what I see as the best approach:

  • Use a search provider that doesn’t track you, like DuckDuckGo.
  • Make smart browser choices, and enhance them with privacy addons.
  • Only use social networks and their messengers in contained situations, or not at all.
  • Know how your digital assistant stores and uses your recordings and configure accordingly, or avoid them altogether.
  • Never send anything sensitive in email. Use encrypted services instead, and maybe avoid email completely.
  • Be mindful of what sites you visit, and if they use encryption (https).
  • Use a password manager (LastPass is my favorite).
  • Use a VPN service when traveling or on public networks.

In my mind this allows you to interact with the internet, but with safeguards in place. It’s the sweet spot.

No Privacy

The other side of the pendulum is not caring about privacy at all. Many (maybe most) take this approach. They either aren’t conscious of the amount of data they’re giving up or assume there is no use trying to stop it. This is certainly the easiest way to approach things, but not one I can agree with. Firstly, your information is obviously valuable. The companies trying to syphon it are making billions off of it. Secondly, you have no idea how long they will keep the data and what they’ll do with it, either now or in the future. Privacy is a human right, and the onus is on us to fight for our own.

Conclusion

Honestly, this journey hasn’t gone completely as I expected. There were a few areas where I started out with an assumption as to what I would do and changed my mind as I researched it. Also, things are constantly changing. I made some posts and later had to return to update with a different conclusion after reconsideration. In the end I think it’s less about choosing a specific set of technologies and more about having a privacy mindset. Look deeper into offerings, not focussing on only features and price but also how they are respecting your privacy. Make sure you’re using secure services. Know that social networks, among other things, are free for a reason. You are the product.

But also, don’t forget to have fun. There is a lot of really great stuff out there and a wealth of opportunity on the internet. Keep your safeguards in place but don’t let fear limit you.

My Journey to Better Privacy (Part 5: Email)

Introduction

If you’ve been following along, then you know I’m on a quest to increase privacy across my digital life. The next stop on that journey is email. This system of communication has become so ubiquitous that we hardly give it much thought. We communicate over it with service providers, friends/family, random blogs, and any number of other entities. Since it’s a digital form of communication some get a false sense of its security, but that couldn’t be farther from the truth. Let’s take a moment to look at the current state of email in 2019.

How It Works

It’s sometimes easy to take for granted how digital communication works these days. We assume that what we’re writing is only being seen by ourselves and the intended recipients. But that isn’t necessarily true, especially in the case of email. In fact, it might be helpful to visualize email as more akin to its physical cousin, snail mail. A friend of mine once said it’s best to consider any email you send to be like a postcard. When you send a postcard it is secure in your house, and therefore somewhat safe. You then place it in the mailbox and send it off through the post office routing system. Along that route it passes through many hands. Those who have malicious intent, or are just nosy, could read it any time they want. Eventually it comes to your recipient’s house, where it is then again somewhat safe due to being in their residence. The same is true with email. Your mail provider places a lot of effort into securing their servers with encryption and other measures. However, once your email leaves there and is being routed to the recipient’s mail it is open and vulnerable. Once it arrives there are measures that keep it safe on the destination as well, but in between it’s basically completely open. Besides all of that, your mail provider likely uses data mining on your emails in order to serve you targeted ads. So even when the email is “safe” it is still being accessed by other parties.

The lesson here is that email should NEVER be considered private. Don’t put anything in email that you wouldn’t put on a postcard.

Safeguarding Email

There are some options for locking down your email and making it secure. Mostly this means using an encrypted service. Providers such as ProtonMail (great review here) offer end-to-end encryption, meaning that even they can’t see your email. There is a web client to securely access the service, or you can download their mobile apps. There are shortcomings in comparison to the convenience you’re used to (such as searching for a subject), but overall it’s a great way to secure your email.

The Downside

If it’s so great, why isn’t everyone using it instead of data vacuums like Gmail? Well, there are reasons. Remember our postcard scenario? Imagine if you sent someone a postcard and they received it just fine but couldn’t read it. With secure email services your recipients cannot read your emails unless you provide them with a password or public key to decrypt the messages. There aren’t a lot of friends that would do that just so they can receive email from me, much less people I barely know.

Also, your email is now sitting on their provider’s servers. Even if ProtonMail takes steps to ensure they can’t read your email it doesn’t mean your friends’ service lives up to the same standard. And any email they send to you will definitely have all of the same pitfalls of normal email. Plus, if someone forwards the email on then all bets are off.

Lastly, if you forget your password then all of your email is lost to you. This is the blessing and curse of ProtonMail not having access to your mail. They can’t snoop on you, but they can’t recover it for you either.

Conclusion

So, what’s a privacy-focused nerd to do? Even though services like ProtonMail aren’t as easy to use as traditional ones that doesn’t mean you should ignore them. As the funny taco commercial once said “Por que no los dos?”. Use ProtonMail for sensitive business emails or personal ones containing identifying information, and keep your usual service for all the spam you get from Old Navy and emails coordinating pot lucks. If you want to keep those from being data mined, swap to something like an iCloud address. It’s run by a major corporation too, but they don’t scan your email the way Google or Microsoft does.

Personally, I already stay away from putting anything in email I don’t have to. I prefer to use secure messaging systems for personal contacts (iMessage or Signal). If secure information needs to be emailed, you can always place it on a cloud storage service that is encrypted and then send them its link. This reduces the amount of storage being used on both email services (sender/recipient), lets you configure the link to only be accessible to certain individuals (either read or write), and lets you bypass the insecure digital postal system already discussed.

Be mindful of what you’re sending and how. And choose the option that works best for your situation.

My Journey to Better Privacy (Part 4: Digital Assistants)

Intro

Since the time I was a child the idea of robotics and automation has appealed to me. When digital assistants started to hit the scene I was stoked. I imagined myself controlling my home like Tony Stark with Jarvis. I tried to hold out for a good Siri solution, knowing that Apple makes quality products and that they are generally more privacy focused. But $400 is way too high for a smart speaker and Siri, bless her heart, is way behind the rest of the class in terms of intelligence. I ended up going with Amazon’s Alexa and have really enjoyed the experience.

At this point in time my investment in the Amazon Echo ecosystem is not insignificant. We are the owners of the full-size Echo 2, an Echo Spot (the alarm clock one), and the 2nd generation Echo Dot (the hockey puck). I even had a second Dot, but have since gifted that to my in-laws. Added up that’s a decent dollar investment (but still hasn’t reached the price of one Apple Homepod). With these devices I’ve been able to have music that plays throughout our house, control a number of lights by voice, have a simple intercom system, and more. An additional perk is that it lets my kids easily do things like turn on the lights in the scary basement from upstairs.

All of that to say, I have good reason to consider the privacy implications of digital assistants. And it could also be painful for me should I need to make a change. So you know I’m taking this seriously.

What Is The Worry?

After the initial rush of excitement surrounding digital assistants and their potential, a number of years have passed and important questions have come up in the mean time. Many people ask, if something is always listening for me to speak is it recording everything I say? Secondly, what is done with the recordings once your choice of tech companies has it? How long do they keep it? Perhaps most important recently is the question of human interaction. We always assumed that only machines interacted with our recordings, but it turns out that people do as well.

Some of these concerns are valid and some simply aren’t. Let’s start by taking a look at how these devices work, and that will help us separate out truth from myth.

How It Works

Honestly, it’s really very simple. In the case of smart speakers, or anything that uses a wake word (Alexa, Hey Siri, Ok Google), the device listens to everything said around it. This happens locally on the device, and it completely ignores anything other than the wake word. When the wake word is recognized, that is when it reaches out to the company’s servers. Any sound during the listening period is recorded and sent up to these cloud servers. That is where all of the smarts are (which is why the devices can have such low power hardware). Using sophisticated language processing, machine learning, etc their systems determine what you’re saying and how to best respond. Any number of things are triggered from there, and whatever you requested happens. That’s it. To summarize: Wake word, snippet sent to cloud, action taken. The companies then take a small percentage of the millions of recordings they receive, somewhat disassociate it from user accounts, and have people work with them to make their language processing smarter.

There are a few key takeaways from this knowledge:

  • The device dumps EVERYTHING it hears unless the wake word is registered. It is NOT recording everything you say.
  • The request is processed by machines. No human interaction is involved.
  • Though people are involved in training the system to be smarter, and that allows them to hear recordings, it is with an astoundingly small portion and your user account is partially decoupled from the recordings at that point.
  • It’s worth noting that Apple is more privacy conscious with its operations, such as tying recordings to a random identifier rather than your user account and doing as many operations locally as possible rather than in the cloud.

What Concerns Remain?

Having said that, it does not mean there aren’t real concerns. In our experience the devices can wake at very random times where we definitely did not say “Alexa”. At first this is just annoying (and a little creepy). The more you dwell on it, though, you start to wonder exactly what it’s picking up. Some have raised the point that personally identifiable information could be overheard, or bank numbers, etc. Sometimes I wonder if it picks up my children’s conversations. Not that they’re saying anything nefarious, but I don’t really want them recorded. Also, you just never know how anything you say will be taken if heard out of context. In today’s society people get really worked up about opinions they don’t agree with. Who’s to say it won’t overhear a conversation that isn’t politically correct, and then the workers might tie it back to you? What if something is acceptable now but in a decade is practically a thought crime (token 1984 reference)? One should always be careful of what they say, but this adds newer and potentially more dangerous considerations. Words you barely thought about almost instantly become data that is globally distributed and perhaps perpetually retained.

Most companies have built mechanisms to let you delete recordings from your account, but that doesn’t mean they’re completely purged. In the end it’s really up to them how long they’re going to keep the data and what uses they’ll have for it. The recording is on their servers and out of your hands.

After the outcry over having people listen to recordings most of those programs have been suspended. I can’t imagine that will last, though. I’m honestly not certain you can properly train the system without sampling recordings. That’s just the nature of how this technology works. They should have disclosed this better and potentially had their employees act more professionally (like not passing around amusing recordings), but it’s simply a reality.

Considerations For Balance

How much all of this matters to you is going to be a personal choice. Everyone has different thresholds for what they consider to be private conversation and how much they care they’re overheard. In many areas of life my wife is my touch point to reality. I can get very lost in the internal academic debate and become completely disconnected from the real world. While wrestling with these subjects in regards to our own home I asked if it bothered her, and she responded something to the effect “not even once”. Just now I asked her what she thought we should do and she said “I don’t even care”.

Another thing to consider is how deep down the rabbit hole you want to go. If you’re worried about devices listening to you without your permission, stop to consider the ones that are already part of your daily life. Every cell phone (smart or not), laptop, smart watch, and many desktops have mics in them. A bad actor could activate any one of those without your knowledge. It’s already been done before with webcams. Facebook, Google, and likely the goverment already have an astounding amount of information on you from multiple sources, verbal or not. And you could just mute or turn off the devices should you need to have a private conversation.

Conclusion

When you put everything together it’s a balance of obtaining the functionality you want vs the information you volunteer. For me that means, as painful as it is, Alexa and I will have to part ways. I really didn’t want that to be the case, and I even wrote up this article originally stating that I was going to keep her. But that didn’t sit well, and here are the main reasons why:

  • Conversations unintentionally overheard: There is no way around it, these devices often think you’re speaking to them when you’re not. That leads to us being recorded when our guard is down, and as stated before the information is then out of our hands and within Amazon’s control. For whatever reason this seems to happen much less with Siri, so I’m not as concerned about our phones, etc having it enabled.
  • People reviewing recordings: Only Apple’s system truly decouples your recordings from your personal information, so theirs is the only one I’m comfortable with in this regard.
  • There is no feature we can’t live without: We did a week trial without the devices and there was surprisingly little impact. A few smart home tasks are more annoying to do with the phone or watch, but overall life went on pretty much the same. Having the Jarvis effect is fun, but not something I’m willing to trade our privacy for.
  • No peace of mind: I mentioned this in the web browser discussion too, but peace of mind is very valuable. No matter how much I run over the facts and come to terms with them, something in the back of my mind was never comfortable with Alexa. Being without that internal battle during our week long test was refreshing, and a part of me has known since starting out with Alexa that something felt off about it. Maybe it’s paranoia, or maybe it’s instinct. Only time will tell I suppose.

So going forward the only digital assistant in our lives will be Siri. She’s not the smartest, and the Apple Homepod is absurdly expensive. If they go on sale or Apple produces a lower cost Echo Dot competitor then I’ll jump on board. In the mean time we just use our phones or watches for the same tasks. And if worse comes to worse, we walk across the room and hit a physical button. Turns out that’s still a completely viable option.

Update (09/08/2019)

A few weeks have gone by since I posted this article and I’ve now changed my position on our Alexa devices. This is because of a couple of key reasons. First, Amazon will let you opt out of having humans review your recordings. Second, I thoroughly reviewed my own article above and concluded that my decision leaned more on the paranoid side than the cautious.

TLDR, all of the information above is still true and valid. But the value vs risk index tips in favor of us keeping Alexa rather than dismissing her, especially as Amazon comes under increasing pressure to make sure she guarantees our privacy. As noted above, my family has received a ton of benefit from using these devices (my children have literally been begging me to put them back). We feel comfortable with the way the technology works and the benefits we receive from using it.

Update (09/26/2019)

At their September hardware event Amazon announced new privacy measures along with a slew of new products. I’m not saying this makes them 100% trustworthy, but it’s a sign in a good direction.

My Journey to Better Privacy (Part 3: Social Networks and Messaging)

Intro

I’m on a journey to improve my online privacy. Search engines and web browsers have already been covered in previous posts. What discussion on this topic would be complete without Social Networks (Facebook, Twitter, Instagram, etc)? I’m also going to include messaging along with them because they often go hand in hand (ie Facebook Messenger).

Why Does It Matter?

Social networks encompass a large portion of our online activity, and ironically are also one of the main outlets through which we hemorrhage data. Besides the risks incidents like the Facebook data breach present, why are we okay with giving the social networks themselves so much data? Even if you follow the argument that you’re a good person and have nothing to hide, it’s still disturbing to have a random party repeat back to you what you ate for lunch. Yet we tell things to audiences of thousands, and that data gets spread to servers around the globe. We have seen in recent history how old year books from high school and college have affected people’s careers. What if a decade from now what you’re freely laughing about with friends is completely socially unacceptable? There is a timestamped record of it anyway, and your picture is likely along with it in full HD. In the same vein, what if laws later change around the governance of that data and third parties such as governments or others can freely access it? The point is, we don’t really know how the accumulated data of our lives is being used today, much less how it will be in the future. Also, studies have shown that social media is just plain bad for you.

What Am I Going To Do About It?

Delete all my accounts!!! Just kidding. I’ve actually been down that road before due to a mixture of privacy concerns and trying to engage with people in person more. In the end I came back, and I don’t plan to delete them again. This may sound outrageous given this post is about privacy, but if you will remember I stated at the beginning of this journey that I was trying to strike a balance between full tin foil hat paranoia and living effectively on the internet in 2019. In my specific situation, I have family and friends scattered around the country and globe. I don’t often get to see them in person, so Facebook is a very effective way of keeping in touch with them. Also, groups we are a part of coordinate heavily through it, such as our Sunday School class at church. I use Twitter, Linkedin, and others to stay in touch with the tech community and post (hopefully) helpful information such as the entries on this blog. So, in the end a complete burn-it-to-the-ground deletion would not be the smartest move for me.

I have found over time, however, that there are ways to severely limit what information I give to social media. The first has nothing to do with technology, it’s discipline. I make a practice of only saying online things that I wouldn’t mind a crowd of strangers overhearing. Sometimes I remember this more than others, but overall the idea is to simply be careful what you say. Second, I use a web browser and plugins that block website components that want to spy on me, including those connected to Facebook’s like button that appears on almost every page. On mobile devices you can use apps such as Friendly to still get the social network content without as much bloat and spying.

There are additional steps I’m implementing, however. This is after all a journey forward, not a review of steps I’ve taken in the past. First, I’m setting a specific time frame during the day to be my social media window. I’ve gotten far too comfortable with randomly accessing it throughout the day the moment I experience more than a second of boredom. I think we would all benefit from learning to curb that impulse, and regaining some of the ability we’ve lost to simply just “be”. Second, in order to help reinforce this first goal I am going to remove the apps from my phone. I’ve tried this in the past unsuccessfully, because I would simply log into the web version. But this too is more about discipline than technology. Tech can make a lot of things more convenient, but our choices are still up to us. As a side benefit, I’m looking forward to increased battery life and mental focus.

As mentioned up front, I’m including messaging in this effort as well. I think it is even more sneaky in regards to our data, because we get the false sense that it’s private. You’re having a conversation with those closest to you, forgetting that any number of unknown entities could at some point access all or part of that conversation. I’m taking the same mitigating steps with messaging as those listed above. But I’m taking one additional step of only using messaging platforms that include end-to-end encryption. That means that your messages are protected on your end as well as the recipient’s, and no one in between (including the company hosting the service) can read them. For me that means using iMessage and Signal. iMessage is only available on Apple products, but Signal is cross-platform.

Conclusion

In the end my choices might not match what makes sense for you, and that’s okay. This approach allows me to stay in contact with family/friends and coordinate with groups who are heavily invested in Facebook as a communication platform. But it also allows me to reduce both the amount of data I put into these companies’ hands and the amount of time their products take away from my life. It also ensures that my personal conversations aren’t snooped on. I’m a boring guy with nothing to hide, but I’d still be creeped out if a stranger asked me about where I went on vacation.

My Journey to Better Privacy (Part 2: Browsers)

TLDR

My Recommendation: Firefox, with the extensions HTTPS Everywhere, uBlock Origin, Firefox Multi-Account Containers, and Cookie AutoDelete
Privacy Simplified: If you just want privacy out-of-the-box and don’t care that it’s based on Chromium, go with Brave.
My Mobile Recommendation: Safari with Firefox Focus enabled as a content blocker, or Firefox depending on your preference.

Intro

If you read my previous post, you know that I’m on a journey to achieve better online privacy. Much like with search engines, web browsers are something that I’ve been considering for years. I tend to be drawn towards Chrome for its features and the fact that most sites are built to work with it. Then I become more privacy conscious and move to Firefox, with several addons enabled. Some point either after or before that I use Safari because of its integration with my devices (we’re basically an all-Apple house).

I wanted to make a concrete decision this time, though (or at least as concrete of one as can be made when technology changes so drastically from year to year). For that reason, I’m putting my thoughts down in writing and sharing them with you. It’s an accountability mechanism of sorts. Also, I sincerely hope that it benefits you as well.

*One small note before we get started. There are a LOT of browsers out there. I’m only going to cover the top few that tend to circulate through my life and that I think the mass majority would consider.

Chrome

Almost without doubt, if you’re asking which browser is going to be fastest and work the best it’s Chrome. Depending on which stats you look at, it has up to 75% of the market share, and for good reason.

By StatCounter – http://gs.statcounter.com/browser-market-share#monthly-200901-201905, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=80089473

But, how is it in regards to privacy? After all, its maker Google has come under a lot of scrutiny in that area over the last several years. Even The Washington Post basically called it spyware. They’re an ad business, using their “free” services to collect mountains of data to fuel that business, and Chrome is just a tool to help direct people towards contributing to that. It’s also becoming a bit of a monopoly as well, to the point where developers only code for it to the exclusion of other browsers. For these and other reasons, many (including myself) are highly suspicious of letting it pilot our journey through the web.

However, they haven’t left users completely without options. If you’re willing to look for the options in settings then you can turn off a lot of the snooping. Also, Chrome has one of the richest extension libraries, so you can add a number of those that will greatly enhance its privacy capabilities.

I for one remain too skeptical to embrace it as my daily driver. I truly wish that weren’t so, because it’s probably my favorite overall. But it just doesn’t sit easy with me.

Firefox

I’m going to be a lot more verbose concerning Firefox, because it is basically the measure by which I will judge all the others. It has a long history of fighting web browser monopolies and is basically a household name at this point. Below are some of the reasons it stands out to me.

Open Source: It is not the only option I’ll discuss that is open source, but it’s probably the most respected in the open source community. I’m not someone who will say non-open-source is evil (I’m writing this from a Mac), but I do think it’s something we should promote as often as possible. This is especially true in regards to the web. At this point in our culture the internet is almost like a utility. It houses essential resources for communication, productivity, education, and so on. It’s my belief that an open source browser from a non-profit company is better positioned to safeguard that than an offering from a large corporation which has special interests.

Defenders of the open web: Continuing off the point above, Mozilla (the maker of Firefox) has a long history and deep commitment to keeping the web open. Because they aren’t selling ad services, they can freely support ad blockers unlike Google is doing. They also sponsor lots of events to educate people on how to interact with, and contribute to, the web community.

Cross-platform: Firefox will run on Windows, Mac, or Linux. You can also have it on Android or iOS devices. If your life doesn’t reside all on one platform (as most people’s doesn’t) you can still use Firefox and sync your data across all devices.

Not Chromium based: Chromium is the open source browser that Chrome is built on. It’s basically Chrome before some Google-specific components are added in. As already mentioned above, Chrome is becoming a bit of a monopoly. There is NOTHING wrong with building a browser on Chromium. Several fantastic browsers do that. However, it further contributes to this monopoly. The more Chromium-based browsers there are, the more developers code to only that platform. This leads to the exclusion of other browsers. When users hit issues they think “Why is this browser terrible?”, not “Why isn’t this site built better?”. This continually funnels more people towards Chromium based browsers, where the sites “just work”. And in the end Google has gained more control over how the web behaves than any one company should have. Firefox, however, uses its own engine and it’s fantastic. For a deeper look at the pros and cons of using Chromium-based browsers, this article is a great read.

Extensions: Honestly extensions are almost what make a browser in regards to privacy. And Firefox has a WEALTH of them, in addition to the privacy features already built in. Don’t get me wrong, Chromium-based browsers do as well via the Google Chrome Web Store. But, that continues the Google snowball that I’ve already discussed. Firefox is known for being extremely customizable, much of which comes from its extensions. You can go full-on tin foil hat with them or use none at all. Below is the list that I have found to be a good balance between completely open and so secure that the internet is unusable:

  • LastPass (Password management)
  • HTTPS Everywhere (Resends your requests using the encrypted URL instead of the standard one)
  • uBlock Origin (Blocks ads and tracking from Google, Facebook, and others)
  • Firefox Multi-Account Containers (Keeps cookies in silos so that sites can’t use info from other ones to track you)
  • Cookie AutoDelete (Every time you close a tab it deletes the cookies associated with it, so that they don’t linger and become used in malicious ways)

Containers: Continuing off of the extensions discussion, I’d like to expound a bit more on the Multi-Account Containers made by Firefox. This is one of the key features specific to Firefox that no other browser has. I can have my work, social, banking, search, and other sites open in their own little silos. That way none of them mixes together and uses each other’s cookies to spy on me. It really is a fantastic way of walling off information from those with ill intentions. There is a bit of work up front to tell it which containers you want sites to open in, but thereafter it will use them automatically.

Conscience: Last but not least, it just sits well with my conscience. Maybe it’s just me, and others might not put a lot of stock in it, but there’s something to be said for having peace of mind.

So what are the downsides? Let’s not pretend there aren’t any. As mentioned before, you will likely run into more issues with sites not working than with a Chromium-based browser. Who’s fault this is doesn’t really matter, in the end the result is encountering more problems. Ones that likely won’t go away. Secondly, it’s just not as polished in general. The Quantum rewrite took it forward leaps in both speed and performance, but it still seems to lag more and be less smooth overall.

How much any of these cons matter to you will largely depend on how hard-core you want to go with the privacy push. Without a doubt, you can’t go wrong with Firefox when looking for better privacy and security.

Safari

Safari is actually quite a good browser these days, and also very privacy focused. Apple has realized that privacy is a niche where they stand out in a good way. Whether they intended to do that for the sake of the users or just ended up there by happenstance, nobody knows. But they’re milking it.

There are a bunch of small features that make Safari appealing in my Apple-integrated world. Chief among these are:

  • Reader mode (Other browsers have one, but this one is the best)
  • Text shortcuts (Every time I want to input my email I simply type “eml” and hit space. The same is true for address, phone, etc. This saves a surprising amount of typing and syncs across my devices.)
  • Seamless syncing with my other devices
  • Built-in reading list
  • Beautiful design and performance on both desktop and mobile

Add to the items above that you can add extensions, plus other capabilities through App Store apps, and Safari is a solid option. You’re probably wondering at this point why I don’t use it given all the bragging.

As with all things, it has its downsides as well. One of the major ones is a less robust extension library. Some of the major players like uBlock Origin is there, but things like HTTPS Everywhere are not. And some that are present don’t work quite as well within Safari for whatever reason. Also missing is a way to manage cookies by tab. I have purchased a separate program named Cookie 5 that will delete them on close of the browser. But I use my browser all day long, and that is a lot of time in between for sites to use my cookies in ways I don’t desire.

So, though Safari provides the best experience overall, I’m sad to say it doesn’t fit well enough into my privacy-focused world.

Mobile is a different story. Apple locks developers into using their web engine on iOS, so no matter what browser you’re using it’s basically just Safari reskinned. Adding in a content blocker like Firefox Focus gives you the ad blocking and increased privacy you want. Also, nothing else matches the smoothness and integration of Safari on iOS.

Brave

One of the standout Chromium-based browsers is Brave. I’ve been testing it it out and REALLY like it. This browser’s company was started by the co-founder of Mozilla, Brendan Eich. Its focus is on providing out-of-the-box much of the security/privacy that others offer via extensions, and also on solving the issue of website ads. It has a novel approach where publishers and users opt into a network where users are rewarded for surfing and can give some of that back to their favorite content creators. In this way you eliminate targeted ads and much of the privacy issues that accompany them.

Honestly, it seems like a great browser. It’s definitely a great solution for the not-so-techy folks who just want better privacy. Many of the functionalities I described in my favorite extensions above are built right into the browser, among others. If a site isn’t working well, just click the “shields down” button to allow it to work as normal. Also, it can install any plugins from the Google Chrome Web Store.

The only hangup for me is that it’s Chromium based (which was discussed at length above). Also, the mobile app isn’t awesome. It’s getting better, but still not quite to the level as that of Firefox. If those things don’t bother you, get it. I think you’ll enjoy it.

Conclusion

All of that to say, in my opinion Firefox best fits the bill for a privacy-focused world view. It’s the only browser that allows you to silo websites, manage cookies per-tab as I close them, isn’t built on Google software and therefore isn’t controlled by them, and comes from a company that is well positioned to put the needs of the users first.

I won’t be offended if you don’t agree. There are as many opinions as there are browsers. But I hope that sharing this is thought provoking and will assist in your own journey to better privacy!

In the end it’s not which browser you use that protects your privacy so much as 1) where you browse to and 2) being mindful of how the web works. To that end, pick one with a track record for being secure, pick reputable addons to enhance its capabilities, and browse smartly.

Update (09/18/2019)

Apple has been leading the way with blocking cookies in Safari, and now Firefox is following suit. I also conducted my own little test using https://www.deviceinfo.me/ to see exactly what information websites could pull about me. Without any privacy addons installed Safari gave up less information than Firefox did, even when configured as I’ve mentioned above.

All that to say, Safari is becoming a very good option for privacy if you live fully within the Apple ecosystem. Everything I’ve said about Firefox above still holds true, but Safari is a much better option these days than it once was.

My Journey to Better Privacy (Part 1: Search)

Introduction

The subject of privacy, for me, is one I’ve been more or less dodging for a long time. It’s something I feel strongly about. I make half-hearted attempts at improving it now and then. But overall I’ve mostly let it go by the wayside. It’s really easy to retweet statements by privacy-focused groups or to make recommendations for what others should do. But when it comes to true and meaningful lifestyle change, it’s tough. There is always a rationalization for why it just isn’t worth it.

And so here we are, time to stop making excuses. I’ve decided to set out on a journey to better privacy. In all of life I’ve discovered that taking things in small steps is always more successful for me than changing all the things at once. So I’m going to take one area at a time and tweak it to be more privacy-focused. As I do so I’ll also be discussing with you the pro’s, cons, and flat out pain of each step. But, at the same time there is always the question of how thick you make the tin foil hat. I’m a tech-oriented person that works in a tech-oriented field. Because of my level of exposure to electronics and the internet I will never fully have privacy. I will, however, be trying to strike a balance between obtaining optimal levels of privacy and being able to live a somewhat normal life.

Step 1: Search

The first step on this journey is swapping my search engine. I chose this to be the first one as an easy entry point, because I’ve done it off and on in the past. Over the years it’s become very apparent that Google is not our friend. They are not a tech business that are our buddies. They are an advertising business that’s using our love of free, high-quality software to soak up unthinkable amounts of data. DuckDuckGo, however, is the closest thing in modern day to what a search engine should be. I should have swapped to it permanently a long time ago. Because I’ve struggled with this already I can go ahead and tell you the up and down side.

The Pros

DuckDuckGo provides what you actually want from a search engine, search results without having your essence sucked away as you use it. They don’t track you, ever. Your searches are yours alone. Secondly, they don’t contextualize your search results based off data collected about you (further locking you into your own echo chamber). Most of us probably don’t even realize how tailored our results are to the information Google has on us. Does this provide extremely relevant results? Yes, but at what cost?

TLDR: It’s not watching you like a creep.

The Cons

What? You’re recommending something to me and it isn’t perfect??? How dare you Landon!

No, DDG isn’t perfect. Neither is Google, we’ve just gotten so used to it that we don’t even notice. I mentioned above that I’ve made multiple attempts at swapping. Each time I would be led by my convictions and eventually bow to convenience. Google searches are just GOOD. I mean, flat out really good. If I search for something in DDG and don’t almost immediately find it in the first 1-3 results then I get frustrated and run it in Google. It’s just the way we’ve been conditioned to operate. But, when I run it in Google I almost always find it right away. During most of my IT career I’ve been in a support role, and finding the correct answer right away outweighed my privacy concerns. Then, if I was going to do it with work I justified doing it with my personal devices too.

So what’s different this time? I’m currently in a role where I’m not under pressure to find results instantly. I can take the necessary time to adjust to how DDG operates and give it a chance to give me what I need on result 4 or beyond. And as I’ve done that, I’ve honestly found that what I need is there if I will take the .05 seconds of patience required to look for it. I’ve heard from others that, over time, as Google is given less info on them then the two providers have much more similar results.

One last area of challenge is that this will apply only to me. My wife has been extremely resistant to swapping to DDG in the past and I don’t expect that to change now. This is actually something you’ll face at every turn when trying to live a more privacy-focused life, those you interact with the most will be reluctant. The truth is that the average user just doesn’t care, and ones that consider it find the transition pain enough of a barrier to stop.

TLDR: There will be a period of adjustment because Google is so freaking good, but keep in mind what you’re giving Google in return (do you even know?).

TLDR

I’m swapping search on all my devices from Google to DuckDuckGo, and you should too. Drop the creepy guy looking over your shoulder (probably with a weird mustache) and keep your searches to yourself. Learn more about DDG here.