Read What Stays in Vegas Online
Authors: Adam Tanner
Acquisti likes privacy-enhancing tools, but says they do not work alone. They need consumer awareness, market adoption, and a smart regulatory infrastructure to foster their use. “I stress that I think all those components are necessary at the same timeânone is sufficient by itself,” he says.
Much like the Internet itself, the tools to control personal data are constantly changing. “You have almost an arms race of people like us and people whose business models are predicated on invading the privacy of consumers. And because we can't get along, we fight in this arms race to give consumers control where it's being taken away,” says Abine cofounder Rob Shavell. “And then the people that are taking away the control and trying to exploit data and inference on the part of consumers' activities come up with technologies, and then we have to come up with new technologies.”
What follows are some strategies and tools for privacy protection I have come across in researching this book, although there are many more options to consider as well.
Internet Browsing
People who want some control over their personal data should start with how they surf the Internet. “I have not invited anyone to follow me around the Internet any more than I have invited marketers to listen to my phone calls, conversations, or email (unless it is the marketer who provides that email). So I keep different browsers on different settings depending upon what I am doing,” says Al Raider, chair of the management, accounting, and finance department at the University of Maryland, University College. “The browser I use most often is set to reject third-party cookies and automatically clears cookies when closed out. For those sites requiring third-party cookies to access, I use another browser permitting that. Then I always clear those cookies when I am finished.” Because a user can easily clear cookies from their system, more companies are seeking to place ads using techniques such as browser fingerprinting (looking at the distinguishing characteristics of your browser).
The next step, then, is to enhance Internet privacy: SurfEasy makes a small USB device that plugs into a computer to mask your IP address, location, and other details to obscure online tracking. The company has also developed the same technology for cell phones and tablet devices, and it is available for computers via VPN, which means you don't have to have a USB device.
Anonymizer.com
, a service that has been around for many years, routes your Internet surfing through VPN, which is basically an encrypted tunnel, as are FoxyProxy and Unspyable. There are other pay options and several free services to step up privacy while surfing the Internet. A service called Private WiFi plays up its usefulness in protecting privacy when using public Wi-Fi.
The free WhiteHat Aviator browser builds in privacy and security protections with little sacrifice in ease of use. Remote browsers provide even more privacy and security protection. You see the normal Internet results on your computer, but the surfing is actually taking place in the host company's computer, making it easier to block malware as well as online tracking. Authentic8's Silo provides such a service for $100 a year, and is geared for sensitive browsing such as on financial or medical websites. It disables audio, however, so it is not a full-service browser. Quarri's myPOQ provides a similar service without disabling audio and at present is free of charge. Cocoon (
getcocoon.com
) allows you to surf the Internet through its servers after signing on through a browser plug-in, although in my experience it often has to be reinstalled after Firefox or Internet Explorer introduces a new version of its browser.
Those concerned about Internet tracking and targeted advertising can also install browser plug-ins, including Abine's DoNotTrackMe and Disconnect.me. Adblock Plus keeps many ads off the Internet pages you visit. A number of experts recommend HTTPS Everywhere to boost security when viewing websites (
www.eff.org/https-everywhere/
). Some privacy advocates recommend the NoScript browser plug-in for Firefox. It certainly makes it harder to navigate the web, but enhances security by allowing JavaScript, Java, Adobe Flash, and other plug-ins only for sites you approve. If you do try NoScript, you likely
will be surprised to see how many programs are trying to execute on your computer every time you visit a web page.
More serious privacy advocates use a service called Tor, short for The Onion Router (
www.torproject.org
). This free software allows users to hide their location when surfing online. Revelations that the US government has tried to identify its users show that even Tor has limitations. Another example of how things could go wrong for users came in December 2013, when a Harvard undergraduate made a bomb threat against several buildings via Tor during final exams. He was quickly identified and arrested.
“Tor's still great, but the default configuration leaves some vulnerabilities open in order to preserve website functionality,” says Kit Walsh, an expert on free speech and privacy at Harvard's Berkman Center for Internet and Society. “It's also very easy to accidentally leak info that can deanonymize you, like the Harvard bomb-threat kid who used his registered machine on Harvard's network to connect to Tor, send the threat, and then disconnect; it was very easy for Harvard to deanonymize him.” Various apps including Orbot and Onion Browser use Tor to facilitate secure web browsing.
You can also limit data collection by online advertisers by going to the Digital Advertising Alliance's page or the following websites:
www.aboutads.info/choices/
,
www.networkadvertising.org/choices/
, or
www.evidon.com/consumers-privacy/opt-out
. You can adjust your Google ads at
google.com/ads/preferences/
. It's probably also worth reading Google's privacy policy at
www.google.com/intl/en/policies/privacy/
. That page has links to several places that allow you to set the amount of data you share in various ways.
Email
Some free email services such as Gmail serve up ads based on keywords found in your messages, so you should read the privacy policy before signing up. Some privacy activists go so far as to suggest avoiding sending mail to others who have Gmail accounts because those incoming
mails will be scanned for contextual advertising even though the non-Gmail user did not agree to such policies.
Privacy advocates suggest using encrypted email providers. But three such services closed down after Edward Snowden's revelations about the NSA highlighted the limitations of such formats. Two of those companies, Silent Circle and Lavabit, have formed the Dark Mail Alliance (
darkmail.info
) to devise an even better encrypted email service in the future.
Other options include Hushmail, which offers a service for free provided you sign in at least once every three weeks. A paying version without this restriction costs $35 a year. When a hacker from the group Anonymous contacted me, it came from a Hushmail address. CounterMail advertises especially strong security that encrypts each email before you send it and costs $59 a year. ShazzleMail is another new service with an interesting concept: it sends email directly from your computer to its recipient without going through the usual Internet intermediaries, so it does not contain metadata, which is akin to the address on a package whose contents one cannot see. Your cell phone or computer needs to be on when the recipient downloads the message, however.
One email-related program that I like is Abine MaskMe, which creates temporary email addresses that bounce to your main email address. With this program, when you are shopping online and do not want to share your permanent email address, it generates a new one such as
[email protected]
. If the merchant keeps sending you communications you no longer want to receive, you can deactivate the address. A browser add-on made by
privowny.com
also creates disposable email addresses.
Search Engines
Some search engines do not track your searches. These include Duck-DuckGo and Ixquick, which compile results from a number of sources, and Startpage, which uses Google's search engine but without the
tracking. However, sites that mirror Google anonymously sometimes work more slowly than Google, and all of these alternatives may not offer as rich results as Google. Thus one might use such search engines on occasion for more sensitive topics.
Social Networks
Privacychoice.org
offers a free privacy dashboard to help set your preferred levels for Facebook, LinkedIn, Google, and other sites.
Identity.com
, set up by the Monahan brothers (featured in
Chapter 6
), is also aimed at helping shape your social media profiles. Some startups are trying to introduce privacy-friendly social networks such as Sgrouples, which advertises that it is “free of tracking and other data scraping nonsense.”
Mobile Data
There are programs that tell you how widely your smart phone is sharing your information or that help boost your mobile privacy. I've tried a mobile VPN from SurfEasy, which has worked well so far. This can also help against wireless hacking. Turning off the GPS function prevents advertisers from knowing where you are. If you are concerned about the growing use of Wi-Fi tracking by retail stores of customers through cell phones, a pouch called Off Pocket blocks all signals sent from a phone (the downside: you can't receive any calls when using the pouch). Some experts say installing an alternative phone operating system such as Ubuntu will also aid users in preserving privacy.
ShazzleMail (as mentioned above) is a cell phone app that sends secure private emails (and also works on computers). WhisperSystems encrypts mobile communications for added security on voice calls and texting, and TextSecure encrypts text messages.
In 2014, several companies have introduced new cell phones preconfigured to maximize privacy, including Blackphone.
Traditional Mail and Phone Marketing
Several sites make it easy to limit or opt out of various categories of direct mail. Direct marketing offers such catalogs, subscription offers, donation requests, and various promotions (
www.dmachoice.org
). Do Not Call Registry allows Americans to opt out of receiving most telephone solicitations (
www.donotcall.gov
).
Banks and Credit Cards
Credit card transactions are a major source of transaction data about you. You can opt out of certain targeting by credit card companies. MasterCard allows you to opt out of web analytics, marketing email, and data analytics at
www.mastercard.us/privacy
. Visa allows you to opt out of its anonymous marketing analytics for five years (
usa.visa.com/sitewide/privacy_policy_optout.html
). American Express lists its opt-out policies at
http://tinyurl.com/czdzubp
. Also, check with your bank to learn what data it shares about you and how you can opt out of that sharing.
Those “prescreened” credit card offers that pile up in the mail come from data collected by credit reporting agencies Experian, Equifax, and TransUnion. You can opt out by phone at (888) 567-8688, which removes you for five years. You can also opt out for five years of credit card and insurance offers at
www.optoutprescreen.com
.
Abine will process credit card transactions on your behalf so that none of your personal information is recorded. In the future, some firms may realize a market advantage by offering credit cards that do not collect personal data on their users.
Personal.com
says it is considering introducing such a card.
Privacy Rights Clearinghouse offers sample opt-out letters you can send to your financial institutions asking that they refrain from sharing your financial data. They are available at
www.privacyrights.org/fs/fs24a-letter.htm
.
Data Brokers
Companies like
Reputation.com
and Abine offer services to remove you from people-search databases. In the end I had the impression that these services hack away at the weeds but do not remove the roots of your personal information. And because personal data are collected and spread in so many places, they will continue to sprout into new dossiers about you. “The root problem is the public records laws that enable data brokers to exist: they came about in an era of paper records, limited access, and limited visibility,” says Sarah Downey, a lawyer who worked as Abine's chief privacy strategist. “Until they're modernized to align with the web's capabilities and people's reasonable expectations about the privacy of their personal information, they're going to cause a lot of problems for a lot of people. Technological solutions can only go so far when there's an underlying legal hole as big as this one.”
You can also opt out by contacting data brokers one by one, but that's a huge task. Abine maintains a list of leading brokers (
abine.com/optouts.php
), as does Privacy Rights Clearinghouse (
www.privacyrights.org/online-information-brokers-list
).
You may find it interesting to see how much information a major data broker like LexisNexis has about you. Details of how to do that are at
www.lexisnexis.com/privacy/for-consumers/request-personal-information.aspx
. Unfortunately, its Accurint dossier service only allows very few people to remove themselves from the database, such as victims of identity theft or those at risk of physical harm. You can opt out of marketing products from one of the biggest databases, Acxiom, at
isapps.acxiom.com/optout/optout.aspx
, and see your file at
Aboutthedata.com
.