There is this common narrative I see all the time, implying that we as individuals are empowered to choose and manifest our own destiny, and this comes up often in privacy discussions.
Don’t like Facebook’s privacy nightmares? Just don’t use Facebook!
Don’t like personalized ads? I remember a popular post on reddit saying “if your ad interrupts my YouTube video, I will hate your product”.
Don’t like Google chrome hegemony? Just use Firefox!
And while I agree that we should strive to do that, the battle doesn’t end here. Facebook has shadow accounts for people who never signed up. Google chrome keeps it’s hegemony despite people on the Internet advocating Firefox day and night. And ads continue to be extremely profitable despite you “hating the product” because it interrupted your YouTube video.
Even worse: even if you “hate the product”, you now already know it. You now know they product exists, and possibly whatever they wanted you to know about it. The reality is that these companies own your eyes. They control what shows up on your screen. And even if you hate it, they control what you end up learning.
the reality is that our individual resistance is very far from enough
I am not saying it is completely futile. It is a step in the right direction. But the only effective solution is organized action. We, alone, cannot achieve much. Unless we organize our resistance against privacy violations, we will continue to live through this privacy nightmare.
So go vote, be in unions, call your representative about these matters.
This should be how the message ends.
Not only this. Just by existing and living like this around your friends, family, and coworkers and they’ll notice and get interested. In the span of a year of just using Linux, firefox, adblockers, password managers, and email aliases I’ve unintentionally gotten the attention of two of my friends and they’ve now started on their privacy and security journey. I share privacy articles around to my friends because I think they should be aware that stuff like 23andme can leak your entire genome and could be targeted for a racially motivated attack. Just exist and share it around with people around you and some may catch on.
“Go vote” and “call your representative” presupposes you both believe there’s a genuine, believably electable option out there that’s gonna really fight for you on this subject, and that the electoral system you live in is legitimately going to represent your vote. There’s an argument to be made against both points, depending on where you live.
Well, it’s true. I’m open to suggestions, feel free to share.
It doesn’t presuppose that at all. The only way to get that option is shift the overton window to the left, and the only way to do that is to vote for the candidate on the left, even if they’re not as far left as we’d like.
It absolutely presupposes that you give some level of legitimacy to an electoral system to partake in it. Otherwise, how does one have any internal consistency?
If it doesn’t have any legitimacy, then the only option left is to assassinate people until legitimacy is restored.
If you aren’t killing people, then vote.
Unions, sure.
Voting and calling representatives is a futile approach. They’re a distraction at best. Unions are an example of what I mean by uniting our efforts and taking action.
Glad you find something of interest in my comment.
Voting and calling representatives is a futile approach. They’re a distraction at best.
That’s conservative, pro-corporation propaganda.
Quite the opposite, actually. Corporations love for you to be distracted with the methods that are futile. Don’t you ever think about unionizing, striking, protesting, blocking traffic to our stores, boycotting, or any of that. Just do the things that don’t hurt our profits!
Corporations love for you to be distracted with the methods that are futile.
That’s why saying not to vote is pro-corporation.
Then you’d be wrong, because voting is futile and a distraction, as I already said. Refer to the rest my comment for direct action methods that aren’t futile:
unionizing, striking, protesting, blocking traffic to our stores, boycotting
Unionizing and striking are effective, but they’ll stop being effective if they become illegal. They’re already less effective than they should be, because of legal restrictions.
Protesting is only useful for getting in the news and convincing people to consider certain issues when they vote. They will never directly cause change.
And boycotting is just plain worthless. You’ll never get enough people to join a boycott for large corporations to care.
deleted by creator
Hulu doesn’t show ads though?
There are definitely some steps you can take for your personal privacy. Get a phone with GrapheneOS, use LibreWolf as your browser, switch from Windows/Mac to Linux, use a DNS filter like NextDNS and try to communicate with people over Signal. You can also use a reputable VPN like IVPN or Mullvad and switch away from Google/Big Tech services (Google search -> DuckDuckGo, Gmail -> ProtonMail, Microsoft Office -> LibreOffice, Google Drive -> Proton Drive, YouTube -> Odysee, etc.)
Is IVPN and Mullvad better than ProtonVPN ?
They allow for anonymous registration without an Email address. They just give you an Account ID. They also allow you to sign up via Tor. Mullvad even has an onion site.
Just chiming in, that the biggest selling point of Mullvad (and IVPN also, I think) is the possibility to pay with cash-by-mail or with crypto. Also, Proton has an onion site, too (at least I used it for ProtonMail, not sure if it’s for Drive too).
Proton has an onion site for Proton Mail, (not sure if it’s for Proton VPN as well) but it’s a huge pain in the butt to sign up for an account. They often require email or sometimes SMS verification. Also, they redirect you back to the clear web page for the sign up process. It’s less than ideal. I use Proton Mail and I pay for it, so I also get Proton VPN but it only use it for torrenting. For all other things I use IVPN and I’m pretty happy with them. Customer support is great btw.
With the verification thing on Proton, there is a button which allows you to bypass it.
Edit: at least there was when I created mine
If there’s verification that you can just bypass by clicking a button it’s not a very effective method of verification xD
I agree. I was also confused back then. Because of this, I tried creating an account yesterday and found out, that verification is in fact needed. But I simply used one of the disposable email services and it was done. No need for a phone number.
I personally feel like Mullvad provides a better, faster and cheaper service than Proton. However, Proton has other very interesting products such as ProtonMail, ProtonPass and Drive. I’m interested in all that, so I ended up moving to Proton.
I don’t have a single bad thing to say about Mullvad, excellent service and pricing policy.
What about reading an article that has a Facebook share button or independent trackers? Using your credit/debit cards, buying anything online. There’s a million ways to track people’s habits
If you have an adblocker, you can block the Facebook embedded spyware and other trackers. You can use Monero, a privacy-focused crypto currency to anonymously buy a prepaid credit card, and then use that to make your payment.
“You can use Monero…”
Can I? Most places don’t accept it, or any cryptocurrency for that matter. It’s just not a viable alternative currently.
The more people use it, the more businesses will accept it. There’s a list of businesses that accept Monero: https://monerica.com/. Maybe Monero is not a viable alternative today, but the situation might change, once we live in a cashless society. Until then, use cash or Monero. You can also anonymously get prepaid credit cards and gift cards at Cake Pay or Coinsbee.
GrapheneOS only supports pixel phonea therefor /e/OS is a great option too. I don’t recommend Librewolf. Any firefox fork is unnecessary just use arkenfox and ublock origin set it up to block scripts. Except fennec or mull, they are necessary on mobile firefox is atrocious. I have never heard of IVPN before so I question how private it actually is and Odysee is filled with alt-right wastes of space. Linux Experiment tried using it a while ago ended up leaving. So there is no true alternative to youtube but privacy frontends like Libretube and Newpipe on mobile and individious or piped on PC. Or you can use freetube on both as well.
/e/OS is a terrible option, they sometimes take half a year to ship basic security patches. If your device is not supported by Graphene, you can check out DivestOS. Sure, you can use arkenfox, I just included LibreWolf, because it’s easier to set up. +1 for Mull on Android. I use it too. IVPN is one of the most private VPNs, I’d say it’s on the same level as Mullvad in regards to privacy. Check out the Privacy Guides article: https://www.privacyguides.org/en/vpn/#ivpn Yes, there are currently some really weird people on Odysee, but the more normal people like TLE leave, the worse it gets. I hate these right-wing bastards as much as you do, especially in the comments, but that’s the reason why more people should use Odysee instead of YouTube. We just need to outnumber them. Odysee is definitely not perfect, but it’s better than being dependent on YouTube, who currently try to shut down all private frontends. They sent a lovely cease and desist letter to Invidious, and they IP-ban Piped instances (which LibreTube relies on).
I see, you might be right about Odysee. though /e/OS actually is really good, don’t be so prejudiced about it. I didn’t try to disprove your guide or anything BTW, tried to expand it a bit.
I’ve never used /e/OS before, so I don’t know what it feels like to use it, and I really don’t want to shit on a FOSS project for no reason, but the frequency at which they deliver updates is terrifying. I wouldn’t recommend people to run an OS that is constantly out-of-date and has unpatched security vulnerabilities. But I would appreciate it, if you could tell me what is so awesome about /e/OS. I did some research and as far as I can see it’s just LineageOS with microG and a skinned Aurora Store, and a Launcher that desperately tries to look like iOS. You can recreate a better version of all of this with ease on GrapheneOS. The Sandboxed Google Play services implementation is miles ahead of microG, and has better app compatibility, while not compromising on privacy. Also, Graphene has many low-level security improvements to the system like a hardened memory allocator, hardened SELinux policies, etc. I like that Murena ships /e/OS on Fairphones, but I will always prefer GrapheneOS on a Google Pixel, because of the hardware security features (Titan M2 Secure Element). TL;DR: /e/OS has better privacy than stock Android ROMs, but pretty bad security, because of a lack of frequent security patches.
I don’t mind being slightly behind other android ROMs in terms of updates, I get updates every once in a few months on e/OS. One of the main freatures is that there is a feature caled advanced privacy you can block all trackers, spoof your GPS location and Tunnel your IP Adress through Tor from the settings or from its Widget at a per App basis without root out of the box. It also comes completly degoogled and with microg all default apps replaced with a foss alternatives. Its fork of Aurora store “app lounge” has privacy ratings for all the apps calculated using the permissions they require and trackers they have, it includes FOSS and pwa apps too.(also must admit I mostly just use fdroid). There is a lot to love about it and it is compatible with a lot more phones than grapheneOS. I know that you can achieve most of it, if not all of it on graphene too but /e/OS makes privacy “convenient”.
One of the main freatures is that there is a feature caled advanced privacy you can block all trackers
It’s probably just a DNS filter. You can achieve the same thing on any Android phone using NextDNS (or any DNS resolver that blocks trackers) and the native Android DNS-over-TLS implementation, which is present on every Android ROM that’s based on Android 9 or higher. It takes 5 minutes to set up.
Tunnel your IP Adress through Tor from the settings or from its Widget at a per App basis without root out
You can do that with the free Orbot app released by the Tor Project.
Its fork of Aurora store “app lounge” has privacy ratings for all the apps calculated using the permissions they require and trackers they have
The information about Trackers and Permissions comes from Exodus Privacy and it’s included in the normal Aurora Store too
it includes FOSS and pwa apps too
This is actually a nice feature. Of course, you can get FOSS apps and PWAs on other ROMs as well, but it’s nice to have all the apps in one central place. Very useful, especially for new users.
(also must admit I mostly just use fdroid)
That’s what I do on GrapheneOS too
It is not DNS as far as I can tell since you can edit dns settings seperately. I use quad9 dns for example
I want to add to this: In my country (Poland, but probably many others) you are sometimes almost forced to be tracked by FAANG companies. For example our mObywatel app, which can be uses as driver’s license replacement requires you to download it via Google Play and have Google Services installed. Of course it uses firebase to send notifications.
Firebase really is the curse of modern software development
Could you eli5 what’s bad about it?
It’s yet another service in the hands of Google and a proprietary library, far too many apps depend on it to send push notifications, which isn’t unexpected when Google, which owns Android, has made it the only standard push service by leveraging their position of power and in turn Unified Push and all its free implementations had to come from the community, but almost no app uses it, because everyone is used to Firebase by this point.
That’s the open platform aspect, it is also a privacy concern because it means that most apps will have your notifications pass through Google’s servers, I don’t think they can necessarily read the content, but the time of reception and sending and where it comes from is metadata that they certainty see
Can’t you use a normal license instead?
You’re aware of the EFF, the Electronic Frontier Foundation, right? It’s one of I’m sure several groups that organizes & strives to push back against malicious action from tech companies, as well as over-encroachment from governments (at times itself coming from tech company lobbying). It’s based in the United States though, if memory serves, so others may want to chip in and mention similar groups for their region/nation.
At the same time, services/platforms that don’t rely on ads pretty much always welcome donations, e.g. Wikipedia, Internet Archive, Gutenberg, as well your resident Fediverse sites, so also keep those in mind.
Facebook has shadow accounts for people who never signed up.
Can someone please explain how they are doing this?
- Use Adblocker
- Use DNS filter
- DoH to prevent MiTM/use your own resolver in Unbound.
I’m still trying to look up how to prevent ISPs from logging my SNIWell, it seems Cloudflare and other domain service providers have implemented ESNI.
Friends, family, and even people you briefly meet, rat you out. Often without them even knowing by sharing their list of phone contacts.
And what happens when you change your phone number? Does that become a new shadow profile? What of they change your name in their contact list? I’m trying to gauge how Facebook handles the inconsistencies of navigating contacts who don’t have Facebook accounts
We can only guess. But they can probably detect contacts for which the phone number is updated or which have several assigned phone numbers.
Also all Android / iOS apps with Facebook and Google trackers in them share device info and data easy to correlate, icw sites having FB pixels also.
They do more than just the phone number and name. https://www.howtogeek.com/768652/what-are-facebook-shadow-profiles-and-should-you-be-worried/
It talks about the use of photos, people mentioning you in a post, etc. Sure, facetook publicly said they would be backing off of visual recognition, but how much do you really trust that company to do jack-diddly if there is potential profit? Anyway. If you change your phone number, but the same group of people still have you in a ‘field of contacts,’ their tools can almost certainly fit those puzzle pieces together. Same if you change the phone number. Identifying people is easy if you have metadata.
This is starting to look like a major problem. Are there any tips on how to solve this issue?
At the moment, there is no way to avoid having your information taken by corps. But what if we fought back by trying to pollute the information they gather? Instead of just trying to disable data collection, we could try to interfere with it and make it collect all kinds of useless crap that cant be separated or distinguished without serious effort. This way you could achieve same kind of anonymity as standing in huge crowd.
Another way to do it could be having huge community data pool that every participant adds to and also claims as “their own”. I bet its really useful to see 1000 people with almost identical dataprofile and no way to distinguish which entry belongs to who. How do you even use ai to sort it out?
I think that is something we could do about it even on individual level.
On a small scale, that’s what some of these privacy-focused browsers are doing in regards to fingerprinting. Make the data that has to be provided as standardized as possible and randomize the rest that is being tested behind the scenes. That is really great, but we can’t randomize our behavior and there’s a lot of data we can’t randomize for the sake of functionality. Dunno how we handle that. Maybe we all install bots on our devices that act like users and go to random sites and click on random shit while we’re not using the device.
Someone should reverse engineer how the data collection itself works, maybe it could be messed with directly
This post left me thinking in something. What if we could organize, so a city-owned ISP with a built-in pihole exists? What if we can just block tracking at the metropolitan level as we do in our houses? What if we don’t just stop at DNS? What if we made just one city more private? What if we start with that?
You’d basically be harassed by law enforcement and the NSA until you agreed to spy on your users. In the US at least.
I guess your right. My isp shouldn’t have to deal with that. I suppose it’s back on us as individuals to fight that kind of intrusion.
This reminded me of an idea of using mesh networks to create an internet separate from the current internet. By that I mean physically running Ethernet cables from window to window between houses. It is unlikely to ever happen because it would need a lot of people to join it all at once, but I think it is a cool concept. Perhaps if I put my Jellyfin server on it and tell my neighbors about the free tv opportunity…
Edit: Forgot to mention, this was inspired by the Cuban networks that were basically the same thing. It is worth a browser search if you are bored.
Nice, I’ll look into it, sounds interesting. I’m definitely community driven and anarchism friendly, real freedom comes from our pairs, not from above.
City owned isps do exist! I don’t know if any have filtered the Internet like this but I doubt it, it might be against net neutrality regulations
The best way to counter publicity is to simply erase from your mind. Turn it into white noise.
I don’t have a clue how I’ve learned how to do this but I can have multiple publicity spots thrown at me that I won’t retain a thing. Sometimes to the point I get a song stuck on loop in my head and I can’t figure where I heard it.
Using tools to dodge or simply eliminate ads is also an option, especially online.
You can take back your freedom of choice to take part of an audience for publicity if you are willing to put some effort to regain it.
This was clearly spelled out - quite by mistake - by one of the very sumbitches stealing our privacy all the way back in 1999:
https://www.wired.com/1999/01/sun-on-privacy-get-over-it/
The sumbitches have since learned to work quietly and boil us frogs slowly. But they sure have been busy since 1999.
When I heard Scott McNealy utter that obscene statement back then, I laughed and I remember telling a coworker “That guy is off his goddamn mind”. A decade later, I understood that he actually let slip something we should have paid a lot more attention to. But it was already much too late.
After reading about Snowden leaks and what world governments are capable of technologically, I’ve come to the same conclusion that privacy is now an illusion. Sure, one browser might send less data to corporations, but the government can see whatever they want on anyone’s computer with an internet connection. The answer is to take a step back technologically. Interact with people in person. Read books at the library. Shop locally instead of online or at big box stores. Buy thrifted DVDs. The further you remove yourself, the more private you will be.
I agree with you in all your points and I have also look into why people just give up their privacy so easily , most of the time what I have noticed is that they (we all) love convenience. You want a plug and play camera? Buy ring , Need a plug and play router with a nice App? Buy google and Amazon Eero. Need to promote your business? Where is everyone at? Facebook , Twitter and Google. Most regular people give up their privacy for convenience, they don’t have time dealing with thousands of option on a PF sense router , no time to create VLAns.
What may be needed is to first promote the basic idea that doing the right thing is most often harder than not. It applies to a lot of areas including this one, and it’s a hard one to make a habit of. I figured this out many years ago and yet here I am typing this out on an Android phone, wishing that I had spent that money on a more privacy respecting one when I had the chance. But people have to get into the habit of not always choosing the “quicker, easier, more seductive” route all the time, because we all know where that leads.
This is why you vote in every election.
deleted by creator
The would candidates care if people bring up the issue.
If lots of people let their voices be heard, the pols will listen.
You can wait around for the perfect candidate to come along, or you can work to make the change happen.
deleted by creator
If voting doesn’t matter, why is Trump so mad about automatic voter registration?
You not voting makes Donnie and his friends happy.
deleted by creator
Then I’ll explain it.
Laws decide what large companies can and can not do to gather data. Politicians decide those laws. Who you vote for decides what policies are enacted. If the current parties aren’t working to help you, you might have to go out and search for better candidates.
If you’re not American, substitute any pro-Fascist candidate you choose for ‘Donald Trump.’
I gave up on voting when I realized the last however many times I did it changed nothing. I want a real solution, not a distraction.
In 1968, a bunch of hippies opened up a ‘Dick Gregory for President’ office. They had enough money for the first month’s rent and phone, and figured that they would make a small impact. Somehow, someone kept paying the office rent and phone for months.
You not voting is exactly what the people you hate want you to do.
I mirror your concerns but as long as there’s money to be made, the thing that makes money will continue to happen. Advertising is part of that, and if they can harvest our data to target ads, they will.
We won’t win the fight against money. What we can do is block/avoid advertisements, avoid (as much as possible) services that are known for this behavior, support services that are known to respect privacy, and educate those that are receptive.
Another user, in a similar thread, shared this speech on enshittification. Addresses a good bit of what you are talking about and why mass action is hard in the current legal framework. We need better laws.
Here is an alternative Piped link(s):
https://piped.video/rimtaSgGz_4?si=pdDRwugtHefZACcd
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.