Privacy is a big topic. Different people think of different issues when they consider privacy. For us it is mostly about trying to keep control of my family’s data. I understand the point of view that unauthorized entities (be they governments or private industry) building massive, accurate profiles on us doesn't actually hurt us. We don't subscribe to that point of view. We feel privacy is valuable to individuals and society at large. We resist the unauthorized collection of data and profile aggregation in our own, persistent ways.
We value our privacy more than most and not as much as some. We have made our peace with compromises and pick our battles only after some thought.
In case it is of any interest to others, here is what we do..
If you know me (and I like you) I'll tell you all about myself. In person. But you're not going to learn much about us from social media. We have a few accounts to gain access for pulling data that is interesting, but we don't feed them data. Our names are fake, our contact information is fake, we use burner email addresses when one is required. We don't post. We don't tag. We never have.
My email address isn't my name, it's a silly moniker. I've used it since the 1990s. If you know me, you know it's me. If you don't, you don't.
When an entity requests information about us that they don't actually need for the service/relationship we have with them we ask them if it is required. If it isn't, they skip that part. If it is required--we either walk away or give fake data.
You can't take back data once given. Changing some data is hard. Don't give it away. Use it sparingly.
Some unique identifiers are harder to control.
I recommend using a privacy focused VPN when you'd like to obfuscate your IP address. Honestly, I'm not super knowledgeable about phone IMEI and options to obfuscate it. My uninformed strategy is to be stingy about what applications I install. If there is way to get the service we need using only a browser--we prefer to use our phones' web browsers.
Obfuscation of my digital presence started as a bit of a lark, a proof of concept for my amusement. Over the years it’s become a doctrine of sorts for all of us.
The underlying logic of obfuscation in the context of privacy is that the entities that are working to build profiles on us use a few key data points to correlate disparate activity flows to individuals. Obfuscation is about making it difficult for them to correlate activity to us. Since we have always been stingy with our biographical data--our primary email addresses (required all over the Internet for services) and web browser cookies were our biggest exposures.
Our approach to privacy and browser cookies has evolved over time. The solution we have settled on it to allow them free reign in any given browser session (so stuff works) but to wipe them at the close of each session (so activity over-time is not preserved).
On our phones it's simple--we only use the Duckduckgo browser. We grant exceptions to data-removal using the app's 'fireproof' feature for both sneakemail.com and lastpass.com.
On the desktop, set-up takes a few minutes, then it just manages itself. Sadly, Duckduckgo does not offer a full desktop browser client.
Using multiple browsers for compartmentalized purposes, we emulate the core Duckduckgo functionality by setting each to clear browser data (history, cookies) upon closing the client. An exception to clearing data is set on each browser to make its purpose more user friendly. Since clearing all data clears all authentications, if we don't grant an exception, we'll have to reauthenticate to each site each time we open the browser. Thankfully logging in is easy with the help of our password manager. By giving our password manager an exception to the data wipe, re-logging into everything else is a breeze. We understand this creates a RAT attack vector to get at our passwords, but with two-factor authentication on most accounts and our Trusted System methodology--the risk is acceptable to us.
Even my silly, made-up email address will be used against me since I actually use it as my primary email address. Primary email addresses are one of the more valuable data points for profile aggregators. Because of this, I use my main email with only one account, the email service itself. For every other online account, Amazon, Netflix, + 100s more--I use a unique email address custom created for each account.
We use an email service that enables us to make as many unique email addresses as we need. If you look at my contact in this site, it's a unique, disposable email address. It works if you send me an email.. until the address starts being abused and I disable it. It is unique, so the profile generating machines can't match it to activity associated with this email because there is no other activity.
Why is a unique email addresses for every account worth the hassle to us? We've been doing it so long we don't really think about it as a hassle and.. we really, really like that:
Honestly, we wouldn't have it any other way, and we don't understand why everyone doesn't do it this way.
The email service we use is called Sneakemail. We've used it for many years now. Not sure about the rest of us but my Sneakemail has 1,051 unique email addresses at the moment, but many of these were disabled along the way. I have not tried it--but Mozilla is offering what sounds like a similar service. If you try it--let me know if it is any good.
VPNs can be either a boon or a bane to privacy. VPNs do not necessarily increase your privacy; in certain circumstances they weaken it.
As discussed in the VPN section of the Encryption discussion, a VPN makes a secured network tunnel between your device and the VPN server. The VPN provides no encryption beyond the VPN server. The VPN does not protect your data once it leaves the tunnel. If you are using a VPN for the purposes of consuming the Internet at-large, VPNs are NOT a security solution.
Why then should you, a simple consumer of the Internet, consider VPN technology? VPNs can be valuable in protecting your Privacy. Since a VPN effectively moves your entry point to the wider Internet from your device to the VPN server--to every site you communicate with, your IP address appears to be that of the VPN server. Congratulations you've now taken some control over your apparent IP address. This is how VPNs help obfuscation.
If a VPN helps obfuscate my IP from sites I communicate with, how could this possibly make my privacy worse? It is a question of the motives, and business practices of the VPN service you use. A key effect of moving your Internet entry point from your device to a VPN server is that the VPN server can see 100% of your traffic. If you are trying to resist unauthorized collection of data on yourself--and you use some free VPN service, ALL of your network traffic could now be consumed by the VPN service provider and used to feed their profiles on you and/or be sold to others for a similar purpose.
If your purpose for using a VPN is to increase your privacy it is important that you use a privacy focused VPN provider. I currently use NordVPN service. Yes, I pay for it. But paying for things gives me some reason to believe them when they tell me my behavior is not their product. I pay for it and I trust them to give me what I pay for--a privacy focused VPN.
Why did I choose NordVPN in the first place? Their no-log policy and third-party audit backing up their marketing claims. I have noticed a fair amount of spam from NordVPN this year. I've disabled notifications from the app on my phone and my PC and it's better now.
FYI, I get no special consideration or compensation from Sneakemail or NordVPN.
