How to reduce corporate spying
on me, hopefully
December 12, 2018 — June 19, 2024
Threat model: I think that perhaps massive corporate data collection is an empire of oily rags which threatens governance, or perhaps just leads to strangers knowing too much about my doctor appointments, my mental health, and where my kids are, or indeed lets anyone find me who knows my number. I regard social media as a new pollution that we have not yet regulated. I want to reduce the amount of this ambient data pollution I emit so that businesses who feed upon it cannot prey upon me.
I don’t feel like doing gratis market research for large multinationals, spilling my friends’ secrets, or facilitating media weaponization.
Good. We can mitigate that kind of data leakage, and many steps are incredibly easy, so it would be embarrassing not to, really.
1 Start with basic computer security
2 Is macOS spyware?
Jeffrey Paul: Your Computer Isn’t Yours:
On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.
It turns out that in the current version of macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. … This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. …
”Who cares?” I hear you asking.
Well, it’s not just Apple. This information doesn’t stay with them:
- These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
- These requests go to a third-party CDN run by another company, Akamai.
- Since October of 2012, Apple is a partner in the US military intelligence community’s PRISM spying program, which grants the US federal police and military unfettered access to this data without a warrant, any time they ask for it. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.
This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns.
They do not learn everything about your computer by doing this, but they probably learn more than they should about your computer this way. If you want an app that verifies executables by checking them against a list, which is what many antivirus programs effectively do, then is this better or worse than the existing approaches? I do not really know. Is your identity tied to this data? etc.
3 Which apps should I allow to use my voice?
The voice assistants have given us no reason to trust them. Be wary.
4 Which apps should I allow to track my location?
As few as possible. The New York Times interactive on the 2019 state of the art is grim indeed and has all kinds of implications for how people’s lives might be controlled. Relevant: contact tracing
6 VPNs and encrypted networks
See VPNs etc.
7 Browsers
8 Search engines
See internet search.
9 Minimizing tracking of my online purchases
Whole other complicated story, 🏗 I think worth doing. Consider what Amazon knows about you.
In addition to knowing what people buy, Amazon also knows where people live, because they provide delivery addresses, and which credit cards they use. It knows how old their children are from their baby registries, and who has a cold, right now, from cough syrup ordered for two-hour delivery. And the company has been expanding a self-service option for ad agencies and brands to take advantage of its data on shoppers.
If I would like to avoid Amazon tracking me, I should not use Amazon. Here is a list of non-Amazon online shopping. Some of these shops probably track us also, but the fact that there are many services means that none of them tracks every single purchase like Amazon does, which means that there is less information about you for any one entity to monetize. The calculus of privacy is up to you of course; Is it worse if many organizations know more about you in separate domains or if one knows everything about you? I tend to the latter, plus also I am concerned that Amazon is a badly-behaved monopoly, but YMMV. FWIW I shop using a mix of retailers, with a lean towards eBay as my fallback option, but direct-from-supplier where possible.
10 Chat
See chat.
11 Email
See email.
12 Money
See transferring money.
13 Synchronizing files
See Synchronizing files.
14 Internet of things
There is no reason you should trust internet of things devices not to be spyware.
15 Going deeper
- mobile devices
- Running your own server? See secure web servers.
- How to delete yourself from the internet
- The Inevitable Weaponization of App Data Is Here
- Your Smart TV Knows What You’re Watching – The Markup
You should be approximately aware of the nasty things that people can and will do to your computer. Don’t do them yourself.
16 Getting old school
17 Incoming
- Bunnings facial recognition program ruled illegal | CHOICE
- Kmart, Bunnings and The Good Guys using facial recognition in stores | CHOICE
- XScreenSaver: Google Store Privacy Policy
- Calm Down—Your Phone Isn’t Listening to Your Conversations. It’s Just Tracking Everything You Type, Every App You Use, Every Website You Visit, and Everywhere You Go in the Physical World - McSweeney’s Internet Tendency
5 Social networks
Do not trust anything Facebook does or says. They are a Spyware vendor. The same goes for Instagram, Google, TikTok, etc.
But you need to watch your mum’s bread baking on Facebook. I get it.
See social media if you must.