The Cambridge Analytica story is still unfolding but it is undeniable that it sparked some interesting and serious conversations regarding the amount of information about us accessible online, our use of the internet and the need of legislation to protect our privacy (information is indeed power).
Facebook is in the eye of the storm for its terrible negligence and malpractice in managing the data of millions of people. A few days ago, another story broke on their clumsy utilisation of a deprecated Android API to collect a history of the recipients of all SMS messages and phone calls on Android devices that had the Facebook or Messenger app installed to feed the algorithms managing friends suggestions.
Tim Cook intervened calling for clear rules, processes and structures to safeguard personal information and limit the reach of advertisement companies, political parties and many other agencies that have the tools to “connect the dots” and use data to their advantage.
Despite Tim Cook’s numerous remarks and pride for Apple’s commitment to privacy and their laudable on-device approach, to retain their ability to do commerce in China, Apple recently transferred all cloud data belonging to its Chinese users to servers based in China, allowing for much easier government access.
Whilst I am sure that this conversation will be beneficial in creating a more structured system to protect our information (and the GDPR is a good stepping stone), I believe it is necessary for each of us to be conscious of the mechanisms underlying the internet, the concept of audience, the potential eternity of data shared online, the way our devices interact and the technologies involved.
This requires a combined effort of companies, policy makers, agencies and governments, but hopefully it will also be something that education systems will be called to cover in the near future.
However, there are some small steps that everyone can take to limit the amount of information online companies can use to profile people. It was estimated that Google (through the Analytics script, AdSense, in-browser predictive systems, auto-suggest, etc.) can track around 80% of an average browsing session. Facebook as well (through Pixel, Graph APIs and other forms of presence such as comment box scripts, like button, embedded posts, etc) can track a vast portion of your online behaviour outside its domains.
As you can imagine, mixing almost all of your browsing history with the information that you spontaneously submit in your wall or with your likes, gives these online companies (and others, as we saw with Cambridge Analytica) a scary amount of information about you. This specific case regarding US elections and Brexit has various implications regarding the role of democracy, the power of information and mechanisms of governmentality – but it is something too big to squeeze in this article.
How can we defend ourselves?
What can you do to limit this? Allegedly many people are taking the drastic decision of deleting their Facebook profile (the #deletefacebook hashtag was trending a few days ago, Elon Musk also chipped in). Whilst removing your account will certainly do something, there are other ways by which companies like Google and Facebook can track your online activities (take a look here and here).
In some small way – without the need to buy a new device every day, fake your MAC address or stop using GPS altogether – there are things we could do to make life harder to people that want to track our behaviour across devices and sessions and be more conservative with our data.
I have compiled a list of things that I have done and that hopefully will be useful to you:
- Removed all the contacts I have uploaded to Facebook since 2006 (you can do it following these steps)
- Set DuckDuckGo as my default search engine in Chrome and Safari Mobile
- Use the European Advertising Standards Alliance (EASA)’s site YourOnlineChoices to control the cookies currently stored by ad companies
- Set Chrome to delete all of my cookies upon exit (except a few trusted domains that I have whitelisted for convenience) and use 1Password (with the standard browser extension or the new 1Password X for Chrome) to fill login boxes
- Regularly reset my Advertising Identifier on iOS
- Regularly reduce my device/browser fingerprint
- Use a trusted VPN whenever possible (my personal one if I am doing something very sensitive, a trusted commercial one any other time as for energy saving purposes iOS heavily limits on-demand IPSec VPNs and automatically disconnects from them after a few seconds of inactivity)
- Review the apps for which I granted permissions on Facebook –
removed as many as possible. Also reviewed my Facebook profile to show nothing more than my profile picture and cover photo to anyone that is not my friend (and hide my friends list to anyone).
- Review my Google account activity controls (you might find some scary things being recorded by Google, for example your voice and location!)
- Gradually change all the emails I am registered with on online services so that in each site I am using a unique address. Comparing and matching emails is a very convenient method for companies to track users across sites. With Gmail you can easily create a unique email for each service with the + trick. For example, I would use [email protected]__ for Facebook, [email protected]__ for Airbnb, etc. If you don’t know what I am talking about, you can learn more here.
Do you have any more ideas on ways to limit our traceability on the internet? Post them here in a comment! I am also interested in your point of view on the whole story of Cambridge Analytica and the implications on your usage of social media. Have you deleted your Facebook account? Are you thinking about it?
EDIT: Just found this video from the Wall Street Journal about some of the ways Facebook tracks you across different sites/devices and offline. Very clear and easily digestible by non-tech people.