Permissions in their most basic form are the ways that your devices manage what apps can access what sorts of information. Managing what applications have access to that information is necessary for any sort of privacy.

The exact permissions your device recognizes depends on your OS, but generally they have the following

SMS

Contacts

Photos and Videos

Nearby Devices

Camera

Phone

Music and Audio

Call Logs

Microphone

Location

Calendar

Notifications

Account info

And several others

In general, no apps should have permissions that they don't need to work, and they should not have access to those permissions when not in use. However, even a standard look at your device's permissions history may not reveal everything, as certain pre-installed apps have access to all of your devices permissions and these may not appear by default, and these permissions have to be manually removed.

Now obviously I can't list all the permissions to watch for and disable on every device there is out there, so instead I'll link some videos here for your reference. Note I do not necessarily agree with all of the recommendations they give, and many times I go a few steps further to turn settings off, however I think they serve as a great baseline for how to navigate these types of situations, and individual preference can go from there.

iPhone

https://www.youtube.com/watch?v=wQE-OBW9hkk

https://www.youtube.com/watch?v=2HpwfWTucUM

Android(Samsung in particular)

https://www.youtube.com/watch?v=7Yr_BHQpBfw

Windows

https://www.youtube.com/watch?v=rlwYKbEfFpM

https://www.youtube.com/watch?v=j0pXFwCkF-k  <- Disable Microsoft Recall is a must

Mac

https://www.youtube.com/watch?v=7wm6F66aLM0

Okay, jokes aside it's been a second since I did one of these, and in part it was me looking into more information, and just dealing with life things. Please forgive me.

Now I need to address some misconceptions. VPNs do not enhance your cybersecurity, your browser should automatically update your http connections to https connections. If not, I can walk you through the steps to configure that. A VPN cannot keep your passwords secure, or hide your identity on a website you've logged in on. What VPNs do, is enhance your privacy, however do not confuse privacy with anonymity. For starters I need to talk a little about Domain Name Services, or DNS. This is basically a protocol necessary for internet access, and contains information like your IP address, and the physical location of your ISP. If you remember this link from the first blog: https://dnsleaktest.com/ you might recall that this information is available to every website you visit. Likewise your ISP can see and record any and all websites you visit, and anything else that you use the internet for. Now, if like me you don't like the feeling of someone watching your every move online, there is some hope, enter the Virtual Private Network(VPN).

How a VPN works is the VPN company will set up a computer server somewhere, and any VPN user can then connect to, sending encrypted data to the VPN host server. Your ISP can see that you are connected to a VPN, but not what you are doing online. The information you send to the VPN is decrypted once it reaches their servers, and sent out to the internet as if their computer was the one using the internet, all websites seeing their IP address, and location. It's for this reason, that despite the fact that I am nowhere near Seattle right now, that's where the Shard thinks I am located. The VPN server's ISP can see everything that the VPN server does on the internet, but cannot associate it with you, giving you a measure of privacy. Now some of you might have seen the obvious flaw in this system, that being that the VPN provider can see everything you do, and link it to you. That means that you need to have a lot of confidence in your VPN provider that they aren't recording any of that information, which is termed as a no-logs policy.

Since any VPN with a no-logs policy is effectively the same in terms of privacy as any other, there will be no levels given here, I will instead give a list of functional VPNs along with their various prices and advantages if any. There are also so many VPNs I cannot possibly list them all, so instead I'll just list some standouts here that have some interesting features.

Proton VPN

All paid plans have a strict no logs policy which has been backed up by annual third party audits. The VPN is open sourced and has severs in over a hundred countries around the world. They have a free plan available for your experimentation, while they don't promise a no logs on the free account I do still recommend it for anyone new to VPNs looking to learn more. Note that if you use Proton for email or another service, you might want to look into getting a different VPN provider, so that your information and your VPN aren't from the same company, however you can also bundle the purchases, which may be easier on your wallet, and thus be preferable.

Proton VPN's cheapest plan is for $71.76 which covers the first two years, renewing annually for  $83.88. Alternatively you can find it in the Proton Unlimited plan for $191.76 to cover the first two years, and $119.88 for each following year. https://protonvpn.com/pricing

Nord VPN

Probably the biggest name of any of these VPN providers, and easily one of the most famous outright. Nord has undergone six independent audits of its no-logs policy the latest being in 2025.  The report is only available to customers, but was successfully passed. Nord VPN has a host of options you can choose from, some plans will include things like cloud storage, fraud monitoring, and other services. I however only recommend the two most basic plans unless you have a reason to do otherwise. The basic plan starts at $83.43 for the first 27 months, and renews for $139.08 per year, with the Plus plan starting at $96.93 for the first 27 months and renewing at $179.98 per year afterwards. https://nordvpn.com/pricing/

Mullvad VPN

You might recall the Mullvad browser from previous entries, which was designed to be used together with this VPN. When used together their anti-fingerprinting abilities stack, making it basically an impossibility to tell any two users apart, if you use both, and don't do anything to undermine the protection there is little anyone can do to track you between websites, or tell you apart from another user. If you use the Mullvad browser this might be the correct VPN for you. Being open sourced, and having passed several third party audits this is generally a great VPN. It does come with quite the price tag, being 5 Euros a month, regardless of how long you have the VPN for, and no alternative payment plans(for comparison, most of the others charge the equivalent of less than $4 a month) https://mullvad.net/en/pricing

IVPN

This open sourced VPN service takes an interesting approach, in that they don't have any sort of affiliate program, which makes them hard to find. They do however have some interesting features, including options for a three year plan for $140, as well as other plans that include a self hosted DNS system, and a packet manager. This allows you to see all of your web flow, and to build your own web filter to block certain sites. Additionally there is no email required for account setup, which is really nice. All things considered this is one of the more unique options, and long term, one of the cheapest. https://www.ivpn.net/en/pricing/

OVPN

OVPN is one I know the least about, but they have proven in court that they don't track any information from users, in fact they claim that the entire system is built so that not only are logs not stored, but that they cannot be. Within their current legal jurisdiction they cannot be forced to log users data, and if the laws changed they have already promised to move corporate headquarters. Their cheapest plan is for three years totally $151.92. https://www.ovpn.com/en/pricing

There are several others, and I'll list a relevant site that has a Q&A style log of various VPNs along with some relevant information about them here: https://torrentfreak.com/best-vpn-anonymous-no-logging/

Of all of these I have listed(Not including the link above) the cheapest option is Proton's free plan, which does not contain full functionality. For full functionality the cheapest would be to use the first two years of Proton VPN, followed by switching to IVPN's three year plan.

Now should you use a VPN? Despite the advertising VPNs are not the end all be all of internet privacy, and it is far more important to change your browser and search engine as well as related apps as those can collect far more data from you than most other sources could. However, if you don't want to easily be tracked from site to site, or for a website you visit without an account to be able to build a profile of you, or simply just to get around geo-restrictions or government censorship, then VPNs are very helpful, and I highly recommend.

Digital ecosystems just like real ecosystems are interconnected applications that share data and accounts between them. On an initial look this can seem very positive, however it also means that if that account is compromised then everything associated with it is as well. It also means that if the company that owns it doesn't respect your privacy they have access to everything.

The largest digital ecosystem is of course that of Google

Everything you keep or put into one of these services is stored in some way by google. Also if you aren't a huge fan of AI anything you have in Google Drive/Photos/Docs/Sheets/Slides+ is being fed to Gemini.

That's a lot to watch out for, but there's more

Microsoft

Meta

I could also list Apple, but I think you all get the picture. I imagine that everyone is tied up in at least one of these ecosystems in one way or another, and while I do recommend trying to remove oneself completely, I do not think it wise or necessary to do so all at once. I recommend starting with some of the most important things, or at least the easiest and making one adjustment at a time. Additionally for most of us will have to use some of these for work/school/family. In those cases, I recommend simply doing the best you can.

As for practical alternatives, I clearly cannot go through each of these one by one and give all possible alternatives, so instead I will give some things that generally everyone needs and some programs that accomplish this. I will also note that this is where privacy can begin to cost money, and I will try to list the prices as often as I can.

Now one of the easiest things to do would be to simply replace one ecosystem for another, and if you want to do that I recommend Proton

Proton really is trying to make a privacy focused version of almost everything Google does, and constantly adds new features or new products. Most of these products have free trials to see them for yourself, however full functionality requires a paid subscription, which with the cheapest plan for all Proton products is $120 a year($9.99/month, but it's charged once per year) for a single person, with options for couple or family plans. Proton is open source and undergoes a third party review every year which they make public at that time. They are highly reputable and if all in one is what you're looking for they are easy to use and will feel familiar to anyone accustomed to Google. 

Get Proton: https://proton.me/pricing#compare-plans

On the other hand there are reasons that you might want to diversify what programs you use and who you trust with your data. In which case you may want to use only a single Proton product, or none at all. In that case I'll list the general things everyone needs, as well as some alternatives to the big tech ecosystems along with their varying strengths and weaknesses. Of course I can't list everything, but I'll list the products that I have at least tried or heard enough about to recommend(because I'm broke and things cost money). I won't go over VPNs or Operating Systems today, and I'll leave those for another time.

Email: Alternatives to Gmail and Outlook

Notes: Alternative to Google Keep and One Note.

Word Processors: Alternatives to Google Docs and Microsoft Word. I have a feeling with a lot of writers here this will be popular.

Spreadsheets: alternatives to Google Sheets and Microsoft Excel

Slideshows: Alternative to Google Slides or PowerPoint

Cloud Storage: Alternatives to Google Drive or One Drive

Maps: Alternative to Google or Apple Maps

Messaging and calls

There are of course countless other applications that you can use for your privacy needs. I recommend looking at Privacy Guides if you are looking for something else. I find most of their recommendations to be very good, though they have some applications they ignore for not meeting some seemingly arbitrary requirements.

https://www.privacyguides.org/en/tools/

Update: found this gem of a website, it has some good ones too, but note that not everything there is privacy focused, so read up before switching: https://alternativeto.net/

First up are the very tools we use to access the internet. Web Browsers and Search Engines.

If any of you are like me you've heard those terms before but don't know the difference between them. Don't worry, the two are meant to work together, and I'll explain the two of them.

Web Browsers are what displays websites to you. They determine things like window size, store cookies, and how websites interact with you.

Search Engines on the other hand are what finds websites when you put something in the search bar.

Both are essential to using the internet, and having the two of them be privacy focused is a must.

Web Browsers

I'll start with Web Browsers as they were the first that I focused on, and to do that I will first review my levels of privacy, and listing browsers for each one.

Level 0: "I don't like hackers" Privacy isn't a concern, only security.

Level 1: "I'm doing nothing wrong, but also nothing you need to know."

Level 2: "Data collection is theft."

Level 3: [Error 404: Not found]. The goal is to be a ghost online.

Level 0

Google Chrome

The web browser I'm certain most of you are using now, and statistically the most popular web browser in the world. Kept up to date, this will protect ypu from most hackers. It's also sending everything you do to Google.

Microsoft Edge

This one is only here because I can't figure out how to delete it. It's slightly slower than Chrome, but at least it turns on. Looking at you Internet Explorer.

Level 1

Brave

Built as an offshoot of Chromium(the seed for Google Chrome) this is a clean and simple web browser designed to give you privacy with as few inconveniences as possible. It works with all chrome extensions, blocks trackers and ads by default, and is highly customizable. Of all the browsers I will talk about this is probably the easiest to pick up and start using. User friendliness is on maximum.

Brave is open sourced, and has an interesting marketing scheme. Unlike Chrome, Brave has no third party ads, with first party ads only shown on the homescreen. These ads are the same for all users, and not based on individual data. Additionally Brave sells extra services such as Brave VPN and firewall. Additionally if you are into crypto, Brave will pay you to watch ads if you want.

On iPhone however, it is built around Apple's browser WebKit, so it isn't running chromium.

Here's a link to try it yourself: https://brave.com/

Firefox

Perhaps the most well known alternative to Chrome and Edge. Firefox unlike most other web browsers isn't based off of Chromium, but rather a different seed called Gecko.

Firefox is open sourced, and funded largely through deals with Google, where in exchange for hundreds of millions of dollars a year Firefox makes Google the default search engine. Remember this, it will be important later.

Firefox on its own is alright, but you will want to manually adjust settings, and install the uBlockOrigin extension. As extensions are unusable on mobile I only recommend Firefox as a desktop browser. 

Download Firefox: https://www.firefox.com/en-US/

A guide to fixing Firefox settings: https://www.youtube.com/watch?v=aULplHUYNNE

Level 2

Here's where browsers will start to sacrifice your daily browsing for the sake of privacy. If you want, you can have multiple browsers installed, and use one for general purposes, and another for when greater privacy is needed. If you love customizing your browsers, you should probably stick to Level 1.

Librewolf

Librewolf is based off Firefox, but with a bit of a different philosophy.

Librewolf is opensource, and made entirely by volunteers, to the point that they won't even accept donations.

Librewolf blocks all third party ads, and has none of its own.

Librewolf is also the first browser on this list employ a deep anti-fingerprinting technique. Normal fingerprinting in this sense refers to using unique identifiers to tell users apart. Librewolf and others turn this on its head. The idea being that a website is unable to tell two librewolf users apart from each other, creating a herd immunity. As a result of this while Librewolf technically has access to all of Firefox's browser extensions, using them defeats the purpose of Librewolf as it makes you stand out. You also have to log in to websites with every visit, cannot set websites to dark mode as a default, remember which sites are in dark mode and the browser window size may be smaller than your screen resulting in a border to fit your screen size.

In addition to the general anti-fingerprinting difficulties, I will also note that during my experimentation that Librewolf had some bugs, like Youtube audio playing while the visuals were frozen. Other than that my overall experience was largely positive. In addition, there is no Android version of Librewolf and it struggles with MacOS.

Get Librewolf: https://librewolf.net/

Mullvad

This browser will feel fairly similar to Librewolf, for a number of reasons.

Firstly, they are both open sourced, modified versions of Firefox that block all ads. Secondly they both employ the same heavy anti-fingerprinting strategy. This means that just like with Librewolf, any two users of Mullvad are impossible to distinguish.

However from here there are some differences. Mullvad was made as a joint effort between the TOR project and Mullvad VPN. Where it comes to funding, the TOR project is a non-profit and does the work for free. Mullad VPN is a paid subscription, and part of the reason behind the browser was to convince users to use their VPN. I'll talk more about Mullvad VPN in a different entry, but for now it's enough to know that no one profits from you using the  Mullvad browser.

Just like Librewolf the recommendation is to not modify the browser, meaning you have to log in, switch to dark mode, minimize screens and whatever else, to each website everytime you use them. Mullvad also does not save your search history, or give search suggestions. However unlike Librewolf, I didn't notice any performance issues. The browser looks a bit odd, but if you can get used to that it's a pretty seamless transition.

There are no mobile browser versions for Mullvad.

Get Mullvad: https://mullvad.net/en/browser

Level 3

There is only one Browser here. This is it. The king of private browsers, the undisputed champ. Part of the reason that the Mullvad browser was designed was to be a more user friendly version of this. The step beyond privacy and to anonymity.

The Tor Browser.

TOR stands for The Onion Router, and when you set it up on your computer you have all searches made through it are tripple encrypted and sent through various other Tor users before being sent out to your desired website. If that doesn't make sense, don't worry, I barely understand it myself.

If Librewolf and Mullvad are using gloves to avoid leaving a fingerprint the Tor Browser is putting your hands in acid to burn your fingerprints off. With Librewolf and Mullvad it was heavily recommended not to modify. Here it is an order that comes with a very explicate "or else."

The Tor Browser is the open source brain child of the Tor project, a non-profit aiming to bring internet privacy to everyone.

It comes with all the downsides of Mullvad but it's also slow. However, it also has some benfits. Anyone watching your internet traffic, such as a school, employeer, or ISP(Internet service provider), can see you are using the Tor Browser, but nothing else. Not what sites you visit, nothing. The websites you visit are likewise clueless as to anything about you.

It is also probably the safest way to access the Dark Net, though if you want you can also use Brave for that(though I do not recommend). I may make a blog entry on the dark web later.

I haven't actually taken the time to use this one yet, so check back in a few weeks and I might update this with more information.

While available for Windows, Linux, and Android, there is no iOS version of the TOR browser. The TOR project has an iOS browser called the Onion Browser, but I have no idea if it's good or not.

Get the Tor Browser: https://www.torproject.org/

I know this has been long(so please let me know if these should be shorter), but with Web Browsers out of the way I want to move on to Search Engines.

Unlike browsers I won't have a leveling system here, rather I will talk about three main points with search engines.

1. Privacy

2. Quality

3. Bias

Privacy is pretty obvious, does the search engine store and sell your searches? Quality is how relavant the responces are to your queries. Bias is how the Search Engine filters your results. This is generally only really noticeable for politics, but I believe that it is something important to keep in mind, because even if you agree with what the Search Engine shows you, it's good to be aware of how it may color your perspective. I will not say whether any particular biasing bad or not, just point them out.

The importance of choosing the right search engine cannot be overstated. We tell them things we wouldn't tell our best friend, and as stated above, Google will pay hundreds of millions of dollars a year in order to be the default(not even only, just the default) search engine on another browser.

I also want to quickly list what each of the browsers uses as their default search engine, though you can usually change it pretty easily.

Google Chrome and Firefox: Google Search

Edge: Bing

Brave: Brave Search

Librewolf, Mullvad, TOR: DuckDuckGo

In general you can change the default search engine by going to the browser homepage, going to settings and clicking search engines.

Google Search

Privacy: Not only is everything you search cataloged, but everything ypu type into the search bar is stored and sold to advertizers

Quality: Google Search, admittedly, has perhaps the best quality of results of any search engine

Bias: Google admits to actively promoting large corporate news sites it deems "trustworthy" over independant sorces. Wonder why large corperate Google would do that? It also tends to skew results to the political left, though that's an obervation and not something Google admits to.

Bing:

Privacy: Bing respects privacy as much as Google does.

Quality: You're kidding right? In all seriousness, Bing is better than it was a few years ago, but it still isn't as good as Google.

Bias: Bing shows many of the same biases Google does.

Brave Search

Privacy: Solid respect for privacy, and funded the same way that the Brave Browser is.

Quality: Unlike the rest of the search engines here, Brave doesn't source its results from Google or Bing, but rather it built it's own web crawlers to deliver its own results. It's generally pretty good, unless you need an image search, then it has problems.

Bias: Unlike any of the others Brave has a toggle at the top between left and right news sources, which I honeslty appreciate. The openness is kind of refreashing. It does still have a corperate bias regardless of affiliation.

DuckDuckGo

Privacy: A private Search Engine. They are funded through ads, but those ads are only sourced from a single search. For example of you search for: "computers," you might see computer ads. But when you search for "mac n' cheese," later the ads do not know that you searched for computers earlier. 

Quality: All responses are sourced from Bing, so the results are the same.

Bias: Along with having the same biases as Bing, the CEO came out and said that they were going to pioritize information that they believed to be true. This may improve on Bing's initial biases, it may make them worse. That entirely depends on how much you trust DuckDuckGo.

Startpage

Privacy: Startpage is a private Search Engine, funded the same way DuckDuckGo is. Additionally, Startpage offers anonymous viewing of websites, allowing you to look at(but not interact with) webpages while completely hidden.

Quality: Startpage sources its results from Google, so you get excellent quality.

Bias: Sourcing from Google, Startpage has all the same biases Google does.

SearX

This one is interesting as SearX is really just a moduel that you either build youself, or use someone else's. I'm not tech savey enough to do it, but apparently it works amazingly.

Ecosia

Privacy: This thing sells your data, but it uses the money to plant trees if you value that more.

Quality: Results are sourced from Bing

Bias: See above.

I hope everyone could get something from this, including easy ways to improve their daily browsing. Please respond to the poll up top it will help me improve these in the future.

Factors of Authentication

The number one priority both with cybersecurity and privacy is that only the intended individuals have access to certain information. Now one way to do this very easily is to simply keep all information stored locally on a single device. Nothing comes in, and nothing goes out. However that prevents any form of communication between computers. So in order for us to do banking, use social media, or countless other things we have certain factors in order to recognize certain individuals. Largely speaking there are three ways to identify someone.

1. Knowledge
2. Characteristics
3. Possessions

Knowledge

Knowledge is the first of these. You can see this in real life by asking someone something only they would know, such as when you first met, when your birthday is, important events and so forth. However that requires you and the person to both be thinking human beings. Online we give one another passwords that enable us to quickly find and confirm one another's identity. The problem with this is that if either party is irresponsible with the password then it's gone and there's no way to know who has access to it. There's nothing you can do about how other services save your passwords, however there are some easy tips to making safer passwords.

1. Use different passwords for everything. That way if one website or app is compromised you don't lose everything. This does risk you forgetting your passwords and so you want a way to remember them.
2. Don't write down your passwords, or at the very least not the whole thing. That may seem odd after I just said you risked forgetting your passwords. However, if you store them online such as with google sheets or with cloud storage some company out there has all of your passwords, and there's no telling who can look at them. Likewise if anyone gets their hands on your password cheat sheet they have access to everything. I recommend writing down only hints or coded messages that will help you remember without actually being your passwords. If you speak multiple languages this can be very helpful.
3. Don't store your passwords online. See above.

Of course if you don't use a website that often, or don't care if the account is compromised you can disregard some of these, but they are still good rules to follow.

Characteristics

Characteristics is a different kind of thing altogether. These are things unique to you, such as fingerprints, facial structures, voice, anything that allows close family to recognize you from someone else. Online these serve a very similar purpose, and in theory biometrics are the perfect solution, because they are immutable. You won't find someone suddenly wearing your face. Unfortunately, the inability to change them makes them a vulnerability online. If someone gets a digital file of your fingerprint or face they can use it in your place, or to access your account and there isn't a way for you to change it.

Possessions

Using something in your possession to authenticate yourself is pretty simple. In person we use keys in a similar way. If you have the key you are allowed in. Online this takes a different approach. Certain apps or other features will send specific signals to each other, with randomization codes stored on your device. The way they work would take a long time to explain, but basically using the almighty powers of MATH you can take a really long sequence of letters and numbers, mix it with the time and create a six digit code every thirty seconds. When you establish these authenticators you set up a single code, and from that time forward. That's the secret behind authenticator apps, like google authenticator and whatnot. I'll talk more about encryption later. However, this does mean that if someone ever got access to that string of letters and numbers they could get your authentication codes.

Phishing

Phishing is basically the act of trying to get you to give up your username and password to a website. This is often done through email, either by asking for the information, or by sending a link to a website owned by the scammer that looks like the target website, often a bank. When you try and log in that information goes straight to the scammer. Always be alert, read the URLs carefully, and don't click on suspicious links in emails.

Two Factor Authentication

Basically everything right now uses passwords, and it is becoming increasingly common to use 2FA, or two factor authentication. Which is to use passwords with one of the other factors, commonly text(SMS) messaging or an authenticator app. This is great for security, as it is a lot harder for someone unwanted to get ahold of both your passwords and your phone. There are a few things to be aware of however. The first is that SMS messages are not secure. In transit they aren't encrypted, and your cell service provider can read them, as can others. And as I will speak on shortly they can be compromised. However, if you use an authenticator app this is largely resolved, with a few other caveats I don't feel like getting into right now, but if someone wants I will explain in the replies.

SIM Fraud

For those of you who don't know a SIM card is a component in your phone that allows it to connect to cell towers. It's where cell phone companies store your phone number and other information. One of the reasons that SMS messages or phone calls don't work really well as 2FA is that it is really common for scammers who get access to your information(another great reason to want both security and privacy online) calls pretending to be you and has your number transferred to a different SIM card. They are now in possession of your phone number and receive all texts meant for you.

Security Keys

I found out about these recently and haven't had the opportunity to use them yet. I will let you know how it goes once I do however. Security keys are physical objects that look like thumb drives, and they take everything that authenticator apps try to do and turn it up to eleven. Basically instead of using the time and a string of numbers and letters to create a code the key shares a code with the host website/app, and then keeps track of a whole bunch of information, such as the number of times you've logged in, and a lot of other math that my brain doesn't entirely understand to generate a unique code each time you log into a website. With that done, it becomes next to impossible to log in without having that physical security key, even if someone gets your password. As most of these keys use your fingerprint in order to work, and that scanner is reliant on a physical input, not just a scan, even if someone steals the key, or it gets lost they can't get access to your accounts either. On top of that the key will remember what websites you've been to, and won't allow you to give the code to the wrong one, even if they look legitimate. It is highly recommended however that if you use security keys you set two up at the same time and leave one of those keys in a secure location, because if you only have one and it gets lost, you are locked out of that account and there is no way to recover it. The success can be demonstrated by google making them mandatory with zero successful phishing attempts after that.

Privacy

Now having gone over that I'll move to more of a privacy focused angle.

Nothing is Free

Shocker, but things cost money. That is true on the internet as well. Any service that is being offered requires someone out there to be spending money to make it available to you. As a result, with few exceptions, they also have some way of making money off of that service. In privacy circles this has taken the form of the adage: "If you don't pay for the product, you are the product." Take Facebook for example, the ordinary user doesn't pay anything to use Facebook, yet Facebook is a company worth more money than most of us can even comprehend. How? The answer is simple, Facebook sells its users to other people, in this case to advertising companies. Something to always keep in mind is, how are is this service being funded. When I get to offering alternatives to big tech I'll go out of my way to point out how they get their funding.

Ads and their problems

Many people today will say that ads are the problem with privacy. Some more politically minded individuals will blame capitalism. Neither of those statements are true. Targeted ads however, are a big part of it. Ads unto themselves are just a way for companies to show you products they have that they believe you want to buy. This can be a very helpful and mutually beneficial relationship. However, when a middleman enters the picture with the ability to spy on your data and is willing to sell it to advertisers to optimize their ability to find people we have trouble. This is why if there is a weakness in your privacy, the first place you will see it is in personalized ads. You can easily see this if you are traveling. Watch ads in New York and then fly to Colorado. Immediately political ads will change to local candidates without you ever doing anything.

Fingerprinting

The way that companies make and market these ads is though what is called fingerprinting. This is basically the ability for them to identify who you are and link it to what you are doing. With enough information they can even do this across different platforms, so that multiple websites, accounts, and profiles can all be tied back to you. That is mostly in the realms of government agencies, and should worry us all.

Websites over Apps

Apps have a lot of permissions and access to data from your phone or computer. Generally if at all possible you should use webpages rather than apps.

Ecosystems

A common saying is "Don't put all of your eggs in one basket." Realistically speaking however, most of us do this all the time. How many of us have at one point or another been in the google ecosystem? Writing in google docs, recording information in google sheets, Gmail, google chat, google hangouts, google chrome, google search engine, google, google, google. Other ecosystems like Microsoft office also exist. This allows them to build large records of your past behavior and if that account gets hacked, or deleted everything is gone and there's nothing you can do about it.

Open Source

Everything online runs on code. Most large companies don't let anyone anywhere near their code. Try asking google how the YouTube algorithm works sometime. They won't tell you. Other companies and organizations have a different approach. The full code is open and on display for all to see. This means that anyone can look at, improve, or build their own off brand version, basically for free. It also means anyone can inspect it for potential problems or spyware. Open source providers are thus highly trustworthy, and I will say which of my recommendations are open source or not.

Third-party verification

This is basically when one company pays another to look at their products and try and break them. If the hired hackers can get in then they fail the inspection. If they can't the product passes the verification. Third party reviews are also highly valuable.

Trade offs

Just like as I said above nothing is free. That also often means that few things are universally better. In exchange for more privacy you also have to give something else up. This might be money, or convenience, but there is always a price. That's why I don't think there's a one size fits all for privacy. Everyone has to make their own decisions.

Starting here soon, I'll give more step by step tips on improving your personal privacy.

First off "Why Privacy?"

Perhaps the reason I hear most often against maximizing online privacy is that you don't need it. This can be summarized in the philosophy of "I'm doing nothing wrong, so I have nothing to hide."

I personally think that most people who fall in this camp don't have the faintest idea as to how much information you can actually find out about someone online. If you do and still don't care, that's your choice. However, I want to ask: Do you feel uncomfortable with someone watching your phone over your shoulder? How about looking through your search history without telling you? How about tracking your location at all times? I think that would make almost anyone uncomfortable.

The levels of privacy.

Like most things privacy comes in levels, which I will summarize below, and throughout this blog I will use to help you achieve your desired level of internet privacy.

Level 0. "I don't like hackers" People at this level are only really concerned with protecting themselves from hacking, scams and extortion.

Level 1. "I'm doing nothing wrong, but I'm also doing nothing you need to know about." At this level people take the basic precautions to avoid the most invasive corporate and government espionage and are contentious about how much of their information is available online.

Level 2. "Data collection is theft." At this level most people feel like they own their personal information, and anyone collecting it is stealing. These individuals go to just as extreme lengths to protect their data as they do to protect their belongings, and guard it just as jealously.

Level 3. [Error 404: Not Found]. At this level people go to extreme lengths to remove any and all traces of themselves from the internet. This level almost requires you to not use the internet at all.

Who do we need privacy from?

Well, everyone really, but there are some culprits that are bigger than the others.

1. Big tech companies like Google, Meta, and Microsoft
2. Government agencies like the NSA if you live in the US
3. Hackers and Scammers
4. Your Internet Service Provider(ISP)
5. Every website you visit.

I'll get into how to protect yourself later, but for now let's see just how much information they have access to.

First go to this website https://www.dnsleaktest.com/

Unless you have already taken steps to protect yourself you might be surprised on how accurate of a location this random website was able to get from you. Well, it's not just this one. Every website can collect this information from you.

To see this on the shard go to your Account Settings > Recently Used Devices. You should see not only what devices you used, their operating system, the browser you used, and the location you used them from.

Other services are even more invasive tracking what other devices are logged on using the same mobile or wi-fi network, location, search history, mouse movements, keyboard patterns and so much more.

Why do they collect all of this data? Most websites and social media companies use it to sell targeted ads, so you can pay money to send the same advertisements to all members of a family, to people who watched your competitors ads etc. etc. Most governments use it to track, influence and control you.

In the next installment I'll start going though ways to protect yourself and your information.