Painting of ducks in the water.

Pelshval

Privacy

Maybe you don’t care whether or not your movements on the Internet are being watched, because you’re “not doing anything wrong”. If so, I won’t pick a quarrel with you. After all, why should you draw your curtains at night? Haven’t they seen a naked man/woman before?

Or maybe you will agree that the idea of being watched while sitting on the toilet is disagreeable, but if that is what it takes to put a few drug dealers behind bars, it’s an idea you can live with, even though you realise that if there’s one thing drug barons can do better than just about anybody else except other big-time criminals, it’s to protect their privacy. After all, they can buy all the expertise they need.

But, no, I won’t argue with you. You will hear more than you can bear about privacy in months to come. Covid unleashed an army of young talented developers who have been clicking away at their keyboards to satisfy governments’ and industry’s vast demand for ways and means to monitor our actions and influence our attitudes. If that’s fine with you, I repeat, I won’t argue… except to remind you of one thing:

There are investigative journalists out there, sticking their necks out to dig up the dirt we need to know about so that we don’t go off and draw the wrong conclusions, make the wrong decisions, trust the wrong people, etc., here, there and everywhere. There are tens of thousands of human rights activists and their lawyers and honest judges who risk being stuffed into jails without trials or killed for defending their co-citizens. These people’s privacy must be protected at all cost! How can we help? By defending our own privacy so that their defended privacy doesn’t stick out like a row of sore thumbs.

I’m so very far from being an expert in this field that I would urge you to leave this page at once to go and read somebody else’s advice. But I haven’t found any comprehensive self-help guidance to direct you to. The Privacy Rights Clearing House, for instance, provides very sound insight at the general level, but the bottom line there, as I understand it, is that we should all stay away from the Internet and smart phones in any way, shape, or form.

True, you can find valuable practical snippets on sites like this one from Kaspersky, but bear in mind that here Kaspersky is also trying to sell us its own products.

So I will do my best to indicate how we can protect our privacy from various kinds of intrusion. Of course, if you run a business, you should probably invest in professional services not only to protect your data but also to minimise your vulnerability to invasive malware.

Your device’s location gets shared

The good news is that, on its own, your device’s GPS is not telling anybody where you are, with one very notable exception: Ever heard of base stations? Information from base stations has proved invaluable for law enforcement in the hunt for criminals (however that term is defined) on the run. So if you are a civil rights activist in, say, Egypt, turn off your mobile phone while on the move. (NB: I am not sure whether that is enough!)

The bad news is that many of your phone’s apps are specifically designed to make commercial use of lots of information about you. Some of the other apps may do so inadvertently.

So you should disable location access for the apps on your phone, and you should disable location storage in your Google or Apple account. PCMag outlines how to do so.

You should consider whether you absolutely need to use Facebook, and if you really do, you ‘d better hone your privacy settings there. Kaspersky tells you how.

Websites you visit share more information about you

You prevent this if you use a VPN service.

Doing so not only hides your IP address; it encrypts the re-routing of your internet traffic. So whatever information the websites or ISPs have stored will be illegible to them.

There are many free VPN services, and even more websites that compare them. Take a look.

“Free” always comes at a cost:

  • You don’t want “speed throttling”.
  • You want a large data allowance.
  • You want to cover all the devices you use.
  • For normal privacy protection, you don’t need access to many countries.

Another advantage of VPN is that it also protects you against hackers when you are away from home. (You don’t want a key logger to pick up the passwords you type). But if you yourself are engaged in serious criminal activity, many VPN services may be willing to hand over your identity to law-enforcement.

Many repressive regimes consider political opposition “terrorism” and some unnamed “Democratic” countries penalise whistle blowing. If you are from or living in such a country you might opt for a VPN service in another country, one that is not likely to pander to pressure from the repressive regime or unnamed “Democratic” country.

You do not need to use VPN to block cookies and adverts. There are other ways of doing that. Many browsers do so, and there are additional “plugins” or “extensions” to do so even more fiercely.

Your browser

If you use VPN, your browser isn’t a big issue. But if you turn off VPN …

I would not use Chrome or Safari, and Opera has been sold to a Chinese group. However, regardless of what browser you use, I would recommend using the search engine DuckDuckGo.

If you use Firefox, you should take the time to fine-tune the browser’s security and privacy settings.

Messaging

WhatsApp is owned by Facebook and its main source of income is based on users’ contact lists. I put to you that Facebook’s track record is less than optimal.

Alternatives: Signal is widely recommended. and is pretty impressive in terms of privacy. Video conferencing is excellent for small groups. Another privacy minded messaging app is Telegram.

Contacts, calendars and email are our weakest point!

If you, like me, let Google or Apple manage your contacts and calendar, not to mention your email, you really have a problem. We have a problem. Or rather, our contacts have a problem. A lot of other apps on our phones will have access to the contacts, not least Facebook.

How do I know what Google hands over to state prosecutors or secret services who may or may not be hounding people from minority groups and other disadvantaged areas?

Oh dear, oh dear.

There is no way I am going to take my contacts and calendar back to a paper notebook. The blessing of having all my devices synchronised cannot be exaggerated. But what if I regularly meet with political refugees from, say, Saudi Arabia or with Russian political activists opposed to Putin… Yes, what then? If the Saudi or Russian authorities are seriously tracking them, my writing in my calendar that I’ll be having lunch with them at so and so time/place, and their phone numbers in my contact list may endanger them, may even endanger me: Am I a Russian / Saudi collaborator?

What I need is an email service (and local client) that provides end-to-end encryption and that also stores and synchronises a contact list and a calendar.

I googled “privacy alternative to gmail and contacts” (without the quotes). You’d be surprised by the number of hits. Three of the top five, including two from VPN service providers (and they should know) all coincided pretty well in their conclusions.

As far as I can judge, only one of the email clients they recommend also provides a contact list and calendar: Tutanota. Now, I don’t much like the name, but I do like the look of it. The hitch is, of course, that all email sent from this email service gets encrypted. So you won’t want to use it to ask your dentist for an appointment. But you could use it to communicate with refugees and with close friends, not to mention if one of them is a married colleague with whom you are having an affair. You would, in other words, leave your dentist’s number on your visible contact list and suggest to contacts who are privacy-minded to use Tutanota.

So this is as far as I get without using PGP, which many email clients do allow, but which is a little too cumbersome for most of us – and it still leaves us with an unprotected contact list and calender.

The last word has not yet been written about privacy protection, never will be. Since I wrote this post in May 2022, much will have changed,and perfect privacy is probably not even possible, just as a ballistic vest and helmet may not be foolproof. But some protection is better than no protection, right?