May 12, 2023 | Becoming Invisible, Part 1: How They Track Us

In an ideal world, personal information would be more or less private. This includes whom we communicate with and what we say, the location and contents of our financial accounts, our shopping and search habits, and where we are physically at any given time.

But this is not an ideal world. Just the opposite, where privacy is concerned. Pretty much everything a typical person does these days is an open book for governments, corporations, hackers, or some combination thereof. And a lot of the data that’s collected is being used to control us in various ways, whether (at the benign end of the spectrum) to convince us to buy things or (at the scary end) to control us financially or politically.

To put it bluntly, we can’t be free if we’re visible. Becoming as invisible as possible is thus a goal worth pursuing.

This is the start of a long series of posts dedicated to figuring out how we can evade the prying eyes of those who would control and profit from us.

There’s a hitch, however: Your guide on this journey — that’s me — has never bothered with privacy measures, on the assumption that as long as I’m boring online and own a lot of anonymous gold and silver, there’s no reason to care about who’s watching. That’s stupid, I know. And it needs to change. So as this series progresses we’ll be learning together. We’ll start simple and take baby steps into the more arcane aspects of digital and physical privacy.

Those of you who are already more or less invisible may want to ignore this series until it reaches interesting territory. Or, if you can spare the time, read and critique the early posts to make sure they’re not doing more harm than good. And please don’t hesitate to suggest new strategies and products.

The eventual goal is a community of people who look, to the authorities, like black holes in both cyber and meatspace, devoid of useful information and therefore beyond control.

Just How Exposed Are We?

The short answer is “almost totally.” Governments, corporations, smart devices, and soon, central bank digital currency accounts, are watching what we do, selling that data, turning it over to the authorities, and/or storing it for future use in case we step out of line. Among the ways they’re tracking us are:

The Patriot Act. Enacted in response to the 9/11 attacks, this opportunistic (“never let a crisis go to waste!”) law gave the US government the power to ignore some constitutional prohibitions on unreasonable search and seizure and listen to or otherwise track most of what we say and do on and offline.

The National Security Agency (NSA), the electronic surveillance arm of the intelligence community, keeps getting caught (thanks to the great Edward Snowden) tracking and/or listening in on phone calls, which is of course unconstitutional. It then promises to stop but apparently just keeps going while calling it something else. The assumption is that the NSA is storing all this information in massive databases, ready to be accessed when and if it’s needed.

The Five Eyes agreement circumvents bans on governments spying on their own citizens by allowing governments to spy on each other’s citizens and share the resulting data.

And most recently, the proposed Restrict Act act would, if passed, give the US government the power to surveil and interfere with pretty much any electronic communication.

Surveillance capitalism

It is now standard practice for internet companies to track customers’ online activity and use that data for marketing — or hand it over to governments on demand. Among the many things they track:

Web and app activity. Google, to use the arguably most pervasive and evil practitioner of surveillance capitalism, tracks everything its users do online, including searches and Google app-related activities. It stores and monitors user emails, including confirmations for purchases, trips, flights, and upcoming bills. Its AIs combine all this data to create those targeted marketing campaigns that eerily track your search queries.

Location and movement history. Combine the data that companies like Google snarf up and the information our phones generate, store, and upload, and multiple entities now know:

• Our current location
• Our home and/or work addresses
• The IP address of our internet connection
• Where we’ve gone in the past and how long we stayed there

Device history. Cellular service providers keep records of call and text history, along with the verbal questions we ask our phones and smart speakers. YouTube (owned by Google) keeps a record of user searches and videos watched. The growing Internet of things (IoT), spanning smart thermostats to doorbell video cameras, observes and records all kinds of surprising things.

Cookies and fingerprinting. From a recent Wired Magazine article:

Cookies are small bits of data that websites deposit in your browser’s storage to keep track of where you’ve already logged in and other site activity, such as when you have items in an online shopping cart. They’re essential to making the web more usable. Privacy issue arises with third-party cookies—those that are dropped into your browser not by the site you’re viewing but by a third party, most often Google, Facebook, or an advertising service. Other websites then have access to that information, letting them peruse your internet trail.

Fingerprinting, a way of using web page headers and JavaScript to build a profile of you based on your system configuration. Your browser fingerprint can consist of your browser type and version, operating system, plug-ins, time zone, language, screen resolution, installed fonts, and more. That means even if you turn off third-party cookies, sites can often still identify you via fingerprinting.

Fingerprinting is a more worrisome privacy concern than cookies. You can delete cookies at any time, but, unless you get a new device or use a browser that randomizes the info, you can’t escape your digital fingerprint. Brave was the only browser in our testing that revealed randomization of fingerprint info.

And then there’s weird stuff like this, from Forbes:

The Words TikTok Parent ByteDance May Be Watching You Say

Most major social media companies have rules and tools that control what people on their apps can and cannot see. Generally, they’re in place to track different types of content and keep dangerous or illegal material off their platforms—like posts dealing with terrorism, abuse and suicide.

TikTok parent ByteDance is no different. But the Chinese company’s content moderation and monitoring appears to go far beyond what’s standard among American peers like Alphabet-owned YouTube and Meta-owned Instagram.

A Forbes investigation into TikTok and ByteDance revealed that a ByteDance tool, run by staff in China, is tracking mentions of what it considers “sensitive words” across the company’s products. In some cases, where words are marked “must kill,” “forbidden” or “prohibited,” ByteDance may be blocking related posts altogether. The tool is also aiming to track every time one of these words comes up—recording who said it and where they’re located, including for people in the United States.

The Chinese government has targeted people in the U.S. who’ve spoken out against it online, but experts have warned that the average American can be naive about how far their words can travel on the internet, who may be watching and the potential consequences.

ByteDance’s library of “sensitive words,” which are organized into thousands of vocabulary lists, “is proof-positive that there are specific things that they are concerned about and they want to monitor who was saying them, when and how often,” William Evanina, the former head of counterintelligence for the U.S. government, told Forbes.

“They’re not just collecting it for collection’s sake,” he added.

Baby steps

Now that we’ve established beyond a doubt the need to become invisible, we can start taking small, manageable steps in that direction. Next up: How to configure Google to minimize its ability to spy on us.

John Rubino May 12th, 2023

Posted In: John Rubino Substack

Next: Tech Talk for Saturday May 13th 2023 »