How many people feel like they have a handle on their digital selves? I remember years ago before I embarked on a journey of “digital hygiene” that I knew that I was just leaking information everywhere. Facebook, Snapchat, Google/Gmail.. Data everywhere, under control from big corporations. It was a feeling of being bare and vulnerable but I didn’t quite understand why I should care. Google’s motto was “Do no evil” so they’re trustworthy, right? Cambridge Analytica was the real kick in the pants I needed to sort out my digital life.
Starting a privacy journey there’s an overwhelming feeling of “My data is already out there so there’s nothing I can do now.” The value of your data is in the current picture of you, your interests, your thoughts which companies use to make predictions. You don’t have to continue to feed the system; you have to break that link.
You have two options:
- You can delete the accounts and find ways to solve for the functionality they provided as you go. This is what I did and it was hard but the privacy benefit was immediate. It also kept me accountable and made it difficult to return to the walled gardens.
- You can find services that replace centralized services and stop using them piecemeal. You may find this easier to do because you don’t hard-cut the functionality you’ve come to rely on. It will take a long time and there will be myriad ways to backslide into giving up.
This first step is probably the biggest benefit you can have by not participating in privacy violating services in the first place. Diminishing returns and the 80/20 rule is in play here: 80% of the benefit can be had with 20% of the work just by deleting and not using the obvious big offenders. The rest of the points here will be 80% of the work (and cost) to claw back that last remaining 10-20% of your privacy.
Most of you probably haven’t seen the telemetry that your devices are sending. Out of sight; out of mind. Something that was very eye-opening to me was installing a Pi-Hole on my home network. Seeing hundreds of thousands of phone-home requests going out to places all around the Internet was haunting to see. Some devices were contacting tracking services constantly. Pi-Hole is a great device to stop those requests getting out.
UBlock Origin gets installed on all my browsers, desktop and mobile, with every list enabled. This blocks sites loading scripts. You can go too far with this by blocking all scripts which will break most sites. I tried that for some time and the downsides for usability weren’t worth the few extra percentage points of privacy.
One of the easiest things you can do is use Firefox and turn on Enhanced Tracking Protection at it’s strict setting. This blocks most device fingerprinting, that can uniquely identify you as you travel around the Internet, and cross site cookies and trackers.
This deserves a whole series of posts on its own but if you don’t fully control the devices you can’t ever really be secure and private. Windows and MacOS both leak all kinds of data to their parent companies. The telemetry and data collection are baked into the operating systems and you can never really get rid of it.
Running Linux is the only way to have full control over your systems. Again, you can go really deep and refuse to run any closed-source software (ahem.. Richard Stallman). That pesky 80/20 rule shows up here again and you’ll have to decide the trade-offs you’re willing to make for convenience and usability. If you run a mainstream distro like Ubuntu or Fedora you’ll get enough benefit for most people.
Privacy with mobile devices has come a long way. I choose to run CalyxOS on a Pixel phone for a 100% de-Googled experience. I can download all the apps in the Google Play Store without a Google account with the Aurora Store. CalyxOS has an option to install with MicroG which is a privacy respecting implementation of Google Play Services which sends as little data as possible to Google. This makes things like push notifications and maps/GPS possible. But I choose apps from the open source F-Droid store where ever possible since they’re open source.
One of the biggest digital life boons for me has been running a personal server. It lets me host my own privacy respecting FOSS services that replicate all kinds of centralized services. Google Drive replacement? Nextcloud. GitHub replacement? Gitea. 1Password/LastPass replacement? Vaultwarden. Netflix/Hulu/etc replacement? Plex or Jellyfin. News/Feedly replacement? FreshRSS. FB Messenger replacement? Matrix. Find My iPhone replacement? Hauk. And dozens of other different services like a Bitcoin node, a Lightning node, a Nostr relay and so on.
These days I feel like I have largely achieved the level of privacy I set out for. That doesn’t mean I’m a recluse or a luddite; far from it. But it means I can selectively provide information that I want. Our data is atomically who we are, it’s our lives. And my data is under my own control and that’s freedom. It’s been by far the most rewarding, and fulfilling thing I have done in my life. It’s a topic that’s as wide as it is deep, and I know I’ll never be done learning and growing and I’m glad to be on the journey.