Jayant's Clipboard → Blog → Post

My approach to data privacy

March 02, 2020

Like most people, I used to not care about what happens with my data. And I was all too willing and enthusiastic about sharing everything.

Facebook wants my data? Sure! What could they possibly do with it? None of my data is meaningful enough. And I love sharing everything about me with everyone on the internet! All the movies and TV shows I like, the places I’ve been to, any and every half-significant life event since I was born, every relocation… everything, was just something that everyone should know about!

Yeah. How naive that was. I was very very active on Facebook, Instagram, and the like. And, now I’m not on any Facebook product, and I’ve started taking some measures to try and stop tracking of my information or internet behavior as far as possible. What changed?

All of this made me realize one thing. My data can be used in more ways than I can ever comprehend, and it can be gathered from more sources than I can imagine to know more about me than I will ever realize. So what do I do?

I can not achieve zero-visibility into me on day 1 of my realization. I am too ingrained into services and other stuff that are a part of my daily workflow. But, I can do this bits and pieces at a time. If I am so concerned with Facebook, maybe I can stop using that first. That cuts of one entity trying to get my data. Or does it?

No, not fully. Not yet. If you followed any of the links above, you know that Facebook can build “shadow profiles” of you even if you don’t have a Facebook account at all. Well, that sucks. Sure, the amount of data I was giving away has not cut down by a lot, but I want them to have basically no data on me anymore (beyond what they already have). How do I do that?

We’ll, there’s a few approaches, and not all are equally effective. And often, multiple of these need to be used together to ensure maximum effectiveness. I started with browser extensions.

Browser extensions

• AdBlock
• Privacy Badger
• Tampermonkey

AdBlock stops almost all ads for me anywhere on the internet. Ads are a massive source of information on you for third parties. It does kill one source of revenue for a lot of websites on the internet as well, so you may want to think about how you use this extension.

Privacy Badger helps get rid of all these “social” buttons and other shareable stuff on websites. The presence of these buttons often indicates that these social sites and all may be running some scripts on that very page. Don’t want that. It does quite a bit more than that too. It will also block requests to known trackers, or trackers that exist on 3 or more sites. It can also block certain requests from setting cookies, and you can control these settings for requests from specific domains too.

Tampermonkey runs userscripts, and there exist userscripts that can run custom logic to stamp out “adblocker blockers” or other tracking entities.

These things together do a pretty great job… on my browser, which is Chrome at the moment.

What happens when I switch to another browser for some time? Or a native or non-browser application? On any browser or application on my phone? Things are trying to hit tens of thousands of requests in total for ad, tracking, and analytics purposes all day, every day. Other than the obvious privacy concerns it also burns my battery capacity, and my data cap. If you’ve not cared too much about your privacy, surely you hate your data running out, or for the unlimited data folks, your battery running out.

Requests Blocking

Most of what the previously mentioned tools do, is block any requests to known or custom hosts. They block all requests to doubleclick or google analytics, among maybe 40-50 thousand other hosts, just that they are limited to the browser, and my internet activities obviously go beyond that.

Hosts File Managers

I considered alternative approaches, like using a tool to block requests through the hosts file, but those can usually be tedious to maintain, and it’s not very cross-platform. As in, it’s a good option, but I wanted to see if I could look for a tool paid or free that would offer more convenience. Also, I didn’t want to root my phone if convenient alternatives were present.

Local VPN based network interception

I thought to myself, a VPN picks up requests going somewhere starting right on my device, and after a lot of jumping around, it takes the response and feeds it back to whatever triggered the request. So, a VPN technically could take the request right as it was about to fly, and then do something with it, such as remove headers or block the request altogether. Such a thing should also me more customizable than a hosts file, and it could also provide me local analytics on blocking and interception, in theory, because as of now I didn’t know if such a thing was actually possible.

One quick search for “vpn based ad blockers” led me to a multitude of such tools. I tried two of them, and one of them was a cross-platform one. I’ve cross-checked some community feedback on these things by looking stuff up on the following subreddits:

• https://www.reddit.com/r/privacytoolsIO/
• https://www.reddit.com/r/Infosec/
• https://www.reddit.com/r/privacy/

The tools themselves are:

• Blokada
• AdGuard

I used Blokada v3 for a while. It works by creating a local VPN that intercepts all your traffic and implements certain rules on them to block any undesirable requests, and it made it easier to manage than a hosts file.

It was not quite sufficient for me, and nor was it cross-platform.

Here comes AdGuard. It did everything Blokada did, and more. It could be used on multiple devices (based on your license), had easy to understand metrics, extremely configurable settings, and an exceptionally functional filtering log.

This might seem abrupt, but I’m ending this post here.

I’ve been using AdGuard since a while now, and I’ve been very happy with it. I use it on all of my devices, so it definitely works very well for me.

Depending on the use-case, I often use Tor or Brave browsers for some stuff that may either be region locked, or potentially politically “risky”. Or sometimes to just search some stuff for which I can expect results completely free from my location or shadow profiling.

I’ve also set every app on my phone (Android 10+) to use location only when it’s actively in use (if it needs location at all).

That’s all! Thanks for staying till the end if you did!

Built by Jayant Bhawal, who does stuff on the Web as a hobby.
You should follow him on Twitter or GitHub

• ← TIL - The HTML Dialog element
• Windows Powertoys - Did you know it was a thing? →