March 02, 2020
Like most people, I used to not care about what happens with my data. And I was all too willing and enthusiastic about sharing everything.
This post will talk about some (not all) of the privacy measures I take. I’ll mention several tools, extensions, and other things I use or do to keep my internet activities out of reach of those that I don’t explicitly share with.
For example, me sharing stuff on Twitter is okay to me, because I am intentionally providing that information, but Uber having my location information in the background all the time is not okay, neither is it okay for some third party food delivery app to constantly fetch ad related data, or send out metrics without explicit consent.
Facebook wants my data? Sure! What could they possibly do with it? None of my data is meaningful enough. And I love sharing everything about me with everyone on the internet! All the movies and TV shows I like, the places I’ve been to, any and every half-significant life event since I was born, every relocation… everything, was just something that everyone should know about!
Yeah. How naive that was. I was very very active on Facebook, Instagram, and the like. And, now I’m not on any Facebook product, and I’ve started taking some measures to try and stop tracking of my information or internet behavior as far as possible. What changed?
All of this made me realize one thing. My data can be used in more ways than I can ever comprehend, and it can be gathered from more sources than I can imagine to know more about me than I will ever realize. So what do I do?
I can not achieve zero-visibility into me on day 1 of my realization. I am too ingrained into services and other stuff that are a part of my daily workflow. But, I can do this bits and pieces at a time. If I am so concerned with Facebook, maybe I can stop using that first. That cuts of one entity trying to get my data. Or does it?
No, not fully. Not yet. If you followed any of the links above, you know that Facebook can build “shadow profiles” of you even if you don’t have a Facebook account at all. Well, that sucks. Sure, the amount of data I was giving away has not cut down by a lot, but I want them to have basically no data on me anymore (beyond what they already have). How do I do that?
We’ll, there’s a few approaches, and not all are equally effective. And often, multiple of these need to be used together to ensure maximum effectiveness. I started with browser extensions.
AdBlock stops almost all ads for me anywhere on the internet. Ads are a massive source of information on you for third parties. It does kill one source of revenue for a lot of websites on the internet as well, so you may want to think about how you use this extension.
Privacy Badger helps get rid of all these “social” buttons and other shareable stuff on websites. The presence of these buttons often indicates that these social sites and all may be running some scripts on that very page. Don’t want that. It does quite a bit more than that too. It will also block requests to known trackers, or trackers that exist on 3 or more sites. It can also block certain requests from setting cookies, and you can control these settings for requests from specific domains too.
Tampermonkey runs userscripts, and there exist userscripts that can run custom logic to stamp out “adblocker blockers” or other tracking entities.
These things together do a pretty great job… on my browser, which is Chrome at the moment.
What happens when I switch to another browser for some time? Or a native or non-browser application? On any browser or application on my phone? Things are trying to hit tens of thousands of requests in total for ad, tracking, and analytics purposes all day, every day. Other than the obvious privacy concerns it also burns my battery capacity, and my data cap. If you’ve not cared too much about your privacy, surely you hate your data running out, or for the unlimited data folks, your battery running out.
Most of what the previously mentioned tools do, is block any requests to known or custom hosts. They block all requests to doubleclick or google analytics, among maybe 40-50 thousand other hosts, just that they are limited to the browser, and my internet activities obviously go beyond that.
I considered alternative approaches, like using a tool to block requests through the hosts file, but those can usually be tedious to maintain, and it’s not very cross-platform. As in, it’s a good option, but I wanted to see if I could look for a tool paid or free that would offer more convenience. Also, I didn’t want to root my phone if convenient alternatives were present.
I thought to myself, a VPN picks up requests going somewhere starting right on my device, and after a lot of jumping around, it takes the response and feeds it back to whatever triggered the request. So, a VPN technically could take the request right as it was about to fly, and then do something with it, such as remove headers or block the request altogether. Such a thing should also me more customizable than a hosts file, and it could also provide me local analytics on blocking and interception, in theory, because as of now I didn’t know if such a thing was actually possible.
One quick search for “vpn based ad blockers” led me to a multitude of such tools. I tried two of them, and one of them was a cross-platform one. I’ve cross-checked some community feedback on these things by looking stuff up on the following subreddits:
The tools themselves are:
I’m sure there was one more, but can’t remember that for now.
Built by Jayant Bhawal who is from India, trying to do funny stuff on the Web. You should follow him on Twitter