By: Perla Khattar *
In an era characterized by ubiquitous data collection and increasingly sophisticated digital technologies, privacy has emerged as a crucial concern for consumers worldwide. As personal information becomes more vulnerable to exploitation, the importance of privacy management cannot be overstated. While regulatory measures and institutional safeguards such as privacy by design play an essential role in protecting user data, the responsibility of safeguarding privacy ultimately rests in the hands of individuals themselves in the absence of effective regulation.
While it is evident that comprehensive legal frameworks and industry practices are necessary to ensure the responsible handling of personal data, the limitations of such measures have become increasingly apparent. The pace of technological advancement often outstrips the capacity of regulations to keep up, leaving gaps in protection. Moreover, the sheer volume of data generated and the diversity of platforms and services utilized by individuals make it challenging for regulations to cover every aspect of privacy. This blog post aims to provide practical tips to help consumers establish new habits and make small changes to enhance their privacy protection.
These tips do not provide foolproof protection against sophisticated threats, but adopting privacy-conscious habits can bolster individual privacy resilience and help mitigate risks. The primary objective of this blog is to equip individuals with beginner-level tips for privacy management. This newfound awareness can help individuals make informed decisions about how their personal information is collected, used, and shared, and can prevent them from falling victim to scams or other forms of exploitation. By being aware of their data privacy rights, consumers can also hold companies and organizations accountable for how they handle their personal information, and can help to promote a culture of greater transparency and accountability in the handling of sensitive data. This blog aims to bridge the gap between theoretical privacy principles and practical implementation, empowering everyday consumers to navigate the digital landscape with greater confidence and privacy consciousness.
1. Understanding The Alphabet Empire
It is widely believed that Google has engaged in shady privacy practices in the past. For example, the company has been criticized for collecting and using biometric personal information from its users without their knowledge or consent. Some have also criticized Google for not being transparent enough about its data collection and usage practices, and for not providing users with adequate control over their personal information. Overall, there is a perception that Google does not prioritize the privacy of its users, and that it is more focused on maximizing its own profits.
An Alternative to Google Docs
Google servers can see everything that is typed in the Google documents, simply because consumer’s work and data is not end-to-end encrypted. Google isn’t particularly transparent about what it is doing with the collected data, but it is assumed that the company is scanning and analyzing the contents for marketing purposes.
However, consumers wishing to collaborate in real time on documents can do so privately: platforms like Cryptpad and Skiff are similar to Google docs but are end-to-end encrypted, making it impossible for the company to access your work in progress.
Search Data Collection
Google keeps a database on every single user, where every search query is added. Then, specific information is extrapolated like location, medical concerns or political views, and sexual preferences for marketing. Google collects everything users search for, and everything they decide not to search for: the moment the user types in the search bar, and gets suggestions for common questions asked, everything that was typed, regardless of whether the user pushed “enter” or not, is sent to the Google database.
This information is used to be broadcasted to thousands of companies in auctions where advertisers and data brokers are bidding to purchase data. Additionally, Google uses this information to target consumers with specific search results, or even manipulate or sensor results.
To avoid all this, consumers can switch to Startpage, a company that gives users Google search results without any of the trackers, leading to the ability of viewing proxy websites without revealing any personal information.
De-Googling a Phone
First, replace Google applications with an alternative: OSMAnd instead of Google Maps, New Pipe and Odysee instead of Youtube, Brave Browser instead of Chrome. Them, download applications from F-Droid or Aurora to avoid connecting to the Google Play Store. Finally, use an operating system other than Android, such as Graphene or Lineage.
2. Recognizing The Importance of Virtual Private Networks
Some Virtual Private Networks (“VPN”) record consumer’s unencrypted information and unencrypted internet activity to sell it to third parties. Some other VPNs log consumer’s IP address and activity. Other VPNs demand access to photos, nearby Wi-Fi networks, and nearby Bluetooth devices in order to gather more data on the user.
In fact, 105 of the most popular VPNs are owned by just 24 companies. When searching for a VPN, consumers should look for products with no logging or low logging guarantees with paramount encryption, and choose the jurisdiction they’re connecting to carefully: in Switzerland, for example, the government can’t compel VPN providers to log IP addresses.
Here are some private VPNs that do not sell any information and that protect user’s information from Internet Service Providers: The Freedom of the Press Foundation’s shortlist includes Mullvad and ProtonVpn.
3. Switching Browsers and Search Engines
A browser is comparable to a car that takes consumers to their destination. Famous examples of browsers are: Chrome, Brave, and Firefox. A search engine, however, is comparable to the map that lets consumers arrive to the final destination, because search engines index all the sites on the internet. Famous examples of search engines are: Google Search, Bing, Yahoo.
Some companies have both a browser and a search engine: Brave has Brave browser and Brave Search Engine. DuckDuckGo which is a popular search engine now has a browser.
Consumers are free to choose which search engine to use in their browser URL bar: someone that uses Chrome, might set their search engine to Google. More private options for browsers and search engines include Brave Browser in combination with Brave Search.
Choosing the Best Browser
Brave has great built in privacy, built-in ad blocker and it prevents websites from fingerprinting the machine; these securities are also enabled by default.
Firefox is great for users wanting to customize their settings, because it has great extensions like the Facebook container that stops Facebook from tracking consumers. However, users wishing to use Firefox need to configure the privacy settings to their linking, as it is not a default in the product.
Tor is the ultimate private browser since it bounces the traffic off the browser to different nodes before reaching the final destination so that no single node knows both who originated the traffic and the final destination. However, although Tor is the go-to browser for anonymity, it makes browsing significantly slower.
Bounce Tracking and Debouncing
Sometimes, before taking consumers to a specific website, computers will bounce the user to several tracking websites before reaching the needed destination. This is because companies are getting sneaky in the way they track consumers.
When consumers are loading a website, they can sometimes see different URLs appearing on the bottom left of the page. Before being taken to the intended website, users are being bounced through tracking websites that collect personal information. This phenomenon is called bounce tracking.
Stopping this can be done in two ways: First, debouncing: some websites can learn which websites consumers are intending to visit, and therefore can skip over all the tracking websites, taking users straight to their destination. Brave has the only version that ships in the browser. Second, unlinkable bouncing: some websites will visit these tracking domains in a throw-away profile to decrease what the tracking site can learn about the consumer.
Browser plugins are pretty dangerous because they are able to capture passwords, credit card details, track browsing, insert advertisements and redirect traffic. Even an extension that does only minor things like checking for discounts, may require access to everything users do in browsers to function. Companies that provide browser plugins are not necessarily spying on users, but they can actually do so if they decide to. Sometimes these extensions are sold to shady companies, or hijacked by hackers.
The solution is to avoid installing plugins, and to delete the ones that are not in use. And if consumers decide to use one, they should absolutely trust the company before using the plugin and check for the permissions that are being granted. If a company doesn’t need access to everything a consumer is doing, then permissions need to be restricted to the strict necessary.
4. Adopting Better Password Safety
Password safety is extremely important for protecting privacy. This is because a strong password is often the first line of defense against cyber-attacks. If a hacker is able to guess or gain access to a person’s password, they can potentially gain access to that person’s sensitive information, such as financial information, personal documents, and more. Furthermore, if a person uses the same password for multiple accounts, a hacker who gains access to one password can potentially gain access to all of that person’s accounts, which can be even more devastating. Therefore, it is crucial for people to use strong, unique passwords for each of their accounts, and to regularly update those passwords to ensure the continued protection of their privacy.
Shady Password Managers
Most commercial password managers have key loggers that are used to scan what consumers type. Therefore, password managers need to be reputable, ideally open source or be checked by third party audits. All passwords should be encrypted on the device itself, and encrypted at rest so that the service provider can never get access to consumer’s passwords.
Simple passwords like “password” or “12345678” are one of the easiest ways to get a consumer’s account hacked. Passwords should be unique and randomly generated, with a different password for every account.
With a good and trusted password manager, users can remember only one secure master password and the application will randomly generate and store all the rest of them to make sure that inevitable data breaches don’t put all your accounts at risk.
Consumers should always add two-factor authentication whenever possible, whether its required or not, because it makes a huge difference when it comes to protecting accounts.
Wherever supported, it is best to use a security key like the YubiKey. The text option might be easier, but it is less safe because hackers are notorious for performing “SIM Swaps” where they get the code routed to their device instead of the consumer’s. The authenticator applications like Okta are better than text, but the problem with authenticator applications is that it’s easier to steal the private key off the phone than off the YubiKey.
5. Outsmarting Wi-Fi
When Wi-Fi is tuned on, the phone is constantly sending Wi-Fi probe requests, which are basically little packets of information that contain details about the phone. This information is broadcasted publicly for anyone to see. Essentially, the phone is going around announcing to any nearby Wi-Fi network that the phone exists.
Turning the Wi-Fi off when not in use is a great idea. But pressing the turn off Wi-Fi button doesn’t always mean that the action was successfully executed. If consumers have an android and they turn off their Wi-Fi, they won’t be connecting to a Wi-Fi network anymore, but their phone will still send out Wi-Fi probe requests. An additional step would be to switch off the “Wi-Fi scanning” in the settings. And on iOS, consumers can’t just toggle Wi-Fi off in the control center, it has to be done in the settings.
While it may be tempting to dismiss these beginner privacy tips as insignificant in the grand scheme of things, they actually possess the power to usher in a more sophisticated approach to privacy. True, they may not completely revolutionize consumers’ lives overnight, but they provide a solid foundation for living a privacy-conscious existence in today’s digital landscape.
By implementing these tips, consumers take proactive steps towards protecting their personal information, maintaining control over their digital footprint, and mitigating the risks associated with online vulnerabilities. Each small action, such as using a password manager, or encrypting communications contributes to a larger framework of privacy-conscious behavior. In the face of growing privacy concerns, it is crucial to remember that change begins at an individual level in the absence of legislation. By embracing these beginner privacy tips, consumers actively participate in a larger movement towards a privacy-conscious society, where our personal information remains secure and our digital lives remain private.
*Perla Khattar is an Attorney at the Beirut Bar Association & J.S.D. Candidate 2027, Notre Dame Law School.