You’re probably worrying too much and about the wrong things.
Privacy is a huge and controversial topic. So huge I can’t tell you what steps to take, what settings to change, what apps to avoid, or what services to choose. Not only are there seemingly infinite options, but the options keep changing.
There are also about as many opinions on the topic as there are internet users. Anything I say is just one more voice in the crowd… but that’s not going to stop me.
Let’s take a pragmatic look at your privacy and your options.
Become a Patron of Ask Leo! and go ad-free!
There are two types of privacy: the privacy expected of the services we use, and the privacy we choose. Software and online services have the ability to collect massive amounts of data from their users, but they look at the behavior of crowds, not individuals. Your own choices have more impact on your personal privacy, now and in the future.
Two kinds of privacy
“Privacy” is a really big term, so I want to define two types.
- Implicit privacy is the privacy we assume when we use online services, operating systems, applications, and programs to manage our personal information and activities. Each has a set of rules — often some formal privacy policy — controlling their access to your information and what they do with it.
- Explicit privacy is the privacy we control more directly with our choices. For example, choosing not to share a photo on social media is one form of explicit privacy. Keeping our passwords to ourselves is another. So are the settings we use to control who is allowed to see what we post.
The biggest difference between implicit and explicit privacy is the amount of control we have. We implicitly trust the software and services to do what they say. We explicitly decide what to share based on what we believe may happen. Let’s look further into the first.
Privacy, policies, and Big Brother
Privacy — or lack thereof — when using popular services or software is a big topic of discussion. For example, Window’s tracking activity generates a great deal of concern. It’s debatable whether the concern is warranted.
Any online service involves some amount of tracking. Visiting a simple website — even Ask Leo! — results in some amount of what might be considered tracking, usually in relation to advertising displayed on the site. Some consider that an invasion of privacy. The most common visible signs are advertisements that appear to follow you from site to site as you browse the web.
All online services and websites have the ability to collect vast amounts of data derived from their users. Similarly, any and all software you install has the ability to collect usage information.
Whether or not you believe Big Brother is watching, the technology is there should he want to.
The (poor) choices we make
At the other end of the privacy spectrum are the (often poor) choices we make about what we share and with whom.
I often hear from individuals who’ve shared a password with a trusted friend only to be surprised when their privacy is violated because the trust was misplaced.
We’ve all heard stories of individuals losing jobs or job opportunities because of statements, photos, or videos posted on social media. Call your boss names on Twitter, for example, and there’s no one to blame but yourself when you’re shown the door the next morning. Have you posted “funny” pictures of yourself after imbibing a tad too much alcohol? That could be the reason you don’t get the next job or loan you apply for.
When it comes to privacy, we’re often our own worst enemy.
You’re just not that interesting
I say it often: you and I just aren’t that interesting as individuals. That your operating system might track what you do is pretty meaningless in terms of personal privacy. That advertisers might use what websites you visit and things you click on to tailor the ads you see is pretty benign.
The companies collecting this data aren’t looking at you as an individual. They’re looking for trends from the data of millions of users to determine what’s being acted on, what’s influencing the crowd, and what they might do better.
I do it, too. For example, do I care that you, specifically, looked at my newsletter? At a personal level I do, but I’m not going to sift through information on nearly 50,000 subscribers to see who did and who didn’t. On the other hand, if 10,000 fewer people open the newsletter one week, that’s information I want to be able to act on. I can only do that by tracking the behavior of 50,000 individuals in aggregate.
The same is true for most any company. Your personal privacy isn’t being violated because nobody is looking at you specifically. One person just isn’t that interesting; thousands or millions, on the other hand, almost certainly are.
But you might be interesting someday
There are two cases in which you might become interesting.
If you run afoul of the law. This isn’t an issue for most, but if you live in an oppressive regime or are subject to investigation for your activities, it could be. Even this falls into two sub-categories: the unduly paranoid (a larger number of people than we might hope); and the legitimately concerned, for both legal and illegal reasons.
It is important to realize that if you fall into this category, law enforcement may have the right to collect information about you. This can include things we might brush off as irrelevant — like ad or service usage collected by your ISP or the services and software you use. I have to say law enforcement may have the right, because laws differ dramatically depending on where you live. Of more practical import, perhaps, law enforcement capabilities vary dramatically, based on everything from expertise to budget to jurisdiction to prioritization of limited resources.
Future opportunities. Some years from now, perhaps someone will research your history as part of a job application or something else where your record and reputation are important. What you post today, publicly or even privately, may influence their opinion tomorrow.
It’s all so scary. What to do?
It’d be easy to read that last section, throw up your hands, and crawl into a hole, thinking privacy is a thing of the past — at least when it comes to the internet.
If you’re a criminal, you probably should be concerned. The only thing preventing you from being exposed is the limited resources of the law enforcement agencies who really do care about you specifically. There are steps you can take, but I’m not the one to help you take them.
For the rest of us living more mundane lives, my advice is pretty simple.
First, stop worrying about being tracked by the companies providing the services you use. They don’t care about you as an individual. There is plenty of room for policy debate about what kinds of information they should and should not collect and how they should or should not use it, but in my opinion, that has little chance of impacting you as an individual.1
Second, don’t post anything you wouldn’t want to be made public. Learn the privacy policies and settings of your social media and other applications, and change them and/or change your behavior accordingly. Public once is public forever; there’s no calling it back from the internet.
Think twice about what you post privately as well, since you’re assuming your private audience won’t someday make it public without your approval. This includes social media, but also things you share in any form, be it email, text messaging, or other media. We’ve all seen situations where communications once thought private were made public to great embarrassment or worse.
Privacy remains your responsibility
I remain a strong believer in our wonderfully interconnected world and all the opportunities it presents.
Naturally, it brings risk as well as reward.
Ultimately, it’s our responsibility to be aware of those risks, educate ourselves about the possible and practical realities, and make careful choices accordingly.
Do this
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Podcast audio
Footnotes & References
1: And if you’re going to worry, then be more consistent. It’s funny to me to get rants about the alleged privacy violations of company G, sent via an email address provided by company M, whose activity is on par with G. If the behaviors of the major service providers concern you that much, I know of no solution other than walking away from the internet entirely.
“I’ve said it over and over: you and I just aren’t that interesting as individuals.” – Hmmm. In some ways we aren’t; in some ways we are. A comment I made in relation to another post…..
To take this a little further, I’ll add that most people have little understanding about the extent to which they’re tracked. You’ve got companies collecting social data and aggregating it with financial information, purchase history records obtained via customer loyalty programs as well as numerous other data points/sources (Google: data brokers). You’ve got companies tracking you across the various devices you use, irrespective of your cookie/privacy/telemetry settings (Google: probabilistic cross-device tracking). You’ve got companies tracking you in a whole bunch of other ways – some overt, some covert. And all of this happens in what is very much a legal grey area with little legislative control or oversight. You’ve got no idea which companies track you, no idea what data they hold about you, no control what they do with that data and no ability to correct inaccuracies.
Currently, this tracking is predominantly used for the purpose of serving up targeted advertising, which probably isn’t too much of a problem in many peoples’ eyes (mine included). However, it can be used for other purposes too. Online retailers already use demographics/profiles in order to adjust prices on a per-customer basis (the price you see may not be the same as the price that I see). Target used purchase history – of things like calcium, magnesium, unscented moisturizers and charcoal-flavored ice cream – to work out which customers were pregnant (Google: Target pregnancy). How much longer before picking up a friend’s anti-cancer meds – and putting it on your CVS loyalty card – starts affecting your life insurance premiums? There have even been instances of data brokers selling information to criminals who subsequently used it to fraudulently withdraw millions of dollars from peoples’ bank accounts (Google: FTC vs LeapLab).
As I said, privacy is something we need to start paying more attention to.
I’ll add too that it’s not all doom and gloom. Data collection/big data has the potential to be enormously beneficial. Never before have we had access to so much data about people on such a massive scale, and that data can certainly be put to good use. For example, aggregating the data from fitness tracking devices – such as Fitbits – with social and socioeconomic data pulled from other sources could provide us with an unprecedented level of insight into how a wide range of issues affect our health and wellness.
The bottom line is that pretty much every aspect of our lives is recorded in a database somewhere: where we shop, what we buy, how much we exercise, what our heart rates are, how many flights of stairs we climb in a day, how much money we have, how much we owe, who we’re friends with, what we read, what we search for, etc., etc., etc. And all of that data is subject to nebulous privacy policy policies – that companies can change without notice – and is subject to be sold, traded and aggregated, either in anonymized or non-anonymized form. We need to start thinking about how we want that data to be used, who we want to be able to access it and put a proper legislative framework in place to ensure that it isn’t misused.
As Spider-Man once said, “With big data comes big responsibility” (okay, maybe that’s not exactly what he said, but it’s nonetheless true).
I completely agree. Thinking that we aren’t interesting as individuals is immensely naive in my opinion. It won’t take long before insurance companies and employers will make use of aggregated databases, digital profiles and complex algorithms to decide if you are fit to become their costumer (and how high your fee will be) or their employee. If they aren’t already doing that without telling you. You’re completely right about the legislation part; we urgently need it. It’s quite unsettling that it’s not even a subject among politicians, they seem to be way too naive as well.
Another thought-provoking piece from Leo. Once again his attitude to privacy boils down to accepting that we don’t have any, but that it doesn’t matter because the people with access to our information don’t find us interesting. I feel that it matters very much. It might be your own fault if you advertise everything about yourself online, or fall out with the law and suddenly become Interesting. But what if you find that you are Interesting by being falsely accused of breaking the law? Or avoiding taxes? Or holding unusual political opinions? What if someone wants to rob, defraud or blackmail you, and buys the necessary information about you? What if a data breach should put your information into criminal hands? Microsoft, for instance, might be staffed by upright and honourable people now – but will they always be so? I take the view that if it can be done, it will be done eventually, so self-protection has to be foremost in our thinking. It’s not good enough to say that we’re just not interesting; one day, you might be to someone.
“What if someone wants to rob, defraud or blackmail you, and buys the necessary information about you?” – See my comment above. That’s actually happened. Unfortunately, there’s not much we can actually do as individuals to protect ourselves. Like it or not, our personal information is collected, traded and sold – and there’s really nothing we can do about it.
The bottom line is that privacy is very much a legal grey area with legislation being woolly and/or behind the times – and people need to be pushing their politicians to do something about that.
What about your own behavior, Leo?
Every time I get your newsletter and go to your website to read the more interesting articles, my screen is covered with a big advertisement asking me to subscribe to your newsletter. The same newsletter that directed me to the page, and which I have been subscribing to for years!
At least it has a decent close [X] in the proper spot, and that works — it closes, and doesn’t come back again. Until I go on to the next story!
I realize increasing the subscriber count is important to you, but can’t you program it to stop annoying existing subscribers by slapping that ad at them?
I do. It should appear only every three months. (I think… it’s been a while since I looked at that setting.) UNLESS you clear cookies. Cookies are the only way I have to “remember” that you’ve seen it. (And the website has no idea who you are, so it has no way of knowing that you’re subscribed.) More on the topic here: https://newsletter.askleo.com/why-do-i-keep-g-1/
One benefit of the anti-virus software I use is the ability to cut the internet cable figuratively by a software choice. The less time you spend on the internet, the better. Of course, Microsoft and the NSA take only a fraction of a millisecond to monitor you, but at least you can avoid being exposed to the other hackers out there.
Leo — and others,
Is there any place where I could find help towards a comprehensive solution for blogging anonymously, in order to protect oneself against governments prosecuting free speech ?
There used to be advice to that effect, here :
{link removed}
But it’s so obsolete that even its author warn against using it nowadays. I’ve loked and looked and found nothing.
Does anybody know of a privacy-oriented forum where I could ask such a question ? Thanks !
Is there a rule against posting links ? Not arguing, just so that I know in the future.
It’s OK to post links here. If you post links, the filter will sometimes put the comment on hold for a while until we can check the links out.
Depends on the links. Anything that looks like spam will be removed, as will anything the least bit “suspicious”.
Sorry, Leo, but good fortune, professional celebrity, and certainly, your intense technological prowess make you naive and perhaps a little bit proud. Your “but you might be interesting to someone, someday” part suggests, if very innocently, that no one should post a photograph or make a comment under his or her own name anywhere online, at any time. If so, why be online at all? What if something you post and have no reason whatsoever to be ashamed of is used by a stranger to do things that shame you? What if your photo and name are stolen, and you’re not lucky enough to be Leo Notenboom or another technology celebrity? What if you’re just an average John or Jane Doe? There are all kinds of predators who get various sick pleasures from making people suffer for suffering’s sake. Here in America (as opposed to Europe, where wise governments are feeling the pain of the average vulnerable citizen online), it’s open season on privacy for everyone not affluent or technologically powerful. You never know when a sick mind is going to want to hurt you just for the kick of it.
And you are SO right with your brilliant word choice: “promiscuity.” The appearance of online “promiscuity” and the reality of an internet user’s volition in it, and contribution to it, are often two entirely different things. No: I’d go so far as to say the appearance and the reality are ALWAYS two different things.
How about privacy considering deep web? Does deep or dark website shows someones browsing history even if you never been to deep web and only using regular search engine? Can someone figure out all the videos i have watched on porn sites ,with my regular browser, if they use deep or dark web? Can my browsing history be accsessed on dark or deep websites?
If you haven’t been to a site on the dark web, there would be no history because you haven’t been there. The deep or dark web would leave a trail with your ISP unless you use an anonymizer service like TOR. Any information stored by your browser can be cleared, but the ISP retains your history for an extended period of time.
https://glossary.askleo.com/dark-web/
https://glossary.askleo.com/deep-web/
I just had to chime in on this one! TOR, /ClearURL, Etc., badger, and Relay work great on the Mozilla browser! I know there is ALWAYS the chance that you will get caught pants down, but I feel better using these add-ons/plugins available. Through util.’s I’ve seen the “tracker count drop 10 fold. These org.s really want internet privacy, and are working very hard to that end. Just my 2 cents worth..
Gary
There’s simply no way to answer this with any certainty. if your machine has been compromised, sure – your information could be visible or for sale on hacker websites – deep/dark web or not. Same if your provider gets hacked. But as long as you and your provider are fundamentally secure, then this is highly UNlikely.
I am not sure of this question should belonge here but it has something to do with privacy. Since you guys are experts and i know lot of internet news can be fake i have a question. How likely would it be for someone to leak everyones browsing history online? Like someone just writes your name or you can write a name of anyone and see their browsing history?It was a very huge topic in year 2015. There are around 7 bilion people on earth…how likely would it be and do you think it could ever happen? Just your professional opinion.
EXTREMELY UNLIKELY.
I have heard da NSA collects all database of internet users in their xkeyscore program. Can this be publically available? Can some randome avarage person own xkeyscore program and therefore see everything someone browsed?
Not unless they have the hacking skills to break into and crack the encryption of what is probably the most secure server in the world.
No idea. Have never even heard of such a thing. If it does exist there’s no way it would be public.
Hey Leo,
I stumbled upon this page http://nirsoft.net which have some free utilities to be used. I was wondering if those can be used remotely without acsess to someone’s pc or is it just for manual usage only?
Also if i use it on my phone and i am connected to my friend’s wifi will i see my own browsing history or theirs using some of these utilities?
Thank you.
Those would only work if someone was logged in to you computer. They would either have to be at your computer physically or logged in remotely via remote access software.
Question 2: No.
Thank you for your answer but i dont understant the answer on question no2. No i would not see my own browsing hustory or no i would not see someone elses browsing history?
You’d have to be logged into that computer to see the browsing history on that computer. The Nirsoft Android app only gives you publicly available information about the wireless access point. It can’t connect to any computers on that network.
HeyLeo,
I was wondering about all sites that claim they can find if someone has dating site using email address. Do you actually think they would give away such information for free? What i think is that to get such information you always have to pay…..othervise it would be kind of violation of privacy i guess
Even if you had to pay it’s still an invasion of privacy.
Hello LEo,
I used to had interpals site which i deleted but sometimes there are cached comments made by me on google search. I was wondering could i see more cached comments made by me on deep web then on google search?
Possible, I suppose, but highly unlikely in my opinion. You’d have to try one of the dark web search engines, but it’s unlikely they’re as comprehensive. I honestly don’t know how you’d find it.
is tor dark webs search engine? ^^
Nope. Tor is a browser and anonymous access mechanism.
I am a retiree. That is an advantage for me because I live in the United States of America :)! I can speak my mind without concern for future effects providing that I break no laws with what I say. I do not expect to be looking for a job at any time in the future (I am old enough that working is pretty much out of the question) so my thoughts will not affect my employability. The main thing I need to keep in mind when I speak publically is my reputation. The things I say affect my reputation for honesty, integrity, and character (or lack thereof). For those reasons, when I express my opinion, I am careful to make clear that what I am saying is my opinion (not a fact). When I state a fact, I cite my source (provide a link to the source of my information) just as I was taught to do in College English 101.
I believe that the practice of citing the source of information should be taught in High School, perhaps as part of a General Communications course. I also believe that such a course should be required, just as is Math or Language. Such a course should also teach the difference between factual statements and opinions.
These are my thoughts. What do you think?
Ernie
Totally with you, though I think it’s an even bigger problem than just “cite the source”. I don’t believe people are being taught critical thinking skills, and that’s (pardon the pun) critical to the responsible consumption of information these days.
“I don’t believe people are being taught critical thinking skills”
Dead right, Leo. This is, as you say, critical to a functioning society, regardless of whether it applies to on-line information, publications, or just gossip.
I think we’ve all been watching the dire results of this lack of critical thinking skills applied to recent events.