The ghost in the machine: 15 practical steps towards becoming anonymous online
Internet technologies are more sophisticated, intelligent and invasive than they’ve been yet. So how realistic is it to truly disappear online?
Thumbing through social media? Checking out some new shoes online? Reading about President Cheeto’s latest failure? Nice. You’re screaming, at high-speed, through hundreds of connected computers - and you are being watched. In an economy that now considers your personal data more valuable than oil, the visibility of your online behaviour powers the entire earnings models of the biggest technology platforms on the planet — and well - business is booming.
So, why is your personal data so important to businesses and governments around the world? A complicated question with long, and short answers.
The most powerful businesses in the world are creating and leveraging a global storm of ongoing, precision, human-behaviour data in a bid to predict the future. Knowing exactly who, what and where people are online allows powerful, for-profit organisations to analyse mass human behaviour and profile entire slices of populations precisely — targeting them with the information and ideas that will resonate most deeply. For consumer brands, that might be a £4.99 phone case, or a £150.99 pair of shoes. For governments, it might be an entirely new political or economic system.
This exhaustive set of personal data spans technical (devices), geographic (locations), economic (spending habits), emotional/personal (moods and public consensus), visual (image and identity), political (social and political affiliations and behaviours) — and more. This is a highly potent cocktail of often ‘private’ information that now lives in the hands of software companies and analytics companies looking to collate it and crunch it — and use the outcomes to manipulate human behaviour for their financial futures.
This business model is what has become commonly (and chillingly) known as ‘surveillance capitalism’. It’s the jewel in the crown of our extraordinary digital revolution — and arguably, the concept that generates more technology revenue than anything else in the world.
So what is ‘Surveillance Capitalism’?
Shoshana Zuboff is likely the world’s foremost authority on digital surveillance and its role in society, and as an author and Harvard scholar, declares:
“Surveillance capitalism unilaterally claims human experience as free raw material for translation into behavioural data. Although some of these data are applied to service improvement, the rest are declared as a proprietary behavioural surplus, fed into advanced manufacturing processes known as ‘machine intelligence’, and fabricated into prediction products that anticipate what you will do now, soon, and later.
And further:
“The combination of state surveillance and its capitalist counterpart means that digital technology is separating citizens in all societies into two groups: the watchers (invisible, unknown and unaccountable) and the watched. This has profound consequences for democracy because asymmetry of knowledge translates into asymmetries of power.”
I highly recommend this excellent piece — which paints a picture of what surveillance capitalism is, how you’re part of it, and how crucial it’s become to digital models and political agenda.
Cool, seems pretty bad. How can I protect myself?
The extent to which any individual can protect their privacy online is governed by a small number of important questions:
- Who and what do you want to remain private from?
- What are you currently exposing to them, actively and passively?
- Why is it important to protect that information?
- If you don’t take protective steps, what are the consequences of you living highly publicly?
You can control a very large amount of the data you transmit, and to who, but you can’t stop sending data. You will never be completely anonymous online. With even the best masking tactics, something is always trackable, somewhere — but you can pick and choose from a series of things that will completely overhaul your privacy game online.
And now, for my next trick… disappearing.
Of course, the most secure thing to do is never to use the Internet for anything. But, it’s 2020 — and that’s not realistic.
Take a look at a few things you can do to help prevent your personal data falling into the wrong hands.
1. Investigate yourself and remove what’s public
There might already be a trail of public information about you on websites across the Internet. It’s a good idea to have a clear understanding of what that is, and how simple it is to find out about you online.
For that reason, you’re going to need to start digging. This means:
- Search for yourself. Search your full name, its variants and any public nicknames. Do the same for your email addresses and your phone number(s).
- Find what’s public, and if you don’t want it online, politely request the owners to take the content down. It’s more likely than not that the data will have come from your own profiles, somewhere — and you can remove that yourself.
- If you don’t own the information, the owners don’t respond, or you want to go straight to the source, you can actually request that Google removes the link to the resource from their search engine directly, instead, (which sometimes works well, and sometimes doesn’t): https://support.google.com/websearch/troubleshooter/3111061?hl=en
If there are prominent public images of you that identify you, you’ll also want to use Google Reverse Image Search (hit the camera icon) to find where else it’s stored online.
2. Throw your Alexa into the closest body of open water.
An Alexa is quite literally a corporate listening device that you bought from the world’s richest technology company and records your life while it sits next to your fridge. Why don’t you just rent a bed in an Amazon warehouse like Big Daddy Jeffy wants.
3. Delete your Facebook account (and uninstall all of its products).
One of the most sophisticated technology projects in history, Facebook’s birth reimagined Google’s original lessons in data analysis and left an entire data economy in its wake - paving the way for some of the most flagrant data abuses of all time. Plus, it’s now widely recognised as an advertising platform that routes titanic amounts of commercial advertising and political propaganda through its network to its targetable user base of its 2.4 billion people—and is credited as a significant tool in the installation of authoritarian governments all over the world — Trump, and Johnson included.
So it’s a fantastically powerful human indexing tool and you’re going to need to delete your account. And that includes their other products, too. Which means:
- Deleting your Facebook account.
- Uninstalling the Facebook app on all of your devices.
- Uninstalling the Facebook Messenger app on all of your devices.
- Deleting your Instagram account, and uninstalling it on all of your devices.
- Although WhatsApp advertises end-to-end encryption (which protects your data from being intercepted and decoded between devices), it’s owned by the company with the worst data privacy reputation of all time, so you’ll need to delete that too.
4. Install a new, encrypted messaging app.
You’ve just uninstalled WhatApp, which might mean you now have no way to contact anybody over the Internet. The good news is that not only do secure messaging options exist — there are some excellent ones available.
Both Signal and Telegram are privacy-centric, popular communications platforms that have native privacy built-ins, such as self-destructing messages and secret chats. They’re pretty similar apps in essence, so it’s your choice as to what you prefer.
5. The apps on your hardware devices are tracking your movements. Switch off their location trackers individually.
This one is straightforward. The apps on your phone, tablet and computers run GPS software that uses the device’s hardware to trace and record their own locations. This is exploitable geographic data on your whereabouts for lots of different reasons (at the moment, usually used for super-targeted advertising). If you don’t like that, you’ll need to find where in those apps you can manage those settings and switch them off.
6. Mask your location with an anonymous VPN.
Virtual Private Networks are important parts of creating genuine online privacy. They create a private network from a public internet connection and are designed to mask your IP address — which is the public ‘home address’ of your computer, phone, or tablet - making your online actions much more difficult to trace back to your actual machine, and subsequently, your identity.
VPNs also persist secure, encrypted connections that provide much greater privacy from intrusion than a standard WiFi connection. Popular VPNs like NordVPN use military grade encryption, leak protection, no-logs policies and killswitches to protect your identity as thoroughly as feasibly possible. This is a lot of infosec jargon, but the theory is actually not very complicated - and there’s more at this great article.
7. Use an anonymous browser.
A web browser is a piece of software you use to access the Internet and request data from the other computers connected to it (like Facebook’s servers, for example). When you’re using a browser, your computer is sending and requesting information between itself and lots of other machines — and that’s how the Internet moves information around. Chrome, Safari and Firefox are the most popular.
Tor is the best known privacy-centric browser. It’ll let you connect to the Internet without doing any of the nefarious and overreaching stuff that the other commercial browsers do, and there’s good advice here.
8. Use an anonymous search engine.
If you’re using Chrome (browser) and Google (search engine), it’s guaranteed that you’re leaking personal information all over the place about who you are, where you are, what you’re looking for and where you’ve been (geographically, and digitally).
Private search engines like Duck Duck Go are designed specifically to allow you to search the Internet without storing any of your personal data. If you want to stop Google, for example, threading together the data from Chrome, Google (Search), YouTube, its Ad network and more, you’ll need to abandon it for an anonymous browser.
9. Move to an anonymous email provider.
Protonmail is a Swiss encrypted email provider by the CERN and MIT team — perhaps, the most technically capable ideas teams in the world. These sorts of products don’t have some of the bells and whistles of GMail, or others — but they’re free, secure and committed to better privacy standards than the commercial alternatives.
10. Stop ‘living in public ‘— and if you’re posting photos or media, kill your metadata.
Part behavioural, part technical. Social media is intentionally addictive — but you may want to post as little as possible online, on any platform you use — particularly if it’s about you, your life or includes personally identifiable information.
In the case that you do want to post images or media to the Internet and preserve some privacy, you’ll need to remove the metadata from each file. Simply put, metadata is automatically generated data about data (in this example, the latter is an image)— and includes things like the locations, dates and times of the ‘thing’ you’re posting. When downloaded by someone else, they can simply extract that data — which might not be what you want, if you don’t want to offer up where you’ve been, and at what time.
Put your photos through a platform like ExifRemove (although, there are lots of these services!) and it’ll wipe the metadata for you, before you do anything with the image.
11. Share your files anonymously.
If you’re sharing files online, instead of using a consumer product like Dropbox, you may want to use a platform like OnionShare instead. It supports files of any size.
12. Find out if you’ve been hacked.
A ‘data breach’ is an instance of a hacker (or group), gaining unauthorised access to a computer system that your private information might be on. They’re common, but you don’t always find out about it, and if you’re using the same credentials for multiple sites, you’ve actually been breached elsewhere too.
Have I Been Pwned? is a website that catalogues data breaches and allows your to use your email address to find out if any of the accounts associated with it have been compromised. You’ll then know which of your passwords to change.
13. Manage and split up your login details.
Now that you know if you’ve been hacked, you’ll know which passwords you’ll need to change. The truth is this though — in 2020, all of your passwords should be practically unhackable, unique, and managed through a third-party, like Lastpass. This means:
- Signing up for Lastpass, or another service.
- Adding all of your accounts, manually.
- Resetting all of your passwords with machine-generated ones, which it will generate automatically for you. I just generated one as an example, and it looks like this: rrjDk98Ub@JVH&J0
- Using a password manager as the central source of password data across all of your devices, and when you log in to something new, just grabbing it from your vault of secret passwords.
- You won’t know any of your passwords — apart from your master password which is used to access your vault. So make that a very good, long one and a very easy one to remember.
Beast mode:
If you really want to, you can throw this process into hyperdrive by generating a temporary, burner email address for each service. It’ll expire quickly, and you’ll probably never be able to reset your password, but your personal email address won’t be tied to any of your Internet accounts and they won’t be able to reach you by email ever again, about anything, let alone track anything to your email identity.
14. Do as little online shopping as possible, and if you do, stop using credit cards, debit cards or third-party gateways, like PayPal.
The greatest, and worst part of the Internet is its commerce model. Much like the physical world, purchase behaviours are easily traceable because they run through a highly documented ledger system of transactions and reconciliations. This is amplified enormously online — and along with your details, and the item, each transaction is accompanied by a staggering amount of metadata accumulated from your purchase. Often, your entire purchase cycle is recorded — from the first time you see an advert, until you eventually make the purchase - including where you were, what device you were on, and what else you might be interested in.
For true anonymity, you need to completely stop shopping online, or pay for everything using a cryptocurrency like Bitcoin. But almost no mainstream providers accept Bitcoin, and its value is roughly as stable as my legs when I walk home from the bar at 2.45am having drunk 8 glasses of scotch to forget about the technocratic dystopia.
I’m not sure I’m prepared to stop doing either, really.
15. ONLINE PRIVACY, SAVAGE MODE: Replace all of your devices with a hardware encrypted laptop, and privacy-centric OS & smartphone, and do all of the above
Most people can’t afford to replace their computers and phones, and wouldn’t if they could, because they aren’t a literal NSA agent. However, if you really wanna jam this baby into fifth, you can buy a dedicated secure phone, like a Blackphone (there are a bunch of these devices, available)— and a new hardware encrypted laptop and install either Tails or Whonix on it, rather than Windows or Mac OS.
You can then do all of the above. It’s probably as close as you’re ever going to get to leaving no trace. Genuinely, good luck with that. You’ll need it, because it’s complicated.
In closing
The best security and privacy policies are thorough, but practical. It’s for you to determine what you value and how important it is. Truthfully, doing all of this isn’t going to give you a particularly fun future Internet experience — but there might be certain tradeoffs worth making to elevate your level of privacy.
Not everyone values their data rights in the same way — but it’s important to think about the long-term effects of living highly publicly in a digital system that traces, records and capitalises on what can be permanent and deep digital footprints.
Have a day.
