My Online Privacy Experiment
Aug 10, 2016
4 minute read

Working in online marketing, especially with automation and analytics tools, oftentimes you are watching various people activities performed on your website and their profiles. This is usually pretty basic information available publicly or submitted by given person willingly plus analytics data, like page views and e-mail opens. While this simple info seems very scarce, used smartly provides huge benefits and gives valuable insights where should you focus your marketing and sales efforts. It’s money.

Watching all this data handed to me by Google and Facebook, companies now stronger than many governments, it was only a matter of time before I got heavily interested in privacy online. They give me only a tiny fraction of their vast knowledge about internet users, but still it’s huge amount of information. So, what do we really share while surfing the web?

Internet is not private by design

The World Wide Web was never meant to be private. Connected machines share a lot of details and technologies like encryption or Tor are often additional layers on top of existing transparent protocols. The internet culture, however, embraced pseudonymous identities (nicknames) and regular users didn’t know real identities of others.

It’s funny how times have changed. First social networks were being attacked for publicly showing real names of users as this was perceived as huge breach of privacy. Today lot of people share everything on social media and do not really care a lot (famous “I have nothing to hide”). The problem is, these social networks know a lot more than we think. Information you provide willingly is only a small part of the big picture. The sweet stuff is your behavior - and if somebody follows your everywhere you go and tracks everything you do, would you really be comfortable with it?

Threat model

Electronic Frontier Foundation’s advice for digital security is thread modeling. In short, you should conduct a treat modeling assessment which answers the following questions:

  1. What do you want to protect?
  2. Who do you want to protect it from?
  3. How likely is it that you will need to protect it?
  4. How bad are the consequences if you fail?
  5. How much trouble are you willing to go through in order to try to prevent those?

I did my own threat model some time ago and I’d recommend you the same - you might be surprised about potential consequences of sharing things you carelessly publish today. As I’m just a regular Joe, I can simplify my threat model to two points - what kind of information can be public and which data I want to keep for myself.

Public - things I have no problem sharing

  • Name, City, Country on social media accounts
  • Email address on this personal website
  • Social media statuses
  • Photos I share publicly
  • My appearance (how I look)
  • My online posts (blogposts, comments on the web)
  • My personal info I post voluntarily on the internet (ex. where I work, what I’m interested in)

Private - information I want to keep for myself

  • Name, City, Country, personal email address - on 3rd party websites I don’t trust
  • Address
  • Phone calls
  • Private messages
  • Geolocation
  • Browsing habits & history
  • Political views
  • Files and private photos
  • E-mails

Who has my private stuff

I created a list of companies having access to my private stuff online. No surprises, I guess:

  • My internet provider
  • Google
  • Facebook and other social media
  • Credit card companies

What can I do to protect my myself?

I did some research and found out that actually, it is possible to be private (and even anonymous) on the internet. The catch is question number five from EFF’s threat model: “How much trouble are you willing to go through?”. I decided to carry out a little experiment and, after years of careless surfing, try to get my privacy back.

The journey became much bigger than I expected and deserves a thorough coverage - which I will publish soon in My Online Privacy Experiment - Part 2