DEV Community

Cover image for Your privacy is optional
Alex Hyett
Alex Hyett

Posted on • Originally published at newsletter.alexhyett.com

Your privacy is optional

I am quite a private person really. Even though I have a YouTube channel and this newsletter that I write every week, I rarely talk about my personal life.

I recently shut down a lot of my social media channels as well as I just wasn't posting there much. Even on my personal Facebook I haven't posted anything since 2018.

Even though many of you are a lot more open with sharing your personal lives on the internet, many are unaware of just how much data all of these companies have on you.

Maybe you trust the likes of Facebook and Google not to misuse your data (you really shouldn't) but what if all that data got into the hands of someone else with even more nefarious intentions.

Last year the wildly used password manager LastPass got hacked and all of their customers password vaults were stolen. Yes they maybe encrypted, but the encryption is only as strong as your master password.

If you were using LastPass then the advice is simple. Choose a new password manager and change every single password that was stored on LastPass.

The problem is who can you trust? Any online password manager is going to be a target for hackers. Keep reading for how I am tackling this problem.

What data do companies have on me?

The LastPass breach woke me up a bit to the risks of storing all of your data in the cloud. The issue is not so much on the data that you supply to these companies willingly, but on the data they collect without your knowledge.

So let's have a look at what information these companies are collecting on you:

Google

Google is one of the worst offenders when it comes to privacy. It shouldn't really be surprising considering they started their business by scrapping all the websites on the internet.

Google tracks the following:

  • Your location - If you have location tracking turned on then every time you turn on your phone Google will track where you are. You can see your location data here. Even if you haven't got location tracking turned on they are still tracking your IP address when you log into services which gives a general location.
  • Search History - a bit of an obvious one, but yes Google tracks every single search you make on Google.
  • Emails - if you use Gmail then Google also reads all of your emails that you receive and send.
  • Documents - if you use Google Drive then they also have access to all of your documents and photos.
  • Apps you use - if you have an Android phone then Google is tracking every app you open and how long you use it for.
  • Websites you visit - If you use Google Chrome or click on a link from Google then they are also tracking all the websites you visit. A lot of websites also use Google Analytics so even if you aren't using Google or Google Chrome they are still tracking you.

So why does Google store all of this data on you?
Google makes its money by selling advertising. This is how they are able to offer so many products and services for free.

If you’re not paying for the product, then you are the product.

The more personalisation that Google can add to their advertising platform the more useful it is to advertisers.

Let's say for example you are selling electronic scooters, and you want to do an ad campaign to try and sell more of them.

In the past, this would have been done by putting an advert in newspapers as well as a short TV advert. Your advert would have been shown to millions of people but only a fraction of those would be interested in buying a scooter.

What Google has done is allowed advertisers to target only those people that are interested in scooters.

How does Google know that you are interested in scooters?

  • You recently searched for scooters on Google
  • You visited a scooter website that is using Google Analytics
  • You are using Google Chrome and visited any website about scooters.

Up until 2017 Google also used to scan your emails and target advertising based on their contents. Apparently they don't do that any more, but it doesn't mean they can't use your email data for other things.

If you have a Google Home I wouldn't be surprised if they were using data collected from these devices to target you as well.

It isn't just for advertising. Google also use all of your data to help train its AI offering Google Bard.

Meta

If you are on Facebook, Instagram, Threads, WhatsApp or have a Meta Quest device then Meta knows an awful lot about you too.

Meta also relies on advertising to make money and therefore most of your data is going to be used for targeting advertising as well.

You only need to take one look at the Data section on the App Store for Instagram to see the extent of the privacy invasion:
![[instagram-data.jpg]]
Even if you don't care too much about companies having access to your data, this level of snooping is pretty shocking. It is not clear whether this is only data that you personal share on the app or whether Meta somehow has access to the data on your device.

Due to the surge in interest in AI lots of companies are updating their privacy policies to include the right to use your data to train AI models as well.

Is it just the Big Tech companies that we need to worry about?

You might think that if you don't use any of these platforms you would be safe from this sort of privacy invasion but unfortunately not.

Even driving your car is a privacy nightmare.

The Mozilla Foundation did a review of the privacy policies for car manufactures. You can read it here: It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy

It is pretty shocking the information they collect. This includes information about your sex life, audio recordings of vehicle occupants, your location as well as your "genetic information"!

If that wasn't bad enough 84% share or sell your data to third parties.

It is OK though because you can opt out of this privacy invasion by not using their services (e.g. your car) as a driver or passenger. Great....

So what can you do to protect yourself?

The best way to protect your data is to not give it to these companies in the first place. That means finding alternatives to the platforms that you use that actually care about your privacy or at least have no interest in your data.

If you have the knowledge then obviously the best approach is to self-host your own services. If they hold particularly sensitive data then this is obviously the preferred route.

I am in the process of slowly moving all my services over to more privacy conscious alternatives. Yes it is a bit of pain to do, but it is worth it for piece of mind.

These are the services that I am using, or I am in the process of moving to.

Password manager

After the LastPass breach I decided not to host my passwords in the cloud again.

I have now switched to using the BitWarden app with the self-hosted VaultWarden server. I have set it up, so my passwords are only accessible when connected to my home network either physically or with a VPN (I am using tailscale for this).

I also tried out KeePass for a little bit but prefer the BitWarden apps. The key thing here is don't store your passwords in the cloud as they are massive target for hackers.

Social Media

Most of the big social media applications are using your posts, who you follow and interact with for targeted advertising.

As I mentioned in a previous issue I have moved over to Mastodon on a self-hosted instance. I have been enjoying Mastodon so far, but there are certain creators I do miss hearing from. Hopefully they will move over in time.

I do post many pictures, but I am tempted to self-host Pixelfed as well as an Instagram alternative.

I still have my other social media accounts but no longer have the apps installed on my phone. I will probably will delete them soon though. My only concern is someone taking over my old handle and impersonating me. Especially considering my old YouTube videos point to these handles.

Email

Email is definitely one of the more sensitive areas that I don't particularly want someone scanning all my emails.

I have now moved my personal email over to Proton. Proton has zero access encryption which means that even Proton can't read your emails. They get decrypted when you view them on your device.

I am still waiting for Proton to update their iOS calendar app, so it has a proper month view like Google Calendar does. Their Android version already does this, so hopefully it won't be too long.

Migrating all my emails across was pretty painless using their migration tool.

If you wanted to sign up for Proton you can use my friends and family link which will give you a month free of Mail Plus which is what I am using.

Cloud Storage

I am still using some cloud hosting such as Dropbox and iCloud. This is mainly because I don't have enough disk space on my home server to store all of my files.

My plan is to set up a NAS using Unraid and combine the storage from all the hard drives I have lying around. Unraid has a great option where you can combine the storage of multiple drives of different sizes provided that you have a parity drive that is at least as big as your biggest drive.

Having all your data in one place isn't wise though, so I am planning on storing encrypted backups on Dropbox and Backblaze B2 using Duplicity so that I am following the 3-2-1 backup rule.

Web Browser

After Google announced they are going to use Google Chrome to spy on all your web browsing for advertising purposes I have switched over to using Firefox on all my devices.

Firefox is a lot more privacy conscious especially when you set it up correctly.

Friends don't let friends use Google Chrome.

Search engine

I have switched over to using DuckDuckGo as my main search engine, but I may set up SearNGX behind a VPN in the future.

Other services

Those are the main things that I have changed, but I have started looking into more services that I can self-host so that I have complete control over my data.

These are some of the other services I have self-hosted, or I plan to host in the future.

  • NextCloud - Once I have my Unraid NAS up and running I will be setting up NextCloud for the whole family. This way I can get my unencrypted files and photos off of services such as Dropbox and iCloud.
  • Pi-Hole - I have Pi-Hole running in a docker container on my server. My router then uses Pi-Hole as it's DNS provider. This blocks all adverts and trackers going across my network. There are still some that get through like YouTube ads but it blocks the majority including Google Analytics.
  • FreshRSS - I have started using RSS a lot more to consume various blogs and services. I used to be an avid user of Google Reader and I used Feedly for a bit but I miss the email like interface.
  • N8N - anything that I would have used Zapier or IFTTT for I now use N8N. It is a bit harder to use but more powerful.
  • Matrix - I currently have my family chat on WhatsApp, but I plan to give my daughters tablets for Xmas and I want them to have a way to chat with family without needing to have a phone number or signup to WhatsApp.
  • LanguageTool - I liked using Grammarly to check my writing, but it is not great for privacy considering it sends off everything you write to Grammarly servers. LanguageTool is a great open source alternative that you can run locally.
  • Omnivore - I am currently using Readwise as my save it later app, but Omnivore looks like a great open source alternative.

If anyone has any recommendations for self-hosted services that they use then let me know.


This newsletter is free for everyone, but if you would like to support my work and my YouTube channel you can do so by becoming a patron on Patreon.

❤️ My supporters also get the following benefits:

  • 📝 Exclusive content from me (including my creator income reports)
  • 🔓 Access to the source code from my YouTube videos
  • 💬 A private community (currently just me if you want to ask me anything)
  • 💰 Exclusive generous discounts once my courses are released

❤️ Picks of the Week

📝 Article - Asking 60 LLMs a set of 20 questions. It is interesting to see how the current generation of AI respond to different questions. I must admit I didn't think some of them were capable of this type of logical "thinking".

📝 Article - ‘Privacy Nightmare on Wheels’: Every Car Brand Reviewed By Mozilla — Including Ford, Volkswagen and Toyota. As mentioned in this week's issue this is quite eye-opening.

🛠️ Tool - Procreate Dreams. I have been using Procreate on my iPad for a while now for drawings. This looks really cool if you are into animation.

📝 Article - How Query Engines Work. Ever wondered how query engines work when querying data? This is quite an extensive guide into how engines like that work.

⌨ Font - B612 – The font family. Airbus have released the font they use for Airbus cockpits as open source. Quite cool if you decide to build anything that needs that industrial look.

🛠️ Tool - HackYourNews. If you read a lot of HackerNews you might find this interesting. This tool uses AI to summarise the top stories as well as the comments so that you can quickly look through to see if there is anything interesting. As with all things AI related it does lack a bit of character but useful to narrow down interesting topics.


💬 Quote of the Week

If you want more in your life, you may have to accept less. Accepting less means less clutter and less meaningless stuff.

From Feck Perfuction (affiliate link) by James Victore. Resurfaced with Readwise.


📨 Are you looking to level up your skills in the tech industry?

My weekly newsletter is written for engineers like you, providing you with the tools you need to excel in your career. Join here for free →

Top comments (1)

Collapse
 
ant_f_dev profile image
Anthony Fung

I remember something about a breach with LastPass some time ~2015 (give or take a few years), but apparently it wasn't that 'bad' (or maybe that's just how some people portrayed it). I didn't know they got hacked again recently though; I've always been a KeePass user.

A few years ago, there was a short time when big tech privacy briefly became a talking point. People on the radio seemed genuinely shocked that if they both searched for the same term on a widely used search engine (presumably when logged in), they got back different results.