GEN
Search Downloads Cloud Contact Status

Privacy - What is it, and Why do you want it?

The Curious Codex

             10 Votes  
100% Human Generated
2025-03-15 Published, 2025-04-06 Updated
3928 Words, 20  Minute Read

The Author
GEN UK Blog

Mr Bat Man

Batman has never worked for the company.

 

What is Privacy?

E_7JQZ8I

Privacy is mostly understood as the right to not have your every move, interest, thought and activity shared with everyone. When in your own home, you expect privacy, to do whatever you want (within reason) without everyone else knowing, be that reading, writnig, watching TV, knitting, painting, playing with action figures, etc.

You may make a phone call to your friend 'Dave' and expect quiet reasonably that whatever you discuss, is between Dave and you. This is 'Normal' and in many jurisdictions there are legal protections establishing privacy as a right.

Why do you want Privacy?

In years gone by, something known as 'gossip' would circulate in communities, being the combination of minor observations combined with liberal speculation and a fair degree of artistic license, Gossip invades the privacy of individuals for the purpose of entertainment, and harm. Not being the subject of this weeks gossip is the primary objective of most people, and that's why you want privacy.

This is subjective though, and a politician or celebrity has a much lower expectation of privacy than most other people, their job literally limits their options for privacy, and at the same time increases their need for it. The value of 'gossip' increases exponentially based on the market, for example, whilst I'm sure knowing that Mrs Tibbs from number 12 was seen talking to the Milkman for more than the prescribed 30 seconds, it really doesn't compare to the news that a certain politician was secretly paying school children for lewd acts. Should both Mrs Tibbs and the politician be afforded privacy? Well yes, of course they should, they genuinely have a right to that, but at the same time there will always be people willing to invade that privacy.

Why the deck is stacked against you?

Many people today won't know what an investigative journalist actually is, but not that many years ago, news was researched and investigated by people who were really good at doing that, leads cultured and followed, contacts leveraged, and genuine detective work was employed to bring news stories to the masses, both on the television and in the papers. That's a big box in the home that showed moving images, and large printed documents delivered to your door, that you could read.

Today, everything and everyone is tracked, tracked and monitored. The moment you step outside your home, cameras are capturing video, and the computer in your pocket, still favourably referred to as your 'phone' is providing detailed location data back to evil corporations in realtime. Every step you take is matched with location data to put you in a specific street, store, building or facility at any given moment.

You're not in this alone, everyone else is subjected to the same mass surveillance, and interactions are noted, analysed and stored. Did you stand close to three other people today for longer than a few minutes? If so, the identities of those are now linked to you, your digital footprint and any other future interactions will be just so connected.

Even in the seeming privacy of your own home, your devices are tracking the fact that you're at home, and anything and everything you do with or on them is packaged and uploaded. We'll go on to discuss how this happens and why its a problem.

DNS

Every time you open an app, or go to a website, or even without doing anything, DNS requests are made to resolve domain names to IP Addresses.

Without getting technical, computers communicate using IP Addresses, like 1.2.3.4 or 217.36.123.5 or even 2001:0db8:0000:0000:0000:ff00:0042:8329, and yet to make it easy for you and I to remember our favourite websites, we use domain 'names' to map to these IP Addresses, so wikipedia.org can be used instead of 185.15.59.224. The problem with this is that your ISP logs all these lookups, and by their very nature, that means they know every websites you, or your devices visit.

You may have been told that by using 'someone else's DNS' you can avoid this, you cannot. The only way you can prevent your ISP from tracking your DNS is to use DNS over SSL, which is slowly starting to become supported, but, whilst your ISP can't see the DNS activity, the company that you're now usnig for DNS over SSL can, so choose wisely if you go this way.

Browser

Your browser, takes a domain name, does a DNS Lookup and then fetches a web-page, rendering it in all its beauty on your screen. If only it were that simple, we'd all be a lot happier. Unfortunately, when you make a request to a website like, wikipedia.org, we see a number of requests automatically made...

8 Requests Made

We see the wikipedia.org page itself then makes more requests for; the logo, two javascript assets, another two images and two icons. This is perfectly normal, even this website does the same, pulling in fonts, styles and scripts. Now let's consider another site with a questionable reputation... Google.com

28 Requests Made

And this just gets us to a blank page with a logo and a search box. I see Images, fonts, encrypted code, encrypted data, cookies, trackers, more trackers, etc, and what your browser does with this stuff really depends on what browser you're using.

For anyone unfortunately using Google Chrome, which has been described as 'literally Spyware', all this tracking has been fully effective and now every site you visit, every page you submit, every form you fill, will all be tracked back to your google digital profile. Because of Chrome's spyware, Google is sent data constantly on where your mouse moves, how long you spend on each page, what parts of the page you interact with, and so on. If you're using a mobile device with Android, then additionally Google is sent you're location data as well.

I'm sure everyone's heard about cookies, a small packet of data that is most commonly used to store a session ID so that when you login to a website, it knows you're logged in? Well, cookies have long since been hijacked by nifarious companies for tracking purposes. The rule is, that a cookie must stay within the domain it was created within. A cookie created on google.com must only be accessable from google.com, but then we have iframes, a way to have a web page within another web page, and yes - you can now have google.com, with its cookie in any page, and with a little code we can transfer data between the main page and the iframe.

Regardless, in recent years, privacy related browsers like Firefox have implemented features that block cookies in iframes, effectively blocking nefarious tracking using cookies - which is nice. This does break some poorly coded websites that don't use cookies correctly, but overall its a far better experience. Google Chrome on the other hand specifically permits Google's cookies to be anywhere, on any page at any time.

Before you switch immediately to Firefox, which is still a great idea, you need to know about fingerprinting. With browsers and extensions starting to block nefarious cookies and effectively breaking the surveillance of users, companies have turned to another method to track you - fingerprinting. This takes a bunch of connection and browser information, like IP Address, screen size, audio features, OS Version, Browser Version, Plugins, CPU, and others to create a unique identifier for your browser. This identifier is then used when cookies fail, providing another method of identification. (Our Client Toolkit available from the top menu in Tools allows you to see much of this data).

Can we block fingerprinting? Yes, mostly but you need to make some changes. In Firefox for example, in privacy and security you can set "Strict" mode, which blocks:

  • Social Media Trackers
  • Cross-site cookies in all windows
  • Tracking content in all windows
  • Cryptominers
  • Known and Suspected fingerprinters

Combine this with u-block origin for a fairly robust browser that does its best to block tracking as much as possible.

360_F_435248183_w2oA1tyW3vUWAEALkkFQqSM1

You do have a choice, there are many browsers now so pick one that promotes your online privacy like; Firefox, Safari, Zen, or Ladybird, never use Google Chrome - ever.

Apps

Your browser, whilst fairly leaky if you choose poorly, still contains the website within the browser, keeping it away from your computer or device. Apps on the other hand have no such limits, and can go ahead and access many local resources.

On Apple, Apps are sanitised and restricted, and MacOS and iOS provides features to prevent Apps from being able to access your location, files, contacts, emails, etc, and these Apps will try and trick you into granting these accesses, especially things like Social Media Apps. We 'Need' access to your camera, photos, contacts, etc and many people grant this, not realising that once done the App is going to tear through all the pictures, all the contacts, all the emails, all calendars, all location data, all files, and then aggregate, analyse and upload this to their servers. Android on the other hand has no such protections, and by installing the App, you've already given it permission to do pretty much anything it likes.

Data is big business. You've probably seen some of those 'free' games that are so numerous these days, why are they free? because your data is worth money and whilst you're playing those games, they are offloading you're personal data, location, contacts, emails, calendar, even photos in some cases to a third party server somewhere for aggregation and sale, all whilst playing you ad's that are spookily similar to your recent searches.

Some Apps were discovered to be mining bitcoin, sending spam, taking part in DDoS attacks and other malicious activity in the background whilst the game was being player, or even without anyone playing.

Limit what Apps you install, and definately avoid social media.

Social Media

Social Media, is the source of all evil, originally appearing as a way for people to connect online, it very soon became weaponised to track, trace, and harvest as much information as possible, which is easy to do because people give them permission to do it.

Do you know that every picture you upload to social media, they then own? They scan them, use facial recognition to identify the people in the images, and then match them to profile pictures, and not just on the same network, but across networks. You can upload an image from a birthday party to instagram, and minutes later that's been analysed, people identified, and connections recorded.

Social Media's entire business model relies solely on data acquisition and sale. Everything you input, is for sale, everything everyone else inputs, is for sale. It is no surprise to learn that all social media platforms cross-sell your data, they all cross-track your activity, and they all participate.

If you can drag yourself away from Social Media, you will not only have a happier life, but you will no longer be giving away your privacy in exchange for very little.

Facebook, Instagram, Twitter/X, Reddit, WeChat, TikTok, Telegram, Snapchat, Discord, Youtube, and more.

At this point, I can sense that any intention to regain a sense of privacy is slipping away - How can you possibly survive without social media, and I get it, so much of moden life centres around it - but do you think that's by accident, or just evolution? NO, its by design, these companies NEED YOU and they need you to be addicted, even obsessive with their platforms so that you too can be part of the problem, and it's literally toxic. Ever used Reddit and taken a break for even a day? notice how you suddenly start getting told not to 'loose your streak' or some other nonsense? discord is the same, many of them are - they need you and will do anything to keep you hooked.

So, try it. Delete your social media Apps, use a browser (a safe one) and give it a rest of a day and see how you feel. Then make it two days, then check in on social once a week, then finally kick it and its insidious toxicity to the kerb.

SSO

You will regularly be presented with the ability to 'login with' on various websites. You'll see 'Login with Google' or 'Login with Microsoft', which suggests that you can use your Google or Microsoft account to login to a third party site, but should you?

AI

Have you ever asked ChatGPT a question? Maybe Amazon Alexa, Google Home, even Siri? Well, everything you ask, and everything it replies is stored, catalogued, indexed and attributed. There have been numerious stories of AI companies using questions and answers from its customers to train its models and analyse behaviour, and what valuable data this is. Imagine asking "What's the best hair spray"? Not only is the answer important, but the fact that you asked the question is equally valuable.

NO

By using one websites credentials to login to a different one, you're creating a permanent link, through which both the website and the site you signed in with can share your information in perpetuity.

VPN

There's a great deal of promotion of VPNs online, especially in social media and ad campaigns, professing anonymity and protection. It is, mostly horse poo. A VPN will not protect you, and it will not keep you anonymous. The only tangible benefit of a VPN is to be able to bypass region locking, so watch for example USA TV in another country.

A VPN forms an encrypted tunnel between you're device or computer, and another computer somewhere in the world. This connection then passes all your internet traffic. You would be correct to assume that now your ISP can no longer see your DNS (in most cases) and traffic, but now an unknown company in an unknown location, can see your DNS and traffic. For an added bonus, whilst your home router probably does a good job of protecting your devices from the internet using NAT (network Address translation), your VPN now invites the internet right in the door and gives it direct access to your devices.

So, use a VPN if you want to watch foreign TV, sometimes, but certainly don't use it thinking that it'll keep you private.

Encryption

Sounds great doesn't it, "This APP uses end-to-end encryption" - how bloody secure is that then? Well, it's only as secure as the keys. Let's take messaging as the example here, to send an message that is end-to-end encrypted, the message is encrypted using the recipients public key, available from a keyserver on the companies infrastructure. This means the recipient needs their private key to decrypt and read the message. That private key is on the recipients devices, but that too is also stored somewhere otherwise loosing the device, or resetting or upgrading it would loose access to all past messages, and we know that doesn't happen.

So encryption is only as good as the keys, and for messaging apps like WhatsApp, iMessage, etc which are closed source, we just don't know how these keys are distributed and protected.

Brokers

Whilst we know that your ISP, your browser, your apps, games, and even your game console are constantly surveiling your every move, much of this is in isolation. Your 'smart' TV for example collects the programs you watch, and for how long, and at what time of day and how many times, and from what IP Address, and that in itself is really useful data, but what if we could connect it up to all the other data your other devices are collecting?

Brokers will buy the data feed from your smart tv, and using your IP Address and digital fingerprints, will link it up to the Amazon shopping activity, your browser activity, apps, email, calls, texts, music and photos. Now it has real value, and not just to advertisers, imagine how useful that information could be to, say, you're government, the police, political activists, cyber criminals, enemy states and more?

Incogni, Privacy Bee, LifeLock, DeleteMe, Optery, HelloPrivacy, and more

There are even sites now that will charge you a monthly fee to 'remove' you from data brokers. I mean, how stupid can you be, and of course in order to find those sufficiently guillable to pay for such services, and input their private information, Socialmedia is leveraged with endless promotions and affiliate links. Do not fall for these scams and hand over your cash and information.

The Three Evils

  • Google
  • Meta
  • Microsoft

These three companies control your data, they control the acquisition, the accumulation and the analysis. There are other players, but on a much smaller scale.

Google

The undisputed leader of digital surveillance in the world right now, Google, entices unsuspecting masses into their ecosystem with 'free' email, 'free' calendar, 'free' video sharing, and many other 'free' services, and people think its great to have the use of these free services, completely unaware that by signing up, they've pretty much given away any right of privacy, ever.

Google provides a 'free' tool to allow website owners to analyse traffic, which is nice - and anyone using this 'free' tool gives Google complete access to the data from every visitor to that website, without their consent.

Have you ever been asked to select all the 'busses' or 'bicycles' or 'fire hydrants' when filling a form? Well - guess what... Google is tracking you're form, its content, the website, and your location.

Microsoft

Have free email from outlook.com, hotmail.com, or many others, get windows, get office, and give away you're rights to privacy. Windows, since version 10 literally uploads a wealth of tracking and other data to microsoft, now tied to your microsoft account, so there's no guesswork involved. Let's use one-drive, let's put all your documents in the cloud.... i.e. someone else's computer, because that's a good idea. There isn't a week that goes by without the HelpDesk having to deal with another user who's had their documents and email stolen from a microsoft service.

Want to use Microsofts tools for tracking visitors to your websites? You're giving Microsoft personal data on every visitor, without their consent.

Meta

Aka Facebook, Instagram and Whatsapp, this consortium of 'free' services, whilst in decline has proliferated through communities like a digtal cancer. Whatsapp which provides messaging and calls has literally become the defacto in many third world countries allowing meta to track who calls who, who messages who, when and from where. This neatly links into to any facebook profile which by its very nature tracks connections and activity, and instagram which relies heavily on image analysis to identify faces and extract metadata to link people to places and times.

Governments & Countries

Some Governments are pro privacy, enacting laws to make privacy a right, which is nice. Unfortunately those same Governments then enact more laws that set out to weaken that protection or even remove it altogether. The General Data Protection Regulation (GDPR) promised great things, and supreme control over your data - but in reality it delivered almost nothing, whilst increasing the regulatory burden on companies massively.

Encryption promised to bring about an end to data theft and leakage from devices, but, some Governments then set out to make that illegal, citing some made up special need, the "protection of children" is a common one for no other reason than it's politically toxic to challenge it.

Mass survelliance through the use of 'backdoors' into social media, messaging and file sharing services means that nothing is out of reach. Many Governments enact laws prohibiting the target company from even sharing the fact that they are being asked for and providing said backdoor, and if your government can silently access your whatsapp messages, why can't anyone?

Recovery?

Maintaining any sense of privacy online requires effort - its literally designed to be like that, to make it simply too hard to do - but you can do it.

No business does anything for FREE - If its FREE then YOU are the product

So you will need to stop using 'free' things, and instead actually pay for the services you need to use.

Step 1 - DeGoogle, DeMicrosoft and DeMeta

Inventory all the things you have with Google, Microsoft and Meta, then replace them with secure and private alternatives.

Email

There are many providers of email that is both secure and feature rich, GEN provides email for £1 a month, and there are many more, but expect to pay for it. By paying for the service, you actually have some rights, like the right to support, and a right to expect privacy - See 20250130 for why that's important.

£12/year for a rock solid business class email service that supports IMAP is a fair price, and for another £5 you can have your domain name of choice. No tracking, No analysing and leaking, just private secure email. If you want to consider GEN, we also actively promote GnuPG which provides digital signatures, and end-to-end email encryption at no charge. PGP is open source and freely available to all, and clients like Thunderbird and Canary support it natively.

Browser

Download and use Firefox, Zen or similar - See our article on Google Chrome for the best alternatives. 20241003

Operating System

Windows and Android are known for tracking and facilitating tracking, so if you really want to take privacy seriously, you need to consider switching. Linux is the obvious choice for Windows users, and GrapheneOS for android users.

Telephony

If you are using twatsapp or teams or zoom or even Alexa, then you need to be aware that every word you speak is stored indefinately, and is, in most cases available to anyone who requests it. Using secure voice is certainly do-able, but it does require some compromise. Use Jitsi for video chat, consider Facetime if you're in the Apple ecosystem, and consider Jami, Element & Wire which are open source, and use strong encryption. Remember - open source rules the day so if its not open, you have no guarantees.

Cloud Drive

No matter how many websites promote Filecoin, Arweave, Storj, Sia, Crust etc, none of these are without issues. You obviously can't use Google Drive, One Drive, DropBox etc, those are closed source and we know they leak like a sieve, so what is the option?

Private Cloud is the option. Why do you want to stop things on someone else's computer anyway? What is the need? You can setup a NAS at home, and use that for all your storage needs, and with a little work you can make its syncing functions available remotely. I'm thinking here about Synology or QNAP as great examples of easy-to-use NAS solutions, but there are many others.

If you MUST have it in the 'cloud' aka on someone else's computer, then go and get a virtual machine from a reputable, local, cloud provider (Not AWS/Azure/Oracle/IBM) and host whatever you like on there. You can use a VAC provider to spool up a Synology DSM instance, TrueNAS, UnRaid, etc and then you have the best of both - Cloud storage, but its all yours.

Calendar & Contacts

For calendars, just use local tools, and if you simply MUST synchronise that with the world, you're NAS probably supports it, Synology does for example both contacts and calendars built in out of the box.

If you went with some virtualisation, NextCloud, and Radicale both provide exactly this, and work perfectly with Android/iOS/Mac/Windows.


             10 Votes  
100% Human Generated

Comments (1)

Alexi M · 2025-04-05 17:44 UTC
Comprehenisve and I like it but it could use more information on alternatives like maybe a table of alternatives

×

--- This content is not legal or financial advice & Solely the opinions of the author ---

Index v1.038 Standard v1.114 Module v1.063   Copyright © 2025 GEN Partnership. All Rights Reserved, Content Policy, E&OE.   ^sales^  0115 933 9000  Privacy Notice   394 Current Users, 228 Hits