We should opt into data tracking, not out of it, says DuckDuckGo CEO Gabe Weinberg (Vox)
On the latest Recode Decode with Kara Swisher, Weinberg explains why it’s time for Congress to step in and make "do not track" the norm.

This is a long, thorough, and very in-depth interview with Gabe Weinberg, covering several inter-linked topics. First is privacy, which is DuckDuckGo’s raison d’être. Near the end of this topic, there’s some talk about why some people don’t care about the privacy impact of the data collection underpinnings of the mainstream web.

One of the things a lot of people do bring up with me still, though, is, “Well, I don’t really care. I don’t have much to hide. It doesn’t matter.” I get that all the time. Like, who cares if they know if I went to Best Buy and bought a, whatever I bought. Talk to why that might be not the best way to think about it.

There’s two answers to that. One is philosophical, in that privacy is a fundamental human right, and so you don’t need to care or hide anything to exercise your rights. You wouldn’t say that for speech. Just because you have nothing to say doesn’t mean you should never have free speech. That’s kind of on the philosophical side.

On the harm side, there are some that people don’t realize. A lot of people really don’t like the creepy ads following them around. Some people seem to be fine with that. At a deeper level, there’s this thing called the filter bubble, which is that recommendation algorithms, and in particular, search results, are tailored to you, and that means that you’re not seeing what everyone else is seeing, and that actually distorts the democracy. That’s a real harm to individual people and society.

I don’t think I’ve seen the “I’ve got nothing to hide” vs right to privacy argument reframed against a “nothing to say” vs right to free speech argument. I’ve not though about it enough yet to get a feel for if it holds up under scrutiny, but at first blush it seems good.

The next topic covered after privacy is the “filter bubble” and how the idea of it has gone mainstream in the last few years:

I’ll give you an example. We’ve been talking about the filter bubble for years. In 2012, we ran a study on Google that we think influenced the 2012 election, that’s how long ago it was, but nobody … we had to speak for 10 minutes to explain what the filter bubble was back then. But after 2016, in the last two years, now we can talk about the filter bubble, just name it and people know what it is, generally. How many people know what the filter bubble is, I’m just curious?

Explain the filter bubble.

Well, it’s the idea — first of all, that percentage is very high, so I like that — but it’s the idea that for search in particular, as an example, when you search, you expect to get the results right? If you searched for gun control or abortion, you expect, we search at the same time right here, you would expect to get the same thing. But that’s actually not what we found when we did a study on Google.

Yes, there could be different search results.

Yeah, and people don’t realize that. So in addition, we found that it varies a lot by location, and so if you take that to the extreme, let’s say that voting districts are getting different results for candidates or issues, it can skew the polarization of that district very easily over time. Because people who are undecided are actually searching for these topics, and people generally click on the first link, and if you’re controlling that first link in that district, that’s what people are going to learn about.

I haven’t had time to read the entire transcript yet (it’s pretty long), but I’m going to try to digest it over a couple of sessions.

Nothing Can Stop Google. DuckDuckGo Is Trying Anyway. by Drew Millard (Medium)
This, in a nutshell, is DuckDuckGo’s proposition: 'The big tech companies are taking advantage of you by selling your data. We won’t.' In effect, it’s an anti-sales sales pitch. DuckDuckGo is perhaps the most prominent in a number of small but rapidly growing firms attempting to make it big — or at least sustainable — by putting their customers’ privacy and security first.

Forget privacy: you're terrible at targeting anyway (apenwarr)
The state of personalized recommendations is surprisingly terrible. At this point, the top recommendation is always a clickbait rage-creating article about movie stars or whatever Trump did or didn't do in the last 6 hours. Or if not an article, then a video or documentary. That's not what I want to read or to watch, but I sometimes get sucked in anyway, and then it's recommendation apocalypse time, because the algorithm now thinks I like reading about Trump, and now everything is Trump. Never give positive feedback to an AI.

Every service I use which has moved to “personalised recommendations/discovery” using some ML algorithm has gotten worse by doing so.

Every. Single. One.

So after the preamble, which should give you a frame of reference to what I’m aiming to do in this mini-series of posts about improving my online privacy and security, this short post will talk about the first steps I’m taking to tighten everything up. As this is all at the very beginning of my learning journey, all of these might change in the future. If they do, I will update the post and add a comment below.

In this post I look at two of the fundamentals of privacy on the web: the web browser and search engine. I’m mainly looking at the desktop for now, rather than mobile, mainly because it’s simpler to focus on one thing while I wrap my head around this stuff!

A Change of Browser

I’ve been using Chrome for years, after it usurped Firefox as the “fast, alternative” browser for Windows. These days, Chrome has become seriously bloated – it’s routinely consuming multiple gigabytes of RAM on my desktop. It may be (usually) fast despite of that, but it slows the rest of the computer. What’s more, it’s so deeply wired into Google’s ecosystem that it’s arguably as much a data hoover for Google as it is a browser.

So I was in the market for a new browser to begin with, and I was looking into alternatives like Chromium or Opera. But once I started diving into things a bit more, pretty much every recommendation for privacy-minded software recommended good-old Firefox, so that’s what I’ve gone with. I followed the configuration guide at PrivacyTools.io, as well as:

  • Turn on Do Not Track
  • Set Firefox to never remember my browsing/download/search/form history
  • Never accept third-party cookies
  • Only keep cookies until I close the browser
  • Never remember logins for sites
  • Turned off Firefox Health Report, Telemetry, and Crash Reporter

Extensions

Most of the extensions I had installed in Chrome were privacy-minded anyway, so were equally applicable to Firefox. Some additions came recommended. At the moment I am using the following:

Mobile

The situation on mobile (in my case, iOS) is a bit less clear. For now I’m not using the Chrome iOS app, reverting to Safari with the addition of a content blocker.

Downsides

The biggest issue with the above setup is it removes a few conveniences: remembering pinned tabs between browser sessions; having to login to websites every time you visit; having to retrace your steps to find a page in the future, if you don’t bookmark it at the time… that sort of thing. I might do a little tuning on this, relaxing the settings a little, but overall I think this might be one of those things that I need to live with.

A Change of Search Engine

Apart from a brief flirtation with DuckDuckGo a few years back, I’ve always used Google as my search engine. It’s constantly been the most reliable, fastest, and all-round best at what it does.

Even so, I’ve never been 100% happy with the fact that Google collects just about every data point they can, that it’s all wrapped up in your Google account, linked to everything you do in their other services, and made available for advertisement targetting (amongst who knows how many other things). As someone who’s had a Gmail account since they were invite only, I know Google has a fucktonne of data on me already; the genie is well and truly out of the bottle in that regard.

That doesn’t mean I can’t stop giving them more data. Sure, they’ll get the odd bit here and there when I use YouTube, or the odd email that hits my old, pretty much unused Gmail account, but that’s really it – if I change my search engine to somewhere else.

The obvious thing to do would be to revert back to DuckDuckGo, as I already have experience of it, and it’s accurate enough… but I wanted to try something different for the moment, while I’m still in the learning phase of this little project.

I tried all the recommendations at PrivacyTools.io. Searx generally gave me terrible results, but is an interesting idea; Qwant gave me some decent web results, but the included News results were mostly irrelevant, and I couldn’t find a way to turn these off. StartPage had been recommended in other places too, and overall was the best performing of the bunch – possibly not surprising, as it’s effectively a proxy for Google search, so seems like a win-win in this case. For now, I’ve set it as the default search engine in Firefox.

Mobile

For searches on my iPhone, I’ve set the default search engine to DuckDuckGo, as it’s the best of those available.

In 2017 I’m trying to be be a bit more privacy and security-minded when using the web (on all devices). I’ve been increasingly interested in these areas for a few years, and especially since the Snowden revelations, and recent events like the IP Bill, aka the “Snoopers Charter,” in the UK have pushed me further towards them. Over the next few weeks I’m going to look into (and try to document here) various things I can do to increase my security, decrease the amount of information applications and services can collect on me, and generally “take back control” of my online privacy.

I work in the tech industry, I’m fairly conscious about this stuff, and understand a few of the elements and technologies, but it’s really a very basic understanding. What I do know might be out of date. At this stage it might be too little too late… right now I don’t really know.

Upfront: I fully recognise that if the police/MI5/NSA/FSB/whoever really wanted my data, nothing I could do would be able to stop them.

security

Also upfront: even with that in mind, whatever I put in place won’t be considered “perfect.” What I’m looking to do is balance convenience, practicality, and security. If something is too difficult or fiddly to use, it will end up not being used.

Thinking specifically about the IP Bill, far too many agencies for my liking will have complete, unfettered access to what I get up to on the internet. Beyond that one example, the amount of web ad trackers we have to contend with nowadays is snowballing, as are the services amassing data to pay for those “free” apps we enjoy.

While it might be that none of these data collectors have nefarious purposes in mind (if you’re trusting), data security breaches are becoming bigger and more frequent. Data being stored is likely to leak or be stolen at some point, so the best you can hope for is to limit the amount of potentially harmful data1 being held.

On a lighter note, here’s a great spoof from Cassetteboy about the IP Bill

So all this is a bit of a long-winded preamble to saying look out for the future posts where I talk about what I have learned, how I’m applying it, any recommendations I have, and how you can do the same. The first post on some of the basics, and links to reading materials will be coming today/tomorrow. In the meantime, are there any tips or good sources you’ve come across? Feel free to share in the comments.


  1. Insert definition of what you would consider “harmful data if leaked”