Data Privacy Day 2017: Solutions for everyday privacy online

Data Privacy Day 2017: Solutions for everyday privacy

Data Privacy Day 2017: Solutions for everyday privacy
Image credits : 

Privacy, especially online privacy, is hard to define. It's a term that means something slightly different to each person, and each person has a different tolerance level for what's acceptable and what's unacceptable. One thing can generally be said of it, though—in a free society, people ought to be in control of their own privacy.

If people want to give up a little privacy to receive additional conveniences, then they ought to be allowed to do so, but that doesn't mean everyone should be required to do the same. In this way, when we ponder matters of online privacy, we're usually not actually talking about privacy, we're talking about independence.

A lot is said about Facebook, Amazon, and Google, and how they assault individual privacy on a daily basis. For the most part, people using those kinds of services do so voluntarily. If you sign up for Facebook, you're presumably at peace with becoming the marketable asset of Facebook in exchange for the convenience of gaining access to what you consider an audience of critical mass. If you sign up for Google, you're presumably happy to have Google's bots read all of your email and track your online habits. For those of us interested in avoiding such services, the solution is simple—don't sign up for them.

These are the big, obvious targets. They might get in the way sometimes when your favorite local band uses only Facebook to alert fans of upcoming gigs, or if your new employer forces a Google Business account on you, but generally, in your personal life, you can avoid them if you really want to.

Until you can't.

What can you do, between now and cancelling your Internet altogether, to stay in control of what you reveal about yourself to the machinations of the Internet?

Browse bravely

Many browsers now have built-in features to block tracking requests. This means that sites attempting to log where you are going and how you got to them, and more, are told explicitly that you opt out. If your browser has such a feature, use it.

Firefox privacy settings

Of course, telling sites not to track you and actually having sites respect your instruction are two different things.

The traditional model, so far, has been to rely upon HTTP headers to request no tracking, but the new browser project, Brave, is proudly working to block tracking and advertising. Brave actively blocks third-party trackers, while simultaneously allowing your own browser to privately "track" your activity. You keep your own tracking information, fully encrypted, so that targeted content is selected client-side rather than server-side.

That's not all Brave is up to. They're also developing a Bitcoin-based solution to allow for micropayments to content providers that you care about, with the theory that people paying for sites that they frequent is discouragement to sites serving a constant barrage of ads.

It's a fascinating project, fully open source, auditable, and in heavy development. An interesting default is its blank tab background, a running tally of trackers blocked, ads blocked, and upgrades to HTTPs. Download and try it.

Brave browser's new tab

Develop independently

Many big name companies started chattering about the cloud a few years back, then they started offering free services to developers, and everybody who was anybody just had to join. The services were good, too. They did seemingly complex web tricks with one-line HTML headers or one or two CSS includes. It made your site look great, and you didn't even have to download anything.

Sounds pretty good, right?

Well, the unspoken part of this bargain turns out to have been a sort of evil content delivery network (CDN) empire, at least to varying degrees. The concept isn't terrible, but in practice, the companies behind services like web fonts and font icons and global user avatars are also purveyors of, well, you (and your users, if you're a web developer).

Every time someone visits a site that uses a live Google Font, Font Awesome, or Gravatar, the content provider harvests what they can. It varies from provider to provider, but the point is that the very language of the Internet is being used to support advertisers. Did you intend to contribute to the advertisement and data collection industry when all you wanted to do was read an academic article?

As a user, you can certainly block calls to these providers, but if you're a developer, then you can do one better: You can decline to impose them upon your users in the first place.

The web used to be a dismal place for fonts. It took too long for the Internet to accept that people wanted over-the-wire font rendering, but eventually it did and this feature is a valid and well-supported part of the HTML5 and CSS3 power combo.

Instead of using callbacks to Google Fonts or Font Awesome, grab the fonts offered and put them on your web server. Assuming the fonts have been placed in public_html/fonts, then the CSS to put them to use looks like this:

    @font-face { 
        font-family: "titlefont"; 
        src: url("fonts/LeagueGothic.otf");}

    h1 { font-family: "titlefont"; }

This example uses an .otf font, but you can use .ttf fonts as well. Just upload the font to your server, and use it in your CSS. That's all you have to do to get fancy fonts on your website. Zero callbacks to a CDN required

David Revoy, Krita artist extraordinaire, recently launched a personal campaign to avoid these kinds of services. The result has been generative artwork for use in place of Gravatar (based on the work of the MonsterID, but independent of Gravatar's backbone), along with a bundle of Font Awesome replacement icons. (Note that you can download Font Awesome icons without pinging their service.)

Data privacy and fonts

Broaden your horizons

Something I find myself reiterating to people who are complaining about life on the Internet is that the World Wide Web subdomain is just one part of a much larger system. You don't have to cut the wires coming into your house to get away from advertisers, trackers, snoopers, and sniffers. Other options exist, and always have.

One new option is the GNUnet project, a mesh routing layer for end-to-end encrypted networking. It has a few exciting long-term goals, but as is often the case with open source applications, they release early and often, so you can try it out today.

The GNUnet is a mesh, so it's peer-to-peer communication, but it allows for different degrees of information sharing. For instance, I might want to share a nice photo that I took at a national park with friends, and I might want to take full credit for it. So I could use a front end to GNUnet to publish my photo and broadcast it as being available to my network. At the same time, I may also want to share a photo I took at a protest that turned violent when the police started beating people down for exercising their right to free speech, but since the very existence of the photo proves that I was at that protest, I might not feel comfortable broadcasting it as something for which I am legally responsible. To publish that, I could use the same GNUnet front end to create an encrypted identity, and broadcast the protest photo securely.

GNUnet, the encrypted mesh

The system is still developing, and currently its setup has a lot of manual steps, but it's moving in the most positive direction possible, being a decentralized, public, open, encrypted networking that exists outside the space currently owned by corporations, national security agencies, and botnets.

GNUnet isn't the only option out there. Networked projects are everywhere, so take an afternoon to close your browser window and explore the other ways to build a community without the help of the obvious social network sites and the comfort of the World Wide Web.

Be mindful

The Internet is still a marvel of technology, but it's a busy place. Treat it as you would a weekend trip in to the big city. When you're there, keep track of your wallet, check your pockets when someone bumps into you, and don't talk to strangers. In Internet terms, this means don't stay logged into sites that obviously track you all day long, use your browser's defenses, and be willing to sacrifice a little bit of convenience for a change. The sales won't end if you have to stop to log in, the gadget will still exist even though you're blocking its ad, and the Internet will go on with or without you. I promise.

It's time to tell advertisers and the various agencies of various countries that you'll provide information to them when you decide to provide information. It's not really about privacy, it's about independence.

Data Privacy Day is on January 28, 2017.

About the author

Alan Smithee - I like my privacy.