It’s easy to feel helpless right now. Cities across the country are seeing unarmed protesters maimed by police officers who enjoy both the full support of the current presidential administration and of the American legal system itself. Congress is, in 2020, debating whether to make lynching a federal hate crime. And there’s still a pandemic happening! Meanwhile, even the people who emerge from this moment unscathed physically will, undoubtedly, find their digital lives compromised in more ways than we can possibly fathom.
This last bit, at least, is something we can make meaningful progress on without risking life and limb. But that doesn’t mean it will be easy.
One of the cruelest ironies is that the more you learn about digital privacy, the more helpless you feel. We’re told that the privacy-protecting laws passed both here and abroad will actually protect us from data-hoovering tech, but a bit of research shows that they actually don’t. We’re told that wearing a mask—the way many of us are right now—is a simple enough trick to throw off facial recognition systems, but a bit of reading shows that companies are actively trying to subvert that limitation. A bit of digging shows that every major tech company preaching privacy ideals is, in fact, full of shit.
After writing this week about the pipeline between your phone and the cops, my messages were flooded with questions from folks in the activist space trying to mitigate their digital footprint across all of their myriad devices. In turn, I was flooded with something close to guilt.
Even though there’s plenty of extremely thorough guides for what the Electronic Frontier Foundation calls “surveillance self defense,” ultimately, any research about the apps we open or sites we browse are, at the baseline, going to be based on the assumption that these companies are telling us the truth. It’s why so many companies get away with saying that they don’t “sell” data, even when they’re blatantly sharing it somewhere out of sight; they’re running off of the assumption that we won’t know enough to prove otherwise. And for the most part, they’re right.
Companies like Facebook and Google might not be loyal—or particularly honest—to you and me, but they have to be honest to the folks they do business with: the millions of advertisers, the dozens of partners in the adtech space or otherwise, and, of course, the sea of investors and venture capitalists raking in cash somewhere on the other side.
For folks trying to get a grip on their digital privacy—whether you’re an activists or not—the best thing you can do is think about your data the same way these companies do: as a business. And while I can’t, in good faith, give you The Top Ten Apps That Are An Activist’s Best Friend, I can give you some tips for surfing more thoughtfully.
Depending on your own privacy preferences, you can get away with using one or the other, both, or none at all. If you’re trying to fly under the radar of ad-targeting tech, browsers like Firefox can help where Google’s incognito mode can’t. Meanwhile, virtual private networks (VPNs) can mask your web activity from any ISPs that might want to pawn it off for cash, while also cloaking your IP address from any advertisers (or authorities) looking to exploit it. That said, VPN’s are notoriously unregulated and have been found pawning off this exact data themselves on more than one occasion, so it’s not a bad idea to research the company behind the network in question. (We have a handy guide on the subject.)
If you want to be really tough to track, the Tor browser might be your best bet—but it comes with its own issues. The relay-system that’s used on the backend to obfuscate your identity is incredibly powerful, but it can also make browsing pretty slow and inconvenient overall. And ironically, using the super-secure browser comes packaged with the risk of flagging the same authorities you’re probably trying not to tip-off.
At the very least, I highly recommend following the Intercept’s step-by-step guide on keeping your digital footprint on lock, since some tools they list do double-duty in keeping your data buried from bad actors and advertisers. Folks who are (understandably) skeptical of any privacy-centric tech can also take steps to monitor any data detritus that might still be leaking out.
“I’m using an app/site for organizing and I’m nervous about where my data might be going. Is there a way I can check that myself?”
Back in 2018, Gizmodo published a handy how-to on using network-monitoring tech like Wireshark for this exact purpose—but the setup takes a bit of coding know-how. The same goes for using Charles Proxy, the traffic-monitoring tool that I personally use to track the third-parties getting data that’s pulled from any apps on my phone. For folks who want to delve into those details, there are some great guides breaking down the basics from a beginner-friendly point of view.
Those of you who want to steer-clear of programming—because it’s a pain in the ass, because it’s dominated by sexists, or because Tim Cook lied about how fun it actually is—you still have ways to snoop on snoopers. Services liked Built With, for example, can break down the trackers that might be lurking on a given site, and tools like Ghostery and Privacy Badger can give you ways to block them.
Mobile data can be a bit tricker to investigate in a code-free way, but not impossible. Apple makes it easy for iOS users to check in on the permissions their apps might be requesting from them, and the permissions pulled from millions of Android apps can be freely browsed online (or pulled yourself), with one of the tools built by Android’s community of rabid fanboys. And on both operating systems, paid-for services like App Figures or App Annie can help you break down whether an app comes packaged with any third-party adtech software (also known as an SDK) to do any data hoovering.
Depending on the national authority you ask, “personal data” can mean any number of things—but I always try to imagine it as the world’s most disappointing layer cake, with our phones at one side and a data broker on the other. Even if the third parties you’re finding seem innocuous at first glance, naming and shaming them can get you further from the app or site that’s snooping on your location, and closer to a shadowy company that’s handing off that data to the cops (or anyone else, really).
Depending on the app in question, you might see your data—sometimes really sensitive data!—being pulled to one actor, or five, or 10, or 20. Depending on how you handle this sort of stuff, you might feel rage, despair, or some kind of morbid relief that your encroaching tech paranoias are justified. And that’s okay! Feeling like shit means you’re doing this right.
“So I can see this app/site’s sending some sort of data to Facebook/Google/my uncle Greg/etc. What does that mean?”
That really depends on the app or site in question, the data in question, and who you’re hiding from—among other things. Parsing this stuff can take hours (or longer), which is why you can always tip us off if there’s a service you think is worth digging into.
Ultimately, the popularity of third-party trackers—either from a household name in tech or one you’ve never heard of—lies in the fact that they’re easy for devs to onboard and understand them. And if devs can browse them, you can, too.
Here’s an example: While Zoom might not tell you what kind of intel it’s mining from your calls and handing to the feds, any intel the video-call app shares with Facebook needs to fit into one of the many predetermined boxes laid out in the software’s code. When Zoom, or any other app that might be sharing data with Facebook, well, shares your data with Facebook, the company has to explicitly lay out how that data might be defined. And while the definitions might include all sorts of creepy stuff—like every time you open the app or click on an ad—tapping your calls isn’t on the list. The way we’re defining “data” always matters, but becomes even more crucial in cases like these.
Back in 2019, a survey from the American Press Institute found that nearly three-fourths of Americans agree in the importance of reporters holding those in power to account—and I’m definitely part of that majority. But calling out authorities becomes trickier when abuses of power are systemic and slow, rather than sudden. Calling out a cop on racist behavior is easier when it’s horrifically obvious. Similarly, calling out tech companies is easier when we see them pawning off our data to ICE, but harder when that data’s pawned off slowly and behind the scenes.
Corruption begets corruption, whether we’re talking about civil rights or digital privacy, and turning those tides will take mass action from all of us in our own way. For combating institutional racism, this might mean donating to a cause you care deeply about or taking part in the protests happening outside. For taking control of your online life, it means fucking with apps.
Looking for ways to advocate for black lives? Check out this list of resources by our sister site Lifehacker for ways to get involved.