:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/M2EXTOEA2KBO42TGVPACG5W3OE.jpg)
It turns out that Incognito mode on Google’s web browser is anything but.
As a recent $5 billion (€4.5 billion) lawsuit against Google shows, the average Chrome user's expectations of privacy when browsing the web in this mode were not met.
While searches and browsing activity in private mode disappear from your laptop or smartphone, they can be seen by your Internet Service Provider and, as the lawsuit claims, Google can still track you through tools including Google Analytics, Google Ad Manager and others.
And those who opt to switch over to Incognito mode to peruse adult content may not like the findings of a 2019 study from Microsoft Research in collaboration with Carnegie Mellon University and the University of Pennsylvania. Analysis of over 22,000 pornography websites found that the majority (93 percent) leak user data to a third party.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/S5TOVKHVLZLFNVRIULSTERL6C4.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/STXNAAH6VLP4O5464HQM45J4AI.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/LGFRZQT6I7BK4KYMF62CSNKDAY.jpg)
As the authors illustrate it with their fictional example of ‘Jack’, the everyman: “Jack clicks on a video. What Jack does not know is that incognito mode only ensures his browsing history is not stored on his computer. The sites he visits, as well as any third-party trackers, may observe and record his online actions. These third parties may even infer Jack’s sexual interests from the URLs of the sites he accesses. They might also use what they have decided about these interests for marketing or building a consumer profile. They may even sell the data.”
Whether you access adult content or not (30 per cent of all the data transferred across the internet is porn) you should be concerned that ‘privacy’ is an ambiguous term when it comes to internet services.
VPNs are essential for activists and journalists operating in countries that employ censorship and government surveillance
From email to web searches to online shopping, it is not possible to do any of this without some form of data collection, tracking or surveillance involved. Unless you know how to protect yourself.
"Today, if you want to be any place on the internet and use internet services, which are increasingly essential for everyday life, you need to strike a bargain. The bargain is you get to use these services, but you hand over your privacy and your personal data to big tech companies that don't really have your best interests at heart. Their best interest is to sell your data for as much money as possible," says Andy Yen, chief executive and founder of end-to-end encrypted email service ProtonMail.
Yen is a former physicist who spent many years working on particle physics at CERN, birthplace of the web. Frustrated by the lack of choices on the market, he created ProtonMail in 2014.
"The biggest issue for me was that there was no alternative – you couldn't just opt out [of having your data collected]. If you wanted email back in 2014 you had Gmail, Yahoo, maybe a couple of other ones, all of whom essentially had the same business model of exploiting people's data.
“The vision was to build an internet company that puts people first; it puts the user ahead of profits. We wanted to be a tech company with a conscience. We want to pioneer a new way of doing business online that was better for defending fundamental privacy rights in the 21st century,” he explains.
ProtonMail offers a basic account for free but the business model is based on charging users for various levels of pro accounts. In exchange, the user gets end-to-end encryption. This means that even if it wanted to, ProtonMail cannot see or read the contents. In addition, they don’t keep any IP log activity that can be linked to the user’s email account.
“Even if we wanted to violate their privacy and read their messages, we couldn’t actually do it because the technology prevents us from doing so. And this has very strong security benefits because if someone were trying to hack us or steal data, they cannot steal something from us that we do not have.”
Building on this, Yen then developed ProtonVPN, a security-focused virtual private network service that hides browsing activity from Internet Service Providers and hides your IP addresses from third-party trackers who need it to follow you around online.
VPNs like ProtonVPN, ExpressVPN, and CyberGhost are also essential for activists and journalists operating in countries that employ censorship and government surveillance: they offer strong encryption and allow access to otherwise blocked services.
“You wouldn’t walk out the front door naked, right? You probably also shouldn’t go online without a VPN,” adds Yen.
VPNs cannot, however, stop all forms of tracking. One of the most pervasive is email tracking by marketers. Hidden within many emails, an invisible tracker loads as soon as you open your email. All kinds of information can be collected: when you opened the email, what links you clicked on, your time and location, how long you spent reading the email and if you clicked back in again.
A workaround for Gmail users is to disable automatic loading of external images. Outlook, ProtonMail and Mozilla Thunderbird do this automatically. If you would like to see who is tracking your email engagement, Firefox and Chrome extension Trocker does the job; a small ‘T’ icon will reveal all embedded trackers.
Let's say you're up and running with a VPN and also using a privacy-first browser, for example, Firefox. How do you fly under the radar when it comes to online shopping? It is possible to purchase on Amazon and other similar sites using an One4all card bought in your local supermarket for cash – they can be used as a form of debit card. You could go one step further and avoid using your postal address by using a package delivery service such as Parcel Motel to send your items to a nearby pick-up point.
While you’re out collecting said parcel, consider your journey there. Most likely, you will bring a smartphone. With WiFi switched on, it may be detecting and connecting to unsecured networks, leaving your device vulnerable to hacking.
Mass surveillance
Less likely, but still possible, is that your phone is subject to mass surveillance via Stingray technology. Stingrays or IMSI Catchers are commonly used by many law-enforcement agencies around the world.
In 2018 the ACLU (American Civil Liberties Union) found “75 agencies in 27 states and the District of Columbia [in the US] that own stingrays”, while in 2015 German security company GMSK Cryptophone found multiple Stingrays around London, which the Metropolitan Police Service refused to confirm or deny it was using.
We are truly living in an age of mass surveillance and while stepping out with your smartphone it might be of benefit to use a Faraday cover like those sold by Silent Pocket. They not only block mobile, WiFi and Bluetooth connectivity but also GPS and satellite tracking as well as blocking RFID chips in passports and credit cards.
"I use Faraday bags. I think they're extremely helpful because they do block detection and it's an unfortunate known that Stingrays are most likely in use in every major US city right now," says Kate Rose, designer of anti-surveillance clothing line Adversarial Fashion.
ALPRs can be used by law enforcement to keep a database of an individual's movements, placing them at locations from the scene of a crime to an appointment at an abortion clinic
Rose sells fashionable jackets, dresses and hoodies that at first glance look like desirable geek chic. The difference is that the print is composed of repeating patterns of licence plates purposely designed to trick computer vision systems, namely ALPRs (Automatic Licence Plate Readers).
This project came about in the course of her day job as a security analyst and trainer. Rose was having a conversation with researcher Dave Maass from the Electronic Frontier Foundation about concerns around how ALPRs are used to track people's movements.
“They can present a danger to people who are, for example, looking to receive medical services more anonymously or privately. It’s a sort of Dragnet database that’s kept indefinitely and it has such a high degree of detail that it’s very hazardous.”
Rose explained that ALPRs can be used by law enforcement to keep a database of an individual’s movements, placing them at locations anywhere from the scene of a crime to an appointment at an abortion clinic in another state. The problem is, ALPRs don’t always get it right.
“Dave mentioned casually that these readers sometimes don’t work very well; they just look for letters and numbers and anything that they can find. Basically they can be fooled sometimes by a billboard being at the wrong height next to a highway or a picket fence.”
One of Rose’s side projects as an artist and illustrator is that she makes and designs fabrics for children. So she came up with the idea of printing licence plates on fabric, deliberately creating a wearable item that confounds ALPR systems by feeding them junk data.
“In addition to it being an opportunity to have a conversation with somebody about a very important social problem like surveillance, wearing these clothes also says ‘these are things that are important to me’. One of the things that I have very strong opinion about is the fact that so many times these ALPRs and many other kinds of technology are utilised to serve someone with a warrant or accuse them of a crime.
“I think a shirt that can read into the same system as a car should provide a heavy criticism of how fallible the technology is. And I think fashion can serve a purpose of giving actual experimental examples – evidence – as to why the system should not be considered infallible enough to put somebody in prison or convicted of a crime.”
Facial recognition works in a similar fashion and its use is far more widespread. In a recent talk Rose gave at the DEFCON 27 Crypto & Privacy conference, she the example of facial recognition used in China.
Famous businesswoman Dong Mingzhu was incorrectly accused of jaywalking because the system detected her face in an ad on a passing bus, publicly displaying her face, name and government ID alongside the crime she was accused of.
Computer vision has also been a topic of concern amongst activists as Black Lives Matter protestors have been targeted by facial recognition software such as Clearview AI used by law enforcement. Rose has simple tips for covering your face including a baseball cap and sunglasses because some AI is capable of identifying individuals even while wearing facemasks.
“There were facial recognition companies that scrambled around after this pandemic broke out to claim their system works with masks on. They do that by getting employees and their families, putting masks on them, then taking photos of them to add them to the training set that helps the algorithms identify people. And it just goes to show you how they’ll sell anything. So it’s up to us to be smarter and one step ahead.”
Meanwhile, you might decide to selectively use Alexa or Siri but what to do about ambient listening devices when you visit others? The bracelet of silence is one solution: this jamming device is only in the prototype stage but it emits ultrasonic signals through 24 tiny embedded speakers with the effect of rendering sensitive conversations silent to nearby devices.
Paranoid now? Maybe that’s a good thing. After all, no-one wants to walk out the front door naked.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/TBUPAKYA6BKZ5U6YUJLL3RYVNE.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/G7EASN2F6E4LYMAIGU7UO6KISY.jpg)
:quality(70):focal(2035x885:2045x895)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/J5U5YZWUINDZXPSB26HNRNNKDY.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/MLQLWVUMHQ7UDJWPCSE4RCWVRM.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/45RFJCU4HY7IK2WYKO5J4FC5FM.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/O33H5VAFLND2PNVJRJ4WQOR5FM.jpg)
:quality(70):focal(2998x1572:3008x1582)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/XUKKIR4SKCFHRYTKQL4EIICV74.jpg)
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/irishtimes/TU5WZT2WZPQAKM3VCG5TYGX7G4.jpg)