I Spoke to Some of the Most Private People Online, and Here’s What They Sacrifice

Posted on by

How far are you willing to go to maintain your privacy online? There’s no doubt that advances in technology over the past three decades have eroded traditional concepts of privacy and security: it was once unthinkable to voluntarily invite large companies to track your every move and decision – now we happily allow them to do so in exchange for the digital goods and services we rely on (or are hopelessly addicted to).

Most people these days either tolerate these privacy intrusions or simply don’t care. But there’s a growing movement that believes it’s time to reclaim our privacy. Some are working piecemeal, blocking trackers and reducing permissions where they can without completely abandoning modern digital society as a whole. Others, however, are as hardcore as it gets — the modern equivalent of “going offline.”

We put out a call looking for the latter — people who go to great lengths to protect their privacy in today’s world of mass surveillance. We received a number of insightful, fascinating, and unique stories, but for this article, I want to highlight four specific perspectives: “Ed,” “Jane,” “Mark,” and “Jay.”

Ed is ‘ruthless’ in choosing apps and permissions

The first respondent, whom I’ll call Ed because their privacy journey began with the Edward Snowden leaks: “I knew something was probably going on… back in 2006[.] I remember the headlines about AT&T possibly spying, but in high school I didn’t take it too seriously at the time. The Snowden leaks when I was in college really opened my eyes. I’ve been taking steps to protect my privacy ever since.”

Ed says the biggest step they’ve taken toward digital privacy has been their Proton account. If you’re not familiar, Proton is a company that offers apps designed to help you stay private. Their email service, Proton Mail, is the company’s best-known product, but Proton also makes other apps. Ed uses many of them, including Proton VPN, Proton Calendar, and Proton Drive. Ed pays for Proton Ultimate, which costs them almost $200 every two years (a new account is now billed $119.88 per year). You don’t have to pay for Proton, but your experience is much more limited. It’s not entirely different from Google’s offerings, which give you more features if you pay, but most people can definitely get by with a free Google account. I’m not sure the opposite is true.

Speaking of Google, Ed has a Google account, but he rarely logs into it. However, they don’t attach anything to it – Ed stores all his files, for example, in Proton Drive or Tresoirt (another end-to-end encrypted service).

Ed uses SimpleLogin for disposable email addresses. This isn’t just for times when Ed wants to avoid giving his email address to anyone. They say they use an alias every time an organization asks for their email address, and they often delete it when they no longer need it. Each online purchase gets its own alias, and that alias is deleted after the purchase is complete. When Ed travels, they use an alias for any flights, hotels, and rental cars they use. After the trip is over, they delete the alias. If one of those aliases gets a spam message, they delete it, too.

Ed’s smartphone of choice is the iPhone, and while Apple arguably has the best reputation for privacy among major tech companies, Ed is not a fan: “Apple is certainly not a bastion of privacy, but they seem to be the least worst of the major tech companies.” Ed does not use iCloud for backup: all iPhone files are stored in Tresorit.

Sure, there are apps on this iPhone. But every app is there for a reason, and no app gets permissions it doesn’t need: “I’m ruthless about apps and app permissions. If I’m not going to use an app regularly, I delete it. I only grant permissions that I think the app reasonably needs.” Ed protects his mobile data traffic with Proton VPN and only goes online through Firefox Focus, a special version of Firefox designed for privacy.

Ed’s iPhone always has location services turned off unless he’s using Apple Maps for navigation. Once they arrive at their destination, Ed turns location services off again. They also have a neat trick for getting home without revealing their actual address: “Also, when I get directions home, I don’t enter my home address. I enter the street address just as an extra layer so I’m not entering my actual home address… I’ll end the navigation and turn off location and continue driving… if I know the rest of the way home myself.”

Most of us deal with spam calls on a regular (if not daily) basis. But not Ed: They use the “ Mute Unknown Callers ” setting on iOS to send all numbers not in the Contacts app to voicemail. They then review all voicemails, and if they didn’t leave a message, they block the number. Our original call for this article referenced how using a VPN can sometimes block incoming phone calls, but Ed isn’t bothered: “Since most calls these days are scams or telemarketing, and most people I want to talk to aren’t going to call me anyway, I consider this more of a feature than a bug.”

For his desktop computing needs, Ed uses Windows. They admit they’re not privacy experts when it comes to Microsoft’s OS, but they do what they can, including changing all their privacy settings and uninstalling any programs they don’t use. (Including OneDrive and Edge.) They also use a clean version of Windows 11 after following Lifehacker’s guide . Firefox is their favorite desktop browser, and they use a variety of extensions, including:

Ed won’t say how much this suite of extensions and settings impacts their browsing, with the exception of YouTube, which they admit sometimes gives them trouble. Ed does have workarounds, though: “When YouTube wants me to ‘sign in to prove I’m not a bot,’ changing VPN servers usually does the trick.” Ed also uses audio prompts for ReCAPTCHA prompts instead of images, as they don’t want to help train Google’s “mindless AI.”

Ed deleted all of their social media accounts, including Facebook, X, Instagram, and LinkedIn. Although they’ve never had TikTok on their phone, they watch it on Firefox when a friend sends them a video.

Jane uses an open-source smartphone operating system designed to ensure privacy.

While Edward Snowden may have sparked Ed’s interest in personal privacy, “Jane” has many strong beliefs that motivate their pursuit of privacy. They are concerned about data brokers and Meta’s practice of tracking internet activity, and how these companies create profiles based on that data to sell to third parties; they are concerned about the possibility of telecom companies tracking our locations through cell phone towers; they are concerned about law enforcement and U.S. agencies looking into citizens’ social media accounts and tracking people. Their focus on privacy is fueled by a genuine concern for their own well-being, not just the value of privacy as a concept.

Jane uses a VPN on all of her devices. However, instead of Proton, Jane opts for Mullvad . They include ad and tracker blocking, as well as a kill switch that blocks your internet if you lose your VPN connection, thus protecting your connection from leaking out of your secure network.

I’m a big believer in strong, unique passwords and proper password management, but Jane definitely beats me when it comes to credential security. Jane uses six- to eight-word passwords generated by dice, a tactic that selects words based on dice rolls. Something like this dice generator will roll a die five times and then find a word in the pot based on that five-digit number. You can repeat this as many times as you like to come up with a passphrase made up of random words. Jane saves all of her passwords in a password manager, except for those for important accounts like her bank. They save them in memory, just in case someone hacks their password manager.

Like Ed, Jane uses Mullvad, but instead of just using their VPN, they opt for a web browser that has these protections built in. Mullvad’s strict privacy settings break persistent logins to websites, so any sites Jane wants to stay logged into are saved in the Brave browser. For both Mullvad and Brave, Jane uses uBlock Origin.

“Every now and then I run into sites that block access due to the use of a VPN or ad/tracker blocking. Rather than completely disabling [my] VPN, switching my connection to one of Mullvad’s rented servers instead of the ones they own usually helps. Other than that, I sometimes go into [uBlock Origin] and temporarily whitelist the [URL] I want ([ReCAPTCHA], etc.). This helps me bypass site blocks most of the time.”

Jane uses a Mac and has set up macOS based on various privacy guidelines. But instead of an iPhone, Jane opts for a Google Pixel. This may surprise readers who assumed that ardent privacy enthusiasts would ditch Google entirely. But X doesn’t run Android: instead, they installed GrapheneOS , an open-source OS designed with privacy in mind, on their Pixel. After rebooting, Jane sets up the Pixel to only unlock with a seven-word passphrase — for general use, they use a fingerprint scan and a six-digit PIN. If they don’t unlock their Pixel for a while, their phone automatically reboots to return it to its “first unlock” state. They also keep Airplane Mode on at all times to disable the phone’s radios, but keep it connected to Wi-Fi, with Bluetooth and wireless turned off automatically over time.

Jane also deleted all of their social media accounts, after downloading all of the data associated with those platforms.

Mark uses phone and credit card masks

“Mark” is perhaps the least hardcore of the respondents in this story, but that makes their experience both interesting and relevant. Unlike most of the people we spoke to, Mark still uses Facebook and Instagram. It’s because of his job, which requires him to be on the platform, but he has “systematically” deleted everything he could from his 19-year Facebook history and saved the data to an external hard drive. Mark doesn’t follow anything that isn’t relevant to his job, and only uses Facebook and Instagram on the DuckDuckGo browser. He doesn’t engage with the posts he sees, and in keeping with his privacy tactics, Facebook no longer shows him relevant ads. “If there’s an ad I’m really interested in, I’ll look for it on another browser rather than click on it.”

Mark has had four Google accounts during their time online, and he deleted two of them. Like Facebook, they have to use Google for their work, but they delegate all of their work to Chrome. All other browsing is done through Firefox, DuckDuckGo, or Tor. The latter is perhaps best known as a browser for dark web browsing , but what makes it great for that also makes it a great choice for private browsing.

Unlike others in this story, Mark hasn’t completely given up on Google. In addition to using Chrome for work, Mark has a Google phone mask, as well as company-linked contacts, calendar, and maps — though they’re moving away from Google as much as possible. They’re going through their old emails to find and delete outdated accounts they no longer use. Any accounts they do use now use an email mask that redirects to a Mailfence account , an encrypted email service.

Mark was the only respondent who talked about entertainment in relation to privacy: “I’ve also switched to physical media instead of streaming, so I buy CDs and DVDs, locally when possible. I’m lucky that I have a local record store and a local bookstore… one of the owners of our bookstore wrote a book about how to resist Amazon and why. Any book I want, I can order either through them or on Alibris. For music, I use our local record store and Discogs.”

What do you think at the moment?

When shopping online, Mark uses a credit card mask, but when shopping in real life, he uses the card itself. They want to start using the credit card mask in retail locations, says Janet Vertesi , an assistant professor of sociology at Princeton University, but they haven’t quite gotten there yet.

What interested me most about Mark, however, wasn’t their opinions on privacy issues, but their concern for their children’s privacy: “They each have Gmail, two of them have Snapchat. Their schools use Gaggle and Google to spy on them. I don’t even know how to begin to disconnect them from all of this… I was a kid in the Wild West days of the internet, and this feels like a return to my roots. My kids are end users who understand apps and touchscreens, not torrents of music or coding simple websites. (Is that my version of “I drank from a garden hose?”) I feel like Big Data has already taken over kids, and as a parent, I have no guide on how to deal with it.”

Mark’s current focus on his children’s privacy includes removing their medical records from the local health care system. This is partly due to a data breach that affected the health care system, but also due to language about autism from Robert F. Kennedy Jr., the current Secretary of Health and Human Services.

Jay has deleted his life information from Google and is using a VoIP phone number

The origin story of “J” and personal privacy goes back to 2017. That year, Equifax suffered a major breach in which nearly 148 million Americans had their sensitive data stolen and weren’t notified for months. Jay was upset: You don’t get to choose whether to give your data to Equifax or any other credit bureau, and yet so many people lost their data. They also felt that companies weren’t being held accountable for these events, and that lawmakers were simply too out of touch to do what was necessary to protect citizens’ privacy, so they took it upon themselves to protect their own data.

After the incident, Jay froze their credit: “It was terribly complicated back then, but now it’s super easy (just an account, which I use a throwaway email for)… The freeze prevents anyone from charging you for large purchases in your name, even if they have your Social Security number (and with the data breach, someone probably does). I decided I wanted some privacy on the things I have a choice about.”

From there, Jay de-Googled his life, including both Google Search and YouTube. They found no problems using alternative search engines, and in fact, see Google as getting worse because it tries to show you results based on what it thinks it knows about you, rather than what’s most relevant to your actual query: “The internet was supposed to be a place where you go to find information, not a place where you become information that companies take for you.”

Jay uses tools to prevent fingerprinting, where companies identify and track you online, but worries that if you go too far with things like ad blockers, you’ll be targeted too. Jay picks “a couple of effective tools” and runs with them.

For his smartphone needs, Jay chooses Apple. Like Ed, Jay doesn’t think Apple is perfect, and even considers their privacy policy a bit of a gimmick, but he sees them as a better alternative to Android. Jay likes the security of the App Store and the suite of privacy features in both Safari and Apple Accounts in general. They highlight Safari’s “ Advanced Tracking and Fingerprinting Protection ,” which helps block trackers as you browse the web; iCloud’s Private Relay , which hides your IP address; and “ Hide My Email ,” which generates email aliases you can share with others without revealing your real email address.

Most of us suffer from spam calls, but after the Robinhood data breach in 2021, Jay started getting them in droves. They decided to change their phone number and made it a rule never to give it to companies. In cases where they need to give their number to people they don’t trust, they use a number generated by My Sudo , which for $20 a year gives them a VoIP (Voice over Internet Protocol) phone number. It works with most services that rely on SMS, but it won’t work for two-factor authentication. (Which is fine, since SMS-based 2FA is the weakest form of secondary authentication .) My Sudo lets you change your number for an extra $1, so if Jay’s number is ever compromised or starts getting too much spam, they can change it.

Jay, like many respondents, has deleted all social media: “They have their place in society for many people and are undoubtedly a great way to communicate. However, I have found that the fear of deleting them is far worse than actually deleting them. The people you care about will not forget you exist.” That said, Jay is not opposed to any obstacles this lifestyle creates: “This is a difficult topic, as most people consider you a little ‘out there’ if you take steps to make your life a little less convenient and more personal. The modern world sells you convenience, pretends it’s free, and collects your data for far more than you are actually getting from your relationship with them.”

What it takes to maintain privacy on today’s Internet

There is no single solution to the problem of personal privacy. Each of the respondents to our survey had a unique approach, and many had different reasons for why they were so concerned about their privacy.

Of course, there are a lot of common threads. Most privacy-conscious people love Proton, which makes sense. Proton seems to be the only company that offers a suite of apps that are as close to Google’s as possible, but still puts privacy first. If you want your email, calendar, word processor, and even your VPN neatly bundled under one privacy-focused umbrella, Proton is it.

But not everyone wants an ecosystem. That’s why you see respondents using other VPNs like Mullvad or other private storage options like Tresorit. These apps and services exist — they just might not be owned by a single company like Apple or Google (or Proton).

Google and Meta have more in common because most privacy enthusiasts ditch them entirely. Some, like Mark, haven’t been able to completely ditch these data-hungry companies. In Mark’s case, it’s because they need these platforms to do their jobs. But while most privacy purists are deleting their Google and Meta accounts, most of us are having a hard time de-Googling and de-Meta-ing our digital lives.

In general, however, the keys to privacy success include the following: use a VPN to protect your internet traffic; prioritize privacy in your web browser, both through the browser itself and through extensions that block ads and protect your traffic; protect your sensitive information whenever possible by using email aliases, alternate phone numbers, or credit card masks; use strong, unique passwords for all accounts, and store those passwords in a secure password manager; use two-factor authentication whenever possible (possibly passwords , if available); and stick to end-to-end encryption for chat apps to communicate with others. While you can always do more, it’s the perfect storm to keep your digital life as private as possible.

Some may read the examples here and see the steps as too much effort to be worth it. It may seem impossible to quit Gmail and Instagram, hack certain websites, and force friends and family to learn new numbers and email addresses to protect your privacy, especially if you don’t feel like your privacy has that much of an impact on your life. But even if you don’t believe in the concept of privacy itself, there are real results from following these methods. Jay no longer gets spam calls and text messages; Mark no longer sees ads that are oddly relevant to their likes. It’s a lifestyle change, sure, but it’s not just in service of some concept of privacy. You can see results by changing the way you interact with the internet, all without having to actually disconnect from the internet and, by extension, the world at large.

More…

Privacy

Leave a Reply