Privacy on

The Ultimate Guide to Real Privacy

Tue, 28 Jan 2025 21:12:16 +0000

Disclaimer: Please note all the information in this article is cited appropriately by well established and verifiable sources. Despite the topics covered here being of controversial or “conspiracy theorist” nature this is very much real so please check these out before dismissing anything here. If you do find any mistakes or things that could be improved about this article please feel free to contact me here.

Introduction

Guide still in progress. Writing, researching and proofreading these takes a lot of time and therefore instead of having large gaps between posts I thought I’d share my current progress of this article.

Ever wondered why Mark Zuckerburg is a billionaire? What about how Trump managed to become president elect in 2016? Okay let’s try another example that I’m sure you’ll relate to: have you or someone you know ever been found speaking about something and then almost immediately after noticed that very conversation to come up as a search suggestion or maybe even as advertisments; which in turn creates profit for large corporations.

In all of these very well known examples your data and the things Big Tech knows about you have been used against you. Don’t think it stops at Big Tech either! Uncle Sam and his friendly allies, the 14 eyes are always out to get you too!

What will this article cover

This article first aims to educate you on how your data is collected and abused for reasons not necessarily in your best interests. When you understand the implications of surveillance we’ll move onto how to circumvent data collection without too many compromises and join the technological revolution. Feel free to check out the table of contents at the top of this article and read what’s relevant to you.

What is the UKUSA agreement

The UKUSA agreement, more commonly known as the 14 eyes refers to groups of governments which cooperate with each other - this includes sharing data so that wherever you are they can keep an eye on you. They’ve been successful in pulling off countless international operations including Operation Trojan Shield where they sold over 12,000 “Anonymous and encrypted” phones on the black market.

There are 3 main types of eyes in the West: the 5 eyes, the 9 eyes and the 14 eyes. The 5 eyes include the US, UK, Canada, Australia, New Zealand. The 9 eyes comprise of the 5 eyes with the addition of Denmark, France, Netherlands and Norway. Finally the 14 eyes is made up of the 9 eyes along with Belgium, Germany, Italy, Spain and Sweden!

But I have nothing to hide

Let’s address each of the questions and statements mentioned earlier. Mark Zuckerbug is a billionaire because he owns Meta (formerly known as Facebook) which is the parent company of Facebook, WhatsApp, Instagram and many other apps/ services used by millions of people daily. These services are free and yet they cost millions in maintainance. To fund the cost of these your data is sold, collected, aggregated and used to show you targeted content.

Companies come to Meta and explain the audience they’re looking to reach and Meta use the information they know about you to serve these adverts to you. If you’ve been around on the planet for more than ten years then I hope this isn’t of shock to you. Even then this business model doesn’t sound particularly sinister at a first glance either; you get a free service you enjoy and Meta provide you adverts and content you like. Win win right!?

Except… it’s not that simple. This is what most people understand about privacy, because it’s what they’ve been fed by Big Tech, however most don’t know how this very system was used to rig an election. Read here about Cambridge Analytica, how they allowed Donald Trump to win the 2016 election by profiling American voters and targeting them on social media with disinformation (predominately about Hillary Clinton) based on their political views which encouraged them to vote Trump.

According to Britannica “Misinformation is the inadvertent spread of false information without intent to harm, while disinformation is false information designed to mislead others and is deliberately spread with the intent to confuse fact and fiction.”

You’ll be glad to know that invasion of privacy isn’t just from big, evil tech corporations though; the goverments love your data too! The UK passed a law in 2016 called Investigatory Powers Act which essentially allows them to collect mass data on citizens - especially from ISPs (internet service providers e.g. Sky, BT, Virgin Media). Fortunately the majority of the web and apps you use are protected by HTTPS which means that although your ISP can see what sites you visit, they can’t really see what you do on them - but any of the 14 eyes can request this from the sites you visit. If the sites do hold the information they’re forced to hand it over and keep quiet about it! If they don’t hold the information they could also be forced to start collecting it without telling their users. Eek!

Note that private companies also collect and process users information without consent too! Just because you’ve read their privacy policy (which is usually pretty disturbing as it is) that doesn’t mean they follow it! One of my favourite examples of this (and there are hundreds) is how Facebook created a facial recognition database where they were able to identify virtually any face on the planet! They did this without users consent and worst of all, made it available to any human being with an email address! This sounds atrocious (and it is) but Facebook justified this by claiming it was a useful feature providing suggestions of friends to tag in posts. For instance if you submit a post of your family at the beach, it would prompt you to tag “Aunt Fanny” or whoever was present. It was also used to assist visually impaired people, allowing them to know who is in a picture. This extended to people who weren’t on the platform too! Read more here. TikTok also paid out a lawsuit regarding this matter.

Facial recognition is a seriously dangerous tool and although these companies claim to have deleted all this data, I think it’s safe to ask what the US government might have done with this. When (not if) facial recognition technology becomes mainstream in surveillance, we are all in trouble! The UK government already have plans to role out live facial recognition software.

“We look forward to working with government and receiving more details on the creation of a National Violent Disorder Programme and further work on tools such as Live Facial Recognition.” - Chief Constable Gavin Stephens, NPCC Chair

The government just want to fight crime and terrorism though right? Well that’s partially true. Unfortunately (in my very much educated opinion) they have an ulterior agenda which helps maintain in power, censorship and control. You only have to look at the Edward Snowden leaks to see how the NSA (national security agency for America) collected over 76,000 text messages a day, location data, border crossings from roaming notifications, missed-call alerts for contact-chaining analysis and even financial transactions!

GCHQ (a UK based intelligence agency) also utilised the technology known as Dishfire. Technologies like this have been used to censor people with political ideologies which diverge from those in government, shut down anti-war groups and much more! See more details here.

We only need to look at the Nazi salutes (yes that’s plural) from Elon Musk or suggestions to invade the UK and Panama. Trump also wants to buy Greenland (and told to fuck off, see the clip here). Furthermore he’s ordered the release and exoneration of hundreds of violent rioters. Not to mention how the USA have eradicated climate change initiatives, gender and more!

If you think this is bad, look at the TikTok ban. How would the government enforce such a ban in a privacy respecting way? Why aren’t they banning other Chinese apps? Is it because TikTok is the platform where people have a voice?

Think about how Trump has influenced Zuckerburg to remove fact checkers from Meta’s platforms - that could be helpful considering Trump has consistently been flagged for publishing false information from various platforms, including X - previously known as Twitter. These are all very good questions to ask!

Unfortunately it doesn’t look like things are heading in the right direction! Given this trajectory the West could be compared to China, who significantly censor their citizens, and I think everyone has a common understanding that this is bad!

One more note… if you ever hear a law or bill referring to “protecting the children” this is essentially a way of justifying mass surveillance whilst making the government look innocent. Both the USA and the UK tried to use it to ban encryption which would allow them to see all online activity everywhere! As discussed earlier, governments are already collecting and storing masses of encrypted data which they hope to decrypt later (known a HNDL attack - harvest now decrypt later) through a flaw in the encryption algorithms or using quantum computing.

Data, data, data

There’s a reason your data is so valuable! Let’s look at how to delete that digital footprint of yours and learn about technologies we can use to prevent our data being harvested in the first place.

What’s the point, they’ve already got my data

It’s true! They have. However if you live in the EU, UK or in California you are “protected” by laws which allow you to delete your data from companies at any point. A great site to go to on how to delete your data from various services is justdeleteme - they offer a directory of services and methods for deleting your data from them. It’s also open source so if you’d like to contribute you can do so here; don’t be scared off either, it’s not very complicated to contribute and they have guidelines on how to do so here.

Before you do delete your data, you might want a copy of it. Under GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act) you are also entitled to a copy of everything they have about you, including products you might be interested in and more!

If you’re not looking to delete your data then you can also contaminate the data they have by feeding them with fake data but this isn’t recommened over the deletion approach. More on this topic later.

Understandably though you’ll feel inclined to keep at least a handful of your accounts open - most probably Apple, Google and/ or Microsoft. We’ll tackle these later on so don’t worry too much about that.

So you know that Big Tech and the government track you, all with the same intent to profit or advantage themselves from you. Presumably if you’ve got this far you’re either a fed (just kidding, I’m not that paranoid) or you are interested in protecting your data. Let’s first look at how data is collected and then we can discuss how to mitigate each part.

How is data collected

The majority of our data is collected from our devices. However there’s also lots of data collected about us from other places as well. Here are the main categories that amass data including, but not limited to:

CCTV - including ring doorbells, dashcams and more
ANPR - automatic number plate recognition which tracks where your car goes
Financial transactions - your bank card etc
Mobile carrier - SMS and call data as discussed eariler
Online activity - everything you do (or don’t do) online
Devices - phone, laptop, computer, smartwatch
IoT (internet of things) devices - Alexa, smart home stuff, your Oral-B smart toothbrush
Other - forms from employers, electoral registers, medical records, DBS etc.

We’re going to look into methods of preventing all of these however I’d like to start with online activity as this is by far the largest form of data collection and also something you can act upon relatively easily without too many compromises, unlike avoiding facial recognition for instance.

Nothing is free (except open source)

Free has more than one meaning; free as in cost or free as in freedom. I prefer the latter, also known by the French word Libre. By now I imagine you have an awareness that although most software and services might be free, they’re not all Libre! Fortunately there’s this amazing community called the FOSS (Free Open Source Software) community. If you’re unfamilar with open source then I’ll give you an example. Suppose you have a pandemic and there’s a race to find a vaccine which will prevent millions of people from dying. Pfizer might create a vaccine on their own and then sell this to governments. The issue is, almost everything we know about it comes from Pfizer and as we know Big Pharma have consistently lied and mislead the medical field for profit, often downplaying symptoms or boasting about it’s effectiveness and/ or application.

So how do we trust the vaccine? Well if the “recipe” for the vaccine and all of it’s research was publicly disclosed and under a license which permitted it to be modified and redistributed then any individual or organisation with the skills to audit this research could perform their own tests. Furthermore by doing so they might discover issues, fix those issues and make the new version publicy available. Pfizer could then evaluate these changes and “merge” them into the main vaccine. Not only do you have the top scientists in Pfizer working on this but the resources of the entire world!!

It sounds fantasitc right. What’s even better is that the price of the vaccine comes down because anyone can manufacture it. Moreover because anyone can manufacture it we’re not limited by the constraints of Pfizer’s manufacturing capabilities and thus governments can begin making and distributing the vaccine too! As a result Pfizer are much less likely to publish misleading information or lies because they can easily be debunked by anyone and there’s less of a profit incentive.

Fortunately this did happen with a few vaccines during the COVID-19 pandemic, this led to the vaccines being developed and approved by countries world wide. Anyway enough about vaccines! The same is true with open source software. The code behind Windows is proprietary and thus not available for audit. Although Window’s privacy policy says certain things, we can’t trust it because we can’t see the code it’s running.

Did you know, to date, Microsoft collect “content you type, write, or dictate on the device” as per their privacy policy.

Welcome to open source my friend! In the FOSS community there isn’t really very much tracking (it exists but it’s negligible compared to proprietary technologies) because if there is tracking we can simply look at the code, find the tracking part and remove it. After this we can recompile the code from scratch and voila. As a result FOSS projects don’t tend to bother as this attracts a lot of bad attention and isn’t really in line the open source ethos.

Why work for free though

Open source sounds great but what’s the incentive to work for free? Well many smaller open source projects have volunteers contributing to code repositories simply because they have a passion for it, want a feature they require or maybe want to have something to add to their CV. However larger open source projects like AOSP (Android Open Source Project) do not follow this philosophy. Android is owned by Google. Samsung runs on Android, however they do add lots of nasty proprietary snippets and software to it in order to create the Samsung ecosystem. Google do the same but you can typically flash AOSP onto your phone if you don’t want any tracking.

Google earn tonnes of money for doing this because it enables phone manufacturers to allow Android to run on their devices with the ability to add their own touch to it. Where Google profit is the fact that a phone won’t sell without the Google PlayStore and all the Google services. Most apps (by default) won’t work without this proprietary framework as they rely on proprietary libraries from Google to function. As a result Google becomes a monopoly.

Lucky for you there are open source projects like GrapheneOS and LineageOS which build on AOSP in a privacy friendly way whilst enhancing security. Like many open source projects GrapheneOS relies on donations as it isn’t backed by Big Tech in the same way as AOSP - although GrapheneOS wouldn’t be possible without AOSP. They’ll receive donations from individuals (like me) and presumably from companies, charities/ foundations, human rights organisations and more. It really is the community that keeps these projects going.

Other large open source project such as TOR (The Onion Router) were initially created by the US government before being released to the public and are backed by some very big organisations which you can see for yourself here. WordPress, the Linux Kernel and many more open source technologies that hold up the majority of the internet as you know it are all very well funded too.

I’d also like to mention that some open source projects offer to host their services at a cost which is then used to support the project and pay the developers. Being open source can also attract many more customers.

How to Learn Technology

Fri, 24 Jan 2025 22:50:22 +0000

Introduction

So you’re wanting to get into privacy, Linux, self-hosting and/ or programming. Maybe you want to run your own cloud service or movie server where you can own your own data and use your services offline. Potentially you want to escape from the digital dystopia of Facebook, Windows, MacOS and the like.

Did you know, to date, Microsoft collect “content you type, write, or dictate on the device” as per their privacy policy.

Whatever your reason, knowing where to start and how to find good resources can be pretty tricky. Fortunately I’ve collected a list of the best free sources to learn these skills.

Linux

Install a beginner friendly distro

If you’re looking to learn Linux then I suggest installing a simple out-of-the-box distro such as Ubuntu, Linux Mint or Pop!_OS. They’re all relatively straightforard to install and no harder to use than Windows or MacOS. Best of all they come pre-installed with almost everything you need from web browsers to office suits and the such. Play around with the distrobution, learn about the package manager and the command line.

Learn the command line

The command line is a way of interacting with your system using only text. It’s incredibly powerful and when you learn about it, you won’t want to go back. In fact I am writing this very article using the command line! It’s crucial when communicating with servers over SSH, using Docker or managing a Linux system in general. Not only will it give you a great understanding of how your system works under the hood, but you’ll also become a full-on power user! The best resource for this a book by William Shotts which you can download for free here thanks to William allowing it to be distributed under the generous Creative Commons License.

Install Arch Linux

Arch Linux is a do-it-yourself distro. If forces you to configure a lot of things that are usually abstracted and thus you’ll learn a lot along the way. If you’ve read the book above and played around with some of the commands then you’re definitely in good stead to try Arch. What’s great is that you can create the system you want, however you want it. Virtually nothing comes pre-installed; no sudo, no web browser or desktop environment. It sounds ridiculous and daunting but in reality it’s not that hard and although at first you may face a few hurdles, you’ll almost certaintly appreciate knowing/ understanding everything about your system and how it works. The great thing about Arch is that it really doesn’t tend to break either but if it does, you’ll know how to fix it!

There’s plenty of resources for installing Arch Linux. I recommend Mental Outlaw’s guide on installing Arch Linux which you can find on YouTube here. After watching this feel free to check out lots of other Arch Install guides on the web. The Arch Wiki is also one of the best (but not necessarily easiest to understand) resources on the web. It’s also worth reading through the Gentoo installation handbook as although this is a different distrobution, it’s installation process shares lots in common with Arch and I believe their installation guide is much more user-friendly.

Self hosting

AlternativeTo

AlternativeTo is a great site for finding open source, self-hostable alternatives to almost any program or service you can think of. It’s worth having a browse as you’ll soon find that many, if not all, of your favourite pieces of software can be replaced with free, privacy friendly, open source alteratives!

Awesome Self Hosted

Awesome Self Hosted is a great resource to find things to self host. Try finding a few things and spinning them up!

Docker

If you want to host your own services then I recommend learning Docker. Almost anything you want to self host will likely be built with a Docker-first approach in mind. Without going into too much detail, Docker allows you to containerize applications and deploy them in a declarative manner. If you want to run something like Mastodon (which is an open source, decentralised alternative to Twitter) then you’d need to install Mastodon, a mail server for it to use, a database (such as SQLite or PostGresSQL) for it to store users in and other data along with all the other packages and dependencies those components require. Additionally each of those will need to be configured correctly and secured with a firewall etc. Sounds complicated right? If Mastodon requires one version of a package and you are using another version on your machine then there could be conflicts, stuff will break etc, and it all becomes a mess.

Docker solves this problem by creating a container which is it’s own Linux machine. The container has all the necessary packages and dependencies inside and only the bare minimum it needs to run. Not only does this mean that it’s replicable (because it’s not going to conflict with anything else on your system as it’s isolated) but it also keeps your system clutter free. Furthermore it allows for swift deployment and management. Best of all they utilise the Linux Kernel already installed on your system which means they’re super lightweight and efficient - often being only a few megabytes in size.

The persistent data for your Mastodon server (such as your configuration files, databases etc) can all be mapped to what’s called a volume. Volumes are shared directories (also known as folders) between the host system (your system/ server) and the Docker container. For instance the /config directory on your Docker system can be mapped to /home/curiousliberal/Documents/Docker/Mastodon/data/config. This means that data written to the /config directory inside your Docker container ends up being written to the /home/curiousliberal/Documents/Docker/Mastodon/data/config on your host system. This is great because you can then back this up, restore it, use it on another server. Great stuff! Don’t worry if none of this makes sense yet, The Docker Handbook will teach you everything you need to get started with Docker. If books aren’t your thing then I suggest checking out the Net Ninja’s Docker Crash Course on YouTube.

Programming

If you’re looking at getting into programming then I suggest starting out with Python. It’s very easy to learn and there’s an astronomical amount you can do with it. My favourite book is Automating the Boring Stuff with Python by Al Sweigart. This is by far the best book to get started with Python as it covers useful topics and by the end of it you should be capable of automating many mundane office jobs. You can download the book here.