Gather round the fire, kids, Mat's going to tell one of his old-timer stories.
Back in ye olden days, before iPhones and 5G, a lot of people were scratching their heads wondering how to make money out of their websites. Various companies tried different business models: Friends Reunited charged £7.50 per year to their users, a move that MySpace also considered but decided in the end that they would continue to make it available for free but show advertising on the site. The Wall Street Journal set up a paywall that only allowed subscribers to read their articles.
While Friends Reunited and MySpace were early pioneers of social media, Facebook took that idea and ran with it. By 2008 they had 100m users, and by October 2012 they had a billion. Nobody had ever connected this many people together, and Facebook were making it up as they went along. It was free to use right from the start, and Facebook was harvesting user information in order to sell advertising. But they were so focussed on amassing more users (and money) that they ignored a lot of issues.
One of the things Facebook have been repeatedly criticised for is their attitude to privacy. They have been repeatedly investigated and prosecuted for failing to take their users' privacy seriously, and investigators regularly discover user data on open-access servers - half a billion in April 2019 and a further 419 million in September 2019.
We've written before about how to view what advertising data Facebook and other companies hold on you, but as I learn more about online privacy, I decided that I needed to go a step further.
My privacy concerns
I'm not part of the tinfoil hat brigade: I don't think that 5G is controlling our minds or causing Covid19, and I've been given every vaccine offered. But I do have serious concerns about the current state of online privacy in three main areas:
- Private corporations selling my data for advertising - for example the Cambridge Analytica scandal
- Criminals stealing my data for identity theft - my various email addresses have been included in dozens of data breaches
- Governments requesting special access without being competent in its protection - such as governments requesting special back doors into encrypted communications tools.
So over the last few months, I've been working on three main routes to improve my online privacy. These are:
Removing my face from public sites
First of all I removed my face from all the public social media sites that I use. I know this sounds pretty extreme, but watch John Oliver's recent piece on Facial Recognition, especially relating to clearview.ai and their database of three billion faces, or read this article about a man arrested in error after facial recognition software misidentified him.
I created a pixellated version so that people who knew me would immediately recognise me, but anyone else would struggle to. I chose this because I wanted to start a conversation with friends whose privacy I care about.
What you can do: upload a photo of your cat, do a drawing of your face, or take a photo of you holding up a piece of fruit obscuring your face.
Removing my real name and date of birth
Next, I looked at all my online accounts and replaced my full name and username with a pseudonym. This used to be quite difficult to do on Facebook as they required your real name, but it only took a couple of hours to go through a dozen different social networks and rename myself. I made sure that the URL that made up my profile page was also changed, for example I used to be at facebook.com/mat.connolley but not anymore. Some sites, for example Reddit, don't allow you to change your username, so I had to close the account and start again.
At the same time, I changed my date of birth to a random date within the correct year, and took the opportunity to review my privacy settings with each site.
What you can do: Choose a pseudonym or ask a friend to suggest one. It might help to include your first name in it to help your friends identify you. Change your name on all your social media accounts like Facebook, Instagram, Youtube, WhatsApp, Twitter etc. Also change your date of birth, username and the address of your page.
Looking for myself
Finally, I went searching for my name to find websites that aren't keeping my information private, changing the settings where possible or deleting them if not. I deleted half a dozen profiles on websites that I'd totally forgotten existed, changed the privacy settings on a few more, and renamed myself where I could.
What you can do: start off by searching for your name on Google, try it with quotes and without. If you have trouble finding pages that relate to you, try adding in the city where you live or extra identifying information. Delete or anonymise your accounts and public posts as you find them.
The elephant in the room
Yes, I realise that this very website has lots of photos of me, and it also features my full name, phone number and email address. There's nothing I can really do about this, Kat and I are our company's brand and it would look bizarre if I started using a pseudonym or pixellated out my face - we'd certainly attract fewer new clients. The changes I've made are to deter automated scraping of my identity or casual social media searches; anyone determined to track you down online will be able to do so, unless you've been living in a cave for the last 20 years.
I've taken some simple steps to improving my online privacy, and I hope it inspires you to do the same!