Recovering Digital Privacy

Privacy in the Age of AI & Mass Surveillance

This article is much different from anything else I’ve posted on this website. It doesn’t directly relate to the Orthodox faith, so I’ve hesitated to post it here. But I think it’s important.

Here, you’ll find my story about the steps I took to increase my digital privacy and security in this age of AI and mass surveillance. I don’t have an air-tight argument on why everyone should care about privacy as much as I do. Many people naively trust both Big Tech and the government to never do them harm. I’m simply not one of those people.

In the past, I took comfort in the fact that so much data is collected on each of us that it would take too much time for a person to sort through it. However, with advancements in AI, the ability to deeply analyze enormous data sets is quite feasible. No longer do I feel like I can disappear as a faceless person in the crowd.

devils lock the doors of a church, not allowing people to go to churchAlong with the rise of AI, we’ve witnessed an increase in totalitarian and authoritarian practices by our governments. Stories like the Twitter Files reveal the close ties between the government and Big Tech. Also, it was only four years ago that governments were shutting down churches (sometimes with armed guards) to keep Christians from worshiping together. It’s not apparent that the governments have regretted their overreaches – I haven’t heard any apologies or acknowledgments of wrongdoing from them.

Since the government has shown totalitarian tendencies, and they are tightly joined to Big Tech, I decided to take some practical steps toward reducing the amount of data collected on me. Hopefully it will inspire a few others to do the same. While it may be impossible to keep highly sophisticated intelligence agencies (like the NSA) out of my devices if they ever decided to target me specifically, I can at least reduce the amount of data collected by hackers, scammers, corporations, and government agencies through good privacy practices.

Take it slowly

Becoming privacy-oriented takes time because it involves some lifestyle changes. For me, this has been a multi-year project of removing the largest offenders first. Since our various devices have integrated themselves so deeply into our daily lives, slowly implementing these changes helped me stick to the plan.

Many times we must trade some convenience for privacy. For example, I choose to keep location off on my smartphone by default, which means when I occasionally need it, I have to manually re-enable it.

I’ve broken my story into three stages: Beginning Steps, Intermediate Steps, and Advanced Steps. At the end, I’ve posted websites with links for further reading.

BEGINNER STEPS

These steps are free and don’t require much time or effort. They’re simply good digital hygiene.

Step 1.1: Tuning up my smartphone

I’ve used both Android and iPhone, and in both, the privacy settings need to be checked periodically. Apps ask for various permissions, and these don’t need to be left on all the time. I especially check the camera and microphone settings on my phone since I may intend to temporarily grant an app access but then forget to revoke that permission later. I only leave the camera and microphone on for apps that I want watching and listening to me every moment of every day and night. That means zero apps. Also, I stay aware of which apps can access my photos and files.

A device that isn’t secure isn’t private either. So, I keep my operating system and apps up to date to patch known security flaws. When available, I use apps that are open source due to my privacy and security concerns.

Step 1.2: Getting rid of unnecessary apps

An old man sweeps a bunch of devils out of his houseI recently completed a clean-up of my smartphone, getting rid of nearly every app that I don’t use regularly or that doesn’t provide an important and useful function in my life. Every app on my device can create a potential security hole. So, I keep only what’s necessary.

I’ve never had games on my phone, but if I did, those and social media would have been the first to go. News and video apps went next since they are a time-suck for me. Anything that frequently draws my attention to the phone – or creates a desire in me to frequently check it – gets removed.

I try to keep my device “light” and streamlined, with as few apps downloaded as possible. If I need an app temporarily, then I download it, use it, and then delete it when I’m done (e.g., an airline app when I’m traveling). With today’s internet speed, I can easily redownload apps that I don’t need daily.

Additionally, many apps have privacy and security concerns (including religious and mental health apps). Consider carefully what an app is asking for and if you need it.

Step 1.3: PC clean up

No matter what operating system I have installed on my laptop or desktop, I check app permissions in the system settings. I periodically uninstall software that I don’t absolutely need – especially old programs that haven’t received updates in a year or so.

If I need to use older software, then I run it in a virtual machine such as VirtualBox, which is super easy to set up. More on that in the Advanced Steps below.

Step 1.4: Discovering data breaches and privacy leaks

Devils break open a locked wooden boxNo matter how careful I am, I can’t control website servers getting hacked. I signed up for data breach notifications on the website haveibeenpwned.com, which provides a valuable service. It analyzes the dark web for data breaches so that it can alert people to update their passwords.

Step 1.5: Using a password manager

I use a different password for every service and website that I log into, which is a necessity these days due to hackers and data breaches. Keeping track of that many passwords would be impossible without a password manager.

I prefer open source software since the code can be reviewed for both privacy and security reasons. Proton Pass and Bitwarden are good options, and there are many others.

Lastly, I avoid using social media, Apple ID, or a Google account to log into other services due to privacy concerns.

Step 1.6: Closing old accounts

In the above steps, I learned where data breaches have occurred, I set up a password manager, and then I began adding accounts to my password manager. I quickly noticed numerous accounts for websites that I don’t use anymore. So, I closed those accounts. While doing so, I learned there’s a huge difference between closing (deleting) an account and deactivating an account. Sometimes I’ve had to search the web to find out how to delete an account rather than deactivating it.

Before closing an account, I sometimes change the data in it with fictitious information. The reason for taking this step is that some websites will sell off the data that I provided them, even after my account is closed.

INTERMEDIATE STEPS

These steps increased my privacy but also decreased some everyday conveniences. But I found them all to be worthwhile.

Step 2.1: Replacing apps with actual things

We Orthodox Christians should read the Bible and pray every day. As a priest, I highly recommend using physical Bibles and prayer books to all my parishioners. My smartphone is designed to distract me, which is the worst thing when I’m attempting to do something of eternal significance.

For some daily reading, I admit I use a Kindle. However, it’s an old one (4th generation) that doesn’t have a microphone or camera, and it doesn’t have access to the internet. So, my data is relatively safe and I can’t be easily distracted by it.

For driving directions, I use a GPS. While they admittedly lack features that a smartphone’s map app has, they are much more private and less distracting. Plus, I can listen to my music or podcasts without the map app constantly interrupting.

Smartwatches are popular but (in my opinion) unnecessary. How many of us need to know the number of steps we take and our heart rate throughout the day? Because I don’t have a medical necessity, I don’t use one. It’s less data being collected on me.

Step 2.2: De-Googling my life

Devils looking at a man on his computer, watching through the windows.This was admittedly one of the hardest steps in this article. I’ve not gone all the way – for example, I still have a couple of Google accounts that I occasionally use to upload YouTube videos. However, Google isn’t deeply connected to most of my electronic life.

Like almost everyone, Gmail, Chrome, and Google Search were services I used daily. The easiest substitute in this step was switching to DuckDuckGo for searches and Firefox and Brave for web browsing. Seven or so years ago, I made the mistake of moving everything from Google to Microsoft, assuming the latter would be better. I’ve learned a lot since then.

Proton, which offers private email, calendar, password manager, online storage, etc., is a decent alternative. Again, I took this in steps. I continued using OneDrive until recently, though I backed up sensitive files (financial documents, etc.) with the Cryptomator app (which I highly recommend). My primary calendar app is now Apple Calendar, which syncs well with Mozilla Thunderbird’s calendar.

Additionally, other private email services can be found here. Other replacements for Google products can be found in the resources at the end of this article.

Why did I get rid of Google?

Whenever I use a Google product, I create a permanent record. Every Google search I’ve ever made and all my browsing in Chrome is forever stored by them (even when using Incognito Mode). The content of every email I’ve sent or received is archived. There’s nothing I can do about it. The federal government requires them to keep and store records indefinitely. I can “delete” stuff from my Google account, but they still keep a record of it on their end. I’m merely deleting my access to the data – not their archives.

Sadly, Google has shown flagrant disregard for people’s privacy, from creating malicious apps that bypass iOS privacy settings, to tracking you even when you ask them not to, to collecting data from your home’s wifi when they’re driving by with their Street View cars, to using your data to train AI without your consent, they’ve been consistently evil in their business practices.

As a clergyman, I knew I couldn’t use services like Gmail. Every “confidential” email someone sends me through Gmail is no longer confidential. The email content is scanned and utilized by Google for a variety of purposes.

There are many articles and videos on de-Googling one’s life, so feel free to search the web. Also, look at my links below.

Step 2.3: Purging unneeded information

a medieval man burns a bunch of papers in a fireMicrosoft had two massive security breaches in recent years (SolarWinds and Azure). From what I understand, the hackers could potentially gain access to all Microsoft accounts and data: all my emails, family photos, files, tax returns, etc. were potentially exposed. Fortunately for us, these were probably state-sponsored hackers who have no interest in little guys like you and me. They were after government intelligence and defense contractors (whose systems largely run on Microsoft-powered software).

But it reveals the importance of not keeping every email, text, and photo in the cloud. If I don’t want something to show up on the dark web, then I delete it from non-encrypted email and storage providers. While I can’t delete the archived data that companies are required to retain, I can mitigate further damage when a future data breach occurs.

Step 2.4: Cutting way back on social media

A woman admires herself in the mirror, taking a selfie with a smartphone. Devils watch her with glee.Like many Millennials, I greatly decreased my Facebook usage post-pandemic. Not only because people are sometimes prone to arguing too much on it, but because I think social media is creepy. Why would I want the Meta Corporation to know all the intimate details of my life? I removed most of my pictures and many of my old posts. I don’t upload pictures of my child’s face on there either. If I want to share family news or photos, I text. While that’s not 100% private, it’s better than social media.

Additionally, social media is designed to be addictive. I’m far more productive, I feel way happier, and I’m more present for my family and friends when I cut out (or at least drastically reduce) social media.

ADVANCED STEPS

These steps don’t necessarily cost anything, but they involve time investment.

Step 3.1: Switching to Linux

My excitement about Linux was the main reason I started writing this article. I’ve been using Windows since Windows 95, so switching to Linux was challenging at times. In the old days, Windows was an operating system that helped you run the software you needed. Nowadays, it also collects a large amount of data and shows ads. But what ultimately drove my decision was my lack of trust in Microsoft and disliking Windows 11.

Because Apple has a better reputation for protecting consumer privacy, I considered a Mac. But they’re expensive and Apple’s planned obsolescence means that I would have to frequently buy an expensive, new computer. Compare that to Linux, which will make a good laptop run very well for 10-15 years before it might need to be replaced.

I eased my way into using Linux by buying an old Dell Latitude laptop to use as a test drive. I set aside my newer Windows laptop unless I got stuck and couldn’t complete a particular task in Linux. Once my test drive was complete, I removed the hard drive from my Linux laptop and installed it in my newer laptop. Surprisingly, the hard drive swap was flawless after Linux automatically downloaded some additional drivers.

If you’re open to switching from Windows to Linux, I want to save you some time with the lessons that I learned:

A. Picking a popular, entry-level distro. There are hundreds (maybe thousands?) of Linux distributions. My top two picks are Zorin and Mint for those coming over from Windows. Fedora is great for advanced users focused on the latest security innovations.

B. Asking for help. I read the tutorials and asked for help in my chosen operating system’s forums. That greatly assisted me the few times I got stuck. There’s a learning curve, but it’s doable.

C. Running Windows programs in Linux. I use VirtualBox to run things like Microsoft Office and other Windows programs that I need (I’ve even used it to run Android and MacOS). Setting up a virtual machine sounds more complicated than it is. Fortunately, you can run Windows 10 without registering it, so there’s no need to purchase a new Windows license.

I set up a Win10 machine, let it run its updates, purchased an Office license (not 365), downloaded its updates, and then completely cut it off from the internet. I allow it to access a folder that I keep my documents in, and I place any Windows software that I want to install in that folder as well. It allows me to have all the conveniences of Windows without any of the privacy intrusion. Some people use Linux programs like Crossover (which is based on Wine) to run Windows applications, but they were too buggy for me with MS Office.

I use LibreOffice for quick edits to Word and Excel documents, and it works well for everyday tasks. For example, I wrote this article in LibreOffice. But it lacks the features for more complex jobs. So, while it’s a slight inconvenience to wait 30 seconds while VirtualBox loads my Windows machine when I need it, taking back my privacy is worth it to me. For those who need a virtual machine that can run heavier software, you may consider VMWare Workstation Player, which is free and allows more graphics resources.

D. Syncing my files. There are several cloud syncing options to choose from. I strongly prefer something that offers end-to-end encryption. In my experience, the options that sync most seamlessly and privately in Linux are pCloud, Internxt, and MEGA (they also work in Windows, MacOS, Android, and iOS). MEGA has the most generous free offering. If you must use OneDrive, Google Drive, Dropbox, or any other non-private service, then I highly recommend Cryptomator, at least for files and photos that contain personal information.

Step 3.2: Switching to a Different Phone

By default, all cell phones constantly report your approximate location to your service provider. Since I care mostly about privacy and not secrecy, I’m willing to compromise in this area (at least for now). There’s a significant difference between Verizon knowing my approximate location throughout the day and an app on my phone watching me through my camera or listening to my conversations. Some phones are better geared toward privacy than others. Here, I’ll give my opinion on various smartphones.

LIGHT PHONE: I thought about getting a Light Phone. They’re a cool concept, and I know some people who own one and like it. But I decided against Light Phone because both iPhone and Android can be simplified. Since I live off of a busy interstate that occasionally gets shut down due to accidents, I need to be able to check traffic in real-time, which requires either Google Maps or Apple Maps. Otherwise, a 30-minute trip can end up taking an hour or two. Also, I love listening to podcasts while I’m driving. Not being able to do either of those things is a deal breaker for me.

ANDROID: Stock Android (the version that comes with nearly every Android phone) is, by default, problematic from a privacy perspective. That said, a de-Googled Android system (such as GrapheneOS) can be both more private and secure than any other mobile operating system (including iOS). There are other options as well such as /e/OS and LineageOS.

iPHONE: By using iOS, I am entrusting my data to a company that claims they will keep it private but doesn’t prove they are doing so. Since Apple’s software isn’t open source, there’s no way to audit their claims. I have to take them at their word. Even worse, privacy policies can change with little notification, and any tech company could theoretically change their policies to allow them to retroactively use any of my data they’ve ever possessed in any way they wish. It’s a bit disheartening. But this is a compromise I’ve chosen to allow myself various conveniences, especially since they now offer end-to-end encryption with iCloud. My next phone may be a de-Googled Android (which would work much better with Linux anyway), but I haven’t made the switch yet.

Final Thoughts & Resources

 

There’s a lot more that I wanted to share, such as switching to open source software whenever possible, using Signal for private messaging, musings on VPNs, building a private AI, and trying out Mozilla Monitor. But I’ve hit 3,000 words, and this is a site dedicated to the Orthodox faith, not tech. So, I’ll provide some links below that can help you wander down the privacy rabbit hole:

  • RestorePrivacy – A wonderful site that is a great place to get started. They review most of the privacy-focused services, whether email, online storage, password managers, etc. They also have a news section that is interesting to follow.
  • Privacy Not Included – It’s like Consumer Reports but for privacy. It’s run by Mozilla and reviews everything from cars to electronics and apps.
  • PrivacyGuides – A website dedicated to both security and privacy. Tons of in-depth articles, but they’re geared more toward advanced users.
  • Proton Blog – Granted, this exists to promote their services, but it’s good reading for those who are new to the goal of restoring their privacy.
  • Privacy Subreddit – I hesitate to link to anything on Reddit because so many comments appear to be made by trolling teenagers. But, there are some interesting discussions in this subreddit. Venture in at your own risk.
  • Data Brokers Are a Threat to Democracy – An article on the $240 billion industry of selling your data, and how it could undermine the United States.
  • How to Create a Distraction-Free Phone – Podcast episode. I include it because the less we’re on our phones, the less data Big Tech collects on us.

Lastly, someone might notice that some of these services aren’t free. Google, Microsoft, and others can provide you with free services because they’re using your private data to subsidize the cost of creating and maintaining their software offerings. In other words, we pay for the services we use in one of two ways: either with our wallet or our private data. What’s your privacy worth to you?

devils spy on a man with their smartphones

 


Images in this article were generated with AI by Rev. Jeremy McKemy (yes, I used the devilish technology to illustrate my article about the evils of tech).

Leave a Reply

Your email address will not be published. Required fields are marked *

search previous next tag category expand menu location phone mail time cart zoom edit close