Article List

Practicing Privacy, Part 2 - My Journey to Better Privacy

Part 1 available here

It’s time for the second part of my privacy post. In this one, I will talk about the log I’d kept for two weeks, to analyse my behaviour online and see what I can change to better take care of my data. Since privacy is the main focus here, I obviously won’t just share the log or my browser history. I will present most of the findings, but still in a way that doesn’t tell you too much about how I use the things I do, or when (how my day is structured), because that’s the kind of data only Mark Zuckerberg and [other] stalkers would ever need.

The way I use digital technology currently is not something I just up and did overnight. It was part of a long process, slowly learning and replacing things, little and big, until I’d arrived at where I am today. Right now, the way I use technology feels comfortable and appropriate, but if you’d given me this setup 2 years ago, I may have complained about it being clunky and slow, or otherwise worse than the mainstream alternatives.

That’s why, before I dig into the data, Ḯ’d like to give a summary in the next section of how I went from being an average user to using lots of FOSS and privacy-respecting software. It doesn’t cover everything, not even everything that will appear later on in the data analysis. The reasons can vary; I never had to switch from Photoshop to GIMP, for example, because I never used Photoshop. I used to use Notepad++, but after switching to Linux it turned out not to be available, so I looked up alternatives and was running Notepadqq a few minutes later; there was no progression or story behind it, just a search engine query. That’s how it can be quite often. If you have a program, or use-case for a program, the best way to find a privacy-friendly alternative is to just search for it online. Or, if possible, you could ask someone who might have already done the search; that’s how I found out about Freetube, for example.

How I Got to Where I am Today

WEB BROWSER - A long time ago (some 10-15 years back) I used Firefox. Then, I used Opera. Then Google Chrome. But roughly 2 years ago I switched back to Firefox, which I still use. A major change is that I actually use three browsers simultaneously – Firefox, Tor and IceCat. For general web browsing, I use Tor. It’s the most privacy-friendly way of browsing the internet, while still maintaining a fair bit of convenience. If something doesn’t work well in Tor (many sites block Tor IPs, for example), and it’s not reliant on JavaScript, I open it in IceCat. I have it set to completely disable non-free JavaScript, which eliminates almost all forms of tracking. If JavaScript is a requirement, I either give up on it or go to Firefox, which is also where I go if I have to log in, buy something, etc. On Firefox, I have Decentraleyes, CanvasBlocker and uBlock Origin installed, and a privacy-oriented profile set up with ffprofile, so even here the amount of tracking is limited.

OPERATING SYSTEM - I used to use Windows on the PC like most people. Becoming more interested in FOSS, I started looking for a good Linux distro to dig into. I settled on Linux Mint, which I first installed on my laptop, which is only a secondary device. That way, if it didn’t work well, it wouldn’t bother me much. But it worked really well, so when the time came to reinstall my PC’s system (it was getting slow and buggy), I went ahead and installed Mint on it, as well. I seldom have problems, most things just work like they’re supposed to, but in case there is something that just won’t work on Linux, I have a 50 GB HDD partition with Windows 10 on it. When I use it (which isn’t often), I try to keep the internet turned off as much as possible.

SMARTPHONE - I wanted to replace the stock Android with something like LineageOS, but no system (whether Linux or de-googled Android) that I checked out supports my phone. Being rather inept at doing anything with a phone, I settled on just changing the available settings to be as privacy-oriented as possible, not connecting to any Google account (I used a dummy one to get one or two apps from the Play Store, then got rid of it), and using FOSS apps in place of proprietary ones wherever possible, which I get from F-Droid. I offset the fact that I have stock Android installed by not using it too often. Unless what I’m trying to do requires Android, I’d much rather do it on either my PC or my laptop, where I have more comfortable input methods and greater control over what’s going on. Biometric data is not something I’d ever want to provide to anyone, so using it as means of locking/unlocking my phone is an absolute no-no. Which is good, since my phone is old enough to not have FaceID, a fingerprint sensor, or any such “security” features, anyway.

E-MAIL - I used to have a Gmail account, but I decided to abandon it after becoming more privacy-conscious. After looking at a bunch of alternatives, I settled on Mailbox, which I’ve been using for over a year now. It is not free, but at just 1 euro a month for the basic package, I don’t know anyone who’d call it not affordable. It also lets me make aliases, which I use as dummy e-mail addresses to use in services I don’t really care for.

SOCIAL MEDIA AND INSTANT MESSENGERS - This is a big topic for other people, but not for me. I’m not very social. I stopped using Facebook around October 2014, and to this day regret that I just stopped using it, instead of actually disabling/deleting the account. I have never had a Twitter account. Same goes for Instagram, TikTok, WhatsApp, Tumblr, and so on. I have used Telegram for some time, but in the end I barely talked with anyone there, so I uninstalled that. My only form of social media now is Fosstodon, which I access through my web browser. I don’t use a mobile client of any sort, as I consider having social media in your pocket to be one of the worst things one can do for their productivity and mental health. It’s a Mastodon instance, and although I do not host it myself, I have faith in the owner that my data is being handled securely. And even if it wasn’t, it doesn’t matter, since I don’t post anything sensitive there.

YOUTUBE - Let’s distinguish YouTube as a website, and YouTube as a service. As a service, hosting millions of videos ranging from pure entertainment to ones with great educational value, it’s fantastic and not something I think I could give up. As a website, though, its usability is horrible and it is a privacy nightmare, in no small part due to its integration of various other Google services. On my phone, I replaced the website/app with NewPipe, which preserves my privacy while providing a much better user experience and features like downloading videos. On my desktop, I use FreeTube, which is very similar to NewPipe in terms of what it does. I browse the content there and either watch the videos in the app, or download the files and watch them in VLC. For playlists and subscriptions, at the moment I just keep links in my browser’s bookmarks and occasionally check the channels for anything new, but I heard that RSS is a good, privacy-friendly way of keeping track of subscriptions, so I might switch to that.

LISTENING TO MUSIC - For most people, this happens on Spotify and YouTube. I have used Spotify for a month or two, but ultimately I found it redundant. Everything that I listened to on Spotify was already available on YouTube, but not vice-versa. So I could either use YouTube, or Spotify and YouTube. I went with the simpler option. But YouTube is not ideal from a privacy perspective either, and it still leaves out the third music source, that being the files on my computer. I buy the albums I like, either digitally or on CDs, and keep copies on my drive. Seeking to combine the two libraries, and seeing the files as both more convenient and more privacy-friendly, I used youtube-dl to download all the music from my YouTube playlists into a folder, and now I just listen to those files, instead. I don’t listen to much music, and I rarely go exploring for new artists, so I almost never have to leave the confines of my hard drive if I want something nice to fill the ears.

WATCHING MOVIES AND SHOWS - That is, again, something I don’t do often. Most people use Netflix, Hulu, Disney+ and the like for those, but I find these questionable from a privacy perspective, on top of not being as convenient as they’re often considered. It might’ve worked well a few years ago, where you could supposedly find almost everything on Netflix, but nowadays almost every publisher has their own service, with their own monthly subscription demands. I never had an account or a subscription with any of those. It’d be a waste of money for me, as I’ll watch maybe one movie a month, and so I just get them “for free” from various sources. If I don’t enjoy it, I just delete the file and forget about it. If I like it, I buy it on Blu-Ray and rip the discs to my hard drive. I also occasionally get something from Crunchyroll (no subscription or even an account), typically by downloading it with youtube-dl. Downloading movies is about as convenient as using a streaming service, while being more privacy-friendly. Not paying for movies may sound somewhat unethical, and I won’t lie – it is. But I do pay for movies I actually like, and getting them through services like Netflix, which treat its producers like trash and throws viewers into a big data machine to keep them glued to their seats while providing them with big-data-influenced flicks is hardly moral, either.

VOICE ASSISTANTS - This is not something that I had to replace, I just want to ask… what is actually the point? Even before getting on the privacy bandwagon, I never used nor had any desire to use voice assistants. Why would you ever use one (assuming you use it out of convenience and not out of necessity, that is)? Voice recognition on the phone is something I’ve never used as I can just type the things I want, and home assistants like Alexa or Echo are some of the most pointless pieces of junk I’ve seen.

How I am Today - The Data

Now, let’s get on to the “meat ‘n’ potatoes” of the post – the data I’d gathered. In total, I’ve had 998 data points, covering a little over 330 hours. Of those, 550 points (183 hours) were spent offline, either sleeping or doing other things that did not involve a computer or phone. Then there were 86 points (29 hours) that contain no data. The reason for that is I sometimes had several hour long gaps between filling out the spreadsheet, so instead of writing about what just happened, I had to think about everything I did in the previous 3-5 hours, and it was surprisingly easy to just lose track of some things. I suspect you’re familiar with this too, where you seemingly don’t do anything specific or time-consuming, yet a lot of time still passes. That’s how it was. Also, one day I completely forgot about the sheet until nearly midnight, which was quite a blunder.

So ultimately, I ended up with 362 data points (121 hours) detailing what I use digital technology for. It gives an average daily use of around 9 hours and 17 minutes, which is a fair bit, all things considered. All the programs that I’d used for any meaningful (over 20 minutes) amount of time, in order of popularity, are: VLC Media Player, LibreOffice, Tor Browser, Team Fortress 2, Image Viewer, Document Viewer, GIMP, Mozilla Firefox, Touhou 10: Mountain of Faith, Freetube, Notepadqq, SubtitleTools, and Counter-Strike: Global Offensive. I also used Windows for around 2 hours, for something that does not work at all under Linux.

VLC Media Player is where I listen to music, watch movies, listen to podcasts, and so on. As such, it’s no wonder that it was the most used program by quite a large margin, being open for just a little over 50% of the total time. Team Fortress 2 is also not too surprising – I did play it quite a bit over those two weeks, accruing over 25 hours of playtime. The other three, however, are a bit more interesting. LibreOffice was used for 39 hours, Tor for 28 hours and Image Viewer for 25 hours. I sure do like writing, but I don’t remember writing that much. Neither do I look at all that many images. I do use the Tor Browser a fair bit, but it’s got over twice the usage of Mozilla Firefox, which doesn’t feel like a fair representation of my internet browsing habits.

Well, all of these stem from one source, one activity. I won’t get into much details, but basically, I spend a lot of time translating comics. However, they are in Japanese, which is a language that’s quite tricky to write down, and since I’m not too familiar with it yet (the translation is part of the way I’m learning), I end up having to use online tools to transcribe the sentences whole, in order to be able to translate them correctly. The workflow goes something like this: I open the page in Image Viewer; I write down the sentences I do not understand (which is a lot of ‘em), usually through Google Translate which I access using Tor, I fill in the missing Kanji, and save the results in a document (LibreOffice). The translation itself is done afterwards with GIMP, which is why it’s among my more commonly used programs.

To summarise, over the last two weeks I’ve used around 13 programs. There are more, of course, that come from the operating system, but I don’t really have a choice of not using them, and they’re pretty much all FOSS and privacy-friendly, so it doesn’t matter. Of these 13 programs, 10 are free and open-source, and 7 of them rarely – if ever – connect to the internet. The remaining three programs – Team Fortress 2, Touhou and CS:GO – are games. Two of them also require having Steam, a proprietary application, open in the background in order to work. That said, they aren’t really something I’m bothered by. FOSS isn’t a principle I can apply to games well, as unlike software, playing an alternative made by someone else is very different from playing the original, proprietary thing. I haven’t noticed Steam being problematic; it doesn’t try to connect to every other app – unlike some gamer-focused programs I could mention – it works perfectly fine, knowing little beyond my e-mail and in-game nickname. As for Touhou (mostly 10, but occasionally other instalments, too), it works completely offline, and is just a plain ol’ game, not a data farm, so it poses no security or privacy risks. Overall, I honestly believe that my software selection is about as good as it can be for my current tech use, with very little I could improve without seriously impacting usability or convenience.

Then, there’s the matter of internet browsing. I mentioned my usage of Tor and Firefox, but what you use them for is also very important. Spending 12 hours in Firefox will have very different consequences for your privacy if you just read Wikipedia and check e-mail, and if you use it to watch YouTube and post on Facebook. Originally, I was planning to analyse this similar to software, but this approach turned out to be ineffective. For example, I spent around 20 minutes on Dashlane. That feels like enough time to warrant mentioning, but then again it was the first time I visited that website in over a year, and I only did so in order to request that my account be deleted. I also spent nearly an hour reading an ARG on Twitter, which is something I’ve basically never done before and it’s unlikely that I’ll ever do it again.

Basically, while software is something you install because you want to use it, a website (or even a series of websites) can be something you spend two hours on one day, five hours the next day, and then never look at it again. No matter how big a time-span I’d choose to look at, the data would still be filled with outliers, with things I did once or twice and likely won’t do again, at least for a long time. Also, using Tor means you lose your browsing history upon closing, which means a lot of missing data. As such, instead of trying to find out patterns that way, I just look, and think back from context. I visited Twitter, but its irrelevant since I won’t do that again. I’ve visited Fosstodon today and yesterday and two days ago, and I’ll do so tomorrow and in two days and in a week… that’s clearly relevant, that’s something I should worry about. By “worry”, I mean think about what sort of data is being gathered and for what purpose. I trust Fosstodon, but I can’t extend that trust to Google, which is why I’ve been phasing out their services from my life for many months.

Overall, looking at patterns and things I may actually do again, there don’t seem to be many things that warrant concern. Most of the sites are rather simple – Wikipedia, Current Affairs, Jisho – and I generally feel it safe to leave my data with them, especially since the amount of said data is minimal. The biggest outlier here is the aforementioned Google. It’s a service that many people are entrenched in. I myself used to use Google Chrome, Google Search, Google Drive, and more. I’ve replaced most of these quite a while ago, with the only remnants being YouTube and Google Translate. I got rid of YouTube (the website) by using FOSS clients like FreeTube, but Google Translate remained in high use, almost exclusively for the process of transcribing and translating comics. Here’s the issue: Let’s say you see 学校 written somewhere. If you don’t know Japanese, how would go about finding out what it means? If it’s in plain text, you can just copy it wherever, but if it’s in an image, you have to write it down, first. How do you do that, without knowing what it means or how to pronounce it? Well, Google came to the rescue by letting me draw characters, and figuring out based on that what I probably mean. It works very well, but it means I am reliant on a Google service, which I want to avoid.

By doing this thorough look at my habits, I’ve realised that this one thing is probably the greatest issue that I currently face, and so finding a solution should be important. The way I’ve solved the issue is two-fold. First, I practised correct kanji stroke order. This is very important if you want an AI to understand what you’re drawing, and getting better at it allowed me to start using the drawing feature of Jisho, which is based on creative commons data of KanjiVG instead of Google’s technology, which I consider to be a favourable alternative. Second, kanji that I’ve already seen but not yet had time to memorise are put in a text document. That way, instead of having to type it out repeatedly, I just remember that it’s in the file and look it up. The end result is that instead of relying 90% on Google and 10% on Jisho, I rely 50% on Jisho, 40% on an offline text document, and 10% on Google. Sadly, there are cases where no matter what I do, Jisho just cannot figure out what I’m trying to write, and in those cases I concede and go back to Google Translate. They are happening less and less the more practice I get, though.

For encore, I’ll quickly mention my mobile phone use. It’s only worth an encore, because it’s almost nil. A few hours on Kakugo, a 100% offline and FOSS Japanese learning app, a few hours on a FOSS media player, VLC, which I use to listen to ASMR while falling asleep, and a few hours on a FOSS gallery app, Simple Gallery Pro, to look at… uh… things. The rest is so small as to be not worth mentioning. I also turn off Wi-Fi and mobile data unless I actually need it, and almost never take my phone with me anywhere, to avoid position tracking.

So yeah, that’s pretty much it. Through introspection over several months, I was able to significantly change my habits in a way that protects my data. By surveying and analysing my behaviour I was able to conclude that, in most areas, what I do is sufficient (and actually quite good), and the one area that was falling behind was subsequently improved. Of course, the world isn’t as nice as I make it sound, and there are lots of ways in which scummy companies can still lay their grubby fingers over my stuff – an embedded piece of code from Facebook, a snooping ISP, and more – but overall I am happy with the level of protection I currently have, and as long as I can keep it up instead of resting on laurels, and apply a similar level of scrutiny and attention to services that come in the future, I can sleep well knowing that I’m doing a good job taking care of my digital body, which becomes more connected to our physical body with each passing year.

Back to the top