notes on chapter 6
25 May 2021
Some notes on chapter 6 of Privacy is Power by Carissa Veliz. This is the chapter with specific recommendations in it.
Think twice before sharing: this is a good point, maybe more than twice. For example, if you Tweet the date that your coronavirus vaccination became effective, surveillance marketers who know where you live can count backward to the date you became eligible, and learn something about your age or health history.
Respect others' privacy: Good advice, and don't ask why someone declined permission to have their info shared, or pressure people. (And if you have information or photos pertaining to somebody who you no longer have a relationship with that would make having that material appropriate, destroy it.)
Create privacy spaces: Now I want to do this.
Say no: This situation is actually getting a
little better this year—consent dialogs are
getting cleaned up. I'm not seeing as many of the
first generation more dark pattern-ish ones.
But see the Cookie AutoDelete link below. If you
consent by mistake,
a tool can sometimes fix it.
Choose privacy: Vizio makes nearly
as much money from ads and data as it does from
so it's not surprising that it's hard to get a TV
smart features. My solution is to just
connect HDMI and antenna, never WiFi or Ethernet.
The part about not having an Amazon Alexa device
in the house seems kind of obvious, but maybe some
families disagree? The good thing is that couples who
are dating now can find out if they have compatible
smart speakers before sharing a home.
(and maybe figure out whether
reality surveillance glasses are a relationship problem
now, before you end up having to break up with both a
person and with the corporation surveilling you from
devices there is a very good point about not
keeping apps you don't need. Also check devices for
pre-installed, unremovable apps before buying, to save
yourself the hassle of having to return the device.
(Any phone manufacturer that would
stick unremovable surveillance bloatware on their product
would probably make other bad decisions, too.)
Email: Surveillance marketers have figured out the + addressing trick, unfortunately. It does make sense to keep a separate address for low-priority marketing mail.
Browsers: Good point to have more than one. I like Firefox, tricked out with appropriate extensions, for daily use but keep a totally stock copy of Google Chrome just in case, for sites with compatibility problems. (I never use Chrome for buying anything. Why reward sites for compatibility problems by buying stuff from them?) If you have a computer that came with Apple Mac OS or Microsoft Windows, both of those come with good browsers now. So if you want to use Firefox as your main browser, you can just use the browser that came with your computer as the backup.
Use privacy extensions and tools. Here
is the one piece of bad advice in
Adblockers are easy to find
and install. Don't do this.Seriously, don't do this. The ad blockers
that are easy to find are generally the sketchy ones. Unfortunately, the browser
extensions directories tend to fill up with adblockers
that either have a so-called Acceptable Ads
feature that lets tracking through, and that you have to change some settings to turn
or are actual adware.
(If you install an
blocker and start getting ads on Wikipedia,
you got the second kind.) And somehow the ad blockers that allow the Google trackers through seem to come up higher in a Google search.
I use the
built-in Enhanced Tracking Protection in
which you can set to
standard for basic
strict for more protection but
Legit ad blockers are generally effective against tracking by third parties on regular sites, but that's not as big a surveillance risk as the Facebook sites and YouTube. For Facebook in the browser, there's Facebook Container (you did remove the native app, right?), but cleaning up YouTube is a little harder.
Yes, third-party cookies are the easy surveillance technology to block, but deal with Facebook and YouTube first. This whole project is not just about saving yourself a little annoyance today, but also about incentivizing CMOs and VCs to expect lower returns on future surveillance marketing and invest based on that. We win when we can change the level of risk we all have to deal with in the future.
Another extension that I find valuable is Cookie
Automatically cleans out the cookies that a dark
pattern got you to
consent to, while letting
you keep cookies for sites where you want to stay
logged in. Much easier than clearing cookies
manually, which a lot of people apparently still do.
Demand privacy: Sending opt outs is one privacy task where it really helps to be in California. The high-priority companies to send CCPA opt-outs to are
brands you actually buy stuff from
companies targeting you on Facebook. (This is where keeping a Facebook account is actually a privacy win. It's a waste of time to actually CCPA Facebook but their ad settings can reveal who has uploaded your info to them and needs to get a CCPA opt-out.
Breaking the kill chain
What's the most effective place to break the surveillance marketing kill chain? Let's look at it as a cycle. People buy stuff, surveillance marketers use sales to measure the effectiveness of what they have been doing, use those measurements to guide target selection, then place ads and collect reports on the ads. The reports feed into the same effectiveness measurement as sales.
(Feel free to pick this model apart. I plan on revising it some more once I have figured out what I missed.)
Ad placement looks easiest because it's is where you can use ad blockers. Fine for run-of-the-mill sites where the ads come from a separate ad server, but native apps and non-web ads are still going to get through here. Blocking the most blockable ads is only going to incentivize ads to move to non-web ad media. Most likely case is that more ad money ends up supporting deadly viruses, climate disasters and terrorists at the big social sites.
Ad reporting is also affected by ad blockers, and you can use tools like AdNauseam to make it less effective. Promising, but like ad placement an area where the more evil ad media are less affected.
Measuring effectiveness and target selection are both internal to the advertiser. Could be good for insiders to work on, but not a lot you can do from the outside.
That leaves buying stuff. What if the most effective place to take action is between putting something in your web shopping cart and making a purchase?
Compared to the number of trackers and third parties you interact with, the number of companies you actually buy from is small
Opt out will cover all downstream uses of your info, not just the ones you know about or have a tool for
Surveillance-based ads can only justify a higher rate per ad impression by connecting ad reporting to sales.
This gets way easier when retailers have Global Privacy Control support and clean up their dark patterns, so could go from privacy nerdery to mainstream fairly smoothly.
Facebook is a good example here, because their system is designed to limit outward transfer of information. If a company buys ads on Facebook, they can't ask Facebook for a list of who saw their ad and then compare to the list of people who bought stuff from them. Instead, the advertiser has to:
Integrate Facebook software into their web site, apps, and/or CRM system. (Facebook makes this software easy to set up, and only the web version is easy for the customers to block.)
Use the software to send reports on their customers, saying who bought what, to Facebook. The advertiser generally doesn't know which customers have Facebook accounts, and most people have a shadow profile anyway, so they just dump everybody's purchases to Facebook. This can be done in a server-to-server way that does not depend on the browser.
Facebook generates a report for the advertiser so that the advertiser can compare their Facebook advertising to their sales.
Step 2 is hardest to keep from happening, since this information transfer has the most technical and legal armor around it. But it also carries the most reward per bit of personal info transfer blocked. The more I can exercise my right to stop the advertisers from doing this, the less justification they will have to send money to Facebook instead of to ad media with positive externalities.
It makes sense not to RtD Facebook, since with the current state of things you will have a shadow profile with them anyway. Instead, RtK Facebook and either opt out or RtD the advertisers who feed into their system.