Improve Your Online Privacy, Fast

The recent reversal of Roe v Wade has thrown women’s online privacy into the spotlight. As of this writing, states have (and still are) contemplating how they might continue to restrict the right to safe abortions including considering abortion as homicide[1][2]. Criminal charges bring warrants and warrants can be issued to app developers and those hosting data to retrieve your personal information including that provided through period tracking apps.

However, what is quickly coming to light is the privacy policies of these apps. For example, as reported by Forbes, the privacy policies for period tracking apps Baby Center and What to Expect[3] provide for a warrantless quest for data. In fact, these privacy policies go so far as to say that the app company will report anyone they suspect of illegal activity. Now what illegal activity could be going on in a period tracking app? That is currently up for debate and a scary one at that.

While all these what if’s are being played out in real-time, there are steps that you can take today to put your self in a more secure position not only for your app data but for your Internet experience overall. I’ve presented some steps you can take in order from least time consuming to most time consuming.

1. Use end-to-end encrypted messaging apps
   1. Examples: Signal, WhatsApp
   2. These apps encrypt on one device and decrypt on the receiving device. That means that the information leaves your device secured and not even the service provider can decrypt your messages.
2. Turn off Ad ID
   1. Examples: iOS, Android[6]
   2. Why: The Advertising ID or “Ad ID” is a value that is transmitted with queries from your device to ad companies. It’s a way to tie activity to a device, not necessarily a specific person. This is how you get “customized ads” in facebook and other websites. Companies buy the aggregated ad id traffic and then can start to customize responses to you without you being an existing customer. Kind of annoying, IMO, and definitely not something to leave lying out there. Control your data.
3. Keep your browser history private
   1. Examples: DuckDuckGo, Brave
   2. Why: Incognito mode (Chrome) only stops your queries from popping up in the search bar later on. All your search queries still goes through google servers and are saved forever. Using browsers that put user privacy first prevents your queries from being tracked and associated with your online persona.
4. Use a Virtual Private Networks (VPN)
   1. Examples: SurfShark, NordVPN
   2. Why: Even with a privacy-first browser, there are still messages that are transmitted over the Internet before you see a webpage. One type of message is a Domain Name System message that is used to take a human-readable domain name (e.g., https://bitsdanceforme.blog/) and turn it into an Internet Protocol (IP) address. In order to hide DNS messages, you will need to use a VPN. A VPN will obfuscate (encrypt) the traffic from your machine, through the Internet, to VPN servers. These VPN servers will then proxy your request out to the Internet. The response follows a similar path back to your machine. This will prevent DNS “leaks”.
   3. SurfShark has a nice page to help you check that your VPN is working and also for leaks.[5]
5. Review permissions given to your apps
   1. Examples: Android, iOS
   2. Why: This is a good thing to do periodically. Make sure you know what phone permissions you are giving to any software installed on your device. Does a period tracker need to know your location? And why is a paint-by-number app asking for my phone contacts? If it seems fishy, you can bet that your data is being collected and monetized on the back end.
6. Review the privacy policies for your apps
   1. This will take some time but will be worth it. Understand who you are dealing with and how your data is being used. Sometimes free isn’t free.

What doesn’t work

Just a few thoughts on what sounds like it would work to keep you “safe” online but really doesn’t do much, if anything.

1. Using “fake” email accounts
   1. If you are not protecting your connection to the Internet with a VPN, your ISP can clearly see that you are logging into another email account.
2. Incognito mode
   1. We talked about this above. It’s stupid. Google still sees everything.
3. Clearing browser history/cache
   1. I will caveat this with one thing: if you believe that you are being monitored at home or share the same device and login, this will help a bit. I’ve added a link to my paper “Intersection of Sexual Assault and IoT Vulnerabilities” for context around this topic.
   2. In the general sense, clearing history and cache is an operation that is performed on your machine and does nothing to erase your footprint on the Internet.
4. Deleting the app
   1. Deleting the app just removes the software from the device. It does nothing to remove the data that has already been transmitted through your ISP and the Internet and stored on some server somewhere. If you want to be rid of an app, look to see how you can get your account deleted not just closed.
5. Using apps developed outside the United States
   1. Again, unless you are running a VPN, your data can be harvested within the United States with a warrant. The traffic leaving my computer hits many services in the United States which can be tapped for data.

References

• [1] https://www.nytimes.com/2022/05/05/us/louisiana-abortion-bill-homicide.html
• [2] https://www.nbcnews.com/politics/politics-news/louisiana-house-removes-murder-charge-women-abortion-bill-rcna28659
• [3] https://www.forbes.com/sites/thomasbrewster/2022/06/29/ziff-davis-pregnancy-trackers-may-give-data-to-cops-without-a-warrant/?sh=564888b1710c
• [4] https://www.eff.org/deeplinks/2022/06/should-you-really-delete-your-period-tracking-app
• [5] https://support.surfshark.com/hc/en-us/articles/360003089093-How-can-I-make-sure-if-my-connection-was-successful-#h_5f679b2a-a5dd-4925-a153-e94ed6b4cab2
• [6] https://www.eff.org/deeplinks/2022/05/how-disable-ad-id-tracking-ios-and-android-and-why-you-should-do-it-now