Give me some privacy and security, please

In the early days of the internet, I remember my brother telling me that it was a fad and that it wouldn’t become anything. Unsurprisingly, he’s not good at predicting things. As internet usage grew, so did ecommerce. Ecommerce was a minefield, though. Very few sites used encrypted connections, and credit card processing was sketchy at best. It resulted in numerous hacks and stolen credit cards, and it took me several years before I could convince my mom that it was safe to order something off of Amazon.

Meanwhile, data collection was just getting started. Unfettered from privacy laws or corporate transparency, our personal data has become a commodity. Buying or signing up for something, online or off, means there’s a good chance our personal information is being shared. When we visit sites, cookies and cross-site trackers follow us wherever we go. Advertisers then use that data to sell us crap we didn’t even know we wanted, and social networks use it to display content it thinks will keep us the most engaged.

This week’s newsletter focuses on internet security and privacy and what you can do about it.

Google is tracking 80% of the web thanks to us

Google's Tracking Reach

Ghostery published an article on tracking the trackers in 2020. It revealed that “globally, Google retains a tracking reach on 80.3% of all websites.” Facebook was a close second, followed by Amazon.

Google gets the majority of its data from Google Analytics (GA). GA is the Trojan Horse that Google uses to learn everything they can about our sites and the people that visit them. That’s why I decided to stop using GA in 2019 and switch all of my sites to Fathom Analytics.

How to limit sites from tracking you

The only way you’re going to stop companies from tracking you is to get off the internet and go live in a cave. As lovely as that might sound to some of you, I remain a big fan of modern conveniences. I enjoy instant access to information, video-on-demand, and smashing keys on my computer to have food magically delivered to my doorstep.

Realistically, our best option with trackers is to utilize tools to limit them. The most common tool is a browser extension that blocks trackers and ads.

Apple added third-party content blocking integration to iOS and macOS to make the extensions works seamlessly with Safari. Chrome doesn’t have the same seamless integration, but it does support multiple content blocking extensions. Additionally, there are variants of Chrome, like Brave, that natively block trackers.

UBlock Origin, Adblock Plus, and Ghostery are popular content blocking extensions, but in my experience, they all interfere with the browsing experience too much. The content blocker I use is Better. There’s no configuration, and it blocks trackers without breaking site functionality.

Better content blocker
Better is a privacy tool for Safari on iPhone, iPad, and Mac

How to make the web safer

One of the best ways to make the web safer is to take passwords and site authentication more seriously. Nobody should be using the same password on multiple accounts. Using the same password makes every account that uses it vulnerable if one of those accounts is hacked. That’s why we should all be using a password manager like 1Password, and every account should have a unique and strong password.

However, unique passwords aren’t enough to keep our accounts safe. We also need to be using two-factor authentication (2FA). 2FA makes it significantly more difficult to access an account in the off chance a password becomes known. 2FA uses dynamic codes sent via SMS or email or generated by an authenticator app like Authy.

While using 2FA with SMS, email, or an authenticator can help make your accounts more secure, those methods are still susceptible to being intercepted or accessed. That’s why the best way to use 2FA is with a security key. I use Yubico Yubikeys for every device, including my iPhone. The keys generate 2FA codes and can only be generated by tapping on the physical key, which makes it virtually impossible to generate the code without having access to it.

YubiKey 5C Nano
Yubico YubiKey 5C Nano two-factor security key plugged into an Apple MacBook Pro

Protecting your home network from malicious sites

In addition to using a password manager and a 2FA security key, there’s a simple way to make your internet connection more secure. Cloudflare provides a free DNS service, 1.1.1.1 for Families, that can protect you from dangerous and malicious sites.

Cloudflare will automatically block access to malicious sites if you add the following DNS records to your home router.

Alternatively, if you add the following DNS records to your home router, Cloudflare will block malicious sites and adult content.

I use Cloudflare’s DNS servers on my AmpliFi Alien router at home, and I’ve never had any issues with it.

But wait, there’s more!

This past week, Cloudflare announced working with Apple and Fastly on something called Oblivious DNS over HTTPS, or ODoH. ODoH is designed to keep internet service providers (ISPs) from knowing, using, and selling data about the sites we visit. It adds another layer of privacy, and it’s currently being tested with the 1.1.1.1 service. So if you use the DNS servers previously listed, you’ll also benefit from ODoH.

Privacy and security in nature

I leave you with an example of privacy and safety in nature. The Buff-tip moth has evolved to protect and hide from predators by mimicking a stick. More specifically, the pale wood of a birch tree.

Buff-tip moth
Buff-tip moth, photo by Patrick Clement, Butterfly Conservation

Until next time, be safe and private.