👻 Online privacy: to what extent should you try to go dark?
Part I - do we really know what can be done with our data and how it can be stolen?
When I search for ways to improve my online privacy, I find two extremes: people who think it’s not worth it because Big Tech already have all our data, or complicated suggestions to flash my phone with a modded version of Android. As with many other things today, there seems to be no middle ground and easy way to start.
Maybe because of this, privacy became a selling argument and companies are betting on it. See Apple: a late 2021 move to block third-party cookies (used for targeted advertising) erased +10 billion dollars from Facebook’s market cap. VPN companies are also on a roll and companies like NordVPN are worth +1.6B today.

As someone working in Cybersecurity, the more I understand about how my information is being collected, the more I want to protect it. Yet, it's still hard to know which of my efforts is actually effective and which is a waste of time.
If you acknowledge this is something you should care about, do you understand why? can you explain to your mom, dad and partner why they should also care about this? do you understand the risks and how the data can be stolen?
Why would you want to protect your privacy?
In the same way you do not want thieves to know when you are not at home, giving them an opportunity to enter your apartment, you do not want to give scammers a chance to use your data. Here’s a few things other people can do your data:
Identity theft - i.e. asking for loans in your name or Credit Card fraud.
Extortion - With the right information (public or stolen), criminals can target victims in different ways (e.g. phishing). In this case, victims can be lured into giving information like bank account details willingly to criminals by masking the scam as something legit.
Profiling - Your online behavior can be used to serve you specific content or ads. This was particularly important in the 2016 Donald Trump campaign. A lot of websites also include Facebook and Google trackers on their code which allows these companies to understand your behavior even when you’re not using their products - this is done through third-party cookies.
Harm to your company or employer - Besides the personal problems stolen data can cause, it can also damage your own company or employer. With stolen data, criminals can target company personnel to give sensitive information or to trick them to make payments. Criminals can also try to gain access to company networks to spy on them and infect them with malware.
Filter bubble: A more philosophical question that comes from the result of behavior data is the fact that allowing websites to track you, tunes their suggestion algorithms and could trap you inside a filter bubble - you are served more of what you like and contrarian opinions appear less (Read: Eli Pariser).
How can my data get in the hands of these people?
There are three main vectors here: data breaches on websites you have an account on, behavioral data generated from your navigation and data stolen directly from you (inadvertently or not). Below some ways this can happen:
Phishing - you receive an email that appears to be legit that leads you to give away your information / login credentials.
Malware - you install software that came with a virus that would then exfiltrate information from your computer.
Account takeover - Criminals use stolen login credentials to break into accounts with payment details, such as e-commerce accounts. They could then extract your Credit Card number and use it for fraud.
Data breaches - mainly due to vulnerabilities in websites where you have an account. i.e. the Facebook breach of 2021 gave away thousands of phone numbers and emails.
Oversharing - sharing too much can give away important information about your location and likes. This information can again be used against you e.g. Phishing.
Online tracking - the problem with Google and Facebook. By navigating the web, these companies can track your interests and behaviors even outside their platforms using third-party cookies.
🤔 A "breach" is an incident where data has been unintentionally exposed to the public.
Some stats
If we analyze the amount of data breaches from 2005 to 2020, we see the upward trend. With websites like haveibeenpwned.com storing 11B accounts, the probability you’re one of those is high.

Note: the graph shows only US and breaches including sensitive records.
To what extent should you try to go dark?
As much as you can, searching for a balance between security and easy of use. How far you must go depends on how important is your data, and this you must calculate after analyzing the risks and impacts. Would you have a financial, reputation or physical safety problem if your data leaked?
In today’s world, making an effort to protect your data is absolutely necessary. People thinking “Big tech already have all my data so it doesn’t make a difference” are missing the big picture because tracking only represents a part of the risk. These people are typically less tech-savvy and fall into the trap of oversharing, which makes them a great target for phishing.
Starting by the low-hanging fruit (e.g. oversharing, password manager, etc.) is a good way to address the issue, but even there a lot of people don’t know what to do. Luckily now that we have laid down the why, let’s discuss the how next week, on Part II.
Useless
I was waiting for the big punchline!