Incognito — January 2023: Level Up Your Privacy in 2023
December 27, 2022
Table of Contents
Welcome to the January 2023 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.
Here’s what we’re talking about this month:
How to level up your privacy in 2023.
Recommended reads, including “End-to-End Encryption Comes to (Some) Gmail Users.”
Q&A: Is Twitter still safe to use?
If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
Every January, we reflect on the year that was and share tips and tricks on how you can improve your privacy this year.
2022: (Yet Another) Bad Year for Privacy
Where do we even begin? Let’s start with the obvious:
Location tracking. The overturn of Roe vs. Wade highlighted how our location data could be used against us. And as evidenced by Google recently agreeing to pay millions to settle an investigation into how it uses location tracking, big tech might track us even when we explicitly tell it not to. On the other hand, law enforcement was found to be using a paid tool that shows them “patterns of life,” i.e., where people go and when to circumvent having to get a warrant. Oh, and Apple AirTags became stalkers’ favorite tracking device last year.
Data breaches. Last year, we had plenty of those. Here’s a list of the most significant ones. While not all data breaches impacted consumers, many did. Globally, a third of consumers were affected by a data breach, according to the 2022 Thales Consumer Digital Trust Index. Weirdly enough, more than 8 in 10 consumers continue to trust that digital services will protect their data.
Federal data privacy law. The American Data Privacy Protection Act (ADPPA), a privacy bill that got bipartisan support, was introduced to Congress last yet—but it didn’t go anywhere. Its biggest hurdle: it overrides state laws. Republicans think that existing state laws (in particular, the California Consumer Protection Act) are stronger, so they won’t support it. Speaking of laws, the Kids Online Safety Act (KOSA) was also approved in 2022 by the Senate Commerce Committee. Most privacy experts oppose it vehemently because it would “force platforms to spy on young people,” potentially harming minors.
7 Data Privacy Stories to Watch in 2023
A few more privacy-related happenings from 2022 and what to expect this coming year:
Google introduced a tool that lets you delete personal information that could be used to dox you. At some point this year, users will also be able to subscribe to get alerts when this data appears on Google.
Breaches like the Uber hack showed that multi-factor authentication (MFA) isn’t foolproof. Where possible, opt for hardware-backed FIDO2/U2F authenticators like YubiKey.
3 Easy Ways to Level Up Your Online Privacy In 2023
Privacy isn’t all-or-nothing. Regardless of where you are right now, you can take small steps to jump up a level in 2023. The following section will help you do just that.
Everywhere you go online, you are being tracked. To understand how the sites you visit spy on you, check out Blacklight, a real-time website privacy inspector by The Markup. Then, use Cover Your Tracks by the Electronic Frontier Foundation to see how protected you are against online tracking.
From Twitter to Revolut, there was no shortage of data breaches in 2022. Use the Have I Been Pwned online tool to see if your details were compromised last year.
Then, based on the steps you’ve taken to date to increase your account safety (no judgment), go up a level:
Beginner: Use strong, unique passwords for every account. Here’s a list of passwords you SHOULDN’T use.
Intermediate: Enable multi-factor authentication (MFA). It will add another authentication step to your accounts in case your passwords are leaked.
Advanced: Use email aliases when signing up for new accounts. Doing so can help you fight spam and determine who sold your data. Krebs on Security has a great article about the pros and cons of email aliases.
Although social media platforms are among the worst data privacy offenders, few people are ready to give up social networks for good. But even if you can’t live without *insert your favorite social media platform here*, there are still some steps you can take to increase your privacy—even if it’s just by a little bit.
Depending on your baseline, jump up a level:
Beginner: Make your accounts private. The fewer people can see your social profiles, the less likely you are to be scammed, doxxed, stalked, have your identity stolen, etc.
Advanced: Consider free and open-source software (FOSS) alternatives (like Fritter, Tinfoil, and of course, Mastodon.) Just make sure to do your research first (for example, here’s what the Electronic Frontier Foundation has to say about Mastodon). Remember: open source does not mean private and/or secure.
3 Other Things Everyone Should Do Immediately
Make sure automatic updates are enabled on all devices. Perform any outstanding updates right now.
Back up your data to a cloud service or local external storage (or both).
Do an audit of all the apps on your phone. Delete any you don’t need, including these five you probably use—but shouldn’t.
Our recent favorites to keep you up to date in today’s digital privacy landscape.
Tax Filing Websites Shared User Data with Meta
Popular tax filing services like H&R Block and TaxAct shared user financial information with Meta, an investigation by The Markup found. The data was sent via the Meta Pixel, a piece of code the services put on their websites, and included names, email addresses, income, and more. While the tax filing services have since changed their pixels’ settings to cease financial data collection, Meta is now facing a class action lawsuit over this practice.
Amazon Will Give You $2 a Month to See Your Phone’s Internet Traffic
Amazon is offering select users $2 a month to monitor the kinds of ads they see on their mobile devices as well as when and where they see them. The tech giant says this will help make ads more relevant. Invited users can also get $10 in Amazon credit if they share receipts of non-Amazon purchases. As expected, this offer has outraged privacy experts, who say that your data is worth much more than $2 a month.
End-to-End Encryption Comes to (Some) Gmail Users
Google added end-to-end encryption (E2EE) to Gmail (the web version), a feature that will make the body of the email and attachments (but not the header) indecipherable to Google servers. Currently, E2EE is only available in beta for some Google users, including Workspace Enterprise Plus, Education Standard, and Education Plus. Users can apply to try out this feature until January 20, 2023.
Brave Now Shows Users “Privacy-Preserving” Ads
Brave Software, the company behind Brave, a search engine that promises not to track users, is testing “privacy-preserving” ads. According to Brave Software, ads are labeled clearly as such to distinguish them from other results and are anonymous, i.e., ads are based on a user’s search query, device type, and country. Users can also pay $3 a month for “Search Premium,” which offers an ad-free experience.
You Asked, We Answered
Here are some of the questions our readers asked us last month.
Q: How long do mobile providers store our location data for? Is it for like a day or indefinitely? And what do they use this data for?
A: Really good question.
You might recall how, several years ago, wireless providers like AT&T got into trouble for selling sensitive user location data to third parties like data brokers without user consent. Amidst public outcry (and fine proposals from the FCC), they promised to stop doing so.
So, did they keep their promise?
Earlier this year, the Federal Communications Commission (FCC) asked the country’s top telecom providers to disclose the kind of location data they collect, how long they keep this data, and whom they share it with.
The long and the short of it is: there’s no standard for how long wireless providers keep user data. For example, AT&T retains cell-site-level data (which can give a user’s approximate location) for five years, while Verizon keeps this data for one year.
All providers also say they don’t sell customers’ location data to third parties. But they can still share this data with civil authorities or the police (i.e., comply with legal subpoenas, etc.). In many cases, they can do this without letting their customers know.
Q: Is Twitter still safe to use?
A: That depends on who you ask.
Elon Musk will probably tell you that his recent policy changes (like not being able to share other people’s real-time location data without their consent) make the social media site safer than ever.
Others, like TechCrunch, have recently warned that some users can’t get Twitter’s privacy features, such as toggling direct message privacy settings, to work on iOS. Many (including Twitter employees) also predict that Twitter will soon fail.
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.
You can contact Laura with questions and ideas at firstname.lastname@example.org