Please don't accept anything I say as authoritative
This is the third or fourth version of this post. The previous versions were all a bit too much of a how to guide and long, weird introspection on digital privacy. I've cut all of that because it is, again, something I am not an authority on. If you're interested, I highly recommend doing your own research and reading.
A lot of my personal action has been spurred (after years of being dissatisfied with the direction of the tech industry but doing nothing) by Mark Hurst's Creative Good. Understanding the real core of the business models and how we're all just grist for the mill of surveillance capitalism made me decide to distance myself as much as possible.
This sounds scary, where do I get my tinfoil hat?
I find the large tinfoil rolls designed for Christmas turkeys are best for hats. These should be available in most supermarkets from November.
Sadly, the only real way to win the digital footprint game is not to play (though I have mostly opted out of social media). I'm ignoring this as a default option because I have a life and like to engage with things in the world. So I have my own red lines, which will not be the same as anyone else's.
I just don't use a lot of stuff. This is very much in line with my position as an increasingly vehement Luddite. A couple of examples:
- I replaced my first and only Apple Watch with a fully mechanical watch that doesn't even need batteries.
- My organisational system is still post-it notes that I stick on a notebook / on the screen of my laptop. This also justifies a lot of fancy pens.
My priorities are very much being in control, while not sacrificing too much of my life to be able to do this.
How do I do this?
This is relatively simple, brace yourself for the big reveal...
I pay for things. This might sound strange, but we live in a capitalist society. This means the main way to exercise any power is by spending capital...
“If you are not paying for it, you’re not the customer; you’re the product being sold.” blue_beetle, August 2010.
So I pay money for things where I want the supplier to prioritise my needs over the needs of their advertisers / multi-sided business model. Another genuine plug for mataroa where I host this blog.
I avoid Meta and Google as much as possible, but WhatsApp isn't going anywhere in the UK so I have that. Tales of people losing access to decades of documents / email because Google did something is nightmare fuel.
I also self-host a number of apps where there isn't a service I'm happy with. I'm reasonably tech savvy (I do have a Computer Science degree and have spent a reasonable amount of time doing technical things).
Where do I start?
1. Buy a domain Name
This is relatively easy. Buy a couple if you want. I like to buy domain names because I think they're funny / clever / interesting / ideal for a side project I'll never have the time for.
Sometimes I do things with them, sometimes I let them expire after a year. You're reading this on the most obvious URL I have, i.e. my name. I also have some other random, short domains that I use because they're easy to type and have zero connection with me. This costs ~£10 a year per domain, but gives me full control of everything associated with the domain.
2. Get an email account you control
I use Fastmail for my email. You could self-host, or there are a range of privacy focused mail services. Fastmail works for me because it allows me to manage multiple domains (including some more complex DNS), arbitrary addresses, comes with file storage, and is reasonably priced. It does store things in the cloud so there's potentially some risk there, but it works for me.
3. Take care of security
This means good usernames (unique), strong (random, long) passwords, and multi-factor authentication.
Good news, with your new domain you now have infinite email addresses. So your mataroa account email can can be mataroa (at) yourdomain.com
, which means if something goes wrong and your account is hacked, you only compromise one email address and one unique password. As a side-benefit, you also know where any spam is coming from. I use a range of domains for logging into things since some services already have a lot of my personal information.
Boring stuff now - use a password manager and multi-factor authentication (no-SMS). I use Bitwarden (I pay, but am tempted to self-host) and Authy but there are lots of options. Generate recovery codes, print them out, and store them somewhere safe.
As an aside, when I moved my life off of Google and Meta, I had to recreate a number of accounts (looking at you Spotify) because they had been created with a Facebook login and weren't able to be disentangled.
4. Self-hosting
This will be another post, but you can host your own stuff on a computer you own. Revolutionary.
Then what?
Then you are (hopefully) insulated from the worst bits of surveillance capitalism. If it all goes wrong, you can recover, provided you can retain control of your domain name.
Moving the photo to the end of the post to make the point it's completely separate from the content of the post.
The Photo: "Soho Morning", in the style of Daido Moriyama . Fuji X100T, 23mm, f/5.6, 1/50s, ISO 400. Edited in Lightroom Classic.