Effectiveness of your privacy efforts

Many things that I do in life provide tangible visible benefits. If I hang a shelf, I can put books on it. If I work out, I can see improvements in muscle mass. When it comes to privacy, it is harder for me to measure or observe the immediate benefits.

Question: Is there anything you do to measure the effectiveness or observe the benefits of your privacy efforts? Does anyone have examples of how your efforts have directly impacted you?

My personal response to this question

My threat model is mostly centered on corporate and mass surveillance. I do not want to be influenced by algorithms that know me better than I know myself. With that being said, I don’t use social media, I block most ads, and I believe I avoid most channels in which corporations can use my data against me. (I may be very ignorant here…) My focus is on preventing my data from being used against me in the future.

Although I don’t believe I’m seeing many tangible benefits from this today, I enthusiastically continue my privacy journey based on the following less tangible observations:

• I feel a sense of empowerment and control over my data, that makes me feel good. I like to do things that make me feel good.
• I enjoy thinking through challenges and implementing technology. Thinking through and implementing threat mitigation is a form of entertainment to me.
• I’ve built a threat model. I’ve itemized my efforts to minimize the threats. If I’ve done this honestly and thoughtfully, this process should have resulted in a real reduction in risk.
• Many things I do are very simple. For example, using a different browser does not make my life any more difficult. Even if it never yields tangible benefits, it doesn’t hurt me either. Better to be safe than sorry.

Additional Questions

• Are there privacy benchmark tools out there to evaluate the effectiveness of your privacy efforts?
• Is there any way to obtain one’s personal data from data aggregators and see how it has changed over the years?
• Should I disable ad blocking from time to time to observe how effective ad targeting is?
• Is there a privacy equivalent of a security penetration test that can be performed to measure one’s public data footprint?

TheNewOil has a video about everyday benefits that one can reflect on
If you live in the US, you can check “people search sites” to see if they have your info, then opt out of some of them.

Thanks for sharing that link, I missed that video and think it was well done. In general, a lot of tangible benefits are byproducts of the practices we do: Less ads, less spam, more organization around passwords and data, and a clearer head.

I’ve also considered:

a) We have countless public examples of offensive uses of personal data.
b) We personally have daily evidence, in our tools, of blocked data trackers and third-parties attempting to fingerprint and collect our data.

These two facts combined provides some level of visible evidence that we’re actively protecting ourself against threats that are fully capable of materializing.

Some can be measured, some can’t (or least not accurately). If I connect to a VPN or Tor, I can check my IP address. I have set-up Pi-hole recently, and was able to block all Spotify ads from the web version. It only works on Chrome, but I was able to test that it works and was ecstatic by the results. These are a couple of examples of privacy efforts that I have tested.

For some that can’t be tested, either I trust that it works or I don’t bother if I don’t see any privacy benefits. For example, contacting a company to remove my data. I can’t verify that my data has been removed. Some will even tell you that certain data will be retained for legal reasons. But I trust that it works because a) it’s better than doing nothing and b) most of my data was linked to my old e-mail address. Since I started mass deleting unused accounts and making numerous requests for my data to be deleted, I have received less e-mails and significantly less spam e-mails. So requesting for my data to be removed is worth the effort for me. And if I had an account, I would test the password reset option to verify that my data has been deleted.

Another example is MySudo. In the UK, KYC is required to have a phone number, even MySudo will ask for your ID. It is a fact that your phone carrier can trace your calls / texts because they’re communicating with their cell towers. But if I call / text with a VoIP number using a VPN, would it be harder to trace my calls? I would hope so, but I wouldn’t know how to test that. And I’m also more comfortable giving my VoIP number to services that requires a phone number, or a secondary number if my VoIP number isn’t accepted. So while the privacy benefit is negligible, I think it’s ideal to have at least 2-3 different numbers for different purposes, rather than use 1 number for everything.

There’s a personal security checklist, which is interesting to try at least once:

It depends on the individual and their circumstances, but it gives an overview and some points for consideration which I hadn’t thought of before.

I’ve experienced the benefits in a few ways, but in particular by not having things showing up in an online search with my name. Deleting old profiles and getting things with my name in them taken down was one of the best things I’ve ever done.

It’s about the journey, not the destination.

Also in the grand scheme almost all of this is meaningless. The second your using any technology something is being logged, and some data is being sent and stored somewhere (stored for eternity)

No amount of proxies, aliases, tunnels, vpns, dns blockers, or blah blah will change this.

Also if your threat model is corporate mass surveillance, they already have an entire profile and data set of your entire life and identity. You cannot and will never undo the data you’ve already given them.

To answer your question, there are no tools to tangibly see any progress that you’ve incorrectly believe you’ve made.

If you really believe that, why are you interested in privacy at all? Why are you here?

The ‘stored for eternity’ part isn’t true, as it costs money to maintain databases and servers, and old data really is lost and deleted.

Even if one can’t delete data, there’s a reason why corporations try to get you nearly all the time. Previous data is meaningless to them, they want your current information to make predictions about you. I believe meaning is also found in inspiring others and standing for one’s rights, as this attempts to ensure others around you and others in the future have better rights than we do.

PEOPLE DON’T APPRECIATE THE GOOD AND UNDERESTIMATE THE BAD.

I think it’s often easy to forget or be completely unaware of the benefits of something when we’re so used to it, or simply because nothing terrible has happened to us. The reason you haven’t been hospitalized from food poisoning is because the food industry is regulated. The reason your home hasn’t crumbled is because it was built up to code.

I GET IT, THOUGH

I understand where you are coming from, though. Not long ago, I visited a friend of mine who doesn’t give a damn about digital rights and privacy issues and knows that I am deeply invested in those issues.

A mysterious drone flew over her garden while she was there in her pajamas. She freaked out and got very upset. Immediately, she texted her neighbors in the group chat to ask if they had seen it too. Some confirmed that they did and were also upset. My friend was saying how this is an invasion of her privacy and that she could have been naked in her garden.

I called out my friend for not caring about digital privacy issues and being upset over a drone flying over her home, when what Google does with her data is even worse. She said it’s not the same thing. To the degree that she can physically sense her privacy being invaded, I totally get it. But to dismiss surveillance capitalism as no big deal because she can’t “sense” it makes no sense to me.

UNFORTUNATELY, SOME PEOPLE ONLY LEARN WHEN BAD THINGS HAPPEN

Some people only learn when terrible things happen to them. But terrible things are not going to happen to everyone. IMO, knowing that it can happen to you should be enough to motivate you, but the reality is, for some people, it isn’t. And if we’re really honest, most of us are probably guilty of this for issues unrelated to privacy, so we should have some empathy

I think there will come a time, if it’s not already the case, when most of us will have been discriminated against because of data collected and shared about us without our consent. I would hope that when that happens, most people learn. But there is also a chance that people won’t know or won’t believe that they were discriminated against because of corporate and government surveillance.

AND EVEN THEN, SOME PEOPLE NEVER LEARN:

What is worse is when terrible things happen and people still don’t learn. I know multiple people who lost access to their most important online accounts because they forgot their passwords, but they never too my advice by using a password manager.

This may sound very stupid to some people, but I am ecstatic with delight every time I listen to a podcast, and the ad is in a language I don’t understand. It means they don’t know my location because I use a VPN, and that, to some degree, my privacy is protected.

When I get spammed to an alias, I feel relief and confidence that I have some measure of control and that the spammers don’t have my actual email.

So far, none of my Proton addresses have been pwned, and that’s in part because I mostly use aliases.

Hate to be a nitpicker here, but it kinda bothers me when people say that because it’s not true, i.e., it’s not accurate. You’re saying this on a forum, which is social media. I understand that you probably meant that you’re not on most major platforms, but it’s important to be specific.

There are so many YouTube videos unironically titled “Why I Quit Social Media and You Should Too” which makes no sense. When you watch these videos, you find out that what they actually quit is Facebook, Reddit, Twitter, etc… They didn’t quit YouTube, which is arguably the biggest social media platform.

I’m not on most major platforms either, but I don’t say I’m not social media.

Me too! Again, it’s going to sound stupid, but using Privacy tools makes me feel like I’m in a James Bond movie. It makes fee cool! Even though it comes across as stupid to others.