Did you know that unlike searching on DuckDuckGo, when you search on Google, they keep your search history forever? That means they know every search you’ve ever done on Google. That alone is pretty scary, but it’s just the shallow end of the very deep pool of data that they try to collect on people.

What most people don’t realize is that even if you don’t use any Google products directly, they’re still trying to track as much as they can about you. Google trackers have been found on 75% of the top million websites. This means they’re also trying to track most everywhere you go on the internet, trying to slurp up your browsing history!

Most people also don’t know that Google runs most of the ads you see across the internet and in apps – you know those ones that follow you around everywhere? Yup, that’s Google, too. They aren’t really a search company anymore – they’re a tracking company. They are tracking as much as they can for these annoying and intrusive ads, including recording every time you see them, where you saw them, if you clicked on them, etc.

But even that’s not all…

If You Use Google Products

If you do use Google products, they try to track even more. In addition to tracking everything you’ve ever searched for on Google (e.g. “weird rash”), Google also tracks every video you’ve ever watched on YouTube. Many people actually don’t know that Google owns YouTube; now you know.

And if you use Android (yeah, Google owns that too), then Google is also usually tracking:

• Every place you’ve been via Google Location Services.
• How often you use your apps, when you use them, where you use them, and whom you use them to interact with. (This is just excessive by any measure.)
• All of your text messages, which unlike on iOS, are not encrypted by default.
• Your photos (even in some cases the ones you’ve deleted).

If you use Gmail, they of course also have all your e-mail messages. If you use Google Calendar, they know all your schedule. There’s a pattern here: For all Google products (Hangouts, Music, Drive, etc.), you can expect the same level of tracking: that is, pretty much anything they can track, they will.

Oh, and if you use Google Home, they also store a live recording of every command you’ve (or anyone else) has ever said to your device! Yes, you heard that right (err… they heard it) – you can check out all the recordings on your Google activity page.

Essentially, if you allow them to, they’ll track pretty close to, well, everything you do on the Internet. In fact, even if you tell them to stop tracking you, Google has been known to not really listen, for example with location history.

You Become the Product

Why does Google want all of your information anyway? Simple: as stated, Google isn’t a search company anymore, they’re a tracking company. All of these data points allow Google to build a pretty robust profile about you. In some ways, by keeping such close tabs on everything you do, they, at least in some ways, may know you better than you know yourself.

And Google uses your personal profile to sell ads, not only on their search engine, but also on over three million other websites and apps. Every time you visit one of these sites or apps, Google is following you around with hyper-targeted ads.

It’s exploitative. By allowing Google to collect all this info, you are allowing hundreds of thousands of advertisers to bid on serving you ads based on your sensitive personal data. Everyone involved is profiting from your information, except you. You are the product.

It doesn’t have to be this way. It is entirely possible for a web-based business to be profitable without making you the product – since 2014, DuckDuckGo has been profitable without storing or sharing any personal information on people at all. You can read more about our business model here.

The Myth of “Nothing to Hide”

Some may argue that they have “nothing to hide,” so they are not concerned with the amount of information Google has collected and stored on them, but that argument is fundamentally flawed for many reasons.

Everyone has information they want to keep private: Do you close the door when you go to the bathroom? Privacy is about control over your personal information. You don’t want it in the hands of everyone, and certainly don’t want people profiting on it without your consent or participation.

In addition, privacy is essential to democratic institutions like voting and everyday situations such as getting medical care and performing financial transactions. Without it, there can be significant harms.

On an individual level, lack of privacy leads to putting you into a filter bubble, getting manipulated by ads, discrimination, fraud, and identity theft. On a societal level, it can lead to deepened polarization and societal manipulation like we’ve unfortunately been seeing multiply in recent years.

You Can Live Google Free

Basically, Google tries to track too much. It’s creepy and simply just more information than one company should have on anyone.

Thankfully, there are many good ways to reduce your Google footprint, even close to zero! If you are ready to live without Google, we have recommendations for services to replace their suite of products, as well as instructions for clearing your Google search history. It might feel like you are trapped in the Google-verse, but it is possible to break free.

For starters, just switching the search engine for all your searches goes a long way. After all, you share your most intimate questions with your search engine; at the very least, shouldn’t those be kept private? If you switch to the DuckDuckGo app and extension you will not only make your searches anonymous, but also block Google’s most widespread and invasive trackers as you navigate the web.

If you’re unfamiliar with DuckDuckGo, we are an Internet privacy company that empowers you to seamlessly take control of your personal information online, without any tradeoffs. We operate a search engine alternative to Google at http://duckduckgo.com, and offer a mobile app and desktop browser extension to protect you from Google, Facebook and other trackers, no matter where you go on the Internet.

We’re also trying to educate users through our blog, social media, and a privacy “crash course” newsletter.

Photo by stockcatalog , www.thoughtcatalog.com

The post What does Google know about me? appeared first on P2P Foundation.

 —  hey squiddo, I can’t remember if we talked about Scuttlebutt yet. are you familiar? just a good one to have on your radar, v cool people with excellent tech and zero hype and bullshit

 — Hmm interesting, is Scuttlebutt running in production for something yet? It’s like a service to run other things on, no?

 —   secure scuttlebutt (ssb) it’s a very low level protocol. works like gossip: messages spread between peers. uses the internet if it is available, but doesn’t need it: local wifi, bluetooth (coming soon), or USB sticks are enough.

identities have logs. log = a sequence of messages. they’re cryptographically authenticated so you can guarantee who said what. identities can follow each other. you replicate the logs of your peers. no central server, no off switch, no delete. so if you want to find me, you need to find one of my peers first. creates peer-to-peer archipelagos of friends and data connected by their relationships.

data can be of any type. apps decide what types of messages they pay attention to. e.g. Patchwork is a social media app, with a few hundred daily active users. other apps: a chess game, distributed github clone, soundcloud clone, blogging client, events, calendar, loomio clone, etc etc etc.

it is exciting because there is a steadily growing community, like great new developers showing up every week or two. and it is the only decentralised tech project I know of that is populated by really gentle, caring, community-building, good politics, critically aware but having fun kinda people

 —Aha very cool, I’ll dig into it more and start following what’s going on. Sounds like a very interesting concept!

 —  its dooope. still bleeding edge in many places, so let me know if you get stuck on the way in

but it is getting to the point now where it is more than just my ultra nerd friends in there having a nice time. e.g. here’s a web view of a newsletter summarising activity in the scuttleverse this past week.

 — So if you were to think about applications to what we’re doing with our festival community, what would they be?

 —  think of all the apps you currently use, but imagine they work offline-first

I think it could be a cool on-site mesh network for the festival, to start with, and then people will be delighted to find they can still stay in touch later, because it uses the internet if it is available

 — How does it work, with regard to timing, when it cannot be ensured that messages are received in order?

 —  that’s right, you can’t guarantee order, there’s a lot of little weirdnesses like that which pop up in a purely subjective universe. messages always reference messages before them, so you can infer order

but yeah sometimes in discussions you will see “oh sorry I didn’t have your message when I wrote my comment”. but actually so far that seems mostly to be a feature, a constant reminder that you are just one subjective agent, there is no official arbiter of truth, everyone has a different experience of the world.

you’d be surprised at how much uptime there is when you have a few peers in a web of tight relationships, there’s nearly always someone online. so you don’t notice it much

you also will see missing messages, like, ‘someone wrote a comment here but they are outside of your network so you can’t see it’

which again, sounds like a bug, but I experience it as a feature. it’s very subtle but you keep getting these reminders that there is no single source of truth.

 — Hmm right, so you need to have done explicit individual authentication with each every other party?

 —  some of the peers are special, they’re called “pubs”. practically the only special thing about them is they are guaranteed to have much higher uptime than your average peer and they can hand out “invites”. If you redeem an invite, that means you follow them, and they automatically follow you back. they work a bit like servers, but not much

so if you connect to a pub that I’m connected to, you’ll be able to find me

then you’ll see a list of people that I’ve followed, and you can choose if you believe the name and avatar is who you think it is

there’s not an emphasis on real world identity verification, but it could be done. most people use real names but a decent fraction also enjoy pseudonyms

 —Ah right, and if a pub sees your activity, and I’m connected to the pub, I see your activity?

 —  yep, but there are people who follow no pubs, and they have a fine experience too, so long as there are a few friends of friends

 — Gotcha. Yeah, there are definite interesting advantages of this, for sure

 —  you can also extend your range, they call it “hops”. by default hops is set to 2, so when you follow me, you replicate my feed, plus all my friend’s feeds. in Patchwork you can see the “extended network” which will show you everything public from your the friends of your friends.

My tech knowledge is pretty patchy so I might be misrepresenting the details. I’m not the official source of truth. (there isn’t one.)

when you get deep into it, the main advantage i see is that it is agent centric (people, relationships), rather than location centric (documents, websites). so I have built up a web of relationships and content on my identity. When I move from Patchwork (social media) to Ticktack (blogging) to GitSSB (github clone), all my relationships and data come with me.

solves one of the common headaches of running online communities: you define the group once, and bring that definition with you to any app you want to use. seriously reduces onboarding friction

which means you actually have competition for social media interfaces, there’s no walled garden that owns your social graph

so the geeker types don’t use Patchwork, they use Patchbay, which has the same people and content, but a different interface that sacrifices some UX niceities but gets you closer to the code

 — Right, but that also means that you become a carrier for a lot of messages that someone else with the right key could decrypt, ensuring more redundancy and coverage of data

 —  so long as you keep your secret key, you can lose your computer and rebuild all your past data based on the copies your friends are keeping for you

as one of the ‘butts said, your friends are now the data centre.

 — Ah. Yeah. Got it. That’s a huge advantage.

 —  Can I have your permission to publish this conversation?

 — Absolutely! If it’s useful to have my identity attached to the conversation, you have my permission for that too

 —  thanks. i think i will recast you as a sweet emoji friend

 — Yeees! Haha

The post This Machine Eats Monotheistic Meta Memes appeared first on P2P Foundation.

Denis Jaromil Rojo of dyne.org

Following the sudden and bizarre announcement that popular encryption software Truecrypt ‘may contain unfixed security issues’ and the equally bizarre recommendation by the Truecrypt developers to use Microsoft’s Bitlocker program (source of much derision from security professionals who assume it must be backdoored by the NSA), there has been a great deal of speculation as to firstly, why this has happened, and secondly what to use as a replacement if Truecrypt is indeed compromised. The most common theory to explain the announcement seems to be that the TC devs were put in the same impossible situation as Lavabit had been – pressured to install a backdoor to the software, the leaders decided to close down the project rather than give in to the US government’s demands, and in the case of TC, the recommendation of software presumed to be insecure is a coded message of some sort.

However it could be that an ongoing audit of the TC code had found multiple vulnerabilities and faced with the exhausting prospect of fixing them, the developers decided to throw in the towel instead. However this does not explain the recommendation of Bitlocker.

As to the second question, it appears there is not too much out there in the way of trusted open source software which could replace Truecrypt – proprietary non-open software must be presumed to be insecure as the code cannot be audited. One option might be Tomb, written by Jaromil of the excellent dyne.org.

“Tomb aims to be an 100% free and open source system for easy encryption and backup of personal files, written in code that is easy to review and links commonly shared components.”

Tomb does not appear to be super-complicated to set up, however it is definitely less user-friendly than Truecrypt, and unlike TC it does not work on Windows machines, the advice from the website being:

“…we strongly encourage people in need of strong encryption to not use Winslows, or at least to not generate encrypted partitions with it, since it can contain backdoors in the random number generation…”

Meanwhile we await more details to fill in the background on the Truecrypt announcement…

The post Alternative to Truecrypt appeared first on P2P Foundation.