vervainglobal logo

Tech Giants Taking It Too Far - Protecting Myself From Multi Billion Dollar Spyware

At the beginning of this year, I discovered how much some of my online identities were being exploited, and decided to take action to limit the amount of my sensitive data being collected by some of the largest tech companies on the globe. For ethical reasons, as well as protecting my mental health, I chose to step back from a lot of social media and other services. Here, I talk about my reasoning behind this, and the steps I’ve taken to feel more secure on the internet.
- 28th February 2021 -

Back at the very end of 2020, messaging app WhatsApp (owned by Facebook Inc.) announced changes to its terms & conditions that would allow it to share the data it collected with its parent company. Upon looking into this, and other information the conglomerate collects, I was very alarmed at just how extensive their surveillance was. Unbeknown to myself, the large tech giants had been collecting huge amounts of sensitive personal data from us for years.

A privacy shortcut in Facebook, which lists every website and app that's reported your activity to them

From the first days of 2021, I became almost entirely absent from nearly all social media. After reading several articles about why the WhatsApp T&C’s changes were a very bad thing, I decided to look further into the data that these companies collect on us and was shocked to discover that apps like Facebook could see our activities on other apps, with no way to truly stop this. Supposedly you can opt-out, but the apps continue to provide statistical data to Facebook regardless. That collected data is simply no longer shown on your account. For myself, this crossed an ethical line, and I immediately removed apps owned by the giant from my phone before completely wiping and resetting it.

🔎If you'd like to look at the apps and websites that have shared your online activities with Facebook on your own account, I've included a link for viewing it at the bottom of this page🔍

The news of such invasive behaviour came to me at the worst possible time. Due to a lack of work because of Covid19, and being isolated in a foreign country away from my family and many friends, my mental health was in a very deteriorated state. I already knew that endless scrolling through social media was in a small part to blame for this, but the discovery of just how much spying these apps were performing shocked me. I felt a literal sense of betrayal, and my mood only plunged further. Long time friends are familiar with my tighter than usual privacy practices on the internet, and I took pride in being the one everybody came to when they wanted to improve security and privacy on their social media profiles. I felt disappointment in myself when I realised that I'd let the massive rise in cross-site tracking and spying slip past my radar.

After a week or so, I began to slowly get over the fact that almost anything we do on the internet is carefully tracked and scrutinised by huge companies in the name of senseless profit. After performing a huge amount of research on the subject, I took the first steps in beginning to limit what data was available to them. By wiping and resetting my phone, I cleared all apps and tracking ID’s used by Facebook to watch my activity on other apps. The shocking reality is that such tracking will continue to a lesser extent, as many apps incorporate Facebook’s developer SDK that carefully reports your every action and feeds it back to both the app developer and Facebook itself. The only way to “opt out” of such tracking is to stop using a smartphone completely, or by thoroughly researching which apps use the SDK and avoiding them.

Of course, it isn’t just Facebook performing such shady and underhand practices. Many companies, including Amazon, Google, Apple and Microsoft have been collecting extensive data on you for years. At first, a little statistical tracking here and there didn’t seem such a bad thing, but as time has moved forwards, the amount of information collected has become intrusive and in many cases, goes over the lines of legality and ethics. Such data collection is done exclusively to better learn your interests and weaknesses in the name of providing you with more adverts and other consumeristic marketing. These companies go on to make huge profits from advertisements and direct sales, all while mercilessly avoiding tax in as many countries as they can.

What’s my plan going forward?

Like almost all of you reading this, my life is heavily intertwined with most of these companies. I use WhatsApp daily, order stuff from Amazon, Google search things constantly, etc. Simply cutting out all services offered by these companies would be like going back to the start of the 1990s. It just isn’t feasible in a world that socialises, communicates and organises through the internet. Most events seem to be organised and propagated via Facebook, WhatsApp is almost universal for communications, and few search engines can offer results as fine tuned and accurate as Google. By limiting where and how we use these services, we can cut down the amount of data collected, although certainly not eliminate it.

My first step was to remove Facebook and Instagram from my phone, and perform a full wipe. It was overdue anyway, as after three years of constant use, much of the internal storage had been filled with various files and junk left behind from previous apps. I chose to start completely from fresh, after backing up my videos and photos to my PC. This time I wouldn’t install any Facebook owned app (except WhatsApp, for now). While setting up, I carefully tweaked all of the Android privacy options to collect the minimum amount of data possible for the stock OS image. As much as I’d love to set up a de-Googled Android image, there are many apps I rely on too much at this time, so I’ve had to go for the middle ground.

Literally everyone I know uses WhatsApp for daily communications, but I hope to change that over time. I have started prompting friends to switch to Signal, an open source, highly secure app that performs no data collection beyond that needed to connect you to your other contacts. Quite a few have already switched, some even on their own accord after seeing the WhatsApp T&C’s scandal, but there’s still a way to go. My family seems uninterested in switching at this time, and my employer relies heavily on group chats to organise schedules. Despite this, I hope to wave goodbye to WhatsApp sometime in the next few months. Failing that, it could possibly be run in a containerized environment or a VM.

To protect my browsing from heavy surveillance, I installed a privacy extension to limit cross-site tracking, as well as an Ad blocker. I’ve already been using Firefox for many years, and although the browser still performs some telemetry, it’s certainly less invasive than most other browsers. In the future I’ll be looking to switch to one of the up-coming forks of Firefox that focuses on suppressing all telemetry and trackers.

Social Media isn’t quite dead to me yet

Alas, I haven’t yet found the courage to permanently delete my Facebook or Instagram. Doing so in a time where we are isolated and disconnected probably wouldn’t help in the long term with my mental health. As of now, I access Facebook exclusively via the TOR network about once a week to check for important messages. This completely isolates it from any of my regular web activity. Accessing the site in this fashion prevents it from tracking me across other websites, prevents its app (that I don’t have installed) from spying on much of my activity when I use other apps, and limits the data they collect on me exclusively to what I do when actually on Facebook. In honesty, a similar result could likely be achieved just by browsing Facebook only in private or incognito mode, but I’ve yet to fully research whether this will work satisfactorily.

As for using a smartphone, it’s something I’ve come to rely on heavily, and so cannot simply throw it away on a whim. Instead of storing files in the cloud, I’m relying on my own “cloud” solution for backups by running a physical server packed full of disks in a relative's home, all utilising heavy encryption and redundant copies. I use TOR to search for anything I consider remotely sensitive to avoid the big companies from gathering too many gritty details about me. Making these changes has made me feel a little more secure on the internet, although I understand there are many other issues to tackle, including the growing problem of facial recognition, ever worsening smartphone tracking and the increasing threat of ransomware and viruses getting onto my PC or servers.

In the coming future, I hope to eventually transition away from Windows towards Ubuntu or a similar OS. Tracking is much less of an issue on open source, free software. Perhaps in the next few years, the ongoing projects to create a decent Linux based smartphone will jump forward and offer a viable alternative to Android and Apple. Right now as of early 2021, they’re barely usable in any meaningful way.

For now, I can rest a little easier knowing that I’m already giving away much less data about myself than the average user. It seems most people are content with being a product for several large multi-billion dollar tax evaders. Open source, freely developed solutions are the future, and when society stops blindly accepting the continual abuse of our rights and begins to stand up to the spyware conglomerates, privacy respecting software can truly flourish.

The recent move away from social media has also inspired me to direct my writing into blogging instead. Rather than posting to a small, limited audience that exclusively requires the use of Facebook, I can instead post here, where anyone is able to read my work. That may seem more public in some aspects, but in owning, hosting and writing everything myself, I have a much more granular level of control over what gets released to the world. If nothing else, my audience will become a bit more varied, and my coding skills a little better.

Interested in seeing which apps and websites have reported your online activity to your Facebook account? View your Off Facebook Activity here. Warning! This link takes you directly to the Facebook website. If you're avoiding the site, do not click the link!