Reading Time: 9 minutes

Since the election I’ve seen quite a few folks in my Facebook feed talk about their departure for Parler, a ‘free-speech-focused social media platform’. Various arguments have been cited ranging from security and privacy through use of algorithms and tracking.

I have plans to give a lengthy, very technical explanation for why no one should be getting on Parler right now (It doesn’t appear even remotely stable, safe, and secure).

While I work on that write-up, I want to provide some non-technical responses to common statements or concerns I’ve seen on social media about the topics of tracking, algorithms, and security. My responses are based on my twelve-ish years of experience working in every corner of the web from marketing through building the things that build the websites (content management systems).

1. “Everyone is tracking you”

TRUE!

If you log into it using your Google, Twitter, or Facebook profile they know what you do on that page and that entire site. Even if it’s not their site.

• If you log into an app from the iOS store / Android Play store with your social media account they know what you’re doing in the app.
• Is there a video, link, or piece of content? Yep! Still tracking you.
• Even if it’s just a share button from your favorite social media site, they’re probably still tracking you.

Everyone is tracking you

2. “I’m leaving <platform> because they can’t track me if I’m not using them”

FALSE!

Google is everywhere

Google Analytics is a free service used by millions of website owners and app developers. Those owners and developers (including myself) have willingly put Google Analytics code snippets on their websites so that they can gain insights about their users.¹

As a user of Google Analytics, I’m not able to see information for individual users. But I can see data points like web browser, operating system, and geographic region. I can see what screen size is used, and how long someone was on a page. I am not tracking a person, I am monitoring my site. It is possible with effort to make a reasonable guess as to who someone is, with the right data, however.

However, because Google Analytics is so ubiquitous , Google is able to track you— even if you didn’t log in to anything.

So is everyone else

Go back to #1. If it’s got a share button, like button, or any sort of embedded content from that site, they’re able to track you. Depending on how content gets put on that page, it’s possible that site only knows what’s going on inside of that “embedded content”. But even then, they know that someone is using their content.

Everyone is tracking you.

3. “Use <website/app>, they’re not tracking you!”

FALSY

See #2. Every company is at least monitoring how you use their app or website. It’s how they know how to make it better. It would be silly not to do this.

Monitoring becomes “tracking” when they start digitally following you around. One could argue, “semantics shemantics” on this, but look at it this way:

If you go to Target, they’re monitoring the credit card purchases and camera footage. They’re not tracking you unless they’re trading receipts and recordings with Walmart.

Whether it’s monitoring or tracking, your behaviors and activities are being observed.

4. “Go to <website>, it’s safe”

FALSE

The fundamental nature of how the internet works is such that every website and application you use is in a pre-hacked state.

It is very hard to explain this without being technical, but please trust me when I tell you that all software everywhere is poorly written and all software developers everywhere are bad at what they do.

The largest companies in the world (i.e., the ones doing the most tracking) are also the ones with the most resources to stall that inevitable hack.

The smaller a company is, the harder it is to identify and mitigate zero-day vulnerabilities, and keep in mind that even the big companies still outsource that.² A small, up-and-coming social media platform is more vulnerable to a data breach than Facebook or Google.

5. “Use <browser> because it protects you and your data”

TRUTHY

All browsers give you the option to block certain kinds of tracking.

Brave comes with a lot of adblocking, anti-tracking, and privacy protection turned on by default. Firefox and even Edge have followed suit and now give the ability to turn on adblocking, anti-tracking, and other privacy protections.

Much of the anti-tracking is around blocking Google Analytics scripts and not allowing third-party tracking. But none of this is full-proof.

6. “The problem with <site/app> is the advertising”

FALSE

If you’re not paying for it, you’re not the customer; you’re the product being sold

Andrew Lewis

The problem is when people are the product.

This is why CBS, ABC, and NBC have ads, but HBO, Showtime, and Cinemax don’t. The former is selling ads, the latter is selling shows.

For generations, TV and Radio sold those ads through an arduous process. They learned about their audiences by getting explicit permission to install boxes in people’s homes. Then they extrapolated from a small sampling who watches and listens to what. Then, they used those insights to figure out who watched what so they could figure out which advertisements belonged where. Finally, they used that to figure out how much to charge for a particular ad at a particular time.

With the internet, every website and web app is a Nielsen box waiting for an advertiser.³

7. “The problem is algorithms”

FALSE

It’s really easy to fault algorithms as some nefarious actor, especially after watching The Social Dilemma.⁴

An algorithm is a decision tree; a flow chart. There’s an algorithm living in your brain that tells you how to walk. There’s an algorithm for whose turn it is at a four-way stop that absolutely no one remembers but your spouse. I write algorithms that tell inputs what kinds of data they allow. Algorithms are every where and they’re not the problem in the least.

The problem is that audiences increasingly demand personalized experiences. They want custom content. They want it because they already have it.

Even if a site/app doesn’t provide personalized experiences right now, it eventually will. Unless it has a business model where not-your-data is the profit point, it’s going to will end up with personalization because that’s what’s going to keep users in the platform.

And the only way good personalization works is with tracking and monitoring.

8. “I use <search engine> because it doesn’t track me”

TRUTHY

It’s all about that profit point. Some search engines have found a way to be profitable without collecting a massive amount of data on you.

20~ years ago, Google was good because it searched like no other engine. Today it’s good because it knows so much about you that it can tell what you mean by, “Big chests near me,” because it knows if you were driving by a furniture store or an adult book store. The price for such good search results is that it needs to know a lot about you.

Today, DuckDuckGo manages to make money by selling the right ads for the right search terms. DuckDuckGo is still monitoring searches, though. It’s still logging browser, device, geographic location and other details because it needs to know what ads make sense for the right context. DuckDuckGo just doesn’t go the extra step of building a profile on every individual user based on their history.

9. “I just won’t log in anywhere”

FALSE

It’s not just about “logging into a website” where you’ve willingly told someone, “Hey, I’m here and this is my name,” and now they can follow you around the internet.

Tracking is a combination of data + analysis + doing something with it. Internet is optional.

Target figured out a teen girl was pregnant before her father did, and it did this without them ever knowing her name, or using online data, let alone her medical history. Target looked at purchasing habits in the store that they’d tied to a credit card. Dad found out when they started sending appropriate ads by mail. Because it happened in the real world, it isn’t even considered creepy.⁵

The creepy starts when you’re on a website and your device, browser, and location gets paired with behaviors like scrolling, keyboard usage, words used in website comments, and sentiment in recent tweets which then enables them to not only know, “Yeah, it’s still Bob,” but also tells them, “Bob is is a 58-year old supervisor with no higher education who’s suffering from depression because he’s repressing his sexuality.” ⁶

All The Protections cannot protect you from this.

10. “Incognito Mode will protect you”

FALSY

I mean, even the browsers tell you this, so it shouldn’t be news. Incognito mode means:

• Your browser won’t use data it remembered before your session
• Your browser won’t use data it remembered during your session
• Your browser won’t remember your browsing history after your session

Developers and testers like Incognito Mode for testing; it helps make sure that none of our personal data skews results.

The only reason regular users should use it is to keep someone else who uses that computer from knowing what you did in that browser.

Go back to #8; It’s entirely possible to figure out, “yep, it’s still Bob,” on the basis of how he lingered at that one underwear advertisement a little too long and then scrolled down to angrily rant about gay pride.

10. “There’s nothing I can do to protect myself, so I might as well not care”

FALSE

Do you lock your door at night?

The lock on your front door is for neighbors — not criminals. Be it picking the lock (unlikely), kicking it in (likely), or tricking you into letting them in (most likely), the criminals are getting in. But you make it hard for them, even for the unlikely scenarios, right?

So you should make it just as hard online, too. And you should still lock the damned door.

You can protect your information by making things harder

• Use an Adblocker, or a browser with adblocking enabled by default
• Turn on privacy protections in your browser
• Use more than one browser⁷
• Use more than one search engine
• Don’t send messages in any platform that doesn’t promise end-to-end encryption⁸ and even then don’t send messages you wouldn’t want the NSA to read.
• Don’t volunteer personal data to the platform; they don’t need to know that your favorite book in college was Waiting for Godot because all that means to them is an interest in gourmet chocolate and a subscription to Conde Nast.
• Share clean URLs. Chances are you can delete all of that stuff that comes after the ?. Those are called query parameters and one of their uses is tracking how URLs get shared from one place to another. Especially if you see utm_, that’s just info for tracking how a web page gets passed around.
• Say less more often. Every retweet, cross post, link, comment, like, and rant is another data point for the platform. You’re not winning an argument with a libtard or a trumplican, you’re telling a data miner which underwear, car, and news article you’re most interested in.

Invite technology into your life much like you would a stray cat: with the expectation it will hear you, judge you, take a crap where you least expect it, and only act interested in you when it wants something from you.

But don’t forget to lock the damned door

These are the very basic, sensible things you can do to keep your online information safe:

• Don’t use the same password for everything
• Use “passphrases” instead of passwords; a sentence is easier to remember than a word and harder for a machine to guess
• Don’t share your password online. Through any online medium. Ever. You may as well paint it on the outside of your house.
• If your web browser says the site isn’t safe in a great big giant window, believe it
• Don’t log in to any website that doesn’t have https in the URL. Ever.
• Absolutely any web site or app that emails your password should be avoided at all costs; this means they aren’t encrypting passwords (generating a new password for you is a little better, though)
• Unless you’ve got a little password reveal icon next to the input, and you clicked it, you shouldn’t be able to see your password. Ever.
• Don’t install an app without looking at what permissions it has first
• Don’t ever buy anything on public WiFi
• If you didn’t download it, for the love of God, don’t open it
• Update your operating system regularly, and always keep your browser up to date
• It’s no one’s fault but your own if anything bad happens to you while you were using Internet Explore. Don’t use IE.

Be safe, be smart, be vigilant.