Protecting privacy in post-Roe world

July 25, 2022

In the wake of our loss of the constitutional right to abortion, there has been an overwhelming loss of trust in government protection of individual privacy. Our country is at a critical moment of defining to what extent privacy exists and how the government uses data to expand – or restrict – citizens’ rights.

Recently, ZenData launched a Chrome extension that allows users to opt out of third party cookies and trackers, and monitor sites and bodies that may be monitoring them. What’s more, we released a privacy score that captures how sites safeguard individuals’ privacy, and we immediately flag those that may violate or risk user privacy. 

You can checkout the extension here:

Test Scores - Zendata

Beyond this, here are a few important things to keep in mind to protect individual privacy.

The problems with government surveillance

In an environment of surveillance, there are usually two major concerns: access and anonymity. That is, can I access the website or platform I want to without restrictions, and while I access the internet, will my information and identity remain secure? 

In a state where web activity is being monitored by the government, it is important for users to maintain anonymity and prevent any personally identifiable information from being exposed. 

One workaround is to use a VPN to access a website which was banned in a particular country, or a website that only operates in a particular geography. While VPNs are popular and work well in many circumstances, this approach is problematic for a few reasons: 

  • Traffic through VPNs is only encrypted until it reaches the VPN server, and in some instances, VPN services can provide the government with backdoor access to user data – making it possible for government officials to identify individuals accessing banned sites.
  • When accessing a website through a VPN, the typical tracking and identification mechanisms used to identify users – from cookies to device fingerprinting – still work. So, identifying user information is still being captured and the issue of anonymity is not being addressed.

So, how can users maintain anonymity while accessing banned sites?

That’s where the Tor browser comes in.

 Any time a user inputs a search request, Tor splits the request and response traffic across multiple devices called relays.There are thousands of relays run by a volunteer network, and traffic is encrypted multiple times. With this approach, the relay servers only know the previous relay and next relay – making it virtually impossible to track a search back to an individual user. What’s more, even in the event the government blocks Tor relays, you can request an unlisted bridge (i.e. an unlisted relay) as an intermediary to get around the block.

 In addition to split requests, Tor does not allow cookies and it prevents device fingerprinting – a mechanism used to identify a user’s device uniquely – with very few exceptions. Tor users can also access the dark web to upload and share files anonymously through a tool like Securedrop (operated by Free of Press Foundation), which adds another layer of security only accessible through a Tor browser. For secure internet searches, Tor even lets you access browsers like DuckDuckGo on the dark web.

On top of this, users need to understand that secure apps like Signal and WhatsApp are encrypted, but they can still be traced. 

Even with encryption securing the content of messages, these apps are still tied to individual phone numbers. This means that the minute a user gets apprehended and has their phone confiscated, authorities can use their Signal or WhatsApp history to implicate anyone with whom they have been in contact based on the phone number used to access these services. In order to avoid this scenario, users should look for services like Threema and Discord that do not require a phone number to sign up.

That said, most privacy tricks and tools aren’t foolproof.

This is why it’s important for users to protect – or withhold – their personal data as much as possible, no matter what browser, app or platform they use to access the internet. Let’s say a website requires you to sign up in order to access its services. Rather than using your real name, phone number, etc., there are services like Faux ID that generate synthetic data in the format that is unique to your geography. On top of this, using email addresses that are unique to each website will prevent one website from using aggregate individual data to tie back to a person. 

Providers like ProtonMail allow users to generate multiple email addresses that get forwarded to one inbox. This lets users receive their regular email communication all in one place, but since each e-mail address is different, they can’t be used to identify users by connecting activity across multiple websites. As the stakes for privacy get higher, it’s important to know what resources offer the absolute best data & privacy protection.  Still, the absolute best way to protect personal information is by not sharing it.