Expanding on a comment in my previous article, I thought I’d talk about how I use web browsers and my general attitude to information security online. Short version - in my opinion it is nuts not to assume that websites and mobile apps are hostile and out to take you for everything you have.

Any tech and privacy savvy developer can tell you just how invasive and pervasive online monitoring, tracking and marketing is. There are routinely stories online about both the invasiveness of online tracking in our everyday life, and the routine breaches in security of these companies which promise to keep your data safe. Such stories appear so often in the daily Slashdot or Register feed that most people just don’t pay attention anymore.

There is only one way to have your personal data safe online - don’t have it online in the first place. I will routinely limit the amount of personal information I give out to the absolute minimum necessary to perform a given task. I routinely use burner emails when dealing with companies in day-to-day life, and it is really interesting the emails I started getting on those supposedly private email addresses. GDPR helped, but how long is that likely to last here?

I will not give out my mobile number to companies. End result, I don’t get marketing spam or cold calls on my mobile… (except from the phone provider, nothing’s perfect). My mobile is running a trimmed down version of Android, and only runs a few apps for which I can see the source code, and in some cases apps for which I have trimmed down the permissions required and rebuilt myself. Does a PDF reader or a text editor really need internet access or to read your contacts list? I don’t install third party apps for accessing bank accounts, transport and all the other connected services used by most people in daily life.

For web browsing there are other preventative options available. I use Firefox routinely as I have the (hopefully well founded) belief that they are less likely to pull marketing bull on their users than the more commercial offerings available. I always run in maximum privacy mode, and clear down cookies and cached data automatically after every session. I have ad and JavaScript blockers installed. All in an effort to stop being used as yet another marketing and profiling data point.

There are other benefits from my paranoia (as my friends call it). For the ad blocking - if you haven’t tried it, you’d be amazed at how much cleaner and faster your web browsing experience is when each page needs to load only a fraction of the full ad-enabled page. There are no distracting banner ads, no webbugs to random marketing and tracking IP addresses. The webpage contains just (or at least mostly) the information you went to the page to find in the first place.

For JavaScript, I believe I have the right to choose what a website can run on my machine. All those third-party scripts for marketing and tracking, I didn’t consent to. Yes it is a pain to whitelist scripts and sites, and in some cases sites require a bewildering list of JavaScript from third-party hosts just to run. Those I would consider dodgy as hell anyway and am inclined to just stop using that site than try to figure out which of the scripts are actually necessary for what I want to do. That’s not even counting the openly hostile malware and miner code that exists online.

One tip for eCommerce developers in dealing with ‘difficult’ consumers like me - have all the necessary eCommerce processing JavaScript self-check at the start of transaction processing. There are a few sites that will assume just because one script is available they all are, regardless of the script host. I’ve had a few transactions fail because the card processing scripts from yet another third-party host break down. If I can’t easily figure out which hosts to whitelist, I’ll just go to a competitor. Your loss.

Yes, I put quite a bit of effort into this, and may seem like a basket case to the more connected, app friendly people here. For a bit more privacy, less spam and a cleaner browsing experience, I can live with that.

Shared at https://www.linkedin.com/pulse/information-privacy-control-donal-stewart