Recently, I have tried to reduce my data exhaust. However, it took a lot of time to figure out methods and tools to do so without losing some key utility.
I have written previously about some simple steps to improve most people’s internet security.
Without repeating too much, they key takeaways from that piece are that most people1 should use secure and private messengers, choose their browser settings and extensions carefully, and use a password manager.
One major step for my own data exhaust reduction was replacing my old ways of getting content. This can be an issue for getting current news or even just finding a video to watch on YouTube. I knew about RSS feeds, which are a way to avoid data scraping and recommendation algorithms.
There are a plethora of choices for RSS readers, especially for someone who wants to synchronize their feeds across different devices and operating systems.
For those using an Apple ecosystem, I found NetNewsWire is the cleanest and the feeds can sync through iCloud. It can also be used in conjunction with other readers, for example NewBlur which is what I use. This way, you can check the feed through either the app or in a browser. There are plenty of other options though, but beware that it can be difficult to fall down the rabbit hole.
Another part of getting the setup is finding the actual RSS feeds themselves. For some websites, this is easier than others, but I’ve found with some effort a lot can be migrated to RSS.
For example, subreddits, YouTube channels, and many news sources have RSS feeds that can curate content without relying on the recommendations from those platforms.
Reddit has the system built in well and has a wiki page giving advice on how to get these links. You can also further customize these links to get just the top or hot posts from a certain time period (for example).
YouTube channel RSS feeds can be found by going to the desired channel, right-clicking and viewing the page source. From there, you can just Ctrl+F and search for “rss,” which gets you to a part of the HTML with an RSS link. For example, here is the rss feed for the 3Blue1Brown channel.
News sources will vary a bit across the websites. Some new sources readily support RSS feeds, like FiveThirtyEight. But, using the same page source searching, it is possible to find RSS feeds for other sources. I found that the Hyde Park Herald has an RSS feed, which I can use for local news in Chicago. Ultimately, I have had to use a combination of RSS feeds and other sources to get the amount and type of news that I want, but I encourage sources to keep their RSS feeds up to date
Aside from the above, there are plenty of other tips and tricks for RSS feeds. Some other useful RSS feeds I’ve found are links on blogs, converting newsletters to RSS, papers from arXiv, and even getting updates about GitHub repos.
When using online services, often times you need to sign up with an email. However, trusting many companies to store your primary email can leave you vulnerable to spam or to your email/password being leaked in a breach. If you use a password manager and multi-factor authentication, the later security vulnerability will likely be mitigated. However, even an email getting leaked will reveal your use of the breached service.
Signing up with email aliases is pretty easy when using a tool like SimpleLogin or addy.io. Keeping track of these aliases is also made easier with password manager, which can store your login email and password combinations.
One big way to reduce your exhaust is to delete and/or reduce your usage of accounts that belong to heavily centralized companies (e.g. Google, Meta, etc). This is definitely a big step for most people, and is probably more of an investment that many people will want to take. Often people have used their Google or Meta account to sign in to other services. On top of that, many people use Messenger or Email.
However, for those willing to invest the time, it’s useful to unlink your centralized accounts from other services. Using a password manager can make this pretty easy, in conjunction with aliased emails. This will limit the amount of data that central companies can collect about your activity when using 3rd party services.
In my security guide, I briefly compare some of the different ways to text or message people quickly and found a more detailed comparison later on. I already advocate for moving away from messengers that are not secure and private by default. Without making that type of move, it can be hard for some people to decrease the use of their Meta accounts.
Changing email providers can also be hard for many people. However, moving away from huge providers, like Gmail, is already probably a good step. I would further encourage using a paid provider which gives more security (e.g. Proton Mail2).
When browsing on the internet, there are many ways that websites track your activity. Of course, the easiest way for them to do so is if you have an accounts. In that case, activity on that website can be easily logged and tied to your account. Often, this is a good thing and a feature, like if you want good recommendations or to know what posts you’ve liked or interacted with.
But, there are problems when you don’t find those features particularly valuable for that service or don’t trust the service to keep your activity private. In this case, the first step is to browse the website without being logged in, which is a good first step. Unfortunately, even while logged out, most people browsing the internet have a unique browser fingerprint. With this type of identifiable traffic, services can still track your individual activity and sell/breach that information to others.
In order to try and defend against this type of fingerprinting, there are a lot of useful steps that can be taken from my beginner’s guide to internet security. But here, I’ll just focus on a few steps to combating fingerprinting, only some of which are mentioned there. Before and after using some of these, you can check how easily your browsing can be fingerprinted against using EFF’s tool and/or fingerprint.com.
The first and easiest step to fighting fingerprinting is managing your cookies (not the delicious kind). Disabling cross-site cookies and auto-deleting cookies will circumvent almost all the cookie-based tracking. This can be done with browser extensions like uBlock Origin and Cookie AutoDelete. Unfortunately, the latter will log you out of websites, so you may want to add exceptions for websites you trust and use frequently.
A virtual private network (VPN) is a tool that you can install on your computer to route all your internet traffic through a different computer. This is a useful way to hide your IP address from the websites you visit, which is a large part of many people’s online fingerprints.
For most people, it is enough to use a brand-name VPN rather than set up their own personal VPN, which requires a lot of technical know-how. However, be careful when choosing your VPN because the host of the VPN will observe the traffic passing through it, so make sure you trust the company you choose. I currently use Proton VPN because it works well across platforms, but ideally you would do your own research and choose one that works well and you trust.
The last thing I’ll mention here is to use a browser which protects against fingerprinting. Brave will randomize your fingerprint. Also, Firefox, for example has taken steps to block fingerprinting. I’m sure there are others, but I would encourage you to do a bit of research when choosing a browser to use.
For people who are particularly concerned, I think the browser with the most protection is the Tor browser. The team behind it work hard to combat tracking, and by default the browser is designed to have the same fingerprint as all the other Tor browsers. On top of this, the browser uses the Tor network, which will further anonymize traffic, like a VPN but without a central authority. But be aware that when using this browser/network, some websites will have usability issues.
Written: 2023-08
Last updated: 2023-08
For experts and people who may be targeted (e.g. journalists), these steps are likely not sufficient.↩︎
Proton also can come packaged with a secure calendar, cloud storage, VPN, and password manager. It also has an easy way to provide email aliases with SimpleLogin.↩︎