Sarah Jamie Lewis

First a threat model - when you browse the web tracking can happen at a few steps - we are going to talk about your ISP selling your data.

When you make a request to go to a website, the request and all other traffic go through your ISP's network.

If the site you are visiting does not use HTTP this means your ISP can see the URL and the content of everything you send and read.

Even if the site you are using uses HTTPS your ISP can still work out which sites you are visiting (and perhaps even more).

You might have more than 1 ISP if you have a home internet connection, a mobile data plan etc. These profiles can be linked.

So what can you do? One option is to find and use a trusted VPN (likely paid) - this prevents your ISP from seeing any of that data.

However, you have to be careful you don't just move the problem upstream - either your VPN provider or their ISP may also sell your data.

Tor browser is one I'd love to recommend, but there are very real security risks with adopting tor browser.

Using Tor Browser on the highest security settings and enduring your are browsing only https sites is pretty secure - it's also a big ask.

The latency of browsing over Tor is also cost in exchange for the enhanced privacy.

It is not something I recommend you jump into, but something that is worth exploring.

It is worth mentioning at this point that it is not just browsing traffic that goes through your ISP - all your internet activity does.

For most people this means email, IM etc. And you should likely check that the solutions that you are encrypting connections.

For most people this will mean checking that when you download mail to your device you are doing it over TLS.

Right now I think the best thing you can do is block ads to reduce your marketing profile & pressure sites and services to use HTTPS.

Once content is out of the picture & there is less marketing data to tie profiles too then we can have serious talks about the next level.

Because - quite frankly - most of the valuable data about you is collected when you visit a site, not by your ISP.

Use HTTPS everywhere https://www.eff.org/https-everywhere … Use ublock Origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/ … (there is a chrome version too)

Yell and boycott sites that don't support HTTPS. Learn more about privacy tools like Signal.

Metadata is sadly everywhere, and unless you commit to using Tor someone is going to have a good idea of what you are doing online.

Even if you use Tor - my entire research to date has been focused on how easy it is to reveal yourself. The tech is currently against us.

Sadly there is no silver bullet. Existing/New Tech, User Education + Social Pressure are needed to force change.

So I'll be over here trying to work on some of that :) This is very much a marathon.

Since someone mentioned having an app or plugin to generate fake traffic - this is much harder than it sounds:https://twitter.com/SarahJamieLewis/status/798963217082892288 …