Privacy Basics Workshop - Slides Transcript
Privacy Basics
Mystic Tech Collective
Presented by Lace Ronald (they/them)
Who am I and why should you care about what I'm saying?
Experienced ex-software engineer who witnessed first hand the ways identity and advertising are used to exploit us.
BA in mathematics and computer science with technical insight into how the capitalist internet functions.
History enthusiast with an awareness of the ways fascism inhibits diversity.
Trans person and victim of the false promises of the DEI movement.
Disclaimers
I know a lot about how things work and I still have deeply imperfect digital hygiene.
I am trying to help people avoid getting so deep in the internet that it's as challenging as it has been for me to regain my sense of privacy from large corporations.
I used to work at Google and fully assume that my privacy could be compromised for life. DON'T BE LIKE ME.
What is digital privacy?
- A way of protecting personal information from becoming public.
- Maintaining anonymity and personal boundaries when interacting with strangers online.
- Avoiding attention from bad actors who may seek to use personal information about our identity or values against us.
What is personally identifiable information?
Basics such as legal name, address, SSN, phone number, and email(s).
Information about what advertisements we see and where we spend our money.
Information about our race, culture, sexuality, religion, health conditions, or hobbies.
Why does it matter if some of my personal information like my health condition is shared if I don't share my name?
In pieces this information may seem innocuous. For example, purchasing N95 masks from home depot when there's a good deal on an ad you saw on Facebook.
But the pieces can lead to a large corporate awareness of your personal health information then ensure you see endless ads for cancer clinical trials and hair wraps after you also join something like a "Cancer survivors" group on Facebook.
Facebook has been properly vilified for these types of privacy violations, but they are increasingly in our private communication systems like email and messenger as corporations remain desperate for predicting and optimizing the way we spend money.
Harm Reduction for Digital Privacy
Perfectionism is the enemy of done
It can be really easy to fall into rabbit holes trying to find the most ethical, perfect version of a tool.
Any way you can take control of your data makes you safer than you were yesterday
There is no way to be totally private on the internet - Opsec depends more on Operations
Regularly delete sensitive data where possible, and consider hopping between accounts to reduce traceability
In an age of tracing and tracking users, chaos is your friend. Make new accounts, reduce what you save, and get comfortable with deleting information and deactivating your accounts.
Why GenAI is Bad for Privacy
- Generative AI models use your conversations as data for future responses
- This data is stored in servers owned by the company ; unclear if encrypted or not
- OpenAI just announced working directly with the US Federal Government to enact mass surveillance using its AI systems
Switch from Chrome
- Besides the fact that Chrome is tied to Google, which wants all your data, it's also just super slow
- Chrome announced in October 2025 that it was ending its Privacy Sandbox projects
- Firefox is an open source browser, but it is now going to be implementing AI features
- You can turn off the AI features (Menu bar > Firefox > Settings (or Preferences) > AI Controls) for now
- Waterfox or Librewolf are both privacy focused reimplementations of Firefox that do not use AI (and are faster!)
- Tor uses an in-depth relay system for anonymity. It is slow, but great for anonymity for Journalists and Activists
- Important: while Tor provides greater security, there are methods for uncovering identities on the network.
Incognito is not great
- Incognito and Private modes on browsers don't really hide your activity
- The only thing they really do is prevent your history from being logged on your own device
- Good for signing into email at public computers (but try to avoid this if you can) because it won't save your details after the session
Fire/Waterfox settings
- Enable DNS over HTTPS (this encrypts your requests to other sites, more on that later)
- Menu > Options > Privacy & Security: Set tracking to either Strict or Standard
- Enable HTTPS Only mode for all windows
- Disable Telemetry
- Disable Autofill
- Disable AI features
- Disable "Improve Firefox Suggest Experience*
Search Engine Options
- MurenaFind
- https://4get.canine.tools/
- Startpage
Email Hygeine
- You should have three different email accounts:
- Personal
- Work / Job Searching
- Spam
- Unsubscribe from ads and spam emails on your personal and work emails - these emails have cookies attached that track your activity
- Email is NOT secure, even encrypted emails - Everything is stored as plain text
- Email should not be used for activism
- When in doubt, use Signal
Download Signal and what to use it for
- Signal is an end to end encrypted messaging platform with the best encryption mechanism to date
- Signal is donation funded
- Nothing is 100% secure - while activism conversations should happen on signal vs other methods, you still need to be safe
Advice for how to make signal more private
Never say anything you wouldn't want a judge to hear over Signal
Set messages to disappear automatically to improve your privacy on signal.
Change your username and ID often to improve privacy on signal.
VPNs and ISPs
- ISPs are your Internet Service Provider (Xfinity, Astound, etc)
- All of your internet requests go through them before your websites are collected.
- ISPs are required to keep your logs for at least 180 days, attached to the IP address that requested the sites
- VPNs act as a middleman - They send your request through their IP address before it goes to your ISP
- When you use a VPN, you are sending your internet request to the VPN before it goes to your ISP
- This means that if the VPN is logging your data, you have that as the point that holds it, so you have to trust the VPN
- If you use a VPN it should be open source and non-data-logging
- You can also encrypt your requests to websites using DNS over HTTPS which offers a little bit more privacy
Password Security
- The best passwords are pass phrases that you can remember and use a combination of numbers and letters
- It is recommended to use a password manager such as Bitwarden. These store strong passwords in their server, encrypted.
- Super users can self host them
Recommended tools for browsing
- Privacy Badger by the EFF
- UBlock Origin
- Password Managers -- Bitwarden, 1password
- VPN - OpenVPN or MullvadVPN
Punch List
- You are constantly being tracked on the internet. Especially if you log in to use a site.
- Stop using Generative AI models
- Switch from Chrome to Firefox or one of its variants
- Stop using Google as your search engine
- Keep 3 email accounts (ideally not on google) for different purposes
- Unsubscribe from unneeded spam and accounts
- If you use a VPN, it should be Open Source and Non Datalogging
- Add the recommended tools to your browser to reduce ads and tracking.
- Make strong passphrases and use a password manager
- Use Signal
Resources
- https://www.forbes.com/sites/zakdoffman/2025/10/21/phased-out-google-confirms-bad-news-for-all-3-billion-chrome-users/
- https://www.dw.com/en/dark-web-is-the-tor-browsing-network-still-secure/a-70342836
- https://soatok.blog/2026/01/04/everything-you-need-to-know-about-email-encryption-in-2026/
- https://openai.com/index/our-agreement-with-the-department-of-war/