Hacker News new | ask | show | jobs
Ask HN: How do you deal with software tracking your data?
1 points by tavro 132 days ago
today my colleagues were talking about software collecting usage data and it made me curious.

big companies often profit from this data and often there is no way to opt-out from stats reporting.

how do you reason about this? how do you handle this in your daily life? do you avoid certain software? or do you just accept it? are there apps that respect user data?

:o)
2 comments
JohnFen 132 days ago
I avoid software that I know to be problematic. Also, I firewall off all outgoing network traffic by default, and whitelist very sparingly.

For my smartphone, I run a bare minimum of apps and refuse to install new ones without an extremely good reason. I also pipe all smartphone data through a VPN I run at home, specifically so that I can run it through my firewall and make the block-by-default policy I mentioned above cover the phone as well.

link
tavro 132 days ago
cool!

> I avoid software that I know to be problematic. Also, I firewall off all outgoing network traffic by default, and whitelist very sparingly.

how do you stay informed about what software is problematic? what are examples of addresses you whitelist? if you feel comfortable sharing.

> For my smartphone, I run a bare minimum of apps and refuse to install new ones without an extremely good reason. I also pipe all smartphone data through a VPN I run at home, specifically so that I can run it through my firewall and make the block-by-default policy I mentioned above cover the phone as well.

what would be an example of "an extremely good reason"? what VPN solution do you have?

:o)

link
JohnFen 131 days ago
> how do you stay informed about what software is problematic?

It's a loose heuristic. Primarily, I base it on word-of-mouth, whether or not the publisher/dev is known to have used tracking/telemetry in their other products, whether it contains ads, whether it in some way requires an external server, that sort of thing.

> what would be an example of "an extremely good reason"?

The last time, it was to install an authenticator app that I needed in order to authenticate for my work accounts.

> what VPN solution do you have?

I use OpenVPN for this.

link
tavro 131 days ago
thanks! valid!
link
functionmouse 132 days ago
Don't do anything secret on the computer

Assume every system on Earth is breached

link
tavro 132 days ago
haha. :-)

> Don't do anything secret on the computer

i think that might be unavoidable.

> Assume every system on Earth is breached

you probably say this jokingly, but this is not a bad take. or rather, "assume every system on earth can/will be breached". that is a good motivation to improve the security for your system, if you have the resources to.

:o)

link
JohnFen 131 days ago
> "assume every system on earth can/will be breached"

This.

I've spent years working in network security and one of the core principles is "if a thing can be accessed legitimately, it can be accessed illegitimately". Perfect security is an unachievable ideal. What you can affect, though, is how much time and effort it will take to breach you. What you're practically shooting for is to make the cost higher than the value an attacker would get from breaching you.

link
tavro 131 days ago
i completely agree with you. i say the same thing back:

"This."

link
functionmouse 131 days ago
> you probably say this jokingly

NO!

> or rather, "assume every system on earth can/will be breached"

NOOOO! NO NO NO!! It's ALREADY BREACHED! You are using ADVERSARIAL CHANNELS! If we're talking about objectives and proofs for the purposes of operational security, the only way of going about this is to act as though every system you are using has chips in it the NSA put there. Please understand.

https://learn.microsoft.com/en-us/security/zero-trust/adopt/...

link
tavro 131 days ago
> NO!

oh, sorry for misunderstanding then.

> NOOOO! NO NO NO!! It's ALREADY BREACHED!

i see and hear your point. it just makes me sad to think about security in this way, even though i think it would be good for someone that operates in the cyber security sphere. i think a more healthy way of approaching this for the general person, is what the person above said: "[...] what you're practically shooting for is to make the cost higher than the value an attacker would get from breaching you.", or for you not to lose more money/resources/value/whatever by securing your system, than you would do by getting breached or attacked. but that is just my opinion, and i am not an expert, so!

:o)

link