Article Lead Image

Digital self-defense: The 5 Step Program for “free” online junkies

You're an addict, and you don't even know it. Plus, big online companies are pimping you out. Here's how to free yourself of the "free" addiction.


[email protected]

Internet Culture

Posted on Jan 9, 2013   Updated on Jun 2, 2021, 3:58 am CDT

Steffan Heuer and Pernille Tranberg are authors of the book “Fake It: A Guide to Digital Self-Defense.” They cover technology and privacy issues in San Francisco and Copenhagen. In this series, Digital Self-Defense, Heuer and Tranberg report with updates from the digital identity wars and teach us how to defend our privacy in the great data grab going on all around us. Follow them at @FakeIt_Book.

It’s a new year, so let’s make an Internet resolution for 2013. Let’s resolve to put more friction into our already too-frictionless sharing. Forget the contrived concerns about “human decency”, put aside the fact that Google somehow skirted a big antitrust investigation while spying on your offline buying habits and shoving Google+ down the throat of its many users.

Instead, start this year by facing the cold, hard facts of online privacy. You are being sold—pimped out—and nobody seems to care. We like to think of it as the junkie-fication of online services. The junkie-fixation happens two ways: first, we get addicted to more and more sharing, becoming hooked on services without noticing how they hurt us. And two, the providers get us hooked on “free” samples—while taking more and more in return. Like addicts when caught using, we all proclaim to get our house in order: I won’t do it again, trust me one more time.

Similar to a rehab program in reverse, the descent into addiction has five steps. We call it the Five Step Betrayal. Here’s how it works:

Step 1: A service decides to amend its Terms of Services, or TOS, to make (even more) money with user data, by selling location data, images, and making you the unwilling spokesperson of a brand.

Step 2: The service announces the change to users, usually in a blog post.

Step 3: Users freak out, reporters and bloggers jump on the news, and the outcry goes public.

Step 4: The service backpedals in order to calm people down and stanch the loss of users quitting the service.

Step 5: Time passes, and the organized data theft is implemented bit by bit anyway. No one notices.

Step 1 to 4 probably sounds familiar right now, as it just happened with the free photo-sharing service, Instagram. The incipient user outrage seemingly forced its new owner, Facebook, to take a step back. Step 5 will now commence the 19th of January, the day the amendments will become effective. The heist of your user data and metadata (all the juicy bits and bytes attached to your snapshots) will most likely be fully implemented by the end of 2013.

All of us using free web and mobile services have experienced this Five Step Betrayal before. Call it the scourge of our times. The fact that Instagram changed their TOS and privacy policy from a 2-screen-read to a 9-screen-read, giving Instagram all sorts of new economic avenues to make money off of its users in ways they never anticipated or approved, is nothing new. It’s actually standard operating procedure when you are dealing with a so-called “free” business models. It’s a simple idea with a lot of proponents: First you get a lot of users for your service, then you need to monetize them. Most of the time, in this scenario, consumers lose. 

You think we exaggerate? Take a look at this article from The Guardian about Facebook in 2007. Back then, users were in an uproar because Facebook had come up with a new advertising model called Beacon. The system would allow other websites to tell Facebook about some of your activities elsewhere on the Web, for example reveal whether you had bought a particular book, DVD or t-shirt. The targeted ads would then follow you around the web.

Do people go ballistic over that kind of targeting today? Far from it. Many probably would, if they only knew that this approach has become the backbone of Facebook’s advertising business. Three out of four of the 1,000 big websites have a Facebook plugin installed, according to a recent Wall Street Journal investigation. All these websites tell Facebook about your actions and surfing habits so the social network can barrage you with personalized ads.

In sum, things have certainly gotten much worse. Tracking now extends to mobile devices, data brokers go about their business largely undisturbed, and price discrimination based on tracking individual users is gaining traction.

It’s telling that Facebook in 2007 said it had overreached with Beacon and shelved it—only to claw back the lost ground step by step, tracking code by tracking code. Step 5 might take years, but in the end, the providers always put money first and their users last. And their money comes from your data.

They may proclaim otherwise, but they’re also hooked: hooked on your data, on pimping you to the highest bidder and the most advanced targeting mechanism. They need more and more of you every day.

Facebook and Instagram do business by asking for forgiveness rather than permission. Many American companies do the same, since there are few guidelines outlining what data can be exploited for what purpose (perhaps with the exception of all things pertaining to employment and credit).

As a European, it’s hard to accept and understand this unchecked data grab, as most companies in the EU have to ask users for permission before they capitalize on personal data—including placing cookies on a machine. Try it out by going to, say, the website of The Economist and look at the warning that pops up.

In order to gain the long-term trust and patronage of consumers, you have to respect their privacy and ask them for permission. We believe that the tension between operators and users will become a bigger issue this year.

Some statistics seem to indicate that Instagram pissed off many users for good. We both killed our Instagram accounts already. One right after Facebook announced it was acquiring the company, since it was clear back then where the journey would go. The other immediately after Step 4, despite the fact that we use pseudonyms instead of our real names. Instagram had not yet insisted on using your real name – what a waste of revenue. We bet they require it later, to bring their policies in line with Facebook’s.

We prefer to be part of the growing number of users who will not accept the raw deal companies are giving us: Grabbing our data first, presenting a lame and dishonest apology later, and sticking to their scheme anyway. Every user has a right to demand that their services and apps come clean with them and be honest from day one.

In the meantime, our Five Step Program for you to deal with the Five Step Betrayal:

Step 1: Use a fake name and other fake data when you sign up.

Step 2: Don’t connect one service to another, meaning steer clear of social sign-ins like Facebook’s and Twitter’s log-in buttons.

Step 3: Install blocking extensions in your browser to prevent social networks and ad networks from tracking your travels online, and use VPN and anonymizer services such as TOR. The price tags will quickly convince you.

Step 4: Take a close look at your apps and their data gathering practices and revoke access rights when in doubt.

Step 5: Close down an account and export your data when you have the slightest concerns you’re being played.

There’s one way to break the “free” addiction: Pay for services that respect your privacy and your identity. They are slowly growing, as demonstrates. New York-based VC Fed Wilson predicts that “leveraging privacy” will be “the central value proposition in the coming months.”

We sure hope so.

Photographs by Thomas KernAnders Debel Hansen

Illustration by Jeff Pastorek

Share this article
*First Published: Jan 9, 2013, 5:11 pm CST