2. “If the digital future is to be our home, then it is we who must make it so.”

Ms. Zuboff set out to define, document and name the problem we are facing. Her book, perhaps deliberately lacks directly applicable, practical suggestions on how to counter this reality that surveillance models dominate. The key problems outlined before stretch way beyond issues of privacy; monopolies and competition, fake news, machine learning and racial profiling, effects of behavioral modification on free will and democracies would be all fair game in discussing concerns and in pursuit of solutions. For the sake of focus and clarity, I’m discussing what individuals and businesses who care about privacy can do to stop feeding this system and start forcing change.

All that happened before and happening now is not inevitable. I’m calling for resistance in forms of boycott and better choices in what services we use and support with our disposable income and advertising money — both as individuals and as privacy-respecting businesses. Customers, even of free products, vote with their time, their taps and clicks, their behavior that can be translated into data. The trade-off for them, even if they don’t fully understand the ramifications, is between convenience and the level of privacy protection. The greater the need for the former, the more of the latter they are willing to sacrifice. The problem is, as Zuboff puts it, that they are “trapped in an involuntary merger of personal necessity and economic extraction”.

Regulation that cuts off some of the tentacles of the octopus gorging on our data might alter these trade-off decisions and ease the pressure. Ex-employees urging for change could trigger executives to ponder exercising moderation. The fundamental privacy violating flaws of the business models in question, however, won’t be solved overnight for a simple reason: the surveillance economy is too effective and way too profitable. The change should start with us.

How to resist collection of your behavioral data?

Solutions for consumers

Educating consumers and helping them make radical choices to influence the systems designed to harvest their data is one of the two important ways that can help us fight this crisis. We know that consumers stated privacy preferences are not reflected by the actions and choices they make, failing to act on recommendations they know would likely benefit them — this is commonly referred to as privacy paradox. I strongly believe this is something we can change together and that process starts with you and me. With the risk of being called a naive idealist, I believe we can lead by example in getting through the pains of giving up some of the convenience and ruthless pursuit of growth, ultimately affecting the course of history that is otherwise headed towards more surveillance, concentration of knowledge and power, and unethical exploitation of the human experience.

Privacy means having the agency to choose what you share, when you share it and who you share it with. The following recommendations can guide you, as an individual towards taking back that control and helping others do the same.

1. Don’t use services where you don’t understand what is going to happen with the data you share

Choose services that fulfill a need where there is an explicit pledge towards not monetizing your data. Take a look at privacy policies. Use more paid services. Do your research on business practices and revenue models. Contact the provider you are vetting and ask them to address your concerns. If you are not convinced, look for alternatives and make the switch, sharing your thoughts with those you are leaving behind.

If you do a careful evaluation of all apps and tools you are using right now a lot of them will fail these tests. This list starts with Facebook and Google: as Jaron Lanier suggests deleting your account is the best course of action. You will most likely discover many more offenders. Use DuckDuckGo instead of Google Search. Ditch Chrome and use Brave Browser. Switch to Disroot or Tutanota from Gmail. If you can’t find a privacy-respecting provider for your need or the options suck — consider building that service and you might have a new business in the future.

2. Start using additional tools that are designed to help you protect your privacy

To prevent your ISP, and subsequently, data buying companies from having logs on your internet activities, pick a VPN provider that cares about your privacy and pledges not to support surveillance economy companies (disclaimer: as stated before, I work for IVPN). Use an ad blocker that stops services from tracking your behavior through ad scripts. Install Little Snitch to monitor your network connections to catch fishy services. Install Privacy Badger by EFF that uncovers and blocks scripts on websites that track you; this Medium page has 2 active trackers that would have been blocked if you did - Google Analytics and Parse.ly (in their defense, Medium honors Do Not Track requests).

For helping with both point number 1. and 2. there are great resources that list privacy respecting alternatives. I recommend starting at SecurityChecklist and PrivacyTools.io.

3. Reward companies taking a stand and refusing to feed the surveillance economy with either data, ad money, or both

See who is giving your behavioral data to third parties by looking at the tracker list of Privacy Badger when visiting their site. You can also identify whether a company is advertising on Facebook by looking at the “Info and Ads” tab on their Page or if they appear in Google ad results by typing their domain into SpyFu and checking the PPC section. Look for businesses that accept anonymous payment options and don’t force everyone to share personal information with a third-party payment provider. If you don’t like what you learn about the conduct of the business in question, pick their competitors. Some progressive firms already identified the necessity of making the moral choice of responsible practices versus easy growth: Signal v. Noise, the company behind Basecamp announced their “Facebook Free” pledge last December and called for others to join them.

4. Donate to organizations who fight for your right to privacy

Non-profits like the Electronic Frontier Foundation and the CDT are doing important work with educating consumers on privacy issues and pushing for change by working on tech solutions and proposing new legislation. Supporting them with five or fifty or a thousand dollars per year — whichever amount is within your means — contributes to their budget to expand their teams of researchers, lawyers and advocates and conduct campaigns that call for better practices from data harvesting corporations.

I admit all this is harder than it should be, even if we take strength from success stories. I commit considerable time to solving problems related to privacy in my work and I haven’t managed to tick off everything on this list yet. I have a Facebook account with a fake name that I use to track events in my city and chat with friends who prefer Messenger to other services. I still use Waze (owned by Google) for navigation. I still have multiple Gmail accounts that I planned to migrate to a privacy respecting email provider, but somehow never found the time. My pledge here is that I’ll create a list of all these infractions of my own recommendations and work towards fixing them in the next 30 days.

Edit: You can learn about how I honored this pledge in my next post “I’m starting a support group for people ditching Facebook and Google”

The positive effects of following these suggestions won’t just contribute to the fight against the surveillance economy, but nudge sectors towards increased competition, potentially resulting in better services, more choices and lower prices for consumers. Putting in the time and effort is a worthwhile investment.

How to resist profiting off the capture of behavioral data?

Solutions for companies

As a business leader or an employee you are most likely participating in the surveillance economy in some way. The first step is to recognize and accept that. Digital marketing today starts with Facebook ads, Google PPC campaigns and display advertising with an inherent data collecting and profiling element. You are not just supporting these actors with ad dollars, but with no-questions-asked handover of customer behavioral data by placing their tracking scripts on your website. Just as consumers need to sacrifice convenience, to fight surveillance models you need to renounce the roguish growth opportunities they make possible and look for better alternatives.

No company claiming to care about the right to privacy can escape this dilemma. Apple seems to have realized this and started to position themselves in the champions of privacy role, using is as a differentiator and making aggressive moves against competitors to demonstrate their commitment. Taking this road comes with tricky choices: they still profit from Google search integration on their devices; contradictions like this, however, can be resolved by every company with a roadmap for deliberately moving away from supporting surveillance models.

From a strategic point of view this is risky and hard for most firms. This is even true for a company offering a privacy protecting service — here I’m looking at this problem from IVPN’s perspective — as most of our competitors won’t get on board with these guidelines, giving them a clear advantage in raising brand awareness and acquiring customers on false promises using surveillance data.

The choice to comply with the following directives are challenging, but they essential for any company that claim to care about the privacy of consumers.

1. Evaluate your business model and change it if necessary

If the key value driver in your business is related to acquisition, repackaging, analysis and/or sale of data acquired from customers who probably don’t understand how it was collected or did not consent to it, consider a new line of business. That’s a radical suggestion, but if you’ve read this piece up until this point and didn’t disagree with most of my thoughts it’s not a far fetched one. If some of your revenue is coming from selling customer behavioral predictions based on user profiling, explore new revenue opportunities to diversify with the intention to kill the surveillance-based one. You don’t have to do it right away, or in a radical fashion, it can be a slow, strategic process; even that is better than staying put.

You can explore subscriptions, membership upgrade tiers, one-off purchases, donations, tips, sponsorships, or limiting advertising you run to contextual ones. Try to do this without relying on third parties that are hungry for data to monetize. There are multiple companies I know of that are working on supporting this mission in privacy-conscious way, like Unlock Protocol, Houdini Project or Brave.

2. Don’t support surveillance-based business models with advertising dollars

If a company tries to sell you an opportunity to modify behavior with the help of data acquired about the consumer in a way they did not know, understand or consent to, say no. The obvious candidates for big wins are stopping your ads on Facebook and deleting your Google Ads account. As mentioned before, some companies are already making this jump; consider joining them. For your other partners not under intense scrutiny for surveillance practices looking at privacy policies and asking hard questions about data collection is the best approach.

Where can you shift your attention where there is no obvious data collection element? Sponsor quality content directly, like blogs, podcasts and newsletters, but not through intermediaries who try to add value by behavioral or individual-level targeting. Choose ad channels where contextuality is the key for audience segmentation, or where there is no segmentation at all. Information processing that enables targeting does not need to rely on data harvesting and can happen on the client side — Mozilla have tried this with Pocket recommendations and Brave is building their advertising model on this concept. Ad networks that don’t profile your users existed in the past, but they are mostly out of business now (like TheDeck network) or started including data collection for behavioral targeting and programmatic advertising (like podcast and newsletter ad networks); these changes were driven by the increased pressure for better performance due to the ruthless effectiveness of the surveillance economy.

Going wide from the currently preferred micro-targeting approach might feel like a step back for marketers. Building a solid, trusted brand, however, is not only possible, but more effective this way. It forces you to try harder and focus on getting your message through to entire communities with shared values in an honest, transparent way. Privacy-conscious consumers will reward you for this, and for not treating them as data sources you can nudge along through conversion funnels with sophisticated behavior modification tools.

3. Eliminate third party tracking and logging from your site and apps

By placing a Google script or a Facebook pixel on your website and in app you pass on behavioral information of your users to these companies. This data is almost always “anonymized”, but it’s evident that customer profiles are connected to this information with high confidence, resulting in better understanding of their habits. Your usage of Google Analytics goes against the core principles of “caring about the privacy of your visitors”.

This is also true for any other third party tool that you use that processes customer data in some way — the issue of no consent aside intentional malevolence, sloppy internal policies and data breaches all pose a threat to the privacy of your customers. For (almost) every tool you use, there is a self-hosted and open-source alternative. Switch to Matomo from Google Analytics to collect and analyze visitor data. Use RocketChat instead of Slack to protect sensitive information you share within your team. If there isn’t a good alternative for your need, consider building it and you might have a new business.

4. Donate to organizations who fight for your right to privacy

Similar to the same point on the consumer side. You have the resources and they need your help. Pick a non-profit or a couple working on uncovering, documenting and solving surveillance economy issues and support them.

5. Educate your customers about privacy

If you follow my recommendations and initiate changes in your business you should also start informing your consumers on your commitment to privacy protection and the steps you are taking for their benefit. Invest in content creation that explains these issues and challenges in depth and in the context of your industry and your service. Integrate these pieces into your communication, highlighting your commitment to fighting data surveillance. All this will increase respect and goodwill towards your business.

I went through this list and considered the implications for IVPN, changing some of our practices in the process: