CC: BY-NC-SA ThomasHawk @ Flickr

Since the revelations of Edward Snowden in June 2013, there has been greater awareness on the topic of online privacy. The free–fall of traditional American safeguards and democratic norms one year into the Trump presidency make the situation more urgent. Adaption rates and how citizens protect their privacy is important. There have been excellent polls, especially by the Pew Research Center, charting the impact news of widespread suspicionless mass surveillance has had on the general US population.

We know less of how privacy–embracing segments have adjusted. Charting these Privacy Seekers is a challenge. Their defining characteristics work against measuring them. Yet these Seekers are an important group to track. They provide the best case for how far, and in which ways, individuals may counter online privacy threats. They inform us which approaches are easily or more widely adapted. Community and activist groups can focus their efforts better when they know how a best–case segment behaves. If tutoring privacy neophytes into becoming privacy competent is a path forward, understanding Seekers’ practices gives us insights on where our movement needs to go.

I believe this is the first time a survey has been done on privacy-seeking individuals. But it’s more than examining them in isolation. The original data required some tidying. Comparative baselines had to be established. With these tasks complete, I will now use this dataset against other general demographic & psychographic surveys to highlight their differences here.

Methodology:

An anonymous, thirteen–question online survey was conducted over two days on Nov. 2–3, 2017. 328 people responded. The survey questions were written by @ThatPrivacyGuy, the creator of one of the best sites objectively evaluating Virtual Private Networks (VPNs), ThatOnePrivacySite. Invitations to participate were posted on ThatOnePrivacySite.net (sometimes abbreviated to TOPS.net here) and two Reddit forums focusing on privacy rights, r/Privacy (Dedicated to the intersection of technology, privacy and freedom in the digital world) & r/PrivacyToolsIO (PrivacyTools.IO provides knowledge and tools to protect your privacy against global mass surveillance). Respondents were self–selecting, not random. It had a two–day window. For an initial launch, the TOPS.net survey forms a good foundation.

Combined, the three sites enjoy 418,000 monthly active users. Rough estimates of response splits are: r/Privacy (50%), r/PrivacyToolsIO (30%) & TOPS.net (20%). These three sources aren’t representative of mass audiences, but they do represent the normally hard–to–measure Privacy Seekers demographic. Reddit trends American, so most comparison survey responses are drawn from three recent Pew Research Center surveys of Americans and eight other quality sources (see Appendix I–II: Sources & Definitions).

Some Rights Reserved:

This Privacy Seekers paper, including its charts & infographics, are covered under the Creative Commons NonCommercial-Attribution-ShareAlike 4.0 International License: CC: BY-NC-SA: @Jefe001.

You’re encouraged to use the information here and the datasets in the Appendix III–IV: Datasets to do interesting things. Share them with everyone. Give credit. Let’s do great work. Contact me for commercial use to benefit a mutually agreeable digital activist organization. And, contact me for related but separate projects for yourself or your firm. Most of all, Enjoy!

Responses to the Winter 2017 ThatOnePrivacySite Survey

Age Breakdown

“What is your age?”

Contrary to articles claiming younger Americans lack privacy concerns, their over–representation here — more than half of Privacy Seekers are under thirty–five — suggests they care. A lot. The change compared to the norm — the delta, or “Δ” — is more than twice what we expect for the youngest two brackets versus the US population (Wikipedia). The rate drops precipitously in the over–35 demo, and even more after that.

For those hoping politicians might advocate privacy–friendly legislation without outside pressure, most Federal officeholders are 50–70 old. 6% of polled Seekers fit this category. We are not that demo. Digital rights aren’t intuitive for policymakers. They need to be taught, cajoled and pressured. This chart shows why organized political activism is as vital as technological fixes.

Note: readers shouldn’t put much weight on the “>65/None” category. The original questionnaire used non-traditional age ranges, including a “100+” choice. Six people chose this. While if true, this would be amazing, it’s most likely respondents are informing us they prefer not to answer that question. Unlikely responses were assigned the >65 category.

Values Privacy

“On a scale of 1–5, how much would you say you value your privacy?”

At first glance, it seems Privacy Seekers value the highest “5” privacy rating less than the general public (Pew) but they value the penultimate “4” rating nearly twice as much. And Seekers are 25% less likely to choose the medium rating.

I suggest what is happening with the “5” score is Seekers are cognizant of the trade-offs of cranking their privacy shields to “11”, as it were. They’re aware of how large a field OpSec is. And within these spectra, they don’t see themselves at the level of an Edward Snowden, Matthew Green or a Bruce Schneier. On that spectrum, they’re “only” a “4”.

Note: the author thinks they’re too hard on themselves. They should embrace their being “5”s. After all, like that Jurassic Park hero, they totally do Linux! They need to stop comparing themselves to a Micah Lee, except for inspiration. ;)

Tech Savvy

“On a scale of 1–5, how tech savvy would you say you are?”

Over three–quarters of Seekers rate themselves as more tech savvy than the average Internet bear. Considering their Linux adaption rates, uses of alt–OSs for both mobile & desktop and other behavior shown in upcoming responses, this representation is accurate.

Seekers’ modesty on their self-rating — selecting the second highest of possible ratings — echoes and reinforces my interpretation of respondents’ Values Privacy self-rating. Many Seekers select “4” since they have a true understanding of what a “5” really means.

Note: I tried finding an equivalent survey response for the US population for comparison purposes. But the term is so amorphous and relative, I couldn’t find a credible source.

Have Bought A Crypto–Currency

“Do you use any Crypto Currencies?”

35% of Privacy Seekers have bought a crypto–currency in the past or currently own some.

Finding comparisons for Americans who own/have owned a crypto–currency is laughably unreliable (as is their street value, a breakdown of the myriad currencies or their share of the market that’s any use after thirty–six hours). The nearest I could find (via a Reddit discussion or a crypto–currency blog) was between 0.2 and 14%. This, as statisticians say, is a large spread.

Nonetheless, clearly the privacy–embracing demographic is quite fond of crypto–currencies. These assets are popular for speculative reasons, evading traditional centralized control and for greater perceived anonymity. Survey respondents are likely attracted for these reasons.

Note: crypto–currency aficionados, most currencies are not as anonymous as you might think. Do your research!

Uses A Virtual Private Network (VPN)

“Do you use a VPN?”

Nearly thirty percent of Privacy Seekers use a VPN. 28% may not seem high until it’s compared to the American average of 3% (Pew). Slightly over a third of US Internet users are not even aware they exist. So a nine–fold difference between groups is noteworthy.

There is room for improvement for a vast swath of privacy–aware people. The FCC reversal of Net Neutrality rules (Congressional & legal actions are still pending) was a sea change. Safeguards protecting customers from abusive ISP practices were stripped after intense provider lobbyist pressure. It’s counter–intuitive that major cablers and ISPs spent so much resources if their plans were not nefarious. VPNs went from being a luxury to a requirement for most of you. The ISP oligopolies are now part of everyone’s threat model. VPNs are now table stakes for anyone — any home — expecting their online activities to be safe, unmodified and private.

ThatOnePrivacySite should be everyone’s first step to pick their ideal VPN.

Note: think an nine–fold increase is remarkable? Fasten your seat belts, it’s going to be a bumpy night!

Uses PGP (Pretty Good Privacy)

“Do you use PGP?”

PGP (Pretty Good Privacy) lets you send email that no one can read besides the recipient. The most popular version is GPG (don’t ask). It has a reputation for being so user–hostile that XKCD could only make one comic strip about it.

Oh… Wait.

Two strips.

OK. It’s actually not that bad (and if you were a cypherphreak, the strips would have you laughing so hard). Safe to say it does not enjoy wide adaption among the American online public, nor is is prominent in their minds.

Privacy Seekers are nearly twenty–eight times more likely to use PGP than the general US population. Do you recall my pointing out Seekers were too modest by self–rating their Tech Savviness at “4”? This is why. Remember my saying, Fasten your seat belts? Keep them fastened. A 2,675% Δ is just a flesh wound versus upcoming comparisons.

Uses Password Manager

“Do you use a password database?”

The three most productive things people can do to secure themselves online — a precondition for having privacy — are to use better pass–phrases, use Two Factor Authentication (2FA) and to encrypt their digital activities. Password managers solve this first problem.

Seekers heed this advice, to a spectacular degree. Almost 80% of them use a password manager compared to the US norm of 3%. That is, they are twenty–six times more likely to use a password database.

Uses Privacy–Related Browser Extensions/Add–Ons

“Do you take extra steps to secure your browser?”

Privacy Add–Ons and Extensions are the browser plug–ins that block content, manage and block cookies, route users to more secure HTTPS versions of sites or block analytic and tracking methods used — sometimes maliciously — by many sites. Examples include the EFF’s (Electronic Frontier Foundation) Privacy Badger and HTTPS Everywhere, other developer projects like Albine Blur, Ghostery, NoScript Security Suite, uBlock Origin and uMatrix.

The responses indicate that 8% of Privacy Seekers “take extra steps to protect their browser” versus 5% of American privacy avoiders who “have added privacy-enhancing browser plug-ins like DoNotTrackMe (now known as Blur) or Privacy Badger.” (Pew). The Pew query’s No Response rate is unusually high. The TOPS survey shows a delta of ~60% (that is, privacy–conscious individuals are 59% more likely to use browser privacy extensions).

I don’t trust the data. I reject this finding.

Considering the ubiquity and variety of privacy add–ons and how easy they are to install, our privacy–friendly cohort should be many multiples more likely to use these extensions. Especially considering the relatively low US adaption rate. This question needs to be rewritten, with some examples, in a follow–up survey.

Note: polling is harder than it looks, people! And, trust your gut!

Types of Email Used

“Do you use a free or paid email provider?”

In some ways — self–hosting their own Email servers, recognizing the distinction between secure web–based and ad–supported Email — Privacy Seekers are more sophisticated and use more varied choices versus the US population. In other ways — most rely on the worst option for privacy & security: “free” ad–supported, web–based Email — their poor practices betray what they should know better to avoid. This incidence occurs almost 80% more than baseline (Litmus Labs).

Note: some interpretation was required to fit the TOPS.net survey question to better conform to the privacy topic and make it better map to national baselines (e.g., I assigned “Free” to ad–supported web–based Email and “Paid” to primarily SMTP–based Email).

Desktop OSs

“Which desktop/laptop OS do you primarily use?”

Over 40% of Seekers primarily use Linux desktop OSs. 60% use Linux–based OSs including MacOS. Privacy Seekers are one–quarter less likely to use Microsoft Windows OS and 30% less likely to use MacOS (Stack Overflow).

The initial reaction might be disappointment that this segment uses Windows almost as much as they use Linux. And this 39% is one–third less likely to choose the significantly more secure, non–ad–supported, no–surveillance–baked–in MacOS. But nearly twice of them chose Linux over Windows. It’d be better if more Windows users migrated to MacOS if they don’t switch to Linux.

Note: many methods for estimating desk/laptop OS share exist. Most are global, some have tenuous assumptions or are proprietary. To better fit primarily American Reddit & TOPS.net responses, I chose the Stack Overflow English-Speaking Developer Profile. But Stack Overflow is more technical, coastal and affluent.

And, there might be a confounding error regarding Linux adaptation rates and privacy–valuing groups. Or, Linux users could be more apt to follow better privacy practices instead of Seekers choosing Linux–based OSs for privacy reasons. Correlation ≠ Causation.

Mobile OSs

“Which mobile OS do you primarily use?”

The consensus for using mobile devices on r/Privacy and r/PrivacyToolsIO is, the standard Android operating system is the worst alternative. PT.IO suggests using hardened variants like Lineage or Sailfish. Less technically inclined, time–starved users may opt for iOS due to Apple’s commitment to privacy and the legal and technical resources they commit to this fight.

The survey shows that a majority of Seekers avoid the more secure Android forks, possibly due to its greater commitment involved. Only 3% (8 respondents) say they use them. They also under–use iOS, an objectively superior (in privacy, security and other attributes) option than the default, an ISP–supplied Android configuration (comScore).

Here, they are talking the privacy talk, but not walking the privacy walk.

68% of Privacy Seekers would be better off switching to iPhone and saying, Goodbye, Android.

Internet Browsers

“Which web browser do you primarily use?”

If Privacy Seekers stumble over their choices for mobile platforms, they’ve dusted themselves off and swung one out of the park for the last two categories.

Fixing the problem of a wild animal gnawing on your kids isn’t to slap Post–It Notes over a hungry leopard’s spots to convince yourself it’s an overgrown kitty. It’s to leave Leopardsville. As with desktop & mobile OSs, any browser made by an advertising company, funded using an advertising model or has been discontinued is a bad choice for privacy–embracing people. This rules out Chrome, Internet Explorer and Edge. Fortunately, superior alternatives exist.

This is reflected in the deltas when comparing the two groups’ browser choices (Net Marketshare). Firefox enjoys an almost five–fold advantage than Chrome. IE/Edge are literally used by none of the respondents. More than twice the Privacy Seekers use Safari compared to general populations while they are 76% less likely to use Chrome.

Internet Search Engines

“Which search engine do you primarily use?”

The global adaptation rate for the most popular privacy–friendly search engine, Duck Duck Go, is only 0.2% (Net Marketshare). 44% of Privacy Seekers use Duck Duck Go for search, followed by StartPage (27%) and Searx (5%).

Seekers are 70% less likely to Google. Its ubiquity accounts for its TOPS.net survey presence. It is the only traditional search engine worth charting. Even so, Google adaptation is 22% versus the 75% it has globally. Bing is 0.6%, while Yahoo! is 0%.

Which is to say, privacy–oriented individuals use search in radically different ways than the norm. This segment is more than twenty thousand times likelier to use privacy–observing search engines than the general global population!

TL; DR:

Update your OS and applications promptly. Use a password manager. Use Two Factor Authentication (2FA). And a VPN. And browser privacy extensions.

Ditch vanilla Android OS, especially the version your mobile service provider installed “for you”. Eschew Windows, especially Windows 10.

Privacy Seekers’ Report Card

Uses better web browser: almost 5x

Uses a VPN: 9x

Uses password manager: 2,500x (although the 20% who do not, should)

Uses PGP: 2,800x

Uses safer, non–tracking search engines: >20,000x

Uses privacy browser extensions: [Incomplete — will retest next semester]

Uses Free/Web email: Needs improvement

Uses Windows: Needs improvement

Uses standard Android OS: D –

Homework

Communicating (Email): GPG, Tutanota or ProtonMail.

Communicating (Off–The–Record IM/Chat): Signal, Tor Messenger (here’s a great introduction) or Wire.

One–Time file swapping: OnionShare.

Visit ThatOnePrivacySite to learn how to choose the best VPN for you.

Explore PrivacyTools.IO for recommendations on how to improve your digital privacy.

Appendix I–II: Sources, credits & thank–you’s

Appendix III–IV: Datasets