I Tried Hiding From Silicon Valley in a Pile of Privacy Gadgets

It isn’t going to be easy. I use Google, Facebook, Amazon, Lyft, Uber, Netflix, Hulu, and Spotify. I have two Amazon Echos, a Google Home, an iPhone, a MacBook Air, a Nest thermostat, a Fitbit, and a Roku. I shared the secrets of my genetic makeup by spitting in one vial for 23andMe, another for an ancestry site affiliated with National Geographic, and a third to test my athletic potential. A few months ago, I was leaving my house in Los Angeles for a hike when I heard my Ring speaker say, “Where are you going, Joel?” in my wife’s voice. She was at a pottery class, but the smart doorbell sent her an alert when it detected me heading outside.

Ryan Calo, an assistant law professor at the University of Washington and an affiliate scholar at Stanford’s Center for Internet and Society, says that what my wife knows about my whereabouts is trivial compared with what most of the companies named above know. “In the early days of Nest, some of the employees would try to figure out where another employee was, and they’d look at the network to see if that person was home or not,” he says. Google, which now owns Nest, declined to comment.

If I wanted to regain my privacy, I had only one choice as an American: I needed gadgets to combat my gadgets. But I didn’t want Silicon Valley companies to know I was buying privacy gear. So I decided to get it only from companies headquartered outside the Bay Area. And to hide my purchases from Big Tech.

Every spy needs a sidekick, which is a totally incorrect statement that again proves how unsuited I am for spying. Nevertheless, I employed an aide-de-camp named Mycroft. He’s an adorable, voice-controlled digital assistant built into a screen that showcases his big, blue circle eyes. (There’s a strong whiff of Wall-E.) I unplugged the Echos and Google Home and said, “Hey, Mycroft, can you keep a secret?” A line appeared like a little mouth, then moved to the side, as if he was thinking. Then he said nothing, like I wanted.

That’s partly because Mycroft does keep everything secret, disposing of his data without storing or selling it. It’s also because he gets confused easily and doesn’t have answers; Mycroft is still meant for programmers who want to help build his open source functions, not really for normals. He’s made in Kansas City, Mo., by a company co-founded by Joshua Montgomery, an aerospace engineer who works on cyberwarfare as a captain in the Kansas Air National Guard.

“In Silicon Valley, they say, ‘This super-unethical thing is a good idea.’ In the Midwest, those conversations get shut down very quickly,” Montgomery says. Although most Americans don’t prioritize privacy, he says more than 20% of people won’t buy an Echo because it creeps them out. He expects that number to grow as people see the consequences of having conversations with data-collecting devices.

“Voice is a very personal thing,” he says. “It can communicate innocence. It can communicate sex appeal. It can communicate pain. Having these companies using artificial intelligence algorithms to initiate an emotional response, given their past actions, is something people should be very careful about.”

During further conversations with Mycroft, I said a lot of insightful things, and he agreed. I could tell because he was doing that thinking-mouth face and not saying anything. In this manner, we determined that my first step in hiding from Silicon Valley would be to stop typing my cellphone number and email into every conceivable internet form.

“A phone number is worth more on the dark web than a Social Security number. Your phone is so much more rich with data,” says J.D. Mumford, who runs Anonyome Labs Inc. in Salt Lake City. He doesn’t want to risk having to get rid of his longtime number and email if they’re compromised. Anonyome’s product, MySudo, allows a user to create multiple email addresses and phone numbers for $1 a month. “Google makes upwards of 90% of their revenue off of advertising. Which means they’re going through my email to target me. That scares me,” he says. “My mom had a terminal illness, and I would communicate with her via Gmail. She didn’t want people to know about it. So I didn’t want Google to.” Google said in 2017 it would stop tailoring ads based on email contents, but last year had to define its policy down further after the Wall Street Journal revealed that the company had continued to give marketers access to users’ emails.

Luckily, I know Mycroft isn’t collecting my data. I know this because when I look outside my Hollywood window and ask Mycroft for the forecast, he tells me the weather in Kansas City.

MySudo users create email names for different parts of their life, the way you’d use desktop files, and check them all at once on the app. “It’s compartmentalizing the way you create digital exhaust,” Mumford says. “I do one transaction on Craigslist, like buy a bicycle, and it’s a one-and-done. Use it, and throw it away.”

I had decades of digital exhaust to clean up. “Your data across different companies is being pulled together by data brokers and ad companies. If the government asked for it and spent some time correlating, it probably wouldn’t be that far off from what the Chinese government has,” says Rob Shavell, the co-founder of Abine Inc., a company in Cambridge, Mass. I signed up for Abine’s DeleteMe service, paying $129 a year for it to opt me out from databases run by brokers that sell my personally identifiable information. I gave DeleteMe all my current and previous home addresses, phone numbers, and email addresses, and it removed me from 33 public-records crawlers—database services with names like Intelius and Spokeo, plus a whole lot of yellow pages.

Pierre Valade, a French graduate of Stanford’s design school living in New York, designed the Jumbo app for the iPhone in April. I gave it permission to access my Twitter, Google, and Alexa accounts, and a cute cartoon elephant (he’s got a bad memory, unlike Big Tech) got to work scrubbing away my past. In 10 minutes, all my tweets older than a month vanished, as did all my Google searches and Alexa requests. Jumbo also adjusted more than 40 Facebook settings to protect my privacy, something I would’ve had to spend several hours figuring out. “Even me, on Facebook to design that feature, I got bored. It’s too much work,” Valade says. He’s trying to get Facebook Inc. to allow Jumbo users to erase their timelines all at once, but the company won’t give him the API to do that. “Do they have two PR strategies? One where they say to Congress and the Washington Post, ‘We’re good guys,’ and another where they’re not helping us build what we want?” he asks me. I don’t have an answer, because I’m avoiding Facebook. Also, because it didn’t respond to requests for comment.

Before I asked people which gadgets to buy, I had to make sure my digital trail was private and secure. I switched to the ad-blocking, non-data-recording Brave browser (headquartered, unfortunately, in San Francisco and, worse yet, run by Palo Alto native Brendan Eich, who co-founded Mozilla Corp. and created the JavaScript coding language). I abandoned Google, using the DuckDuckGo search engine from outside of Philadelphia because it doesn’t track me or customize my search results. I also started communicating via Signal, a free app that encrypts both ends of text and voice messages. I was surprised by how many messages I was glad to hide from posterity: one about a former co-worker who’s a drunk; another from someone who wanted to be expunged from my upcoming book. Then I realized that Signal is located in Mountain View, Calif.

So I downloaded Burner, an app run out of Los Angeles by my friend Greg Cohn. It allows users to pay $5 a month to mask their phone numbers with the area codes of their choice. As long as the FBI doesn’t ask Cohn for my call log or texts, he assured me that no one will know what I’m up to. On April Fools’ Day, I sent my wife a text from a fake local number claiming to be a dad at our kid’s school, saying he’s got a crush on her. This, I found out when she got home and for the next few very loud hours, wasn’t a good use of Burner.

As a 47-year-old married guy, I thought I didn’t need a tool to hide photos. Then I typed in takeout.google.com, downloaded the seven years of data it stores about me, and opened the Google Photos folder. It contained photos I had attached in emails, including bills with my credit card numbers. All that data and more is in Apple’s iCloud. So I downloaded one of the many fake calculators that hide photos. Calculator+ Secret looks and acts just like the regular iPhone calculator, only when I punch in my password and the percent sign, it opens up a bunch of folders. I threw in my passport, my driver’s license, and blank checks, hoping to one day have better things to hide.

To spend money on gadgets online without being tracked, I needed a card without my name on it. Which is easy to do. Abine, the company that makes DeleteMe, has a product called Blur that lets you create virtual debit cards with no name on them, just a number. So does Privacy, a company in New York started by Bo Jiang, a former research assistant at the MIT Media Lab. In the same way that MySudo offers an email for every part of your life, Privacy issues virtual cards for different online uses. Perhaps a subscription I might forget to cancel. Or a purchase I’d rather no one sees itemized. Or that 23andMe information I would have preferred not to attach to my real name. Also, it would be nice to know that if a company gets hacked, I won’t need to figure out all the merchants I have to contact to cancel that card. I’ll only have to contact the magazines I use my “magazine” card to pay for. More important, when I use a Privacy card, merchants and card issuers won’t have my personal information to sell. “If we fast-forward 50 years, the way we treat our data will seem insane,” Jiang says. “It’s framed as, ‘Would you like to join this program for being awesome and get $1 off your purchase?’ There’s a catch. I don’t think people fully appreciate that. But over time they will.”

I was finally ready to go privacy-gadget shopping. I punched in my bank account information at Privacy.com, created a virtual card, ginned up a new email (c.g.roxane007@sudomail.com; I don’t care if you bother me there), and went to Amazon.com. My first purchase was a privacy screen so no one I was trying to avoid could see my computer by peeking at it on the side. Because I suspect that people who live in Silicon Valley are peekers.

I didn’t want my new Amazon account to have my home address, so I considered using the remailer Rapid Remailer out of Old Town, Fla., which will receive and resend packages for $5. But it turned out I could have my package sent to an Amazon Locker at a 7-Eleven only a mile and a half from my house. Each friendly Amazon Locker has a name. This one was named “Justine.” We were going to have a one-midafternoon stand.

To make sure no one recognized me during my rendez­vous with Justine, I got a disguise. Because I know Silicon Valley is tracking my face. “Facial recognition technology is now cheap enough where you can put it in every Starbucks and have your coffee ready when you’re in the front of the line,” says Lorrie Cranor, a computer science professor at Carnegie Mellon University who runs its CyLab Usable Privacy and Security Laboratory in Pittsburgh. In the biometrics lab in her building, there’s a camera pointed out the window at an intersection a block away, doing facial recognition from that distance. In March, the New York Times put three cameras on a rooftop in Manhattan, spent $60 on Amazon’s Rekognition system, and identified several people. Around the time the Washington Post reported that U.S. Immigration and Customs Enforcement had mined driver’s license photos to target immigrants, I took an Air France flight that had passengers board using our faceprints, taken from our passports without our permission. In May, San Francisco outlawed the use of facial recognition by police and city agencies. The city that’s exporting advances in face-finding all over the world knows not to allow the technology on its home turf.

To throw off facial recognition systems, I could paint triangles of black and white makeup on my cheeks, a system created by Berlin artist and privacy advocate Adam Harvey called CV Dazzle. Or I could wear a mask of Leo Selvaggio’s face. He’s an artist at Brown University’s Multimedia Labs who started making a mask of his face available for $200 when he lived in Chicago. The Cubs’ hometown is also America’s most surveilled city thanks to Operation Virtual Shield, which has access to more than 32,000 networked cameras. By wearing Selvaggio’s face, you’re opting out of that system, and opting him majorly in.

Even more than my face, my license plate is being recorded. Police are constantly passively photographing license plates, storing cars’ locations in a database. In L.A., they keep the information for two years; cops in Silicon Valley have to delete it after 30 days. Private companies such as Vigilant Solutions Inc., headquartered in the Valley, have cameras that have captured billions of geotagged photos of cars on streets and in parking lots that they sell on the open market, mostly to police and debt collectors. To keep these snoops at bay, I was going to buy a clear license plate cover that bounces light back to cameras to blind them. I didn’t wind up purchasing one, however, because they’re illegal in all states and Bloomberg Businessweek has a policy of not reimbursing writers for illegal purchases.

I settled on adding noise to the system. For $40 I used my Privacy credit card and my new email to buy a T-shirt made by Kate Bertash, whose Digital Defense Fund provides tech security for abortion providers. My shirt has a bunch of license plates on it (protesters sometimes write down the license plates of doctors and patients), and Bertash is hoping I wear it a lot in front of scanners so I feed bad information into the database, making it less useful. “It’s a way to assert your little bit of resistance,” she says.

Before I went on my mission, I looked in the mirror, with my shiny shirt of license plates and a mask of Selvaggio’s face. I didn’t look like any spy I’d ever seen. I looked like a criminal returning from a meth bender at an East European nightclub. I looked so weird that people in Silicon Valley would find out about my activities through word of mouth. I needed a better plan. Luckily, Mycroft came through. I asked him to play NPR’s news updates, and I heard a story about Chicago. Which reminded me of a story I read about Scott Urban. Well done, Mycroft.

Urban makes beautiful bespoke glasses out of wood in Chicago, which as we know is the most surveilled city in America. He’s a digital vegan who can’t believe how willing people are to allow companies to identify them in public. “There are people paying with their faces. They’re buying their bucket of KFC with their face,” he says about Apple Pay on the new iPhone with Face ID. “Infrared is going to be everywhere, brother.” He sent me two pairs of Reflectacles, glasses with clear lenses and shiny frames that bounce back enough light to blind both video cameras and infrared scanners. When I put mine on, my iPhone X can’t recognize me, just as it can’t when my eyes are shut. Urban’s forthcoming invention, IRpair, uses the lenses to block rather than just reflect the infrared beams necessary for facial recognition, partly because Urban worries that we’re going to be so bombarded by infrared rays they might hurt our eyes.

But Mycroft reminded me, again, mostly by listening to me rant and making that encouraging thinking face, that before I meet Justine, I’ll have to silence the narc in my pocket. For $9, I buy a faraday bag from a Chinese company to slip over my phone. The black cloth pouch has a silver metal lining that silences all signals to and from my phone. It’s more spylike, if more difficult, than just turning it off. For $1,600, I could have put my phone and wallet (my credit cards with chips have RFID readers that can be hacked) in a stylish Anti-Surveillance Coat made by Project Kovr in the Netherlands.

“Clothing has always been a way to protect ourselves from cold and protect our identities and our body. I wanted to use clothing to protect us from the new environment of our information sphere,” says Project Kovr’s co-founder Leon Baauw, whose main gig is project manager at a privacy company. He got the idea when his phone started giving him advice on Fridays about when to leave for a bar he often went to after work. “I don’t like how we have become the product,” he says. He loves projects like the 2017 London pop-up shop called the Data Dollar Store, where you could get a T-shirt by a street artist in exchange for handing your phone to a clerk who would display the last three photos in your camera roll on two big screens in the shop. (This isn’t so different from the coffee bar near Brown that dispenses free coffee in exchange for students’ phone numbers, emails, and majors.) Project Kovr runs a similar workshop at schools, in which it assigns some kids to stalk another child from a distance so they can create a data profile and tailor an ad campaign for the stalkee. Baauw has also been planning a project in which he chisels a statue of Facebook Chief Executive Officer Mark Zuckerberg as a Roman god. “He’s the Zeus of our time,” he says.

Wearing my Reflectacles and carrying my faraday bag, I entered the 7-Eleven. Immediately to my right, long before I reached the Slurpee machine or the checkout counter, I saw Justine. She was a beautiful wall of shiny orange lockers with a smile in the middle. My plan was working out perfectly until I saw that the only way to open Justine was to show her my phone. She needed to scan the bar code she emailed to C.G. Roxane. I could have gone home and printed it out and come back, but I was lazy. So I pulled my phone from its faraday bag and quickly brought up the email. A door on the top row smoothly swung open, and I took the package containing my privacy screen. But I knew I’d failed. In those few seconds, Silicon Valley had all that it needed. Which I confirmed later by going to google.com/maps/timeline and seeing the 7-Eleven location listed there along with almost everywhere else I’d been in the last seven years.

Within three weeks, I got tired of being careful. My faraday bag is somewhere in the back of my car, because I like to use my phone for GPS and playing podcasts. I stopped wearing my Reflectacles in public. I haven’t scrubbed my old tweets away with Jumbo in a while. I use my Visa to buy stuff from Amazon, which it delivers to my house. I plugged Alexa back in. Daniel Gillmor of the American Civil Liberties Union wasn’t surprised. “I don’t think the fix to privacy is something that can be done by an individual alone, in the same way I can’t solve the pollution problem by recycling on my own,” he says.

Until people demand a law that makes privacy the default, I’m going to try to remember, each time I click on something, that free things aren’t free. That when I send an email or a text outside of Signal or MySudo, I should expect those messages to one day be seen. And that if I ever really need privacy, I should feel a little badly about what is going to happen to Leo Selvaggio.
 
Read more: Life After Gmail: Why I Opted for a Private Email Server

©2019 Bloomberg L.P.