Nico Sell, the cofounder of a secure communication app called Wickr, has appeared on television twice. Both times, she wore sunglasses to prevent viewers from getting a full picture of what she looks like.
Sell, also an organizer of the hacker conference Def Con, places herself in the top 1% of the "super paranoid." She doesn’t have a Facebook account. She keeps the device that pays her tolls in a transmission-proof envelope when it’s not in use. And she assumes that every phone call she makes and every email she sends will be searchable by the general public at some point in the future.
Many of her friends once considered her habits to be of the tin-foil-hat-wearing variety. But with this summer's revelations of the NSA's broad surveillance program, they’re starting to look a little more logical. "For the last couple of months," Sell says, "My friends that are not in the security industry come up to me, and I hear this all the time, ‘You were right.’ "
But even as more people become aware they are being tracked throughout their daily lives, few understand to what extent. In a recent Pew Internet study, 37% of respondents said they thought it was possible to be completely anonymous online. From experts like Sell, you'll get a different range of answers about whether it's possible to live without any data trail: "100% no," she says.
The people who have actually attempted to live without being tracked—most often due to a safety threat—will tell you that security cameras are just about everywhere, RFID tags seem to be in everything, and almost any movement results in becoming part of a database. "It’s basically impossible for you and I to decide, as of tomorrow, I’m going to remain off the radar and to survive for a month or 12 months," says Gunter Ollmann, the CTO of security firm IOActive, who in his former work with law enforcement had several coworkers who dedicated themselves to remaining anonymous for the safety of their families. "The amount of prep work you have to do in order to stay off the radar involves years of investment leading up to that."
Fast Company interviewed the most tracking-conscious people we could find about their strategies for staying anonymous to different degrees. Here are just a handful of daily, offline tasks that get more complicated if you're avoiding surveillance.
1. Getting Places
A few years ago, a man who goes by the Internet handle "Puking Monkey" noticed devices reading his toll pass in places where there weren’t any tolls. He assumed that they were being used to track drivers’ movements. "People would say, 'Well you don’t know that, because it doesn’t tell you when it tracks you,'" he tells Fast Company. "I said, 'Okay, I’ll go prove it.' "
He rigged his pass to make a mooing cow noise every time a device read his toll payment tag. And sure enough, it went off in front of Macy’s, near Time Square, and in several other places where there was no tollbooth in sight.
It turns out the city tracks toll passes in order to obtain real-time traffic information, a benign enough intention. But what worries people like Puking Monkey about being tracked is rarely a database’s intended purpose. It's that someone with access to the database will misuse it, like when NSA employees have spied on love interests, A U.K. immigration officer once put his wife on a list of terrorist suspects in order to prevent her from flying into the country. Or that it will be used for a purpose other than one it was built for, like when social security numbers were issued for retirement savings and then expanded to become universal identifiers. Or, most likely, that it will be stolen, like the many times a hacker group called Anonymous gains access to someone's personal data and posts it online for public viewing. By one security company's count, in 2012 there were 2,644 reported data breeches involving 267 million records.
In order to stop his toll pass from being tracked, Puking Monkey keeps it sealed in the foil bag it came in when he's not driving through a toll. That only stops that data trail (minus toll points). Automatic license plate readers, often mounted to a police car or street sign, are also logging data about where cars appear. They typically take photos of every license plate that passes them and often these photos remain stored in a database for years. Sometimes they are linked with other databases to help solve crimes.
Puking Monkey avoids license-plate readers by keeping his old, non-reflective license plate, which is more difficult to read than newer, reflective models. Others who share his concerns salt their license plates, add bumper guards or otherwise obscure the writing—say by driving with the hatch down or driving with a trailer hatch attached—in order to avoid being tracked.
But that still doesn’t account for the tracking devices attached to the car itself. To identify tires, which can come in handy if they’re recalled, tire manufacturers insert an RFID tag with a unique code that can be read from about 20 feet away by an RFID reader. "I have no way to know if it’s actually being tracked, but there are unique numbers in those tires that could be used that way," Puking Monkey says.
He uses a camera flash to zap his tires with enough energy to destroy the chips.
2. Buying things
Depending on your level of concern, there are several ways to produce less data exhaust when making purchases. None of the privacy experts who I spoke with sign up for loyalty cards, for instance. "It’s the link between your home address, what you’re purchasing, age, your movements around the country, when you’re shopping in different locations, that is tied to purchases you’re making in-store," Ollmann says. In a recently publicized example, Target used data collected from loyalty cards to deduce when its customers were pregnant—in some cases, before they had shared the news with their families.
Tom Ritter, a principal security consultant at iSEC Partners, has come up with a creative way to subvert loyalty tracking without giving up discounts. When he sees someone has a card on their key chain, he asks if he can take a photo of the bar code to use with his own purchases. They get extra points, and he gets discounts without giving up any of his privacy.
What you buy can paint a pretty good picture of what you’re doing, and many people aren’t willing to leave that information in a credit card company's database either. Adam Havey, an artist who makes anti-surveillance gear, puts all of his purchases on a credit card registered under a fake name. Then he uses the credit card in his actual name to pay the bill (Update: Harvey clarified that this is a technique he heard about from Julia Angwin, who is writing a book about surveillance). Ollmann buys prepaid gift cards with no attribution back to him to do his online shopping.
The most intense privacy seekers have a strict cash-only policy—which can mean they need to get paid in cash. At Ollmann’s old law enforcement job, one employee didn’t get paid, but vaguely "traded his services for other services."
"A barter system starts to appear if you want to live without being tracked," Ollmann says.
3. Having Friends
Friends can be an impediment to a life off the radar. For one, they probably think they’re doing you a favor when they invite you to a party using Evite, add you to LinkedIn or Facebook, or keep your information in a contact book that they sync with their computer.
But from your perspective, as someone trying to remain as untraceable as possible, they are selling you out. "Basically what they’ve done is uploaded all of my contact information and connected it to them," Sell says.
Same goes for photos, and their geolocation metadata, when they're added to social networking sites. Sell, with her sunglasses, is not alone in being concerned about putting her appearance online. At some security events, where there are often speakers and attendees with reasons to keep off the radar, organizers distribute name tags with different color stickers. The stickers indicate whether each attendee is okay with having his or her photo taken.
Sure, it seems paranoid today. But Facebook and Twitter already run photos posted on their sites through a Microsoft-developed system called PhotoDNA in order to flag those who match known child pornography images. Most would not argue with the intention to find and prosecute child pornographers, though it's not difficult for privacy activists to imagine how the same technology could be expanded to other crimes. "Every time you upload a photograph to Facebook or put one on Twitter for that matter you are now ratting out anybody in that frame to any police agency in the world that’s looking for them," digital privacy advocate Eben Moglen told BetaBeat last year during a rant against one of its reporters. "Some police agencies in the world are evil. That’s a pretty serious thing you’ve just done."
Ritter says he (not his company) personally thinks someone will build a facial recognition algorithm to scan the Internet within the next 10 years. "I can just imagine them opening it up where you would submit a Facebook photo of your friend, and it would show all the images that match it," he says. "We have the algorithms, we know how to crawl the Internet. It’s just a matter of putting the two together and getting a budget."
4. Just About Everything Else
It’s almost impossible to think of all the data you create on a daily basis. Even something as simple as using electricity is creating data about your habits. It’s more than whether or not you turned the lights on—it’s how many people are in your house and when you’re usually around.
RFID tags aren’t just in tires, they’re in your clothing, your tap-to-pay credit cards, and your dry cleaning. Ollmann zaps his T-shirts in the microwave. Others carry an RFID-blocking wallet to avoid having their RFID-enabled cards read when they're not making a purchase.
Maybe you've thought about the cameras that stores use to track customer movements. But cameras are also in your television, in your computer, and on the front of your phone. Earlier this year, security experts discovered a way to hack into Samsung Smart TVs and surreptitiously turn on the built-in camera, allowing anyone who exploited the security hole to watch you as you watched TV. Though the vulnerability has since been fixed, it demonstrated that the security of connected objects isn't guaranteed. Sell responded by covering all of the cameras in her household electronics with masking tape.
What makes totally avoiding surveillance really difficult is that even if you've thought of everything—to the point where you're covering your tablet's front-facing camera with masking tape—you can always think of more ways your data could be misused. Because you're constantly trying to prevent something that hasn't necessarily happened yet, the precautions you can take are just as endless.
Sometimes, as in the case of the NSA scandal, you find out that they were warranted. Most of the time, you never really know.
Ritter, for instance, recently met an insurance executive who always pays for meals with cash because he believes some day that data will be linked to his coverage. "I’m not saying this is a definite thing that happens," Ritter says. "but I don’t see any definite reason why it couldn’t."
"And that kind of concerns me, ya know?"