How to Stop Facebook (and others) tracking me

Facebook is stalking you like a crazy ex. It's tracking you, even when you're not on the platform. It probably even has data on you, even if you've never signed up. So how do you stop it?

Well, the bad news is, it's nearly impossible. The entire Facebook business model relies on using data about you to advertise to you in a very precise way. For example, if I wanted to create an advert I can target by your income (even though you haven't told facebook, they've taken an educated guess), by your political persuasion (left/right or conservative/liberal), by the places you have been, or are interested in going to, by the friends you have or people you work with. I can tailor the ad to suit your level of education, whether or not you have kids, what you like doing at the weekends. The list goes on, and on, and on...

If you want to know how they view you, visit this link and explore all the tabs, removing any you're not happy about.

So what can you do about it?

Well, the apocalyptic option is to remove yourself completely. To permanently delete your Facebook account, navigate to the Setting page via the downward facing arrow at the top right side of the site. Click the Your Facebook Information link under Security and Login and navigate to the Delete Your Account and Information link. Once there, you’ll have the option to Deactivate Account, which will allow you to either keep Messenger access, Download Your Information, or Delete Account.

But I don't want to delete it...

Here's some steps you can take to prevent them from being so invasive. Bear in mind these aren't a silver bullet, they'll almost always find a way.

6 Things You Can Do For More Privacy

1. Delete all Facebook Apps and use a Browser Instead

That's Facebook, Messenger, Instagram and WhatsApp and use the browser instead. The app allows location access, and also uses Bluetooth to track if you're close to others. It also may be listening to your microphone (although they deny this), or using your camera to collect data. You can still use your browser to view it. The only exception is WhatsApp which must be installed on your phone to work. Instagram have a browser version, but it doesn't allow you to upload photos, so you may have a hard time using it without the app.

2. Disable Location Tracking

On your phone, tablet or laptop, check Settings -> Privacy. Look at Location Services and check which apps are allowed to track where you are. Disable any apps you don't want to have access to your location. This doesn't totally stop Facebook knowing where you are, they can work that out from your IP address, bluetooth and photo GPS tags.

3. Disable Camera and Microphone Access

They deny listening to you or using your camera, but to be on the safe side you should keep these disabled. Note you will need to enable them again if you want to add to a story, take a picture or upload.

4. Use a VPN

I talked about VPN's in this post and I'll go in to them in more depth in a later post. In this day and age I recommend running a VPN on every device. Without going in to too much techno babble, a VPN (Virtual Private Network) scrambles your data so it can't be read by third parties, it also masks your location. I recommend CloudFlare's free version, but there are some other paid options offering more comprehensive encryption.

Side note to parents - if your kids use a VPN they may be able to bypass parental filters.

5. Use an Ad Blocker

Chrome is one of the most popular browsers, but remember it's made by Google, who also are an advertising company. For that reason alone, as well as the fact it's not a great browser, you should probably explore other options. I personally prefer Opera (it has a built in VPN and ad blocker), or if you want extremely private fast browsing, Brave is a great option.

Most browsers have the option to add extensions. Have a search for adblock, uBlock and AdGuard.

6. Set your Browser to 'Do Not Track'

You may have heard of 'cookies'. These are little files that most websites deliver to your computer with information about what you do on that particular site. These can be used to track you from site to site.

In most browsers you have the option to ask websites to not track you, so have a look around in your browser settings. It is at the discretion of the websites to obey this request.

Conclusion

Facebook's entire operation depends on their ability to use your data to advertise to you, so they'll always find a way to do that, it's the nature of the beast. None of these options put you completely beyond it, but they'll certainly help.

Let me know if there are any other tips you know that I've missed that you use.

10 Website Mistakes Even the Pros Make

1. Slowness

One of the most common problems and simplest to fix. You have to remember that while you want your website images to look crisp and high quality, the larger your website is, the slower your site will load (particularly on mobile phones).

Having a video run in the background of the front page of your website might look great, but you're going to need to compress it so it's at least under 1MB in size. You also should defer loading large content like images and video, so you don't frustrate your users with long wait times.

2. Website isn't Compressed, Minified or Cached

Running on from the first point, every website, even well written ones, should take advantage of compression (like gzip), minification and caching systems and content delivery networks (CDN) to make the user experience as fast as possible.

If you've a slow website you may well be losing customers & business. This article explains more about that impact.

You're also going to particularly see an impact on mobile users (63.4% of your visitors) - phones aren't as fast at rendering a website as a computer, so your website should be written to accommodate.

3. Not Accessible

According to the latest available UK government report a surprisingly large proportion of users use assistive technology (around 29%). These may be users with visual impairments or who have difficulty interpreting screen content. There are so many websites out there that just don't consider those needs, which must be incredibly frustrating. Images should have descriptions (alt tag), links should have alt tags to describe where they will take the user. Every decent content management system will provide the functionality for this, so make sure you're using it.

Government Report figures
30% screen magnifiers
29% screen readers
18% speech recognition
15% readability
8& other

4. Text is Too Small

The standard text size on most web browsers is 16px tall. This is surprisingly big - don't make your users squint, or have to zoom (I'm looking at you FaceBook with your default text size of 11px), or abandon your site just because it's not readable. And that leads to point 3...

5. Contrast Ratios

As well as a design consideration, this relates to accessibility. You should have enough contrast between colours to allow all text to be easily readable. Remember 8% of men and 0.5% of women in N. Europe are colour blind. Reds and greens are a particularly bad combo (red and green should never be seen without a colour in-between). If you need to to check that you have enough contrast, this handy tool can help you.

6. Not Secure (https)

There's no excuse for this one these days. Every website should be encrypted (httpS rather than http). Let's Encrypt offer a free website encryption service which most modern hosting services can easily install in a few clicks.

Why does it matter? When a user submits any information to, or browses a site, information is passed from the users browser to the web server via their internet connection. Now, let's say for the sake of argument you're in an airport, or cafe on public WiFi. If someone were able to intercept your connection they could see all the information you are getting or sending to insecure websites. Any personally identifiable information could then be used to steal your identity, money or login information.

How do I know if a site is secure? Most browsers display a little lock symbol beside the website address. If it doesn't have one and you are being asked to fill in a form or submit information, you should avoid doing so.

7. Too Vague

If someone who had never heard of you, and had no idea what you do, were shown your website, would they be able to work out what you do? How long would it take them to do so? If the answer is less than 5 seconds then you need to review your messaging. I recommend all my clients do the free 5 minute marketing makeover by Story Brand. Which will really help you understand why messaging clearly is so important.

8. Not Built for Mobile (responsive)

63.4% of websites are viewed on mobile devices (phones and tablets) in 2019, so if your site is not designed responsively around that majority of users, you're missing out. Also, your search engine ranking will be affected as a result.

9. Popups

Google announced last year that they were penalising sites that have popups (modals, interstitials, overlays). Rightly so. You still can't go on the internet these days without coming across this kind of page. You're 10 seconds in, or half a page down, and all of a sudden you can't see content because there's a popup asking you to sign up to the latest newsletter. There are lots of better more honest ways to engage with your users than forcing them in to signing up for your e-mail list.

If you've a genuine service that's relevant to the user, and you're offering something of value in return for their email address, then they'll sign up. Just don't bully your users, doing so just creates a mild frustration and devalues your brand.

10. Badly Coded

A lot of people use WordPress because it's wonderful, free and open and extensible and accessible, but use (or are sold) an 'off the shelf' multi purpose theme, probably because the demo content looked great.

I've done this for clients in the past who don't have the budget for a bespoke site and I can tell you that for all the short term gain, it's long term hassle. I'm not saying this is always wrong, some people run entire web design businesses this way and that's OK.

Common problems are that the codebase becomes obsolete over time, the core system will update but the theme gets left behind, becomes insecure, hackable, or worse creates errors on the front end of your site or breaks it entirely.

The other issue is that pre-made themes are often bloated. Remember the people who make themes are trying to sell them to as many people as possible, so they need to build in more options than any one site will ever use. So those themes will be bloated with superfluous code you may never use.

Speed up your internet (and make it safer) for free

Everyone wants faster internet, so here's how you get it (for free). As well as making your internet faster, it's going to make your internet queries private.

How?

On your phone it's as simple as downloading and running this app, then installing the VPN profile. Click the button below to go to the store of your choice and grab the free app (sorry if you're not on one of these platforms, you'll have to do the manual process).

Installing on your phone is fairly simple, just run the app and install the VPN profile, but on a desktop computer is a little trickier so proceed with care. Please note, you do this at your own risk, but if you run in to difficulty, just comment below or send me a message and I'll try to help.

On a Mac

Click the WiFi icon and choose 'Open Network Preferences' from the bottom of the list.

The active internet connection is at the top of this list and should have a green light beside it, for example this is the WifI Connection:

At the bottom right of that window, choose Advanced... then go to the DNS tab.

You'll see a box with some DNS entries in them with possibly a few IP addresses which are dark grey. Those are the addresses your computer uses to look up websites, we're going to replace them with CloudFlare's DNS servers.

Press the + button at the bottom left and then type:

1.1.1.1

Press the + button again and enter.

1.0.0.1

Your window should now look like this:

Updated DNS settings with CloudFlare DNS

Hit OK, then apply to make the changes stick and you're done. Welcome to speedier, more private internet.

On a Windows PC

On a PC it's a little tricker:

  1. Click on the Start menu, then click on Control Panel.
  2. Step 2: Click on Network and Internet.
  3. Step 3: Click on Change Adapter Settings.
  4. Right click on the Wi-Fi network you are connected to.
  5. Click Properties.
  6. Select Internet Protocol Version 4.
  7. Click Properties.
  8. Click Use The Following DNS Server Addresses.
  9. Remove any IP addresses that may be already listed and in their place add:
1.1.1.1  
1.0.0.1

10: Click OK.

Here's a link to a video tutorial

How does it work?

The company that make this app are the worlds largest Content Delivery Network (CDN). They make copies of websites (like this one!) available to users in locations that are geographically closer, so they load faster.

When you visit any website, your device asks another computer 'where is this website', the question is passed down a chain of computers until the answer is given, then your computer loads the website.

CloudFlare servers also know where most websites are, so they reduce the number of 'hops' your computer has to do to get an answer.

How does it make my connection more private?

Some internet providers make money from your internet queries. For example; if you type an incorrect website address, you may be presented with a page full of suggested sites, or adverts. Your internet provider makes money from those adverts loading, or from you clicking on them. So by using CloudFlare's DNS service you're bypassing their servers so they don't know what you're looking up. In your face ISPs!

Is it Trust Worthy?

Yes! They are a business but this is a bi-product of what they offer.

What is a VPN?

A VPN is a virtual private network. A VPN is used for remotely connecting to another server and to encrypt all the information that you send and receive over the internet. If you ever made a code wheel, it's like that, but for your internet connection.

Is this a full VPN?

Not quite - from what I understand, it doesn't encrypt your data, but it does encrypt your internet queries. I'll do a full post about VPNs some time in the future as they are increasingly important these days.

If you like this and found it useful, please consider sharing, joining me on facebook or following on twitter.

Anatomy of a Scam E-Mail

I'm fairly sure that I've been contacted by nearly everyone I've ever worked for about this scam e-mail that's been doing the rounds. Here's what it looks like:

Example:

This account was hacked! Change your password right now! 
You do not know me me and you may be definitely surprised why you are getting this e-mail, right? 
I am ahacker who openedyour emailand all devicessome time ago. 
Don't try out to communicate with me or look for me, in fact it's impossible, considering that I sent you this message from YOUR account that I've hacked. 
I set up virus to the adult vids (porno) website and guess that you watched this site to have some fun (you understand what I mean). 
While you have been watching these "great" vids, your internet browser began operating as a RDP (Remote Control) that have a keylogger that gave me permission to access your display and web camera. 
Then, my softwarestoleall info. 
You have typed passwords on the online resources you visited, and I already caught all of them. 
Of course, you'll be able to modify them, or possibly already modified them. 
But it really does not matter, my malware updates it every 5 minutes. 
And what did I do? 
I got a backup of every your system. Of all the files and contact lists. 
I formed a dual-screen movie. The first screen shows the video that you were observing (you have got a good taste, ahah...), and the 2nd screen reveals the movie from your own web camera. 
What do you have to do? 
Good, I think, 1000 USD is a inexpensive price for our little riddle. You will make the deposit by bitcoins (if you do not understand this, search “how to purchase bitcoin” in any search engine). 
My bitcoin wallet address: 
XXXXXXXXXXXXXXXXXXXXXXX
(It is cAsE sensitive, so just copy and paste it). 
Important: 
You will have 48 hours to make the payment. (I built in an unique pixel in this email, and right now I know that you've read through this email). 
To trackthe reading of a letterand the activityinside it, I usea Facebook pixel. Thanks to them. (The stuff thatis appliedfor the authorities might actually helpus.) If I do not get bitcoins, I'll immediately transfer your video files to all your contacts, such as relatives, colleagues, and many more? 

Hilarious?

Yes, if you know enough to know it's not true. However, if you have been accessing these kind of sites, even accidentally, it could be very worrying. The even more worrying thing is that it appears to have been sent from your own email address. They did this by spoofing your address, which is very simple to do.

Every email contains a block of code called a header. If you know how to open the e-mail headers you should be able to see a lot of information where it's come from (things like the IP address or the address which routed the email to you). The example above came from an email server in Poland.

True?

No, whilst it's not impossible for someone to have accessed your computer, but it's highly unlikely this is genuine.

What do you need to do?

If you're worried that your computer, e-mail, or other service that you use has been compromised, change your password. Particularly applications that are allowed to access your webcam.

Make sure all passwords are a combination of numbers, non-dictionary words and special characters. Preferably use a password manager such as 1password (my preferred), Dashlane or Lastpass. (Blog about password managers coming up).

What not to do?

Don't reply (you won't be able to anyway) or pay anything.

How to prevent it?

If you're using a personal e-mail provider (like hotmail, gmail or outlook.com) you're at the mercy of the providers spam control software, so the only thing you can do is run 3rd party spam software on your computer which is only possible if you access your mail using an app (like outlook or mac mail). Some antivirus programs have spam protection built in.

More Technical Options

If you do have your own domain you can configure an SPF record (sender policy framework) or DKIM (DomainKeys Identified Mail). If that's beyond your expertise, you can ask your domain provider or systems administrator to do that for you.

Other Tips

Check the actual e-mail address.

A common trick is to change the name that is presented on sent e-mail to match the e-mail address. If you right click the name you should be able to view the address the email was actually sent from.

Check the links

See this screenshot below, you can see the link to what looks like a genuine Netflix website, but if you hover you mouse over the link (don't click) you'll notice it's going... elsewhere.

Hope you found this helpful, feel free to get in touch if you've any other examples or want to send me a message that you're unsure about.

New Site

Working Hard...

I'm always busy building sites for others, I don't often get time to work on my own brand and content, but finally managed to squeeze out some time for my own site.

I'm aiming to provide a blog of occasional resources for people running their own websites & businesses so if you're interested follow along.