What Privacy Experts Do About Their Own Digital Privacy

Even simple steps can make it harder for companies to collect and use your personal data. Then again, some experts go to extremes.

By Adam Tanner

December 22, 2022

Illustration of a man closing an eyelid shade over an eye ball with a house icon to represent privacy concept.

Privacy experts often recommend fairly cumbersome techniques to keep companies from collecting too much of your personal information.

But do they practice what they preach? Do these privacy professors, company executives, and researchers follow their own instructions for privacy health, or even take additional protective steps? Or do they secretly opt for convenience, carelessly sharing even intimate data?

We asked some top scholars and specialists in the field of digital privacy to reveal what they do to safeguard digital privacy in their own lives. We found a wide variety of practices. Like many of us, privacy professionals seem torn between the convenience offered by everyday technology and their desire to limit data collection.

Their answers may provide clues to what really matters most when it comes to protecting our own information from data brokers, marketers, and their corporate clients.

To Alexa or Not to Alexa?

The so-called internet of things includes all the web-connected appliances and devices that are increasingly common in our homes (along with our cars and everywhere else, too).

Adam Schwartz, senior staff attorney at the Electronic Frontier Foundation, an advocacy organization, explains that internet-connected sensors now appear throughout many homes, from washing machines to video doorbells.

“The sensors are constantly gathering information,” he says. “Businesses are mining it to know when to send you a coupon for more laundry soap or whether to send you advertisements for new insulation for your house based on your heating patterns.”

According to Schwartz, it’s impossible to know when company employees might also have access to information gathered by connected devices, further infringing on privacy. “I personally have very little internet of things (technology) in my house,” he says.

Other experts take a more permissive approach to IoT devices.

“I do have smart devices in my home. I have two young kids; I have a family,” says Mihir Kshirsagar, who leads a tech policy clinic at Princeton University’s Center for Information Technology Policy in New Jersey. “Some of these devices are great. I mean, it’s great to be able to listen to music and have it go from one room to the other. In your kitchen, if you can’t remember a step in a recipe, it’s great to be able to call it up.”

However, Kshirsagar says consumers are forced to make too many privacy trade-offs. “You shouldn’t have to trade your information or your security to get that,” he continues. “We have other lives. We’re doing lots of other things in our time. We can’t be expected to have all the knowledge necessary to agree” to one-sided privacy policies and terms of service.

And sometimes, he says, it seems like he can’t say no, such as when his children are required to use certain software for school assignments—regardless of any privacy concerns he may have.

Lorrie Faith Cranor, a professor at Carnegie Mellon University in Pittsburgh and former chief technologist at the Federal Trade Commission, also finds parenting to be a complicating factor in embracing privacy. For instance, she avoids smart speakers in most of her home—but does allow her kid to have one. “It’s banished to said kid’s room,” she says. (Cranor is also a member of CR’s Digital Lab advisory council.)

By contrast, Steve Shillingford, one of the founders of Anonyome Labs, which makes privacy tools, says smart speakers are not welcome in his home. “I would never put Alexa in my house, Siri or any of those kinds of devices,” Shillingford says. “It’s just good hygiene to kind of put some distance between you and the company on the other side of that kind of device.”

Daniel Kahn Gillmor, senior staff technologist at the ACLU’s Speech, Privacy, and Technology Project, who has a background as a software engineer, has the tech savvy to create his own system of smart home devices. But he asks: Why bother?

“If I want a light that I can turn on and off from a web browser, I will hook it up to a switch that’s connected to a computer that I control,” he says. “But honestly, I don’t have any lights that I control from a web browser. I control my lights by getting up, walking to the side of the room, and flipping the light switch. It seems to work fine for me.”

Cashing in on Freebies

Privacy experts appreciate discounts as much as anyone else, but many don’t like the idea of sharing personal information to get them. Rather than lose out, some have figured out how to guard their real phone numbers and emails and still get deals from retailers.

“I have a longtime personal email and phone number that I rarely share with folks outside my very close-knit personal network,” says Shillingford, who is now president and CEO of DeepSee.ai, which uses machine learning to automate business practices.

Instead, he creates substitute emails and telephone numbers for supermarkets, pharmacy chains, and other companies.

“I don’t give it out at Safeway,” he says. “I don’t give it to folks when they say, ‘Hey, can I get your phone number?’ I never use it for log-ins. I use these other throwaway emails, and I even have several phone numbers that I use. Walgreens wants a phone number, so you can get a discount. So I use a number that is not attached to the one I’ve had for 22 years.”

“I sign up with Netflix under a pseudo name,” Shillingford continues. “And I actually have credit cards that are tied to that pseudo name that allow me to sort of create a little bit of a proxy between Netflix and Steve Shillingford’s tastes in documentaries and comedy.”

Justin Brookman, the director of consumer privacy and technology Consumer Reports, takes a similar approach. “I lie to sites that demand my email address or personal information—say, to get access to WiFi,” he says.

Creating these secondary identities is not as complicated as it may sound. A number of companies offer services that quickly conjure up substitute emails, telephone numbers, and one-time credit cards, including MySudo from Anonyome, the company Shillingford founded.

Extensions to Navigate the Web

Many privacy experts also embrace relatively unintrusive tools to protect their personal information while allowing them easy access to the internet.

Aleecia McDonald, assistant professor of the practice at Carnegie Mellon University’s Information Networking Institute, suggests free browser extensions such as Privacy Badger, which aims to stop companies such as advertisers from tracking your online activities.

“What that will do is, over time, it will have less tracking of you without breaking a lot of what you already use on the internet,” McDonald says.

The Fortified Bunker

If the spectrum of privacy choices ranges from running naked (figuratively) on the internet to wearing a suit of armor, Eben Moglen navigates the internet in the equivalent of a tank.

A Columbia Law School professor and founder and executive director of the Software Freedom Law Center, Moglen stands out even among privacy experts for his strong aversion to anything linked to big technology companies. “I have never, ever, used a computer running Microsoft Windows, and I never touch, let alone use, any object made by Apple,” he says.

He does not have accounts with Google, Facebook, Twitter, or Zoom. Instead, he runs his own private network.

In 2010 he launched a project called FreedomBox, which allows people to use a combination of hardware and software to share files and encrypt messages privately, as well as make calls and edit documents through their own home servers.

“FreedomBox empowers its users to avoid the data mining, censorship, and surveillance by centralized silos that characterize the web of today,” FreedomBox says on its web page. “It makes web servers personal, affordable, and manageable, so that a user can host necessary web services at home on a device they own, powered by free software they can trust.”

Daniel Kahn Gillmor uses a similar private computer network, and the machines on his home network also use a free operating system. “There are things that I do that make sense for me that may not make sense for other people,” he says. “I have a handful of small computers scattered around the house, like everyone does today. But most of my computers that I have scattered around the house are computers that I fully control.”

These experts are outliers, but everyone we spoke with takes significant steps to limit how much data companies can collect and use about them. It’s impossible to stop all data collection, but many of the measures are both easy to implement and useful, especially given the hard-to-assess risks that come from unfettered data collection.

Adam Tanner

Adam Tanner is a Consumer Reports contributing editor. He is also the author of “Our Bodies, Our Data: How Companies Make Billions Selling Our Medical Records” and an associate at Harvard's Institute for Quantitative Social Science.