Private Online Shopping
6 months ago at the end of my post Avoiding Consumer Surveillance, I hinted at a post on anonymous online shopping. This is that post. As a heads up, I’ll be focusing exclusively on web marketplaces since alternatives like Openbazaar are currently ghost towns.
Sometimes it’s wisest to focus on how to reduce the harm caused by doing something rather than trying to get people to stop doing it. So, in this post, I’m going to focus on harm reduction. Given that everyone isn’t going to stop online shopping, how can it be done in a way that minimizes the harm to privacy?
To reduce harm to privacy, I’m going to evaluate each threat one by one and offer mitigations to it.
Real Name and Address
Giving out your real name and address is a privacy threat that doesn’t exist when interacting with a cashier in a physical store. As long as you’re not using a dis-loyalty program, you never give the cashier your name or address. So they can’t identify you that way. The online marketplace is a different story. It asks for both.
Mitigation - Give a Fake Name
There’s a simple solution to the name problem. Give a fake name instead. It’s legal and packages don’t necessarily rely on names for shipping anyway. That said, there may be some potential negative consequences that could happen:
- The package could get lost.
- If several people live at the address, the package could be given to the wrong person.
- The courier may fail to locate the recipient. The package will be sent back to sender or held for pickup.
- Signing for a package won’t work since there’s no name. This could complicate delivery.
- The courier may become suspicious and flag your address. This could cause your mail to be monitored.
The potential consequences might not present a problem for you or they might be a dealbreaker. It just depends on your own personal situation. I have 2 pieces of general advice:
- Always give your real name if you order something you can’t afford to lose in transit.
- Always give your real name if you give your real address. If you give your real address and not your real name, you’re only increasing the anonymity set of who ordered the package by a few. It’s not worth the trouble.
Other than that, you’ll have to make your own choice if the privacy is worth the risk.
Mitigation - Give a Different Address
The address problem isn’t so easily solved. The address isn’t redundant information. It’s actually used for shipping. The cheapest mitigation is to use a geographically close friend’s address for the package. Have them receive the package on your behalf. While possible in theory, there are several reasons this may be a bad idea, so I don’t recommend it.
Instead, you should pay for a proper mailbox service. A mailbox service can offer a real address that you can use online and a place to store your package until you go pick it up. The mailbox service may be willing to accept packages with a pseudonym, fake name, or no name at all, as well as your real name. Some mailbox services may hold your package and require you to show ID to receive it, which could get complicated if the package name and your real name don’t match. This is why you should ask about their protocol for non-matching names before you register with the mailbox service. If you can make it work, a fake name combined with a mailbox service can fully anonymize you to the seller.
Mailbox Service’s Records
Keep in mind that, if you choose to use a mailbox service, you aren’t anonymous to that service. It’s common for mailbox services to keep digital records of the sender, their address, the receiver, the type of package, weight, size and other information for months, years or even indefinitely. If the mailbox service ever has a data breach, the data will be available to everyone. Using a mailbox service is still better than the online marketplace knowing your name and address because at least the mailbox service doesn’t know what you bought. Almost all online marketplaces automatically share your data with third parties. By using a mailbox service, you’re not immediately identified, but the mailbox service’s records still pose a privacy issue.
Mitigation - Choose a Service With a Short Data Retention Period
Some mailbox services keep records only for a few months. Others keep records for years. For some, how long the record is kept depends on the type of package and if it has tracking or requires a signature. The only way to find this stuff out is by doing your research and asking questions about their mail record retention policy before you register. It’s important to choose the service that keeps records for the least amount of time.
So you’ve given a fake name and your mailbox service’s address which has a short data retention policy. But now, the marketplace wants your email. But giving out your email is nearly as identifying as giving out your real name. What to do?
Mitigation - Give a Throwaway Email
Don’t give a fake email. You may be required to confirm the purchase over email or receive some other important information that way. This mitigation is comparatively easy: Simply create a one-time use email address for the purchase and never reuse it. Do this every time you make a purchase.
The bad news is the marketplace might still require a phone number. The good news is marketplaces don’t usually require phone number verification for buyers.
Mitigation - Give a Fake Phone Number
Since marketplaces don’t verify the number, you can make one up. The marketplace will probably only text it details of your order. I don’t know of an online marketplace that forces buyers to verify their phone number. If you run across one, my advice is find a different marketplace. There’s plenty out there.
Browser Fingerprinting and IP Address
Mitigation - Use Tor Browser
Tor is Blocked
If you can’t access the site on the “standard” security setting in Tor Browser, then it probably blocks Tor exit nodes. Some sites do allow you to browse while using Tor, but won’t let you purchase anything. You just have to find out which ones are Tor friendly and which aren’t by trial and error. If a site isn’t Tor-friendly, all is not lost. There is still hope with Proxychains.
Mitigation - Use Proxychains
If you still insist on using that website for your purchase, you can configure proxychains to hide the fact that you’re using Tor while still getting the privacy benefits of the Tor Browser. Just search for the IP address and port number of an open proxy.
If you’ve properly configured Proxychains and Tor Browser is still not letting you visit the site, then most likely the site does some kind of anti-spam browser fingerprinting to determine if you’re a real user and Tor browser is getting you flagged as a bot since it’s resistant to fingerprinting. You could use a different browser proxied through Tor, but at this point I’d just look for the item on a different website. If the website requires browser fingerprinting, then you can’t expect to buy anything anonymously.
I wish I could say that’s all because it feels like the overhead for making a private purchase is getting outrageous. But there is one more privacy threat to overcome. That is the payment method. The payment method more than anything is going to eliminate online web stores from our list of private marketplaces. Here’s a non-exhaustive list of the payment methods that you have to throw out the window when it comes to privacy:
- debit card
- credit card
- Google Wallet
- Apple Pay
- Amazon Payments
- Square Cash App
- And more…
Any payment system that identifies you can’t be used for privacy. Until something like GNU Taler becomes popular, we’re left with 1 option that offers real payment anonymity: cryptocurrency.
Mitigation - Monero
The hidden fees are of course embedded in the exchange rate. When you go to buy Monero, you’re going to take a hit and when you pay to convert it to Bitcoin, you’re going to take a hit. In the end, you may end up paying 20% more than you otherwise would have had you just bought the item with a debit card. That’s not even including the costs involved in a mailbox service. But that’s just the price of your privacy if you insist on buying online. There’s no easy way around it.
At this point, you’re probably thinking I’ve wasted my time writing all this. I understand that 99.9% of people aren’t going to even attempt to do any of these steps. They’re going to use Goolag Chrome browser with their real IP address with 1000 tracking cookies providing all their real information and paying with a credit card. I know this.
The primary purpose of writing all this is not actually to teach you how to shop online anonymously. It’s expensive, tiresome and tedious. The primary purpose of this post is to show you just how impractical it is to shop online in privacy. The goal is by showing you how far you need to go to have real privacy shopping online, you’ll decide to buy things in person with cash instead, when possible.
Compared to walking into a store, paying with cash and rejecting the rewards program, the process I’ve outlined for getting equivalent privacy online is a nightmare to go through. This post could have been 2 sentences long:
“Private online shopping isn’t practical. Buy in person with cash instead.”
But, in writing all this out, I think I’ve made a really strong case for just buying things in person with cash when possible. If it’s not possible to purchase in person, you now have some tips for staying anonymous while online shopping.
Remember that privacy isn’t binary. You can follow as many of my advices as you’re willing to. Don’t give up completely just because you can’t follow every piece of advice. If you do nothing more than start reading the privacy policies and becoming more aware of how your data is used, that’s a plus in my book. As always, thank you for reading if you made it this far and feel free to send a donation if you think my posts are valuable.