Why it’s so hard to buy online and maintain any privacy

Mask ornament

In a perfect world, no one would have any right to know what I buy, where I go, and what I do unless I gave them that access.

This seems rather quaint now. Today, everything you do is scrutinized, advertised, collected, and sold, with that data being used to market more things to you.

From the way that coupons at the checkout register are spookily reminiscent of something you might want to buy, to the way that you see a “Sponsored” ad for something you looked up two weeks ago, and now follows you around like a phantom, you are basically a giant data mine.

I had all this brought home to me when I decided, finally, to purchase a VPN service, so I could retain privacy when online as well as make myself safer.

It occurred to me that, if I were to not consent to any personalized information sharing, that it would be incredibly difficult to make a purchase happen.

So here is a list of information we give up willingly when we purchase something online. The way our system works, you are opting in to all of this by default. Are you okay with all this?

Payment information

The internet is an amazing place, and lots of things are possible there, but one thing you can’t do is buy something with cash.

Which means that, for most people, you pay for things with a card. Most cards are tied to your personal information, location, email, purchasing history, and a whole lot else.

You can use a prepaid card, but some of them require registration, and there are lots of restrictions on use, that make them not a universal solution.

Maybe people think that paying with cryptocurrencies is the solution, but that’s a little misleading. All Bitcoin transactions, for example, are fundamentally public. They are so public that anyone can look up transactions online. And since money needs to enter the Bitcoin system somehow, unless you work to cover your tracks, it’s not impossible to trace an account back to a person.


When you buy something that needs to be shipped, the sender has to know where they are shipping to. In most cases this is your home address.

But why should a company know where I live?

From that information, they can triangulate all sorts of details, from demographics to even income, all based on location. (Home valuation estimates are public, so you can gather someone’s likely income range based on where they live.)

READ MORE:  How not to be seen (when online)

This is one of the reasons why I use a P.O. Box.


Go to this site. In most cases, it will tell you exactly where you are. This is true even if you’re on a laptop. Everything is geolocated by default.

But why would I want my position to be tracked?

While there’s very little I can do about the tracking cameras out on the street, I can use a VPN service to spoof my location, to make me seem like I’m anywhere. While this is often used for people who are out of the U.S. to be able to view services like Netflix, you can use it to make it seem like you are anywhere else, even another city in the same country.

Phone number

A phone number is like the new social security number: originally used for one purpose, it’s become a personal access token. How many times have you seen “Please enter your phone number to log in?”

Amazon login
If you really think about this, this isn’t okay.

This means that your phone number is tied to all sorts of personally identifying information. In that respect, it’s no different from an…

Email address

I have multiple email addresses, but there are a few that, if shut down for any reason, I’m pretty much screwed.

Email address are everything online. They are your login ID, your identifier. They are the recipients of your recovery information, in case you can’t log in somewhere. They contain important history of activity (since most people archive emails).

In short, whoever controls your email address, can basically be you.

With this in mind, even knowing your email address can be a liability. After all, I can’t try to hack an account I don’t know about.

Luckily, there are anonymous email services where no personally identifiable information is given, and even burner email accounts that exist for a short period of time and then vanish.

I’m not saying that you should work to remove all of this personally identifying information out there. That might not be realistic or feasible. What I am saying is that you need to be aware of what you are giving away by default, and be comfortable with it. If you’re not comfortable with any of this, you need to take steps to change it.

The internet is a great tool, but one thing it doesn’t do is protect us. Until it does, we’ll have to protect ourselves.

Comments are closed.