Google Analytics and Privacy

Collecting web usage data through services like Google Analytics is a top priority for any library. But what about user privacy?

Most libraries (and websites for that matter) lean on Google Analytics to measure website usage and learn about how people access their online content. It’s a great tool. You can learn about where people are coming from (the geolocation of their IP addresses anyway), what devices, browsers and operating systems they are using. You can learn about how big their screen is. You can identify your top pages and much much more.

Google Analytics is really indispensable for any organization with an online presence.

But then there’s the privacy issue.

Is Google Analytics a Privacy Concern?

The question is often asked, what personal information is Google Analytics actually collecting? And then, how does this data collection jive with our organization’s privacy policies.

It turns out, as a user of Google Analytics, you’ve already agreed to publish a privacy document on your site outlining the why and what of your analytics program. So if you haven’t done so, you probably should if only for the sake of transparency.

Personally Identifiable Data

Fact is, if someone really wanted to learn about a particular person, it’s not entirely outside the realm of possibility that they could glean a limited set of personal attributes from the generally anonymized data Google Analytics collects. IP addresses can be loosely linked to people. If you wanted to, you could set up filters in Google Analytics that look at a single IP.

Of course, on the Google side, any user that is logged into their Gmail, YouTube or other Google account, is already being tracked and identified by Google. This is a broadly underappreciated fact. And it’s a critical one when it comes to how approach the question of dealing with the privacy issue.

In both the case of what your organization collects with Google Analytics and what all those web trackers, including Google’s trackers, collect, the onus falls entirely on the user.

The Internet is Public

Over the years, the Internet has become a public space and users of the Web should understand it as such. Everything you do, is recorded and seen. Companies like Google, Facebook, Mircosoft, Yahoo! and many, many others are all in the data mining business. Carriers and Internet Service Providers are also in this game. They deploy technologies in websites that identify you and then sell what your interests, shopping habits, web searches and other activities are to companies interested in selling to you. They’ve made billions on selling your data.

Ever done a search on Google and then seen ads all over the Web trying to sell you that thing you searched last week? That’s the tracking at work.

Only You Can Prevent Data Fires

The good news is that with little effort, individuals can stop most (but not all) of the data collection. Browsers like Chrome and Firefox have plugins like Ghostery, Avast and many others that will block trackers.

Google Analytics can be stopped cold by these plugins. But it won’t solve all the problems. Users also need to set up their browsers to delete cookies websites save to their browsers. And moving off of accounts provided from data mining companies “for free” like Facebook accounts, Gmail and Google.com can also help.

But you’ll never be completely anonymous. Super cookies are a thing and are very difficult to stop without breaking websites. And some trackers are required in order to load content. So sometimes you need to pay with your data to play.

Policies for Privacy Conscious Libraries

All of this means that libraries wishing to be transparent and honest about their data collection, need to also contextualize the information in the broader data mining debate.

First and foremost, we need to educate our users on what it means to go online. We need to let them know its their responsibility alone to control their own data. And we need to provide instructions on doing so.

Unfortunately, this isn’t an opt-in model. That’s too bad. It actually would be great if the world worked that way. But don’t expect the moneyed interests involved in data mining to allow the US Congress to pass anything that cuts into their bottom line. This ain’t Germany, after all.

There are ways with a little javascript to create a temporary opt-in/opt-out feature to your site. This will toggle tags added by Google Tag Manager on and off with a single click. But let’s be honest. Most people will ignore it. And if they do opt-out, it will be very easy for them to overlook everytime without a much more robust opt-in/opt-out functionality baked in to your site. But for most sites and users, this is asking alot. Meanwhile, it diverts attention from the real solution: users concerned about privacy need to protect themselves and not take a given websites word for it.

We actually do our users a service by going with the opt-out model. This underlines the larger privacy problems on the Wild Wild Web, which our sites are a part of.

Locking Down Windows

I’ve recently moved Back to Windows for my desktop computing. But Windows 10 comes with enormous privacy and security issues that people need to take into account…and get under a semblance of control. Here’s how I did it.

There has been much written on this subject, so what I’m including here is more of a digest of what I’ve found elsewhere with perspective on how it worked out for me over time.

Windows Tweaker

This is a pretty good tool that does what Windows should do out of the box: give you one-stop access to all Windows’ settings. As it is, Windows 10 has spread out many settings, including those for Privacy, to the Settings screen as well as Registry Editor and Group Policy Editor.

There are dozens of look and feel tweaks, including an easy way to force Windows to use the hidden Dark Theme.

The Privacy Tab, however, is the single most important. There, you can easily turn of all the nasty privacy holes in Windows 10, such as how the OS sends things like keystrokes (that’s right!) back to Microsoft. The list of holes it will close is long: Telemetry, Biometrics, Advertising ID, Cortana, etc.

Cortana

Speaking of Cortana, I was really excited that this kind of virtual assistant was embedded in Windows 10. I looked forward to trying it out. But then I read the fine print.

Cortana is a privacy nightmare. She can’t be trusted. She’s a blabbermouth and repeats back everything you tell her to not just Microsoft, but indirectly to all of their advertising partners. And who knows where all that data goes and how secure it is in the long run.

Yuck!

Turn her off. Pull the plug. Zero her out.

The easiest way to disable her is to set up a Local Account. But there’s more info out there, including this at PC World.

Local Account

When you first install Windows 10, unplug the ethernet and shut down wifi. Then, when you’re certain that all of MSFT’s listeners can’t communicate with your machine, go through the Installation Set Up process and when asked to create/log in to your Microsoft Account, don’t. Instead, use the Local Account option.

The down sides of going this route are that you can’t sync your experience, accounts and apps across devices. You also won’t be able to use Cortana.

The up sides are that using a Local account means you will be far more secure and private in whatever you do with your computer (as long as you maintain the many other privacy settings).

Reduce Risk and Streamline Your PC

Windows 10 comes crammed with many programs you may not want. Some of these may even be tracking and sharing, so if you don’t actually use it, why not lighten the load on your system and remove them.

You can do this the slow way, one app at a time, or you can use the Powershell nuclear option and kill them all at once.

I did this and haven’t regretted it one bit. So fire away…

Privacy Settings

I won’t go into all of this. There is plenty of solid advise on reducing your exposure on other sites (like at PC World) and some lengthy YouTube videos which you can easily find.

But it is critical that you go into the Settings panel and turn everything off at the very least. That’s my feeling. Some tell you that you even need to set up IP blocks to keep your machine from reporting back to Microsoft and its advertising partners.

Others say this is somewhat overblown, and not unique to Windows, like over at LifeHacker, so I’ll leave it to you to decide.

Conclusion

It’s really too bad that operating systems have gone down this road. Our PCs should be tools for us and not the other way around.

Imagine if everything that happened on your device stayed private. Imagine if it was all encrypted and nobody could hack into your PC or Microsoft’s servers or their advertisers’ databases and learn all kinds of things about you, your family, your work, your finances, your secrets. And yet, this is precisely what Microsoft (and iOS, Android and others) did, intentionally.

Frankly, I think its bordering on criminal negligence, but good luck suing when your data gets exploited.

Better safe than sorry…that’s my take. Do a little work and lock down your computer.

Good luck out there…

 

Return to Windows

There’s a Windows machine back in my house. That’s right, after 14 years of Mac OS, I’ve shifted my OS back to Windows…on my primary computer!

Windows? WTF?

So, Mac OSX is still a superior operating system. But the gap between Windows and OSX has shrunk considerably with the launch of Windows 10, but that’s hardly a good reason to leave behind the most simple, well-designed and usable OS out there.

But Apple is steadily closing the noose on what computer users can do with their machines and this has really rubbed me the wrong way.

Besides, I had a dream. A dream to build a dream machine, that is. I wanted to build my own ‘Adobe Machine’ for home use and also be able to swap out hardware over time. In Apple’s ultra-controlled ecosystem, building such a device would be very, very costly and also fail to really expand over time. And for very practical reasons, relying on a finicky Hacitosh was out of the picture.

So, fed up with the self-imposed limitations of Mac, I went back to Windows…and this is my experience.

First Impressions

desktopSo, the design of Windows 10 is actually quite pleasant. The modern ‘Metro’ UI is very pleasant (I only wish it was applied uniformly across the OS–more on that later).

The Start (menu) is actually a great way to tuck all of your most important apps out of sight. And I love that it’s flexible, allowing you to organize apps and folders however you want. There are even ways to label and group apps however you wish. The librarian in me sings with these kind of organizational features.

I’ve found that I actually use the Start Menu as a replacement for not only my Desktop but also the Task Bar, which I only keep visible so I have the clock visible.

Maybe it’s the OSXer in me, but there are parts of Windows 10 that feel like redundant re-thinks of more familiar features. For example, the Action Center has quick access icons for things like VPN and creating Notes, all of which, one would expect would be handled by the Start Menu. There’s also the little arrow-thingy on the task bar where certain background apps live. Why?

An Unfinished OS?

As I began customizing and exploring Windows 10, I began to realize that Microsoft must have pushed Windows 10 out the door before the pain was dry. There are odd discontinuities you the pleasantly designed Metro aesthetic ends and you’re suddenly thrown into some god-awful old-school Windows environment. This happens in the Settings panel often, for example, once you get a couple levels down.

Uh, guys, the Metro thing really works. Did you not have time to reskin the old Windows 7/XP UI sections? Please do this soon. It’s like you drove up in a super sweet ride, with designer shades on your face and then you get out of the car and you’re not wearing pants! Actually, you’re wearing tighty-whities.

Also, what’s up with the VPN workflow? As it currently works, it takes no less than four clicks to connect to my VPN. This should be one or two clicks, really. Please fix.

There’s a very nice dark theme, but, alas, it only applies to certain top-level sections of the OS. The File Explorer (a heavily used part of the UI), actually does not inherit the dark theme. There are hacks out there, but seriously, this should be as universal as setting your color scheme.

Can’t wait for Windows 10 to get all grow’d up.

Privacy

I’m going to write an entire blog on this, but Privacy is the biggest issue with this OS. Readers of my blog will know my personal feelings on this issue run strong. So I spent considerable time fighting Microsoft’s defaults, configuring privacy settings, messing with the registry (really?) and even doing a few hacks to lock this computer down.

Microsoft is really doing a number on its users. Windows 10 users are handing over unconscionable amounts of personal information over to Microsoft’s servers, their advertising partners and, if this info ever gets hacked (won’t happen, right?), to whoever wants to do a number on Windows 10 users.

Anyway, needless to say, I had to forgo using Cortana, which is sad because I’m very interested in these kinds of proto-AI tools. But as long as their phoning home, I just unplug them. Did the same to all the “Modern Apps” like Maps, News, etc.

Bottom Line

Breaking up with OSX was actually not as painful as I had expected. And I’m really enjoying Windows 10, save for a few frustration points as outlined above. Overall, it’s well worth the trade offs.

And my Dream Machine, which I christened Sith Lord (because it’s a big, dark beast), is running Adobe CC, rendering at light speed and could probably do the Kessel Run in less than 12 Parsecs.

ProtonMail: A Survivors Tale

Beginning November 3rd, encrypted email service provider, ProtonMail, came under a DDOS attack by blackmailers. Here is my experience, as a supporter and subscriber, watching from the sidelines. It’s a survival story with many heroes that reads like a Mr. Robot script.

Why Encrypt Your Email?

ProtonMail is an encrypted email service that I just love. It overcomes the problems with email providers’ harvesting your personal data for resale, the pitfalls of these databases falling into criminal hands and just plain weirdness you feel when every word, attachment and contact is shared to whomever.

To make my point on why everyone should use encrypted email, like ProtonMail, consider this experience: I recently had to fill out an affidavit confirming my identity but did not have all the particulars with me, such as past addresses, etc. No problem, I just logged into my 12 year old Gmail account and did some searching. In no time, I had all the personal info the affidavit required to prove my identity.

It’s not that I purposely saved all this information in there. It just accumulates over the years organically.

Imagine if that data fell into the wrong hands.

ProtonMail is a crowd-funded, free email service that comes out of the CERN laboratories in Switzerland and MIT. The engineers at these research facilities were inspired by the revelations of Edward Snowdon about back doors into email servers and the general collection of data by governments, so they built ProtonMail.

The service is simple, elegant and super secure. The encryption happens through the use of a client-side password, so theoretically, nobody, not even ProtonMail, can decrypt your emails and read them.

ProtonMail Taken Down

The recent Distributed Denial of Service (DDOS) attack began on November 3rd when a group held for ransom access to ProtonMail’s email service. This was a very sophisticated attack that flooded their servers with requests, but also their ISP. The result was that ProtonMail and several other sites, including e-commerce and banking sites, were unreachable. After failing to successfully fight back, the ISP and other firms put enormous pressure on ProtonMail to pay off the cyber gang. They did so and the attack stopped…momentarily.

Less than half a day later, the attack re-commenced. This time it was even more sophisticated and destructive. And, things got even weirder. The original blackmailers actually contacted ProtonMail to let them know they were not involved in the new attack. ProtonMail is pretty certain that the second attack was likely a state entity.

You can read all the details on their blog post on the incident.

Over this past weekend, November 7-8th, ProtonMail launched a response to the ongoing attack, deploying new defensive technologies used by large Internet firms, funded through a GoFundeMe campaign. As of this writing nearly 1,500 individuals donated $50,000 in just 3 days to help in this regard.

Those would be the first, rather large, set of heroes. Thanks to you guys!

Click here to add to the fund.

Social Networks Get the Word Out

The media was really late to this story. It was not until the end of the week that the first news reports came out about the blackmail story made sexier by the fact that the ransom was paid with bitcoins.

Most of the breaking news, however, was only available on ProtonMail’s Twitter feed and their Sub-Reddit.

It was on their Twitter page that they first disclosed the moment-by-moment details of their fight to restore access and their ultimate attempt to fund new defensive technologies. It was on Reddit that the controversy and pain was aired such as reactions to their payment of the ransom and frustration of everyday users at not being able to access their email.

People really gave them a lot of credit, however. And it was heartening that, despite some rather single-minded rants, most people rallied around ProtonMail.

Lessons Learned

One thing I was surprised about were some of the complaints from business people that were using ProtonMail as their exclusive business email. They were losing money during the attack so they were often the most irate. But you have to wonder about someone using an emerging tool like ProtonMail for something so critical as company email. Obviously, new Internet services take time, especially when they are not backed by seasoned VCs who are risk adverse.

I personally had not made the switch to ProtonMail entirely. Part of this was because they don’t have an iPhone app yet, which is where I do about 50% of my emailing. But I was getting close.

So, yes, I had a few important emails get bounced back to the senders. And perhaps one or two have been lost permanently (I may never know). But it does go to show that, for the foreseeable future, ProtonMail is not a reliable sole-email solution. However, given the work they are doing in response to the latest attack, this event may be the turning point that makes them a truly stable email service.

Just this morning, they came under another attack, but unlike previous days over the past week, they were back online very quickly. Hopefully this means their new defenses are paying off.

Bottom Line

ProtonMail rocks. I really love it. The recent DDOS attack only confirms that the good team at CERN and MIT are dedicated to doing what it takes to keep this alive. I can think of other such services that have folded when they came under similar pressure. In fact, the user community around ProtonMail is as serious as ever, shelling out the money required to safeguard encrypted email just when it counted.

There will likely be further trouble ahead. The British government has suggested it might ban encrypted email services. And who knows how the US will respond long term. So, there could be more chop ahead. But for the time being, it seems that ProtonMail may have survived a very critical test of its resilience.

Stay tuned!

Private Email to Foil the Snoops – ProtonMail Review

As we’ve been learning over the past few years, privacy has been getting the thousand cuts treatment. Everyone’s been in the act. Et tu Google? You betcha.

Fortunately, you can stop inadvertently BCC’ing Google, the NSA, the Chinese government, hackers, marketers and other creepers of your personal content. That’s thanks to some good people who actually live by the mantra to “Do No Evil” who have created ways for email users everywhere to keep their messages between them and their recipients.

Over the past week, I’ve been exploring one of these, ProtonMail.

The True Cost of Free Email

Most email services are profitable because they sell everything that you type and attach in your emails to marketing companies. Vast profiles about you are generated from this content. Think about it: what diseases you talk to your relatives about, your political and religious beliefs, who you spend your time with, even documents you attach from tax info to intimate photos. It’s all in there, and it’s all for sale.

You might immediately wonder why your email provider is collecting all this. It’s none of their business, right? Well, it is because you made it their business when you agreed to the terms of service. Even down to the attachments, by using services like Gmail and Yahoo! Mail, you are granting that company to access and sell the content to ad companies and beyond.

Now imagine that this database on you was to be hacked. Can’t happen? It has. The Chinese government hacked Gmail and has likely gleaned a ton of information on the world’s Gmail users. Most likely, they were interested in what their own citizens were writing, but if you ever wrote anything critical of China or work for a company with exposure to China, they might find that interesting too. Who knows!

The US Government has also hacked into Google (and just about every other Western tech firm) as well.

And if these entities can do it, so can criminals and the mischievous. So, again, why are we letting these firms put our information at risk in the first place?

Good news: you don’t have to anymore…

Private and Secure Email

Alternatives to Gmail and other market intelligence-based email services include:

HushMail and StartMail were early services that took your privacy seriously. Both promised not to ever sell your data, but their business model made up the difference by charging you for the pleasure of living privately and secure.

Tutanota and ProtonMail, on the other hand, are free. Both use similar end-to-end encryption techniques and are quite similar in most respects. When I weighed which one to go with, I ended up choosing ProtonMail, only because their servers are based in Switzerland, a country that has outlawed the seizure of private computer content.

My ProtonMail Experience

ProtonMail was created by developers working at the CERN lab in Switzerland who were inspired by Edward Snowden and who were shocked at how weak online security was becoming, thanks to very aggressive and dangerous actions by global intelligence services.

ProtonMail uses encryption that is unlocked locally, on your machine, so even if anyone broke into ProtonMail’s servers, they would need a few more years than the age of the Universe to decrypt your content. Translation: it’s pretty damn secure, despite claims that the NSA can decrypt encrypted data. They would still need a lot of time and effort to do so, so it’s unlikely they’ll go to such an effort unless you’re an active terrorist (or the leader of Germany).

Best of all, you can send securely encrypted emails even to people using Gmail or Hotmail. You do this by checking a box, creating a password and an optional password hint for the recipient. They then receive an email with a link to ProtonMail. By following that link, they are taken to a secure web page inside ProtonMail where they can read and reply to your message by using the password. Or, if it’s nothing you’re worried about sending, you can just send it as regular, unsecured email to your Gmail friends, in which case it works as normal…but can be gleaned for any info you might have carelessly included.

Here’s how ProtonMail pans out.

UI and Functionality

This is more than just a bare bones email service. ProtonMail comes with a secure Contacts manager, email search and many other features you would expect in a modern email service.

The UI is clean and very straightforward.

Probably the hardest thing about using ProtonMail is the encryption, but not because it’s complicated…it’s drop dead simple…but only because it adds a step to your email creation if you plan on sending encrypted emails to people on Gmail, for example. In this case, you just have to come up with a good password and hint that your friends can figure out. It can actually be a little hard to come up with something that isn’t as easily hacked as “The city we met in.”

The other complication is that you have two passwords. One is used to access your mailbox and the other is used to decrypt the messages. So you have to enter two of these. In my case, I use KeePass password manager, so I just create super crazy, long, gibberish-based passwords for both of these and store them in the manager. Then it’s just a copy and paste action that I need to do twice when I log in…slightly easier, in fact, than using the two-factor authentication I use with Google, compounded by my non-use of cookies.

The Mom Test

I tested the recipient experience with my Mom (very non-technical) and some friends (generally non-technical) to see if any of this would keep people from reading and replying to me. So far, ProtonMail only snagged my mom, because she didn’t think of using caps on a name I was using for the password.

My mom also didn’t understand that she had to reply from within the browser window. Some caveats here: I believe she still thinks of email as something that she has to do in AOL.

My friends fared much better with no reports of trouble. So overall, I’d say there is a small learning curve for some recipients.

The Private Future

The hope here is that most people will gravitate over to ProtonMail or services like them, so that everyone’s on the same, private page. As I mentioned above, there are some extra steps with using ProtonMail with non-ProtonMail recipients. But if you’re communicating with friends that also use ProtonMail, the encryption is already there and you can relax…so obviously, I hope you all join ProtonMail.

The People Wide Web

The debate around Net Neutrality has taken an interesting spin of late. Just as foes to Net Neutrality have gotten closer to their goal of setting up tollways and traffic controls on the information superhighway, some drivers are beginning to build their own transportation system altogether.

Net Neutrality is a concept that has been the norm on the Internet since its inception: the idea that every website gets equal treatment by Internet Service Providers (ISPs). But of course, media companies and the ISPs could conceivably benefit greatly if surcharges for access to higher bandwidth were allowed on the Net. For example, let’s say that Cable Company A offers priority bandwidth to Media Company X, allowing it to serve super high-def streaming video to users at lightning speed. However, Startup Company Z will then be obligated to compete against Media Company X for that bandwidth in order to provide the same quality service. Same goes for Blogger Y.

Fat chance of that. Indeed, given the pace at which media consolidation continues to go unchecked by regulators, were Net Neutrality abandoned, the Internet would quickly resemble something akin to how Network Television dominated communication in the years before high-speed Internet arrived.

And this is what concerns many people since a free, open web has so clearly promoted innovation. So far, the battle is not lost and Net Neutrality is still the norm. Nevertheless, some are creating back up plans.

This past week, BitTorrent, the people behind the popular torrent app uTorrent, announced they are exploring the creation of a new Internet which takes back control of the web and distributes access to websites across peer-to-peer networks.

Called Project Maelstrom, this torrent-based Internet would be powered by a new browser which would effectively rework the Internet into a much freer network with pretty much no gatekeepers.

Details are sparse at the moment, but essentially access to websites would be served as torrents, and thus not served from a single server. Instead, the sites would exist across the peer-to-peer network, in small, redundant bits living on people’s computers. Essentially, its the same technique used for torrent-based file sharing. When you try to access a site, your computer queries the torrent network and dozens of computers begin sending you the packets you need to rebuild the web page in question on your browser. And even as the web page is partially assembled, your computer then begins sharing what it already has with other people trying to access the site.

The result could likely be a much faster Internet, with much greater assurances of privacy. But technical questions remain and this does sound like it could take some time. But wow, what a revolution it would be.

Of course, this could get tricky to pull off. As you may have heard this week, the infamous torrent website Pirate Bay was taken down by authorities in Sweden this week. Pirate Bay serves up links to torrents allowing people to download everything from freeware applications to Hollywood movies that haven’t even been released yet and so has been targeted by law enforcement for years now. Even on today’s Internet, Pirate Bay could conceivably come back online at any time. But if the BitTorrent’s peer-to-peer Internet were realized, Pirate Bay would be back up instantaneously. Indeed, it would probably never come down in the first place. Same goes for Dark Net sites that sell everything from drugs to human beings, which have also been recently taken offline.

Bottom line is: Project Maelstrom is another example of how a free and open Internet is unlikely to ever go away. Question is, how much freedom is a good thing?

My own personal take is that taking back control of the Internet from media companies and ISPs would, on balance, be a great thing. Bad people do bad things in the physical world and that’s why we have never defeated crime 100%. As long as there is an Internet, there will be those that abuse it.

But even more importantly, innovation, freedom of speech and freedom to access information are core to advancing society. So I welcome Project Maelstrom.

So here’s a toast to the People-wide Web!

Is Apple Pay Really Private?

Apply Pay, the new payment system unveiled by Apple yesterday was an intriguing alternative to using Debit and Credit Cards. But how private, and how secure, is this new payment system going to really be?

Tim Cook, Apple CEO, made it very clear that Apple intends to never collect data on you or what you purchase via Apple Pay. The service, in fact, adds a few new layers of security to transactions. But you have to wonder.

A typical model for data collection business models is to promise robust privacy assurances in their service agreements and marketing even though the long-term strategy is to leverage that data for profit. Anyone who was with Facebook early on knows how quickly these terms can change.

So, when we’re assured that our purchases will remain wholly private and marketing firms will never have access to them, how can we really be confident that this will always remain the case? We can’t. So, as users, we should approach such services with skepticism.

As with anything related to personal data, we should assume that enterprising hackers or government agents can and will figure out a way to access and exploit our information. Just last week, celebrities using Apple’s iCloud had their accounts compromised and embarrassing photos were made public. And while Apple has done a pretty good job at securing Apple Pay, it’s still possible someone could figure out a way in…and then you’re not just dealing with incriminating photos, you’ve got your financial history exposed.

So ask yourself:

  1. Can you think of things you buy that could prove embarrassing or might give people with malign intent a way to blackmail or do financial damage to me?
  2. If my most embarrassing purchases were to become permanently public, can I live with that?
  3. How would such public exposure impact my reputation, professionally and personally?
  4. Does the convenience of purchasing something with my phone outweigh the risks to my financial security?

Depending on how you answer this, you may want to stick with your credit card.

Or just go the analog route and use the most anonymous medium of exchange: cash.