An orientation in three registers — what the network sees of you, what's actually happening on a normal page, and the moves that change either.
DNS resolves the hostname before encryption begins. Even on HTTPS, whoever runs your resolver sees the names of every site you visit. The encrypted part starts after the address has already been read.
A schematic timeline of one page load. The DNS phase is highlighted.
Pages are programs. They execute scripts, persist state across visits, accumulate identifiers, and read attributes of the device they run on. The browser is the operating system most people actually live in now.
Vertical stack of the browser surfaces a typical page touches.
On your device. On a server you control. On a server somebody else controls. The third column is bigger than most people realize, because the apps that feel local are mostly thin clients for it.
Columns weighted by where a typical person's data actually sits today.
You visit four sites. Each thinks it's seeing someone new. From inside any single site, you are anonymous.
The four sites independently embed the same ad or analytics SDK. That SDK sees the same cookie, the same fingerprint, the same IP across all of them. The four anonymous visits are now one identifiable trail.
The SDK's operator holds the join. You don't have an online identity — you have a correlation, maintained by parties that aren't named on any of the pages you visited.
A typical news or commerce page makes dozens of parallel requests in the first two seconds. Most go to companies whose name does not appear on the page. The page itself is a small fraction of what loaded.
Schematic waterfall. Bar colors mark category, not actual domains. Illustrative of order of magnitude, not measurement.
Every request announces a fingerprint: your timezone, screen size, language, installed fonts, GPU vendor, audio context. None of it is named "you." All of it identifies you. The combination is more unique than your name.
Schematic of the fingerprint surface. Not your actual fingerprint — that would be hostile to compute here.
Enable DNS-over-HTTPS in your browser. Lookups travel encrypted to a resolver of your choice. Your network provider stops seeing which sites you visit by name — they still see encrypted blobs to a resolver, but the readable list of destinations is gone.
Schematic of the same lookup before and after. Not a packet capture.
Pick a resolver you trust. Set it in the browser. Done.
Use a browser that ships restrictive fingerprinting defaults (Firefox, Safari, Brave). Don't install extensions that re-broaden the surface.
Isolate cookies per site or per task. Clear on close where you can. Sign in only where the value justifies the persistence.
Every extension is privileged code with access to every page. Three good ones beat ten plausible ones.
A feed decides what you see and when. RSS is the opposite arrangement: you keep a list of sources, you decide cadence, your reader fetches when you open it. The network can't optimize for engagement it can't measure.
Two timelines of the same hour, drawn the same scale.
The architectural answer to surveillance is not encryption. It's location. A photo edited on your laptop, a note kept on your phone, an email read in an offline-first client — these don't need to be private because they were never transmitted. Encryption protects what leaves. Local computation prevents departure.
The same three columns from Sc 04, weight redistributed.
Most leakage isn't a malicious moment. It's a default no one ever picked, doing what defaults always do. Picking once — deliberately — is most of the work.
The list isn't advice — the categories are the advice. Pick anything in each row, but pick.
Privacy isn't a stance against the network. It's a refusal to emit by default. The network is what it always was; the only thing under your control is what you hand it.