Privacy: The Future of Content Filtering

Peter Lowe shared his thoughts on the future of data protection and internet tracking on the eye/o blog last week.

Tracking on the internet is something that's very, very hard to avoid, if not completely impossible. It's so common and accepted that even companies claiming to be "privacy preserving" actively implement methods to circumvent attempts to block them. Massive data breaches have shown the type and scale of data that's being kept about us. It's everywhere.

Sometimes it might be tempting to give up and just accept tracking as a fact of life -- and, actually, that's what more than a few people I know have done -- but there's still a lot you can do to minimize the amount of your personal data being kept, shared and sold. And there are countless people working on standards, regulation, tools, services, and methods to help us - so it's not entirely hopeless.

But what does the future look like? I have a few guesses.

Regulation

Regulation has arrived, and is here to stay. More and more places in the world are implementing regulation around data handling to a greater or lesser extent, and companies are having to adjust to take this into account.

You've probably heard of GDPR, and may have heard of the CCPA in California - but did you know that Nevada has its own regulations? And even China is talking about implementing their own laws?

However, each set of rules is slightly different. Some are focused on individual rights, some are more focused on company responsibilities. Some have teeth, some don't. So what I expect to become more common is something along the lines of tax laws: companies will start operating out of regions that are advantageous to what they're trying to do.

We've already seen this to some extent. Quad9, the open public recursive DNS resolver that provides malware protection for free, moved its operational and legal headquarters to Switzerland recently. This ensures that legally it's an EU organization, and subject to GDPR along with all the other regulations. Though on the flip side, it's not uncommon to see error pages saying that a site is no longer operational for visitors in the EU.

So, just like funneling money through tax havens and taking advantage of shell companies, data will be stored in places where the rules don't apply. Legal loopholes will be taken advantage of, allowing data to be abused in ways that the regulation has tried to prevent. And none of this will be visible to anyone except the most determined analysts.

Layered privacy protection

Most people I know use some form of browser addon for content filtering, in particular ad blocking. This is great for browsing, but with the proliferation of chatty IoT devices, services loading in the background, mobile phones, and whatever else, this isn't enough anymore.

This means that people interested in protecting their privacy online need to look at additional methods. DNS filtering, for example, is a great way to protect your whole network against threats and data sharing coming from IoT devices - especially those that can't be upgraded and have no way to configure. For more serious applications and specific uses, VPNs are another way to mask your behaviour online. And simply using privacy focused services is a great thing to do - DuckDuckGo, the Brave Browser (and their new search engine), Apple iOS - these are all using privacy as a selling point.

My prediction on this side of things is: privacy will move from being a unique feature, to becoming something that is actively looked for and more commonly offered. And if you care about your privacy online, then we'll have to use these products all over the place.

New threats

Regulation is coming into place, the ways to protect ourselves are becoming more plentiful, and everything's getting easier to use.

Which means one thing: the people who want to track you are going to try harder.

Browser fingerprinting used to be uncommon; now it's a standard part of how ad networks operate. Server-side data sharing was unusual for most companies; now it's becoming the default. CNAME cloaking was basically just a theory at one point; now academic papers are being published on how widespread it is.

But that's just the start.

Facebook has patented methods for identifying a camera's geolocation based on scratches on the lens, and the people it can identify in the photo. Amazon wants to monitor people's moods based on the sounds an Echo device can hear while you're sleeping. Oculus (well, Facebook) is monitoring what people are looking at and how they're moving, so that it can place ads directly into VR games. Fitness trackers are identifying users with PTSD and targeting ads for antidepressants at them.

One of those is false - but without checking, do you know which one?

So where are new threats going to come from? This is harder to predict, but my guess is that we'll really just see more advanced versions of what's already happening: taking data that doesn't seem useful, and turning it into a way to build up profiles of people and target them. As tracking becomes even more pervasive and precise, unconscious details like eye movements, heart rate, involuntary actions, microexpressions, if they aren't already being factored into targeted ads, will be.

And, of course, SPACE ADS. We're going to see ads from space and privacy threats alongside them. But that's a whole other article.

Search
  • There are no suggestions because the search field is empty.
Latest posts
Tycoon 2FA Infrastructure Expansion: A DNS Perspective, and Release of 65 Root Domain IOCs Tycoon 2FA Infrastructure Expansion: A DNS Perspective, and Release of 65 Root Domain IOCs

Our analysis of Tycoon 2FA infrastructure has revealed significant operational changes, including the platform's coordinated expansion surge in Spanish (.es) domains starting April 7, 2025, and evidence suggesting highly targeted subdomain usage patterns. This blog shares our findings from analyzing 11,343 unique FQDNs (fully qualified domain names) and provides 65 root domain indicators of compromise (IOCs) to help network defenders implement mo...

The Best Content Filter Software Checklist: A Buyer's Guide to DNS-Level Protection The Best Content Filter Software Checklist: A Buyer's Guide to DNS-Level Protection

Staying Ahead with Smarter Web Filtering

Across every industry and network environment, content filtering isn’t just a matter of productivity, it’s a front line of defense. From malware and phishing to compliance risks and productivity drains, the threats are real, and the stakes are high.

Smarter DNS Policies: What You Should Be Blocking (But Probably Aren’t) Smarter DNS Policies: What You Should Be Blocking (But Probably Aren’t)

DNS filtering is a foundational layer of defense and helps to fortify the strongest security stacks. Most organizations use DNSFilter to block the obvious: malware, phishing, and adult content. That’s a great start, but many are missing out on the broader potential of DNS policies.

Explore More Content

Ready to brush up on something new? We've got even more for you to discover.