How to improve your online privacy
People increasingly submit more of their data – most likely without thinking – everyday. So it’s important to know about the simple things that will improve your privacy and help establish good online safety behaviours. Whether you’re browsing for items to buy, researching a medical condition or posting about a holiday, there are hundreds of touchpoints when…
People increasingly submit more of their data – most likely without thinking – everyday. So it’s important to know about the simple things that will improve your privacy and help establish good online safety behaviours.
Whether you’re browsing for items to buy, researching a medical condition or posting about a holiday, there are hundreds of touchpoints when your life can be digitally documented. These electronic crumbs create your digital footprint and there are ways you can protect your identity.
Many of us now – often unintentionally – contribute metadata to the various services we use. This data can be aggregated and anonymised but can be used to cross match activities and build a profile of us as individuals.
Unique identifiers of our personal lives include device information, location details, usage patterns, browsing behaviour, perceived loyalty to a service and much more.
Some internet users take a broad approach to their online privacy, for example, by giving social media sites and search engines a wide berth and restricting the information they voluntarily contribute to their own digital footprint. They may also choose to turn off devices when not in use.
If ‘threat modelling’ interests you consider reviewing the Electronic Frontier Foundation’s ‘Surveillance Self-Defense’ guide.
Why you should care about online privacy?
Discussions about privacy, its relevance and its place in the world continue. Discussions often focus on the trade off between privacy and safety, the values individuals place on their own privacy and what they are willing to sacrifice in return for services they consider to offer more value.
Wherever you place yourself on the privacy continuum – from ‘conspiracist’ to ‘publish everything’, there’s a chance you believe elements of your life should remain personal.
Our advice is designed to help you think through when, where and how you share your personal information online.
1. Protect your privacy: If you grew up before the internet, the concept of ‘stranger danger’ was likely focused on the raincoat wearing predator, keen to kidnap you with promises of puppies or sugary treats. As a result, you understood the need to be careful around people you don’t know and didn’t share information like your home address.
In the digital age, this risk remains but now encompasses more aspects – your address but potentially also location coordinates embedded in images you share and other personal information you share online.
Personal information includes:
- Your full name and date of birth
- Place of employment or where you study
- Phone number(s)
- Your email address
- Home address
- Credit card numbers and banking login information such as PIN or security codes
- Your interests, activities and connections such as what movies you watch, where you went for a run this morning and who you are friends with or work alongside.
Be careful when, where and why you share your personal information.
- Employ common sense in any situation. You may be asked for personal information by people face to face, over the phone or online. Before providing it understand why they want your data and what they intend to do with it.
- Share your common sense knowledge with family. Discuss personal safety – both online and off – with your whanau and teach them why they shouldn’t share personal information, especially with new ‘friends’ made online. Our Toolkit might be useful.
- Practice simple privacy techniques such as obscuring your keyboard when typing in your password or punching in your PIN at an ATM.
- Social engineering occurs in many formats and on many platforms so be alert to attempts to befriend you on Facebook or LinkedIn for the information or connections you hold in your network.
- Be careful naming your devices. Does your smartphone carry your full name or the name of your employer? This personal information might show up in public, for example, when the phone makes requests to connect with a familiar Wi-Fi access point. Details like this can help with Wi-Fi fingerprinting.
2. Enhance email behaviours: Think before you send that email. Anyone who has access to your email can see what you write, when you send it and who you communicate with. This can be a major privacy or safety issue and the harm that can be caused through email accounts being spoofed or breached is well documented.
- Keep a clean email: Be cautious where and when you use your email address. You should try to keep your email footprint as small as possible by only sending personal information direct to an individual and avoid ‘replying all’ so that everyone on a mailing list can read your response.
- Do not reply to spam messages: Spam is a constant issue for email users and best practice dictates that you simply delete unwanted messages and do not attempt to unsubscribe. Replying with a request for removal or clicking through to a bogus unsubscribe process only confirms that your account is active and can be targeted with more offers or sold on.
- Secure your communications: One way to improve your email safety is to investigate disposable email providers that can offer you a one time address. Registering with a disposable email account can improve your privacy if a website or service provider finds their database is breached in the future.
- Consider encrypting your email messages: This means that information you send and receive is scrambled and harder to intercept. PGP encryption is the most well known form of this and has been made easier to implement through the Mailvelope extension for Chrome and Firefox users. If you’re keen to encrypt you can investigate tools such as end to end encrypted messaging software like the Signal app for devices.
3. Browser privacy protection: Your internet browser hoards a lot of personal information about you. Your browsing history – the sites you visit – and ‘cookies’ that record elements of your activity are just two examples of the data your browser may be collating by default.
- Choose your browser wisely: Some privacy advocates prefer to use Firefox over other browsers. Your choice of browser is a very personal decision and you may want to weigh up the argument on what software you feel happy to use versus the possibilities of data gathering.
- Run parallel lives: If you have multiple browsers installed on your devices, some privacy fans suggest segmenting your activities by simply using one browser for social and commercial surfing and another for other, more sensitive activities.If you’re keen to avoid any form of ‘filter bubble’ – where your search results may be influenced by sites you’ve previously visited or past web searches – consider using Google’s Verbatim tool. You can also review and remove your search, location and YouTube history.
- Go Incognito: A quick and easy way to limit the tracking of your online activities is to use Private Mode or Private Browsing. Your browser will not store cookies or internet history during the session but remember that this provides limited protection against the tracking of your IP address by destination sites and your ISP too. Closing and exiting a browser run in private mode every time you’ve finished an activity online can ensure that any data stored can’t be matched against other sessions and help with profile analysis.
- Plugin privacy: The next step up in tackling the trackers is to investigate ways to block out a lot of the behavioural advertising focused systems that may monitor your online activities. Popular browser plugins or extensions include:
- Ghostery (for Firefox, Chrome, Safari and Opera)
- Privacy Badger (for Firefox and Chrome browsers)Getting to grips with these privacy add-ons can help minimise user profiling further and potentially speed up your surfing. Note that some sites may not work correctly or ask you to disable a plugin – especially an ad blocker – to allow you access.
Whilst you’re dabbling with plugins, look for options like ‘NoScript’ for Firefox to prevent malicious scripts from running on your system or HTTPS Everywhere, a Firefox, Chrome and Opera extension that encrypts your communications with many major websites.
If you use work equipment for completing personal tasks, be aware that your employer may monitor your online activities and how you use devices and systems provided to you. That could include your email account, your work laptop and/or smartphone.
4. Smart devices: There’s no doubt that having a device offers instant communication options over multiple networks and access to the internet. There are some issues to consider though which include:
- Tracking of your location by various parties
- Access to data on the device if lost and not protected by a password or PIN
- Monitoring of your time and activities
- Access to your personal information by third parties such as app providers
Our advice is to:
- Turn off Wi-Fi and Bluetooth functionality until needed as this can increase your privacy and save your battery simultaneously.
- Examine what you’re sharing via location services and what apps can access your location.
- Review the apps you have installed and what permissions they request. What data can they see and why do they need it? Delete those you no longer need.
You can also check out our 12 tips for protecting your mobile device.
5. General online privacy tips:
- Be cautious when using free Wi-Fi hotspots: Never undertake sensitive activities over a free Wi-Fi connection. It’s worth investigating a personal VPN service if you spend a lot of time on the road to add another layer of security.
- Look for SSL security when undertaking any online purchase or logging in to systems: The two most common signals that your browsing is protected by Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols is the padlock icon shown somewhere in the browser (not the website) and that the web address or URL begins with ‘https’. You can also investigate the ownership and status of these secure certificates in greater depth.
- Encrypt your data: No matter what your views on using PGP to secure your email, you can take steps to encrypt the information stored on your devices should they be lost or stolen. Full disk encryption (FDE) makes it harder for people to access and read your files and provides an additional layer of security for information you want to protect. You can also encrypt data placed on USB sticks – if you regularly carry files around with you on small items that are easily lost – and investigate ways to encrypt information before it’s backed up in the cloud.
- Cover or disable webcams or camera functionality: You may want to review information on webcam hacking via remote administration tools or RATs and simply cover the camera with a piece of sticky tape to avoid prying eyes.
- Use a firewall to protect against threats and detect suspicious activity: Firewall software should be a standard part of your online defences and can help you monitor what applications and processes are connecting across the network. Windows and Mac computers come bundled with this software in the form of Windows Firewall and OS X Firewall. You can also choose to use other software such as the popular Mac network monitor Little Snitch which can help see and block outbound connections.
Privacy case study – Scams
One of the most common scams reported to us involves the promise of inexpensive or free product trials and other competition/lottery offers designed to part you from your personal information (and later your payment details).
Fill out that competition entry form with your name, interests and address, etc and the organiser is guaranteed to win as your information can be sold on to others or targeted with spam. It’s worth thinking through the odds of winning the prize versus the value of your data.
Scammers are just as keen to build and sell on marketing lists as commercial organisations that follow international best practice on privacy. Fall victim to one con and there’s a good chance you could be targeted by a recovery scam or other approach. Check out our advice.