The Definitive Guide to Privacy Online
Privacy Online Is About People vs. Big Tech
Whether you are constantly posting on social media, occasionally shop online, or simply use the Internet to surf the web, you are being watched, even when you’re in the so-called “privacy” of your own home. Does that bother you? Do you know who’s collecting your data and what they’re doing with it? Would you know how to stop it if you could?
Pew Research Center studies continually find people are concerned about all of the personal data that is collected and shared about them, but few know what to do to protect themselves.
More than half of Americans worry about their online privacy and data security, but nearly every American feels like they have “lost control” over how their data is collected and shared. This leads many people to throw their hands in the air and give up, waving the white flag to what they view as the Goliaths of the internet world who have an unfair advantage. While the vast majority of us use social media of some sort, fewer than 10 percent feel “very confident” those companies protect their data.
It’s difficult to trust companies to be good stewards of our data because we constantly hear of data breaches and receive targeted ads that are timed eerily well. Most people want to do more to protect their privacy, but more than a third feel they don’t have a choice in how apps can use their data. They’ve lost the battle, even before they have begun the fight.
All of this data privacy and internet security stuff is relatively new and unfamiliar to most. It can be overwhelming, causing many to cross their fingers instead of arm themselves with a defense strategy. This Definitive Guide to Protecting Your Privacy Online serves as your wakeup call to what’s going on in the internet world. Not so much as to scare you (there’s already plenty of that tactic in the world) but to empower you with facts, tools, and best practices so you have a fighting chance.
Why Are Web Sites Tracking Me?
Have you ever been surfing online, even from a home computer, then check Facebook on your smartphone and there’s an advertisement for something you just looked at online? That experience can be strange enough to make you ask “is my phone listening to me?”
Have you shopped online for something, then when you return to that site a month later, the brand is recommending products that happen to be similar to the ones you already purchased?
Have you ever gotten into your car and even though nothing is on your iPhone calendar that morning, you get a “helpful” notification that it’s 12 minutes to the gym. Wait, what? How did my phone know I was going to the gym? Now that’s just creepy.
What’s really going on is savvy, modern marketing. Most of all of this data collection and tracking are for the purpose of personalizing advertisements so companies spend less time marketing to mass audiences who are not interested in their product and more time targeting their marketing to specific people who they know are already interested. And why not? It potentially helps them save more and reduces the amount of irrelevant advertising you see.
RSA, a global cybersecurity company, found only 29 percent of people believed all of this data collection leads to better products and services in 2018, down from 31 percent in 2017. Seems like those marketing tactics are losing their shine. Perhaps because 45 percent of U.S. respondents say they have been the victim of a data breach in the last five years. They are fed up with companies mistreating their data. Only 22 percent of consumers agreed that they would be willing to hand over personal data to improve experiences.
Even as companies, web browsers, social media channels, retailers, etc. are all “watching”, collecting and analyzing your habits and data for marketing purposes, they aren’t always protecting your data. Even worse, few consumers have any idea how the data breadcrumbs they leave behind will be used and who will see it. We don’t read the data privacy policies and even if we did, we wouldn’t likely understand them.
What Private Data Are Web Sites Tracking?
Your online data includes more than your name, physical address and phone number. Here’s where it gets scary. It’s an ever-growing database of personal information that can include:
Purchases & Surfing Activity
- Every credit card number you’ve ever had
- Every username and password you’ve ever used, if it’s not encrypted
- Every website you’ve ever visited and how long you stayed on each page
- Every purchase you’ve ever made per store, including size, price and type of item
- Every person you’ve ever emailed or received an email from
- Every friend and follower on each of your social media platforms
- Every post or photo you’ve ever liked or commented on.
- Where you’ve driven and what you drive
- What time you set and turn off your phone alarm
- When you lock and unlock your doors and arm and disarm your security alarm
- What temperature you prefer in your home at which times and seasons
Online Shopping & Media Usage
- Which coupons you clip
- What music, movies, and TV shows you like and how much time you spend doing with them
Healthcare & Fitness Activity
- What kinds of exercise you do and how long you do it, if at all
- Your weight, height, and sizes
- Your eating habits and how often you eat out and order in
- What medical conditions you’ve researched
- What medications you purchase
Other Personal Information
- The names of your pets, your kids and your partner
- Every place you’ve ever held a job and how long you had it
- Your income level
- Where you donate (if at all) and how much
- Where you drive to and from every day
- Where you travel and how much you spend on your trips
Pretty eye-opening. What’s worse, all this data, your data, is a commodity, often collected and sold to third parties who want a piece of you, too. Many people aren’t aware of all of the data that’s collected and even those who are, don’t always care because they don’t know what they don’t know. They believe that being tracked online is inevitable and there’s no way to stop it. All of this data collection is a little unnerving, but it doesn’t usually pose much harm, right?
Why Should I Care About Data Privacy?
The problem is, the data collected about you isn’t only what you bought at Target.com. It’s everything about you: the good, the bad and the ugly. If someone or an organization wanted to, they could put together a rather fascinating portfolio of you and share it with anyone they wanted.
What’s more common is these companies store a database of your information without proper security, exposing it to breaches. A staggering 46 percent of U.S. companies suffered a data breach in 2018, nearly double over the year prior. That means there’s a good chance some of your personal data was discovered in those breaches.
According to Fábio Esteves’ article in Medium, there are ideological and practical reasons for caring about your privacy. He believes you have a basic right to privacy and it’s what makes this country so great. Not all countries can say the same. Information in the wrong hands can be dangerous. And while you may not think the pictures you post and the items you buy online matter much, they might one day in the future, when you’re being considered for a new job, running for public office or the target of a disgruntled employee or neighbor. The right data taken out of context can damage even the best of reputations. Esteves puts it this way: “If someone asked you in person 100 questions about your personal life to sell it, would you answer them? But you let this happen every time you use a service that makes money selling your info.”
Facebook has become a FIVE HUNDRED BILLION dollar company by selling advertisements based upon sensitive data, tracking your activity around the web, and profiling users. There have been reports of an Alexa home device recording home conversations and emailing them to a user’s employees. New Yorker points out in the article that if people are told they are being monitored, they are alarmed and demand their right to privacy.
Are we sacrificing privacy for convenience? Shouldn’t we have the right to say who can have our data and what they can do with it? The truth is, data privacy is as much the consumer’s responsibility as it is the companies who collect the data. The good news is it’s not as difficult as you may think. In fact, this Guide is going to walk you through the various tools and practices you can use right now to dramatically improve your data privacy.
The Best Privacy Apps & Best Practices
The list below highlights the most current tools and best practice recommendations that you can implement immediately. The tools are easy to get and can be used within minutes, however, the Password Manager does take a little more time to set up all of your accounts. Keep in mind there is not one single “solution” to data privacy. In order to protect yourself, you will need to use multiple weapons of defense.
Private VPN - Virtual Private Network
Hides your IP address, encrypts your internet browsing and protects your online identity, especially if you use a public WiFi network, so you can browse anonymously. Some security software offers a VPN as part of its package, but they’re not necessarily the best options.
Instead, you may want to purchase a reputable one online and keep it turned on every time you use the internet. Beware of fake VPNs and questionable companies by reviewing their privacy policies and permissions, and checking third-party sources for referrals. According to experts, not all VPN providers encrypt your data and some even share it with independent third parties. NordVPN is recommended both by PC Magazine and CNET as a top performer. ProtonVPN gets high scores for both performance and price. Private Internet Access VPN is another good pick. The company has been around since 2010, comes in at one of the lowest prices and has more servers than most for ultimate anonymity.
Ad Blockers & Tracking Blockers
Prevents web ads, and their potential cookie and other tracking capabilities, from appearing on a webpage while you surf. They are free browser extensions offered by most browsers, like Chrome, Firefox, and Safari, but these aren’t always as effective as third-party options.
You can quickly download one or more free versions from a third party, like Adblock Plus (most popular but not as good for blocking tracking), Privacy Badger (only extension that blocks all Facebook “Like” trackers), uBlock Origin (comprehensive blocking) and Ghostery (highly customizable), or use a search engine like DuckDuckGo that has a built-in tracker blocker. By blocking all or some ads, there is less risk for malware and tracking, plus they give you a much smoother and more pleasant browsing experience as you won’t be bombarded with ads while you browse.
One caveat - ad blockers may disrupt website features you actually want, such as slideshows, logins, and even videos. Most ad blockers give you a “whitelist” option to disable the blocker on the sites where you encounter issues.
Stores and creates complex, hard-to-guess, unique passwords for every site and app so you don’t have to remember so many. All you have to do is remember one password and it does the rest. As a reminder, never share passwords with others or use the same (or similar) password on multiple accounts.
Many password managers also protect your PINs, credit card numbers and CVV codes, and security question answers with encryption. Setting up your account is quick, but it does take some time to reset all of your passwords on every site/app you use. Some offer free versions, but these versions aren’t as robust or easy to use as the paid versions. Prices range from around $12 to $40 per year.
Beyond managing passwords, many companies have unique capabilities. 1Password works well with a large number of mobile apps and has excellent password privacy options. LastPass scans all of your passwords and notifies you of any weak or duplicate password, automatically changing them for you. Dashlane tells you if any of the websites you visit have reported a data breach. Blur gives you the ability to create one-use numbers for your credit cards and phone so you never have to share your actual numbers.
Private Email Clients
Your email client receives, sends and organizes your email messages. Some of the most common email clients are Mail on the Apple iPhone and iPad, Gmail and Outlook. Even though these are free to use and quite popular, they don’t automatically encrypt your email data and aren’t known for protecting their customers’ privacy or data. Encryption means your messages can’t be intercepted or sold to third parties, instead they are anonymous. You can turn the encryption feature on in these traditional email clients, but it isn’t simple to do.
Thankfully, there are other options that make protecting your email data much easier. eM Client allows you to migrate your messages from Gmail and other email clients, as well as gives you the option to import your contacts and calendar. It also has a wealth of advanced features for free.
ProtonMail automatically encrypts and decrypts email as you send and receive them. They do not ask for nor keep any of your personal data, making all of your information highly private. Mailbird is highly customizable and integrates with many of your apps, including messaging and collaboration apps, calendar and social apps.
Thunderbird allows you to add as many email accounts as you want, including personalized email addresses you can create within Thunderbird, as well as third-party extensions to add your favorite apps.
Allows you to send and receive instant messages. If you want your instant messages to be private, you’re going to have to move beyond Facebook Messenger, Google Hangouts, Snapchat, and WhatsApp. These apps are popular and easy to use, but they also have weak data privacy and security practices. Even though iMessage and FaceTime get slightly better scores for security, they still fail to meet many security standards. According to the Electronic Frontier Foundation, a nonprofit organization that defends digital privacy, a solid messaging app should be open-source (anyone can check the source code, protocol, and API for vulnerabilities), offer encryption that even the provider can’t read, as well as verification of the contacts’ identities.
Signal is open-source and encrypts text messages and calls so no one else can read or see them, including Signal. Their server doesn’t have access to your calls or messages so they aren’t stored or sold.
Telegram is open-source and offers an enhanced “secret chats” feature that uses end-to-end encryption. You can also set a time for messages to “self-destruct,” leaving no trace of them on their servers so they can’t be forwarded. Currently, Telegram does not offer a voice or video calling option.
ChatSecure is an open-source platform made for iOS and advertises the most secure encryption available, including end-to-end encryption and off-the-record (OTR) cryptographic protocol.
Web browsers are the application you use to access the Internet. Using a private browser is one of the best ways to minimize the amount of personal data being collected, but not all browsers care much about your privacy. Some of the most popular web browsers today are Google Chrome, Apple Safari, and Mozilla Firefox but all are not equal when it comes to data privacy.
While all browsers offer a private browsing mode that you can turn on manually, be wary. They may not protect your data as you assume. For example, Google Chrome’s Incognito Mode, Internet Explorer, and Edge InPrivate browsing modes don’t track your searches, page visits, the data you enter on forms or the files you download, but they require you to manually delete this information from your computer after you close the privacy mode.
While Google Chrome has introduced more security settings lately, people are still skeptical of a company that makes its money by knowing everything about you. They may provide a secure browser, but “secure” and “private” are two different things. For instance, they may be able to effectively protect you from malware, but they also have a financial incentive to know what sites you visit, what you buy, etc.
Apple Safari is no longer supported by Windows, so unless you use a Mac, you can’t use it. Apple has greatly upgraded their privacy standards, implementing ad-tracking and fingerprinting blockers, warnings when websites and social sites are trying to get to your cookies and other personal data. Yet, even with these improvements, just as with Chrome, Safari is owned by a huge enterprise that may or may not have its own interests at heart.
Internet Explorer used to be the go-to browser, but it has gained a bad reputation when it comes to security, even if their newer versions are much better. It’s completely closed source so there’s no way to know what mechanisms they’ve included in their code that could compromise your privacy. There are simply better options for secure, private browsing.
Microsoft Edge “Microsoft Edge”) is Microsoft’s replacement browser for Internet Explorer. Shockingly, Microsoft Edge is entirely open-source and is based on the same rendering engine used by Google Chrome & Safari (Chromium). By default, it doesn’t block ads, trackers, or videos, but between plugins and advanced settings, you can configure it to be a reasonably private browser. If you use Microsoft Windows and prefer to use a Microsoft browser, this is your best choice.
Firefox is similar to these in that they save your downloads and bookmarks until you manually delete them, but they do a better job with protecting user privacy and it has open-source code. They offer plenty of add-ons to enhance and customize your security, such as HTTPS, ad blockers and tracking blockers, but many experts warn against trusting all plugins, saying some can hide malware or inadvertent security flaws that make you more vulnerable. They recommend downloading only trusted plugins from your browser’s official repository versus random websites.
Firefox’s offshoot, Waterfox, does slightly better, erasing all online information automatically as you go, including passwords, browsing history, and cookies - no add-ons needed. But, if you do want to add some extensions to your browser, they share plenty with Firefox.
Brave blocks unwanted ads, trackers, malware and cookies to keep your data secure while you’re browsing. Even if it’s a relatively new browser without as many bells and whistles, your data isn’t stored or sold and it is 2 to 8 times faster than Chrome or Safari. As an added bonus, nearly all Google Chrome extensions automatically work with Brave, so switching is easy.
Epic is an open-source browser from Google that is serious about privacy, removing as many questionable features that could compromise privacy, including cookies, trackers and fingerprinting. It also uses SSL connections when available, encryption and does not collect user data. The browsing speed is slower than the others and they are not an open-source.
And finally there is Cliqz by Ghostery. The free, open-source browser is focused on your privacy, going a step further than not collecting or storing any of your personal data on its servers; it provides a “transparency cockpit” where you can see exactly what data your browser sends to them and what happens to that data. They offer a mobile and desktop version for Windows and Mac.
No matter which private browser you choose, you should understand how some of these trackers work. Cookiesandyou.com explains everything you need to know about the pros and cons of cookies, plus how to control them. While some cookies help make your browsing easier, like online shopping, you should be able to turn them off to protect your privacy if you want to.
Private Search Engines
Search engines are the tool for you to search the Internet for information. Every time you search online, your search data is being collected based on your unique IP address that is tied to your device - what you search, when, what you click, etc. Using a private search engine keeps your search habits anonymous so you, your location and your interests aren’t tracked.
An alternative to Google, DuckDuckGo is a private search engine. DuckDuckGo doesn’t collect, store or sell your search data to third parties. It blocks advertising trackers, keeps your search history private. It also scores each website you visit to keep you informed of how well that website company protects your data privacy. With DuckDuckGo, you won’t see tailored ads, either.
WolframAlpha (while not a traditional search engine) takes a slightly different approach from general web searches, using proprietary algorithms to return expert-curated content in dozens of categories. It does not track your searches and is open-source.
Encryption for Privacy
Encryption converts your human readable username and passwords and other personal data into unreadable codes that hackers and data marketers can’t read. You can purchase stand-alone encryption products that go above and beyond what your antivirus software offers. These products aim to encrypt more than your internet traffic, as a VPN does but also encrypt email addresses, passwords, files, and folders.
AxCrypt has strong file and folder encryption, even on cloud apps like Dropbox. It also works in many different languages. The company offers a free version, but if you want the full-strength version with more features, opt for the paid one. You’ll get a lot of bang for your buck.
CertainSafe can be used by individuals or small businesses. It securely stores and encrypts just about anything, including documents, messages, photos, and videos. It also offers two-factor authentication, adding an extra layer of identity protection. CertainSafe is a bit pricier than AxCrypt but much less expensive than many other options.
Folder Lock is made for individuals and the basic version is free. It’s unique in that it’s geared primarily for mobile devices. It will encrypt personal files, pictures, and videos, as well as any company data and messages you access from your mobile device.
HTTPS - Hypertext Transfer Protocol Secure
HTTPS is the standard for web browsing that secures data shared between users and websites and ensures both parties are who they say they are and ensures safer browsing. If the site uses HTTPS, only the fact that you visited the website is collectible, not what you did on the website, such as purchases, the credit card used, shipping address, etc. Look for a lock symbol and “https” before the website address to see if it is secure. One caveat: HTTPS only prevents your ISP and other “in the middle” providers from seeing what you do. Your browser maker, various plugins and operating system can all still see what you are doing in your browser.
If the website address is not preceded by “HTTPS” already, you can download an extension to your browser that can convert it to HTTPS. HTTPS Everywhere is the most popular and easiest to use HTTPS extension. It can be added onto Chrome, Firefox and Opera browsers in seconds.
Web Site Security Breaches
What you don’t know can hurt you. Check to see if your email and passwords have been compromised on the internet by going to haveibeenpwned. In seconds, you can find out if you have been a victim so you can change compromised passwords immediately.
Reading website/app privacy policies is a pain and few people ever read them. But, you should know how these companies treat your data as clicking “accept” gives them free rein. Companies often try to sneak things into their privacy policies and end up collecting far more data than they actually need in order to provide their service.
Although Privacy Monitor does not track you, if you prefer not to install an app or browser extension, try searching for the privacy score domain of any company whose site you visit.
Search for the Privacy Score of Any Domain
Android Privacy vs. iOS Privacy
When it comes to the type of smartphone you use, be sure to check more than the cool features. Android and iOS are vastly different in how they approach security and treat your privacy. Symantec found Android-powered devices “surpass iOS in terms of the number of mobile vulnerabilities” because it is open code whereas iOS is not, and there aren’t as many security updates with Android. Security aside, which operating system does a better job at protecting your personal data? iOS by a long shot. Apple isn’t as interested in your personal data as Google (developer of Android), who lives and breathes by collecting your data.
Yes, Apple collects some data, but most of it is anonymized unless it’s necessary to run an app, such as Find My iPhone. Google wants to know as much about you as possible, saying they care about personalizing your experience. It’s really up to you, however, if you’re okay with not knowing what they’re collecting about you and how they’re using it.
Some of the issues with privacy revolve around pre-installed apps that have embedded trackers you know nothing about, like weather apps, the camera and related camera apps, and the microphone. You can turn off location services and deny permissions to access your camera/microphone manually, but many apps won’t work unless you enable permissions. Princeton University researchers found, “Smartphones’ locations can still be tracked, even if all location services and GPS have been turned off.” Northeastern University analyzed more than 17,000 popular Android apps and more than 9,000 of them were found to have automatic permission to access the users’ camera and microphone, many of which share screenshots and videos of user app activity with third parties.
Whether you use iOS or Android, be sure to carefully check current permissions in your Settings app and consider permissions when you download any new app. Read the app company’s privacy policies as well or download the free Privacy Monitor app on your iOS or Android device to see privacy scores on apps.
Virtual Personal Assistants
The rise in popularity of smart home devices has been somewhat dampened by the realization that those systems are likely listening to you, even when not active, and collecting your and your family’s personal data. Same goes for Siri on your iPhone. While some say they don’t care, it is a bit unsettling for most to think every conversation that has been had in their home may be heard by more than the intended audience. In fact, Stanford researchers found that virtual assistants actually have “a broader and more personal range of data than a search engine…with access to many of the most intimate details of your life.”
The companies behind Echo, Siri, and Google Assistant all say their devices listen for their wake word, like “Alexa,” to be said before they start recording and sending your request into the cloud. They also say any data they collect about you is to bring you more personalized products - products they want you to buy from them, as is the case with Amazon.
Final Thoughts on Privacy
Data privacy is everyone’s business. You can’t depend on companies on the internet to do it for you. By implementing the tools and best practices above, you will be way ahead of the game and the companies that don’t value your privacy.
It is always recommended that you frequently check for software updates on your smartphone, PC, tablet and laptop, plus all of your apps. To make things easier, set them to update automatically. They will have the most updated security fixes to keep you protected from the latest threats.
A note to readers who have the opportunity to change their company’s privacy policies: According to RSA, companies have a decision to make. They can either abuse their powers to use/abuse customer data or they can differentiate themselves as data privacy advocates to win fans, saying, “Companies can use their stance on how they use data ethically to build customer trust and loyalty to their brand…Aggressive data collection policies can lead to media and public backlash, with consumers deleting apps or decreasing usage and data sharing. Meanwhile, faulty controls and data breaches create a risk to companies’ reputations, spurring negative media coverage, high-profile boycotts, regulatory censure, fines, and lawsuits.”
Yes, it’s high time companies take notice. People are becoming more aware and less patient. Even so, we are ultimately responsible for our own data and can choose to protect our right to privacy or let the giants win. Get educated. Be proactive. Take control. You may not be able to secure everything, but you can take a huge step forward in this epic battle.