Online Privacy 101

Modern technology has been of immense use, so much so that we cannot think of functioning in a world without the services we happen to rely on for our daily needs. On the other hand, there has never been an easier time for companies and governments to track people, collecting mountains of data points from their browsing habits and the devices they carry around all the time. We have reached a stage where no piece of information is too private or personal to be surveilled, monetised, and aggregated into a 360-degree view of our lives. Considering how exposed we are online, it's high time we begin to take privacy seriously, starting with some straightforward steps which you can follow right now. Forewarned is forearmed, right?
  1. Review app permissions (App Privacy Report, Privacy Dashboard), browser privacy preferences, and permissions to third-party services.
  2. On Google, check My Activity and pause data collection wherever appropriate (YouTube Search & Watch History/ Google Maps Timeline and Location History/ Voice & Audio Activity/ Web & App Activity/ Device Information) and opt out of personalised ads.
  3. On Apple devices, turn off Significant Locations (Settings -> Privacy -> Location Services -> System Services -> Significant Locations) that keeps track of the frequent locations you visit and limit ad tracking by opting-out of targeted advertising.
  4. On Facebook, check your ad preferences, turn off platform access (Settings -> Apps -> Apps, Websites and Plugins -> Disable Platform) and review your privacy settings to ensure you share only the stuff you want and only to the intended audience. Plus enable Tag Review.
  5. On Twitter, turn-off Personalization to tweak your ad settings.
  6. Browse in incognito/ private browsing mode (although it doesn't hide your tracks from ISPs), set DNS to 1.1.1.1 for better speed and privacy, and if possible, try using search engines like DuckDuckGo and Startpage or if you must, Google or Bing, but without logging in.
  7. Use a Virtual Private Network (Mullvad, ProtonVPN, Anonine, Algo VPN or build your own; compare them at That One Privacy Site) or Tor browser to surf the web anonymously and avoid leaving digital footprints (or alternatively, use a virtual computer like VMware or VirtualBox to access the Internet).
  8. Turn off location, Wi-Fi and Bluetooth when not in use.
  9. Search yourself online regularly to assess your online reputation, and see what you find about yourself (You can also use Google Alerts to notify you). Spokeo, Pipl, StalkScan.com are a few places to start.
  10. Use disposable email (or mask your email address using a service like Blur or Maskmail), credit cards (Privacy.com, Blur) and phone numbers (Crypton, Burner) for improved privacy and to avoid spam.
  11. Enable 2-Factor Authentication on services that offer them, and preferably rely on Authenticator apps and not SMS for one-time passwords.
  12. Use strong passwords (make use of password managers like Bitwarden or KeePassXC) and never reuse them across different services.
  13. Refer haveibeenpwned.com website to check your various email accounts to determine whether or not they have been leaked as a result of a data breach.
  14. Read Terms of Service carefully before signing up for any service (ICYMI: Information is the new currency). Delete accounts that are no longer in use, and ensure apps and services have only the relevant permissions. (A calculator or a flashlight app, for example, has no business requesting for access to contacts or photos.)
  15. Encrypt/ lock your devices with strong passcodes. Use FileVault or BitLocker to turn on disk encryption for Macs and Windows laptops. Protect your computers from unauthorised access by turning on firewall (macOS, Windows).
  16. Enable Do Not Track on browsers, turn off Adobe Flash, use an extension like NoScript, DuckDuckGo Privacy Essentials, Decentraleyes, Cookie AutoDelete, uBlock Origin, uMatrix, Disconnect.me, Privacy Possum or Privacy Badger to block trackers on websites (Mozilla Firefox has built-in tracking protection from version 57, check out additional privacy tweaks here and here), and enable HTTPS Everywhere for secure browsing. (Firefox also supports Multi-Account Containers that keeps data in each browser tab separate from others, like a sandbox.)
  17. Install apps only from trusted sources like Google Play Store or Apple App Store (also research them before installing) and ensure that apps and devices stay up-to-date and have the latest versions of the software (or operating system) installed. Uninstall apps/ software when no longer needed.
  18. Use encrypted chat apps (Signal, Wire, WhatsApp, iMessage, Cryptocat), email clients (Mailpile, Hushmail, ProtonMail, Tutanota, mailbox), secure document editors (CryptPad, Standard Notes, Write.as) and distributed cloud storage services (Least Authority, Nextcloud, Syncthing, Seafile, Disroot, SpiderOak, Tresorit, Cryptee), ephemeral photo-sharing services (Unsee, Cluster) for secure communication (or locally encrypt files before uploading the files to Google Drive or Dropbox using Cryptomator).
  19. Turn off loading remote content like images in emails (Gmail, iOS, Outlook) by default.
  20. Never connect to open or unknown Wi-Fi hotspots.
  21. Secure your Wi-Fi network with a strong password and enable encryption and firewall.
  22. Enable remote wipe for your mobile devices (Android, iOS) and avoid data disasters in the event you lose them.
  23. Never ever voluntarily give away sensitive information online, especially full names, locations, addresses, phone numbers or email addresses, and just about anything that could be traced back to the "real" you.
  24. Install alternative operating systems that are privacy-conscious (Android - GrapheneOS, LineageOS, Windows/ Mac - Tails, Debian, Ubuntu, Manjaro).
  25. And finally, have a clear threat model (i.e. what data you are trying to protect, from whom and why) and calibrate your actions accordingly. If you are happy being a subject of total surveillance, it doesn't have to mean you can be lax with other people's privacy (contact information, for example). Understand the difference between privacy, security, and anonymity, and what each entails (Privacy is the ability to keep some things to yourself, regardless of their impact to society. Anonymity, in contrast, is when you want people to see what you do, just not that it's you doing it).
For more tips, check r/privacy, Electronic Frontier Foundation's guide on surveillance self-defense here or visit privacytools.io.

Comments